Ansible and Infoblox
Author: R Zach FeeserUsing Ansible to interact with Infoblox is easy. Ansible has an Infoblox Guide on their website; but here are the steps to controlling Infoblox with Ansible.
Step 1 - Install Python on your favorite Linux distribution
Debian / Ubuntu: sudo apt install python3-pip -y
RedHat: sudo yum install python3-pip -y
Step 2 - Install Ansible via pip
Debian / Ubuntu: python3 -m pip install ansible
RedHat: python3 -m pip install ansible
Step 3 - Install the infoblox-client via pip
Debian / Ubuntu: python3 -m pip install infoblox-client
RedHat: python3 -m pip install infoblox-client
Step 4 - Take a quick look into your Infoblox Management Interface
Depending on your system you may need to set up some port-forwards to see the Management Interface.
Step 5 - Create a playbook
Below is an example of a playbook supported by Ansible version 2.10 using Python version 3.6. We’ll refer to this file as infoblox-playbook02.yml
---
- name: DNS Zone, Network, and Host Play
hosts: localhost
connection: local
gather_facts: no # running against local host
vars:
domain: campuswest.local
dcomment: local DNS zone
state: present
networktocreate: 192.168.200.0/24
netcomment: this is my second IPv4 network
host: hotfudge
vars_files:
- vars/infoblox.creds # contains nios_provider
tasks:
- name: "Create a forward DNS zone called {{ domain }}"
nios_zone:
name: "{{ domain }}"
comment: "{{ dcomment }}"
state: "{{ state }}"
provider: "{{ nios_provider }}" # credentials
- name: Attempting to create a network on the default network view
nios_network:
network: "{{ networktocreate }}"
comment: "{{ netcomment }}"
options:
- name: domain-name
value: "{{ domain }}"
state: "{{ state }}"
provider: "{{ nios_provider }}"
- name: display what is returned from a lookup plugin
debug:
var: lookup('nios_next_ip', networktocreate, provider=nios_provider)
verbosity: 1
- name: "configure an IPv4 host record for {{ host }}.{{ domain }}"
nios_host_record:
name: "{{ host }}.{{ domain }}"
ipv4addrs:
- ipv4addr:
"{{ lookup('nios_next_ip', networktocreate, provider=nios_provider)[0] }}"
state: "{{ state }}"
provider: "{{nios_provider}}"
Step 6 - Review the code inside your playbook
Step 7 - Create a directory for the file used to secure your credentials
We already have this setup from previous Ansible testing. If you don’t have the same setup, you can follow the options documented below to set up your vault.
Debian / Ubuntu: mkdir vars/
RedHat: mkdir vars/
We place these credentials in an external file, vars/infoblox.creds to avoid exposing our credentials within our Playbook. An example of this credential file can be found below.
# Ansible variable file containing Infoblox creds
nios_provider:
host: 192.168.10.55 # IP of an instance of Infoblox
username: admin # username for infoblox
password: LeR0Y!Jenkinz! # password for infoblox
Step 8 - Try running your playbook
We are skipping on the vault for this run because we want to make sure our syntax and formatting are correct. Then we can get back to security!
Debian / Ubuntu: ansible-playbook infoblox-playbook02.yml
RedHat: ansible-playbook infoblox-playbook02.yml
Once things are working, you’ll want to use ansible-vault to encrypt your credentials. If you run into any problems, be sure to read the error message. Ansible is actually quite good at offering explanations as to why something didn’t work. If you can’t figure it out, try to Google the error. Chances are, someone has already posted a solution.
If you want Ansible training, check out the Alta3 Research Ansible 101 course overview. Training is available to individuals, as well as to companies seeking group training or certifications.