Saturday, June 16, 2018

Network Automation 02 - Ansible Play book for FTP server file synchronisation

In the last post, I introduced a Ansible playbook which can collect the updated router/ switch configuration files at regular intervals. However, saving the configuration files in the Ansible server is not a particular way to store those files. Because, in this way, you will have to allow the other users to login into this Ansible server and fetch the required configuration files. This may cause performance and security issues of this Ansible server. So, in our design, we build a central FTP/Web server. And the remote Ansible Servers collect the configuration files and synchronise those files with the central server.

The topology is shown as the follow diagram:


There are a couple of prerequisite steps we need to completed before writing our Ansible Run book.

1. Install rsync on the every server including the remote Ansible Servers and the Central Server.

yum install rsync

2. Generate the Vault File

If the Vault file has been build in the previous config collection post, then ignore this step.

3. Install the FTP server in the central server

Please check my post to describe about how to setup FTP/SFTP server.

Step 1: Configure the host file



Step 2: Configure the host var login file


ansible-vault create ftp

  ansible_ssh_pass: 123456
  ansible_ssh_user: root

Step 3: Create the Site YML file


  - hosts: ftp
    gather_facts: no
    become: no
      - ftp-sync

Step 4: Initial the Ansible role "ftp-sync"


ansible-galaxy init ftp-sync

Step 5: Configure the tasks in "ftp-sync" role

This task will login to the central FTP server and synchronise the files from the local folder "/etc/ansible/backup" to the central server.

cd /etc/ansible/roles/ftp-sync/tasks/
vi main.yml

  - name: syn files
      src: /etc/ansible/backup
      dest: /var/ftp/ansible/backup set_remote_user=no

Step 6: Enable SSH key based authentication on the Ansible server to bypass the password prompt in "rsync"

Ansible will utilize "rsync" to synchronise the files between the source and destination folders.

Although Ansible has the username/password to login to the Central server, the "rsync" doesn't have those details. So in order to avoid the "password prompt" pop up, we can enable SSH key based authentication for the Ansible Server on the Central server.

Please check my other post which describe how to enable SSH key based authentication for Linux.

Step 7: Setup CRON

# crontab /etc/crontab

# vi /etc/crontab

*/5 * * * * ansible-playbook /etc/ansible/ftp.yml
# every 5 minutes


This Ansible playbook achieve our gold to synchronise the configuration files collected by the remote Ansible server to the central storage server. The the users can fetch the configuration files from the central server via FTP, SFTP or HTTP.

No comments:

Post a Comment

NSX Load Balancer "Application Rules" Examples:

Load Balancing is one of the features provided by the NSX Edge Services Gateway (ESG). It can provide L7 Load Balancing by utilizing the HA...