sebbbastien / ansible-stonesoft Goto Github PK

This repository provides Ansible modules for configuration and automation of Stonesoft Next Generation Firewall. It uses the smc-python for all operations between the ansible client and the Stonesoft Management Center.

• smc-python >= 0.6.0
• Stonesoft Management Center 6.x
• API client account with permissions

pip install ansible
git clone https://github.com/gabstopper/ansible-stonesoft.git
cd ansible-stonesoft
pip install -r requirements.txt

Once installed, there is a helper script install.py that will copy the ansible-stonesoft docs and module_util into the ansible directories:

python install.py

• Enable the SMC API within the management center

Each ansible run will require a login event to the Stonesoft Management Center to perform it's operations. Since the ansible libraries use smc-python, the login process uses the same session logic.

• You can provide url and api_key as task parameters
• You can provide the smc_alt_filepath parameter in the task run to specify where to find the .smcrc file with your stored credentials

If neither of the two above are used, then:

• Try to find ~.smcrc in users home directory
• Use environment variables (SMC_ADDRESS, SMC_API_KEY, ...)

If none of the above succeed, the run will fail.

Before running plays, it's best to explain the architecture used to make the administrative changes.

The Stonesoft Management Center is where modifications to all elements are performed.

Installing the ansible modules can therefore either be done on a client host machine remote from the SMC, or on the SMC itself.

If the ansible modules are installed on a controller that is remote from the SMC, set your inventory to use localhost for the connection.

For example, set your default inventory /etc/ansible/hosts:

localhost ansible_connection=local

Note that the host running the ansible client will still need to connect to the SMC through the smc-python API over the default port 8082/tcp.

The other option is to install the ansible libraries on the SMC server itself and make your ansible runs from the controller client. In this case, the SMC connection can then be done using an SMC url of 127.0.0.1.

All modules provide doc snippets when run from the ansible client:

ansible-doc -s engine

The latest master branch is considered the 'current' release and the develop branch is used for ongoing feature development. Releases published on the master branch are considered stable, however all develop branch code is also unit tested before being posted.

If you have requests for additional configuration functionality, please submit an issue request.