Network Automation with Ansible

TCPWave
About Ansible

Ansible is an open-source IT Configuration Management, Orchestration, and Deployment tool. The Ansible platform makes system administrators, network administrators, and developers to automate many tasks, which includes updates to machines on the network to managing devices on the network. It uses SSH to connect to servers and run the configured tasks.

TCPWave Module for Ansible Integration

You can automate TCPWave IP Address Management System (TIMS) using Ansible playbooks using the secure and powerful REST APIs that are used by TIMS GUI and CLI interfaces, and for integration into cloud orchestration layers. The TIMS REST APIs are designed to be secure and allow only encrypted access to the system without the need for any plain text user ID or password.

TIMS supports two mechanisms for handling REST API Authentication:

  • Session Token Based Authentication:A long-lived session token is generated in TIMS. This session token is associated with a given admin user and inherits all the permissions of that user. The session token is also associated with a source IP and can be used only from that IP. The life of the session token is set as per the global policy "Maximum Concurrent Sessions per Admin". The session token can be revoked or extended at any time. This token is set on the request header as the TIMS-Session-Token parameter. All the API calls with this token are subjected to the same permission checks as the associated user and are audited against that user.
  • Certificate Based Authentication: In this protocol, access to TIMS is provided using a certificate signed by a trusted authority. The certificate-based mechanism provides a stateless interface that can be leveraged by automation clients that interact with more than one system. User certificates can be imported to TIMS and associated with a particular admin. All the service calls made using that certificate are authorized and audited against the associated admin.
Invoking TCPWave Rest API using Ansible

Below are few examples of how TCPWave's Rest APIs are invoked using Ansible playbooks.

Session Token Authentication

This section explains the steps to generate session token in TIMS GUI along with screenshots.

  1. Click Administration tab
  2. Select Security Management from the drop-down
  3. Click Session Token Management label as shown:
    TCPWave-Ansible
  4. Select Security Management from the drop-down
  5. Click Add in the Session Token Management grid
  6. System displays Generate Session Token pop-up window
  7. Enter the Application, Address and Description fields as shown:
    TCPWave-Ansible
  8. Select Security Management from the drop-down
  9. Click OK
  10. A new token is generated which can only be accessed from the given IP address as shown:
    TCPWave-Ansible

Example: The following example explains the Session Token Authentication method to invoke the TCPWave REST API using Ansible Playbooks:

name: Tasks to interact with TCPWave IPAM
hosts: localhost
tasks:
- name: Create an organization
uri:
url: "https://10.1.10.240:7443/tims/rest/organization/add"
method: POST
headers:
Content-Type: application/json
TIMS-Session-Token: 6f708f8c-fac6-4e51-9901-c84c4c1b2843
body: "{{ lookup('file','org.json') }}"
status_code: 204
body_format: json
validate_certs: no

Certificate Authentication

This section explains the steps how to create user certificates in TIMS GUI along with screenshots. To import the user certificates into the TIMS GUI, follow the given steps:

  1. Click Administration tab
  2. Select Security Management from the drop-down
  3. Click User Certificates label as shown:
    TCPWave-Ansible
  4. Click Upload in the User Certificates grid
  5. System displays Import Certificate pop-up window
  6. Upload the Certificate File by clicking icon
  7. Select the Associate Admin from the drop-down
  8. Click OK then System imports and lists the Certificate in User Certificates grid

Example: The following example explains invoking the TCPWave REST API using Ansible Playbooks via Certification Authentication method:

name: Tasks to interact with TCPWave IPAM
hosts: localhost
tasks:
- name: Create an Organization
uri:
url: "https://10.1.10.240:7443/tims/rest/organization/add"
method: POST
headers:
Content-Type: application/json
client_cert: "/tmp/ansible/keys/ipam_client.crt"
client_key: "/tmp/ansible/keys/ipam_client.key"
body: "{{ lookup('file','org.json') }}"
status_code: 204
body_format: json
validate_certs: no
TCPWave