About Ansible
Ansible is an
open-source IT Configuration Management, Orchestration, and
Deployment tool. The Ansible platform makes system administrators,
network administrators, and developers to automate many tasks, which
includes updates to machines on the network to managing devices on
the network. It uses SSH to connect to servers and run the
configured tasks.
TCPWave Module for
Ansible Integration
You can automate TCPWave
IP Address Management System (TIMS) using Ansible playbooks using
the secure and powerful REST APIs that are used by TIMS GUI and CLI
interfaces, and for integration into cloud orchestration layers. The
TIMS REST APIs are designed to be secure and allow only encrypted
access to the system without the need for any plain text user ID or
password.
TIMS supports two
mechanisms for handling REST API Authentication:
- Session Token Based Authentication:A long-lived
session token is generated in TIMS. This session token is
associated with a given admin user and inherits all the
permissions of that user. The session token is also associated
with a source IP and can be used only from that IP. The life of
the session token is set as per the global policy "Maximum
Concurrent Sessions per Admin". The session token can be revoked
or extended at any time. This token is set on the request header
as the TIMS-Session-Token parameter. All the API calls with this
token are subjected to the same permission checks as the
associated user and are audited against that user.
- Certificate Based Authentication: In this protocol,
access to TIMS is provided using a certificate signed by a trusted
authority. The certificate-based mechanism provides a stateless
interface that can be leveraged by automation clients that
interact with more than one system. User certificates can be
imported to TIMS and associated with a particular admin. All the
service calls made using that certificate are authorized and
audited against the associated admin.
Invoking TCPWave
Rest API using Ansible
Below are few examples
of how TCPWave's Rest APIs are invoked using Ansible playbooks.
Session Token Authentication
This section explains
the steps to generate session token in TIMS GUI along with
screenshots.
- Click Administration tab
- Select Security Management from the drop-down
- Click Session Token Management label as shown:
- Select Security Management from the drop-down
- Click Add in the Session Token Management grid
- System displays Generate Session Token pop-up window
- Enter the Application, Address and Description fields as shown:
- Select Security Management from the drop-down
- Click OK
- A new token is generated which can only be accessed from
the given IP address as shown:
Example: The following example explains the Session Token
Authentication method to invoke the TCPWave REST API using Ansible
Playbooks:
name: Tasks to interact with TCPWave IPAM
hosts: localhost
tasks:
- name: Create an organization
uri:
url: "https://10.1.10.240:7443/tims/rest/organization/add"
method: POST
headers:
Content-Type: application/json
TIMS-Session-Token: 6f708f8c-fac6-4e51-9901-c84c4c1b2843
body: "{{ lookup('file','org.json') }}"
status_code: 204
body_format: json
validate_certs: no
Certificate
Authentication
This section explains
the steps how to create user certificates in TIMS GUI along with
screenshots. To import the user certificates into the TIMS GUI,
follow the given steps:
- Click Administration tab
- Select Security Management from the drop-down
- Click User Certificates label as shown:
- Click Upload in the User Certificates grid
- System displays Import Certificate pop-up window
- Upload the Certificate File by clicking icon
- Select the Associate Admin from the drop-down
- Click OK then System imports and lists the Certificate in
User Certificates grid
Example:
The following example explains invoking the TCPWave REST API using Ansible Playbooks via Certification
Authentication method:
name: Tasks to interact with TCPWave IPAM
hosts: localhost
tasks:
- name: Create an Organization
uri:
url: "https://10.1.10.240:7443/tims/rest/organization/add"
method: POST
headers:
Content-Type: application/json
client_cert: "/tmp/ansible/keys/ipam_client.crt"
client_key: "/tmp/ansible/keys/ipam_client.key"
body: "{{ lookup('file','org.json') }}"
status_code: 204
body_format: json
validate_certs: no