Skip to content

Latest commit

 

History

History
328 lines (254 loc) · 19.3 KB

README.md

File metadata and controls

328 lines (254 loc) · 19.3 KB

ubnt_platform_mgmt - UBNT Platform Management Ansible Roll


An ansible role for managing and providing advanced configuration of UBNT EdgeMAX and UniFI Network Devices.

Description


After doing some research I realized there's a bunch fo scattered material for automating management and taking advantage of the functionatly of these great network devices. The goal is to consolidate that information and simplify the extension of the core platform to enable things like LetsEncrypt, Easy OpenVPN Connectivity, OSPF, MPLS and Other Advanced Configures.

Features


A list features based on the research included here I'm hoping to implement.

Feature Ansible UniFI CloudKey USG4P USG EdgeRouterX
unifi_controller_facts ansible library *
Install SSH Keys ansible role untested tested tested tested
SSH No Passwd Auth task
LetsEncrypt task
Get EdgeSwitch Config template n/a n/a n/a untested
AWS Route53 DNS Update task Untested n/a n/a n/a

Requirements


Role Variables


Install SSH Authorized Keys

Provide the location for the SSH keys that will be installed for SSH key based authentication to the ubnt device.

ubnt_ssh_authorized_key: ~/.ssh/id_ed25519.pub

AWS Route53 DNS Update

AWS Credentials and additional information needed for updating Route53 information. This is currently untested.

Example Variables:

aws_access_key_id: < AWS_ACCESS_KEY_ID >
aws_secret_access_key: < AWS_SECRET_ACCESS_KEY >
aws_route53_domain: pouliot.net
aws_route53_network: 192.168.1.0/24
aws_route53_syslog_facility: local7
aws_route53_exclude_host: nothisone.pouliot.net

Get EdgeSwitch Config

Script template to get ERX config.

Cloudflared on Unifi/EdgeRouter Devices

Building Cloudflared for Unifi USG

docker run \
  --rm \
  -v ${PWD}:/usr/src/myapp \
  -w /usr/src/myapp \
  -e GOOS=linux \
  -e GOARCH=mips64 \
  golang bash -c "go get -v github.com/cloudflare/cloudflared/cmd/cloudflared ; GOOS=linux GOARCH=mips64 go build -ldflags='-s -w' -v -x github.com/cloudflare/cloudflared/cmd/cloudflared "

Building Cloudflared for Unifi EdgeRouterX

docker run \
  --rm \
  -v ${PWD}:/usr/src/myapp \
  -w /usr/src/myapp \
  -e GOOS=linux \
  -e GOARCH=mipsle \
  golang bash -c "go get -v github.com/cloudflare/cloudflared/cmd/cloudflared ; GOOS=linux GOARCH=mipsle go build -ldflags='-s -w' -v -x github.com/cloudflare/cloudflared/cmd/cloudflared"

Pixiecore on Unifi/Edgerouter Devices

Building Pixiecore for Unifi USG

docker run \
  --rm \
  -v ${PWD}:/usr/src/myapp \
  -w /usr/src/myapp \
  -e GOOS=linux \
  -e GOARCH=mips64 \
  golang bash -c "go get -v go.universe.tf/netboot/cmd/pixiecore ; GOOS=linux GOARCH=mips64 go build -ldflags='-s -w' -v -x go.universe.tf/netboot/cmd/pixiecore"

Building Pixiecore for Unifi EdgeRouterX

docker run \
  --rm \
  -v ${PWD}:/usr/src/myapp \
  -w /usr/src/myapp \
  -e GOOS=linux \
  -e GOARCH=mipsle \
  golang bash -c "go get -v go.universe.tf/netboot/cmd/pixiecore ; GOOS=linux GOARCH=mipsle go build -ldflags='-s -w' -v -x go.universe.tf/netboot/cmd/pixiecore"

Example Playbook

Here is a non-working example of typical usage.

- hosts: localhost
  gather_facts: True
  roles:
    - ppouliot.ubnt_platform_mgmt

Resources

Security

VPN

Routing

Cloud DNS

API

Captive Portal/Wifi Addons

Scripts

surveillance tools

Backup

Monitoring, Alerting & Logging

Configuration examples & Documentation

PiHole Integration

Unifi Data Sheets

Napalm

Troubleshooting

Sonos

Camera's

Multiple Unifi Doorbell Wiring Diagram

Contributors


Copyright and License


Copyright (C) 2018 Peter J. Pouliot

Peter Pouliot can be contacted at: peter@pouliot.net

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.