From 00b7aa04b3f490176a1c0908d07f69efa73abc88 Mon Sep 17 00:00:00 2001 From: Steven Schattenberg <122639296+steven-schattenberg-itential@users.noreply.github.com> Date: Mon, 19 Aug 2024 19:51:14 -0400 Subject: [PATCH] Gateway 23.3 (#29) * resolved conflicts * Add support for IAG 23.3 * Fixed conflict --- docs/iag_guide.md | 8 +- roles/gateway/defaults/main.yml | 1 + roles/gateway/tasks/main.yml | 4 +- .../templates/properties.2023.3.yml.j2 | 441 ++++++++++++++++++ roles/gateway/vars/2023.3-redhat-8.yml | 40 ++ roles/gateway/vars/2023.3-redhat-9.yml | 35 ++ roles/gateway/vars/2023.3-rocky-8.yml | 40 ++ roles/gateway/vars/2023.3-rocky-9.yml | 35 ++ 8 files changed, 601 insertions(+), 3 deletions(-) create mode 100644 roles/gateway/templates/properties.2023.3.yml.j2 create mode 100644 roles/gateway/vars/2023.3-redhat-8.yml create mode 100644 roles/gateway/vars/2023.3-redhat-9.yml create mode 100644 roles/gateway/vars/2023.3-rocky-8.yml create mode 100644 roles/gateway/vars/2023.3-rocky-9.yml diff --git a/docs/iag_guide.md b/docs/iag_guide.md index 28a3d40..c53d804 100644 --- a/docs/iag_guide.md +++ b/docs/iag_guide.md @@ -32,7 +32,7 @@ The variables in this section may be overridden in the inventory in the `gateway Both the `iag_release` and `iag_whl_file` must be configured in the inventory. -The following table lists the default variables located in `roles/gateway/defaults/main.yml`. +The following table lists the default variables located in `roles/gateway/defaults/main.yml`. | Variable | Group | Type | Description | Default Value | :------- | :---- | :--- | :---------- | :------------ @@ -41,6 +41,10 @@ The following table lists the default variables located in `roles/gateway/defaul | `iag_enable_netmiko` | `gateway` | Boolean | Flag to enable Netmiko. | `true` | `iag_enable_scripts` | `gateway` | Boolean | Flag to enable scripts. | `true` | `iag_enable_httpreq` | `gateway` | Boolean | Flag to enable HTTP requests. | `true` +| `iag_enable_netconf` | `gateway` | Boolean | Flag to enable Netconf requests. | `true` +| `iag_enable_python_venv` | `gateway` | Boolean | Flag to enable Python virtual environments. | `true` +| `iag_enable_grpc` | `gateway` | Boolean | Flag to enable GRPC requests. | `true` +| `iag_enable_git` | `gateway` | Boolean | Flag to enable Git integration. | `true` | `iag_install_dir` | `gateway` | String | The base directory where to install the IAG files. | `/opt/automation-gateway` | `iag_data_dir` | `gateway` | String | The IAG data directory. | `/opt/automation-gateway` | `iag_log_dir` | `gateway` | String | The IAG log directory. | `/var/log/automation-gateway` @@ -99,7 +103,7 @@ To configure HTTPS via HAProxy: - Do not configure `iag_https` in the inventory so IAG Native HTTPS does not get configured. * Optional - Set the `haproxy_ssl_cert_src` and `haproxy_ssl_cert_dest` variables in the inventory. - + Itential does not attempt to create any HTTPS certificates. These must be created independently. When they are included in the appropriate location the installer will ensure that they get uploaded to the correct location. diff --git a/roles/gateway/defaults/main.yml b/roles/gateway/defaults/main.yml index 2147938..554189e 100644 --- a/roles/gateway/defaults/main.yml +++ b/roles/gateway/defaults/main.yml @@ -15,6 +15,7 @@ iag_enable_netconf: true iag_enable_httpreq: true iag_enable_python_venv: true iag_enable_grpc: true +iag_enable_git: true # Location of IAG assets iag_install_dir: /opt/automation-gateway diff --git a/roles/gateway/tasks/main.yml b/roles/gateway/tasks/main.yml index b52e6b2..c44f74d 100644 --- a/roles/gateway/tasks/main.yml +++ b/roles/gateway/tasks/main.yml @@ -76,7 +76,9 @@ - "{{ iag_install_dir }}/nornir/conf" - "{{ iag_install_dir }}/nornir/inventory" - "{{ iag_install_dir }}/nornir/modules" + - "{{ iag_install_dir }}/repos" - "{{ iag_install_dir }}/scripts" + - "{{ iag_install_dir }}/ssh" - name: Create Python venv directory ansible.builtin.file: @@ -171,7 +173,7 @@ dest: "{{ iag_properties_location }}/properties.yml" owner: "{{ iag_user }}" group: "{{ iag_group }}" - mode: "0660" + mode: "0600" - name: Create Nornir files when: iag_enable_nornir | bool diff --git a/roles/gateway/templates/properties.2023.3.yml.j2 b/roles/gateway/templates/properties.2023.3.yml.j2 new file mode 100644 index 0000000..24867a5 --- /dev/null +++ b/roles/gateway/templates/properties.2023.3.yml.j2 @@ -0,0 +1,441 @@ +--- +# Notes: +# +# While many customizations can be made based on your environment and which integrations you +# would like enabled, this file is meant to mimic the installation process found at +# https://docs.itential.io/ as closely as possible so the user can use as many defaults as possible. +# +# This configuration file accepts any valid YAML syntax including the bash-like syntax for lists, etc. + +########## +# System # +########## + +# INVENTORY ENCRYPTION +# Set the Fernet encryption key to have IAG encrypt device variables['password'] +# ANYONE THAT HAS THIS KEY CAN DECRYPT YOUR PASSWORDS - PROTECT IT! +# WHICH ALSO MEANS PROTECT YOUR properties.yml file `chmod 600 properties.yml` +# and validate the file's ownership. +#fernet_key: "" + +# The port on which Automation Gateway server will listen for requests. +# Mutually exclusive with bind_list +{% if iag_https %} +port: {{ iag_https_port }} +{% else %} +port: {{ iag_port }} +{% endif %} + +# The gunicorn bind_address string.. +# For ipv4 only use "0.0.0.0", for ipv6 and ipv4 use "[::]" +# Mutually exclusive with bind_list +# +# You can also bind to a linux socket using "unix://" +# if you want to front-end automation-gateway with nginx or another proxy server. +# +# bind_address: "unix:///tmp/gunicorn.sock" +# bind_address: "[::]" +bind_address: {{ inventory_hostname }} + +# List of addresses and ports to bind to. +# This setting will override both 'port' and 'bind_address' +#bind_list: +# - "{{ inventory_hostname }}:{{ iag_port }}" + +# Base of url for external proxy, used for generating redirects: +# external_address: 'http://automation-gateway.example.com:8080' + +# The number of http server threads for handling requests. +# A good starting point is 2-4 x NUM_CORES then adjust based on observed workload. +http_server_threads: {{ iag_http_server_threads }} + +# A flag that determines whether authentication is disabled or not. +# Warning: only disable authentication for temporary, non production testing. +authentication_disabled: false + +# The maximum number of concurrent sessions allowed. +authentication_max_sessions: 5000 + +# The idle timeout of each session (in seconds). +authentication_idle_timeout: 600 + +# A boolean flag that enables password reset support (default=false if absent/misconfigured). +password_reset_enabled: false + +# Directory to write global log files to +global_log_directory: '{{ iag_log_dir }}' + +# Maximum log files kept in rotation +# Valid range of values is 1-100. If value is set to 1, log file will not be limited in size. +max_log_files: 5 + +# NOTE: Log levels for Automation Gateway Server are as follows. +# In order of ascending severity: DEBUG, INFO, WARNING, ERROR, or CRITICAL. +# Log messages of equal and greater severity will be displayed in the relevant log. +# Example: logging_level INFO will display log messages with a severity of INFO -> CRITICAL. +# (default=INFO if absent/misconfigured) + +# Automation Gateway Server Logging Level +logging_level: INFO + +# Automation Gateway HTTP Server Logging Level +# NOTE: request details are DEBUG level log messages, it may be useful to set this to DEBUG +http_logging_level: INFO + +# A flag that enables/disables parameter schema validation for content decorations. +# Generally enabled when using multiple types per parameter, or when testing decorations. +# Example: "commands" could be a literal list of commands, or a string representing a jinja +# variable from your host's variables "{% raw %}{{commands}}{% endraw %}", etc. +strict_args: true + +################ +# SSL Settings # +################ + +# To start the server using SSL/TLS please fill out the following properties. +{% if iag_https %} +server_certfile: "{{ iag_ssl_cert_dest }}" + +# Note: gunicorn does not currently support encrypted key files. +server_keyfile: "{{ iag_ssl_key_dest }}" + +server_cabundle: "{{ iag_ssl_rootca_dest }}" +{% else %} +#server_certfile: "{{ iag_ssl_cert_dest }}" + +# Note: gunicorn does not currently support encrypted key files. +#server_keyfile: "{{ iag_ssl_key_dest }}" + +# server_cabundle: "{{ iag_ssl_rootca_dest }}" +{% endif %} + +# TLSv1_2 +{% if iag_https and iag_tlsv1_2 %} +server_ssl_version: "TLSv1_2" +{% else %} +#server_ssl_version: "TLSv1_2" +{% endif %} + +# You may also set custom SSL Ciphers. +# +# https://docs.gunicorn.org/en/20.x/settings.html#ciphers +# +{% if server_ssl_ciphers is defined %} +server_ssl_ciphers: "{{ server_ssl_ciphers }}" +{% else %} +# server_ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:..."" +{% endif %} + +############# +# Databases # +############# + +# Path to the main Automation Gateway sqlite database file. +data_file: 'sqlite:///{{ iag_data_dir }}/automation-gateway.db' + +# A flag which determines whether or not audit logging is enabled. (default=true if absent/misconfigured) +audit: true + +# The number of days (days >= 0) worth of data to retain in the audit log database +# Records earlier than the specified days will be deleted. (default=None if absent/misconfigured) +audit_retention_days: 30 + +# Path to the auxillary Automation Gateway sqlite database file for audit logs. +audit_db_file: 'sqlite:///{{ iag_data_dir }}/automation-gateway_audit.db' + +# Path to the auxillary Automation Gateway sqlite database file for execution logs. +exec_history_db_file: 'sqlite:///{{ iag_data_dir }}/automation-gateway_exec_history.db' + +####################### +# LDAP Authentication # +####################### + +# +# LDAP Basic SETTINGS +# + +# Enable LDAP authentication globally +ldap_auth_enabled: false + +# LDAP server hostname or IP address +ldap_server: 'ldap.example.com' + +# LDAP BASE DN +ldap_base_dn: 'DC=example,DC=com' + +# LDAP BIND Username +ldap_bind_user_dn: 'CN=admin,CN=users,DC=example,DC=com' + +# LDAP BIND Password +ldap_bind_user_password: '' + +# +# LDAP Securitry +# + +# Enable LDAPS +ldap_secure_enabled: false + +# Validate the servers TLS certificate +ldap_secure_validation_enabled: true + +# TLS version to use when connection to LDAP server (default: TLSv1.2) +# Options ["1", "1.1", "1.2"] +ldap_secure_validation_tls_version: '1.2' + +# Location of local CA certificate file for server validation +ldap_ca_certs_file: '/etc/ssl/certs/ca.crt' + +# +# LDAP User Search +# CN=SvcLveINA,OU=Service Accounts,OU=Protected Accounts,OU=SEC,DC=mid,DC=dom + +# Search LDAP for the username before doing a bind +ldap_always_search_bind: true + +# LDAP user search filter +ldap_user_search_filter: '(objectclass=person)' + +# LDAP user search scope +# Options "LEVEL" or "SUBTREE" +ldap_user_search_scope: 'SUBTREE' + +# User login attribute +ldap_user_login_attr: 'sAMAccountName' + +# User login RDN (relative directory name) attribute +# uid=testuser,ou=users,dc=example,dc=com = 'uid' +# cn=testuser,ou=users,dc=example,dc=com = 'cn' +ldap_user_rdn_attr: 'cn' + +# LDAP user DN used to be prepended to the base DN to limit the scope when searching for users +ldap_user_dn : '' # OU=users + +# +# LDAP GROUP OPTIONS +# + +# Group search filter +ldap_group_search_filter: '(objectClass=group)' + +# Group search scope +# Options "LEVEL" or "SUBTREE" +ldap_group_search_scope: 'SUBTREE' + +# Group members attribute +ldap_group_members_attr: 'member' + +# LDAP group DN used to be prepended to the base DN to limit the scope when searching for groups +ldap_group_dn : '' # OU=groups + +########### +# Ansible # +########### + +# A boolean flag that enables Ansible support (default=true if absent/misconfigured). +ansible_enabled: {{ iag_enable_ansible }} + +# A boolean which logs additional debug messages when executing Ansible modules, roles, or playbooks. +# Set the ansible_debug property to true to log additional debug messages when +# executing Ansible modules, roles, or playbooks. (default=false if absent/misconfigured) +ansible_debug: false + +# A flag to prevent deletion of the temporary files generated by executing +# Ansible content (modules, collections, roles, playbooks). (default=false if absent/misconfigured) +no_cleanup: false + +# Path of the file that contains a password used by ansible-vault to encrypt sensitive data. +# Uncomment this property if you will be using Ansible vault encrypted variables. +# Be sure to secure this file with permissions of 0200 or 0400. +#vault_password_file: "/opt/automation-gateway/conf/.vault_password_file" + +# Path to the Ansible external inventory file (folders not valid). +# A valid file will disable Ansible Internal inventory and instead use only this Ansible External inventory. +inventory_file: '{{ iag_install_dir }}/ansible/inventory/hosts' + +# Path(s) to the Ansible modules that should be discovered by Automation Gateway and appended to Ansible's execution environment. +# All non-collection paths (see Ansible 2.10 notes below) known to Ansible are already included and do not need to be specified. +# Additionally, this parameter needs to be configured if the path reported by 'ansible --version' is incorrect +# or you would like to customize/trim down the set of Ansible modules that will be discovered (see Ansible<=2.9 notes below). +# Trim example for ansible 2.9: "/usr/local/lib/python3.9/site-packages/ansible/modules/network" +# NOTE: Use only the site-packages paths you need for your installation to avoid +# cross environment issues in the case where multiple of these paths exist +module_path: + - "{{ iag_install_dir }}/venv/lib/python{{ python_version }}/site-packages/ansible/modules/network" + - "{{ iag_install_dir }}/venv/lib/python{{ python_version }}/site-packages/ansible/modules" + +# Path(s) to the Ansible collections that should be discovered by Automation Gateway and exclusively used in Ansible's execution environment. +# Due to differences in collections before/after Ansible 2.9, these will be the only paths relevant during discovery AND execution. +collection_path: + - "{{ iag_install_dir }}/ansible/collections" + - "{{ iag_install_dir }}/venv/lib/python{{ python_version }}/site-packages/ansible_collections" + +# Path(s) to the Ansible roles that should be discovered by Automation Gateway and appended to Ansible's execution environment. +role_path: + - "{{ iag_install_dir }}/venv/lib/python{{ python_version }}/site-packages/automation_gateway/integrations/roles" + +# Path(s) to customized roles that extend device support of the Itential roles found in the release, i.e., itential_cli, itential_get_config. +#extended_device_role_path: +#This is a sample path to roles that extend device support + #- "{{ iag_install_dir }}/venv/lib/python{{ python_version }}/site-packages/automation_gateway/integrations/extensible_device_roles" + +# Discovery behavior for Ansible playbooks. Determines whether or not to +# recursively search the directories found in the 'playbook_path' parameter, or +# to only search those directories and no deeper. (default=true if absent/misconfigured) +playbook_recursive: true + +# Path(s) to the Ansible playbooks that should be discovered by Automation Gateway and appended to Ansible's execution environment. +playbook_path: + - "{{ iag_install_dir }}/venv/lib/python{{ python_version }}/site-packages/automation_gateway/integrations/playbooks" + +################# +# HTTP_Requests # +################# + +# A boolean flag that enables HTTP_Requests support (default=true if absent/misconfigured). +http_requests_enabled: {{ iag_enable_httpreq }} + +########### +# NETCONF # +########### + +# A boolean flag that enables Netconf support (default=false if absent/misconfigured). +netconf_enabled: {{ iag_enable_netconf }} + +########### +# Netmiko # +########### + +# A boolean flag that enables Netmiko support (default=false if absent/misconfigured). +netmiko_enabled: {{ iag_enable_netmiko }} + +########## +# Nornir # +########## + +# A boolean flag that enables Nornir support (default=false if absent/misconfigured). +nornir_enabled: {{ iag_enable_nornir }} + +# Path to the Nornir configuration file. +# A valid file will allows the use of Nornir External inventory. +nornir_config_file: '{{ iag_install_dir }}/nornir/config.yml' + +# Discovery behavior for Nornir modules. Determines whether or not to +# recursively search the directories found in the 'nornir_module_path' parameter, or +# to only search those directories and no deeper. (default=true if absent/misconfigured) +nornir_module_recursive: true + +# Path(s) to the Nornir modules that should be discovered by Automation Gateway. +nornir_module_path: + # Default location for custom content per the setup script + - '{{ iag_install_dir }}/nornir/modules' + +########### +# Scripts # +########### + +# A boolean flag that enables Scripts support (default=true if absent/misconfigured). +scripts_enabled: {{ iag_enable_scripts }} + +# Discovery behavior for standalone scripts. Determines whether or not to +# recursively search the directories found in the 'script_path' parameter, or +# to only search those directories and no deeper. (default=true if absent/misconfigured) +script_recursive: true + +# Path(s) to the standalone scripts that should be discovered by Automation Gateway. +script_path: + - "{{ iag_install_dir }}/scripts" + +################ +# Python Venvs # +################ + +# Enable python venv support +python_venv_enabled: {{ iag_enable_python_venv }} + +# Paths to python venvs for use in scripts +python_venv_paths: + - "{{ iag_install_dir }}/venvs/" + +################## +# GRPC gNMI/gNOI # +################## + +# Grpc requires grpcio and pygnmi to be installed +grpc_enabled: {{ iag_enable_grpc }} + +############# +# Terraform # +############# + +# A boolean flag that enables Terraform support (default=false if absent/misconfigured). +terraform_enabled: false + +# Discovery behavior for Terraform modules. Determines whether or not to +# recursively search the directories found in the 'terraform_path' parameter, or +# to only search those directories and no deeper. (default=true if absent/misconfigured) +terraform_recursive: true + +# Path(s) to the Terraform modules that should be discovered by Automation Gateway. +terraform_path: + # Default location for custom content per the setup script + - '/usr/share/automation-gateway/terraform' + # Legacy path for backwards compatibility + - '/usr/share/automation-gateway/terraform/scripts' + +################### +# Hashicorp Vault # +################### + +# A flag that enables Hashicorp Vault support. (default=false if absent/misconfigured) +vault_enabled: false + +# The URL to the Hashicorp Vault server. +#vault_server: "https://localhost:8200" + +# The mount point on which the Hashicorp Vault KV-V2 secret engine is enabled. +#vault_mount_point: secret + +# The path to a file containing the vault access token used by the AG Server for +# Hashicorp Vault operations. The file should be secured with 0400 permissions. +#vault_access_token: "{{ iag_install_dir }}/conf/.vault_token_file" + +# A flag that enables TLS certificate verification when sending reqests to the Hashicorp +# Vault Server. (default=false if absent/misconfigured) +#vault_cert_verification: false + +# The path to a CA (Certificate Authority) file. This file is used to perform TLS certificate +# verification when sending requests to a Hashicorp Vault Server configured with a self-signed +# certificate. This parameter is not required when sending requests to a Hashicorp Vault Server +# configured with a certificate signed by a trusted authority. +#vault_ca_file: "{{ iag_install_dir }}/conf/certs/cert.pem" + +# The path to a client certificate PEM file used for performing TLS authentication of the AG +# vault client with the Hashicorp Vault Server. Both a client certificate file and a key file +# must be configured for TLS authentication to be utilized. +#vault_client_cert_file: "{{ iag_install_dir }}/conf/certs/cert.pem" + +# The path to a client key PEM file used for performing TLS authentication of the AG vault +# client with the Hashicorp Vault Server. Both a client certificate file and a key file +# must be configured for TLS authentication to be utilized. +#vault_client_key_file: "{{ iag_install_dir }}/conf/certs/key.pem" + +################### +# Git Integration # +################### + +git_enabled: {{ iag_enable_git }} + +# The parent folder to use for ssh key storage. +git_key_path: {{ iag_install_dir }}/ssh/ + +# The parent path for all git repositories added via Git Integration +git_repo_path: {{ iag_install_dir }}/repos/ + +# If you do not specify a git_exec path we will look for the first +# git executable in the environment. +# git_exec: /usr/local/bin/git + +# Strict host key checking +# +git_strict_host_check: false \ No newline at end of file diff --git a/roles/gateway/vars/2023.3-redhat-8.yml b/roles/gateway/vars/2023.3-redhat-8.yml new file mode 100644 index 0000000..4012d89 --- /dev/null +++ b/roles/gateway/vars/2023.3-redhat-8.yml @@ -0,0 +1,40 @@ +# Copyright (c) 2024, Itential, Inc +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) +--- +gateway_packages: + - gcc-c++ + - make + - sqlite-devel + +python_version: 3.9 +python_executable: "/usr/bin/python{{ python_version }}" +pip_executable: "/usr/bin/pip{{ python_version }}" + +python_packages: + - python39 + - python39-pip + - python39-devel + - python-rpm-macros + - python3-pyparsing + - python3-rpm-generators + - python3-rpm-macros + +base_python_dependencies: + - pip==23.3.2 + - setuptools==69.0.3 + - wheel==0.42.0 + +app_python_dependencies: + - ansible-pylibssh==1.1.0 + - flask-ldap3-login==0.9.18 + - grpcio==1.53.0 + - hvac==1.0.2 + - ldap3==2.9.1 + - ncclient==0.6.10 + - netmiko==4.1.2 + - nornir==3.3.0 + - nornir-netmiko==0.2.0 + - nornir-utils==0.2.0 + - pygnmi==0.8.9 + +iag_ansible_version: ansible==7.7.0 diff --git a/roles/gateway/vars/2023.3-redhat-9.yml b/roles/gateway/vars/2023.3-redhat-9.yml new file mode 100644 index 0000000..6df5224 --- /dev/null +++ b/roles/gateway/vars/2023.3-redhat-9.yml @@ -0,0 +1,35 @@ +# Copyright (c) 2024, Itential, Inc +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) +--- +gateway_packages: + - gcc-c++ + - make + +python_version: 3.9 +python_executable: "/usr/bin/python{{ python_version }}" +pip_executable: "/usr/bin/pip{{ python_version }}" + +python_packages: + - python3 + - python3-pip + - python3-devel + +base_python_dependencies: + - pip==24.0 + - setuptools==69.0.3 + - wheel==0.42.0 + +app_python_dependencies: + - ansible-pylibssh==1.1.0 + - flask-ldap3-login==0.9.18 + - grpcio==1.53.0 + - hvac==1.0.2 + - ldap3==2.9.1 + - ncclient==0.6.10 + - netmiko==4.1.2 + - nornir==3.3.0 + - nornir-netmiko==0.2.0 + - nornir-utils==0.2.0 + - pygnmi==0.8.9 + +iag_ansible_version: ansible==7.7.0 diff --git a/roles/gateway/vars/2023.3-rocky-8.yml b/roles/gateway/vars/2023.3-rocky-8.yml new file mode 100644 index 0000000..4012d89 --- /dev/null +++ b/roles/gateway/vars/2023.3-rocky-8.yml @@ -0,0 +1,40 @@ +# Copyright (c) 2024, Itential, Inc +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) +--- +gateway_packages: + - gcc-c++ + - make + - sqlite-devel + +python_version: 3.9 +python_executable: "/usr/bin/python{{ python_version }}" +pip_executable: "/usr/bin/pip{{ python_version }}" + +python_packages: + - python39 + - python39-pip + - python39-devel + - python-rpm-macros + - python3-pyparsing + - python3-rpm-generators + - python3-rpm-macros + +base_python_dependencies: + - pip==23.3.2 + - setuptools==69.0.3 + - wheel==0.42.0 + +app_python_dependencies: + - ansible-pylibssh==1.1.0 + - flask-ldap3-login==0.9.18 + - grpcio==1.53.0 + - hvac==1.0.2 + - ldap3==2.9.1 + - ncclient==0.6.10 + - netmiko==4.1.2 + - nornir==3.3.0 + - nornir-netmiko==0.2.0 + - nornir-utils==0.2.0 + - pygnmi==0.8.9 + +iag_ansible_version: ansible==7.7.0 diff --git a/roles/gateway/vars/2023.3-rocky-9.yml b/roles/gateway/vars/2023.3-rocky-9.yml new file mode 100644 index 0000000..6df5224 --- /dev/null +++ b/roles/gateway/vars/2023.3-rocky-9.yml @@ -0,0 +1,35 @@ +# Copyright (c) 2024, Itential, Inc +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) +--- +gateway_packages: + - gcc-c++ + - make + +python_version: 3.9 +python_executable: "/usr/bin/python{{ python_version }}" +pip_executable: "/usr/bin/pip{{ python_version }}" + +python_packages: + - python3 + - python3-pip + - python3-devel + +base_python_dependencies: + - pip==24.0 + - setuptools==69.0.3 + - wheel==0.42.0 + +app_python_dependencies: + - ansible-pylibssh==1.1.0 + - flask-ldap3-login==0.9.18 + - grpcio==1.53.0 + - hvac==1.0.2 + - ldap3==2.9.1 + - ncclient==0.6.10 + - netmiko==4.1.2 + - nornir==3.3.0 + - nornir-netmiko==0.2.0 + - nornir-utils==0.2.0 + - pygnmi==0.8.9 + +iag_ansible_version: ansible==7.7.0