-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathnew-acl-request.yml
61 lines (56 loc) · 2.24 KB
/
new-acl-request.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# REQUIREMENTS
# pip install pan-python
# pip install pandevice
# pip install xmltodict
# ansible-galaxy install paloaltonetworks.paloaltonetworks
# https://www.bountysource.com/issues/59738537-certificate-verify-failed
# set verify to disable in the virtual environment
---
- name: Create new ACL entry request
hosts: webserver
gather_facts: False
vars_files:
- ./vars/default_vars.yml
tasks:
- name: Check to see if acl_entries_to_apply.csv exists
stat:
path: "/home/{{ ansible_user }}/csvfiles/acl_entries_to_apply.csv"
register: acl_entries_output
- name: Create new file and add new ACL entry
copy:
content: "rule_name,description,source_ip,destination_ip,source_zone,destination_zone,action,type"
dest: "/home/{{ ansible_user }}/csvfiles/acl_entries_to_apply.csv"
when: acl_entries_output.stat.exists == False
- name: Insert new ACL entry at the end of the file.
lineinfile:
path: "/home/{{ ansible_user }}/csvfiles/acl_entries_to_apply.csv"
line: "{{rule_name}},{{rule_name}},{{source_ip}},{{destination_ip}},{{source_zone}},{{destination_zone}},{{rule_action}}"
# - name: Check to see if acl_entries_to_apply.html exists
# stat:
# path: "/home/www/html/acl_entries_to_apply.html"
# register: acl_entries_to_apply_output
# become: yes
#
# - name: Delete acl_entries_to_apply.html if it does exist
# file:
# path: "/home/www/html/acl_entries_to_apply.html"
# state: absent
# when: acl_entries_output.stat.exists == True
# become: yes
#
# - name: Read ACLs to apply from CSV file and return a dictionary
# read_csv:
# path: "/home/{{ ansible_user }}/csvfiles/acl_entries_to_apply.csv"
# register: rules
#
# - name: Create acl_entries_to_apply.html
# template:
# src: "{{ playbook_dir }}/templates/current_acl_entries.j2"
# dest: "/var/www/html/acl_entries_to_apply.html"
# become: yes
# vars:
# current_rules: "{{ rules.list }}"
#
# - name: Tell operator where to see ACLs to Apply
# debug:
# msg: "Operator: in order to see the ACLs that will be applied, go to http://{{ webserver_fqdn }}/acl_entries_to_apply.html"