Backup von Cisco Geräten via Ansible

/ Allgemein, Ansible, Cisco, IT / Von

Beschrieben wird wird das Netzwerkbackup unter Debian 12.11.

Installation Ansible

apt install ansible

Installation Ansible Collection

ansible-galaxy collection install cisco.ios cisco.asa ansible.netcommon

Verzeichnisstruktur anlegen

backup-config/
├── inventory.yml

├── files/
├── backup_config.yml
└── group_vars/
└── all.yml

inventory.yml

all:
  children:
    ios_switches:
      hosts:
        nsw2:
          ansible_host: 192.168.160.1
    nexus_switches:
      hosts:
        nsw21:
          ansible_host: 192.168.18.21
        nsw22:
          ansible_host: 192.168.18.22
        nsw13:
          ansible_host: 192.168.210.123
        nsw14:
          ansible_host: 192.168.210.124
        nsw11:
          ansible_host: 192.168.210.121
    asa_firewalls:
      hosts:
        nfw1:
          ansible_host: 192.168.0.1

   

group_vars/ios_switches.yml
ansible_network_os: cisco.ios.ios
ansible_become_password: secure_password


group_vars/asa_firewalls.yml
ansible_network_os: cisco.asa.asa

group_vars/nexus_switches.yml

ansible_network_os: cisco.ios.ios

backup_config.yml

---
- name: Backup Cisco IOS Switch Config
  hosts: ios_switches
  gather_facts: no
  become: true
  become_method: enable
  tasks:
    - name: Get Timestamp
      command: date +%Y%m%d-%H-%M-%S
      register: timestamp
    - name: Backup running config
      ios_config:
        backup: yes
        backup_options:
          #filename: "{{ inventory_hostname }}-{{ timestamp.stdout }}.cfg"
          filename: "{{ inventory_hostname }}.cfg"
          dir_path: "/opt/backup-config/files/netzwerk/switches"

- name: Backup Cisco Nexus Switch Config
  hosts: nexus_switches
  gather_facts: no
  tasks:
    - name: Get Timestamp
      command: date +%Y%m%d-%H-%M-%S
      register: timestamp
    - name: Backup running config
      ios_config:
        backup: yes
        backup_options:
          #filename: "{{ inventory_hostname }}-{{ timestamp.stdout }}.cfg"
          filename: "{{ inventory_hostname }}.cfg"
          dir_path: "/opt/backup-config/files/netzwerk/switches"

- name: Backup Cisco ASA Firewall
  hosts: asa_firewalls
  gather_facts: no
  tasks:
    - name: Get Timestamp
      command: date +%Y%m%d-%H-%M-%S
      register: timestamp
    - name: Backup running config
      ios_config:
        backup: yes
        backup_options:
          #filename: "{{ inventory_hostname }}-{{ timestamp.stdout }}.cfg"
          filename: "{{ inventory_hostname }}.cfg"
          dir_path: "/opt/backup-config/files/netzwerk/firewalls"

- name: Check files into Gitea via HTTPS + Token
  hosts: localhost
  vars:
    gitea_domain: "git.local.de"
    repo_name: "netzwerk"
    repo_user: "user"
    gitea_user: "user"
    gitea_token: "0f5ac0dab834fef0f10e65670f3f89145f5f330e"
    repo_url: "https://{{ gitea_user }}:{{ gitea_token }}@{{ gitea_domain }}/{{ repo_user }}/{{ repo_name }}.git"
    repo_dest: "/opt/backup-config/files/{{ repo_name }}"
    git_branch: "master"
    commit_msg: "Automated commit via Ansible"
    files_to_add:
      - { src: "firewalls/nfw1.cfg", dest: "nfw1.cfg" }
      - { src: "switches/nsw13.cfg", dest: "nsw13.cfg" }
      - { src: "switches/nsw14.cfg", dest: "nsw14.cfg" }
      - { src: "switches/nsw21.cfg", dest: "nsw21.cfg" }
      - { src: "switches/nsw22.cfg", dest: "nsw22.cfg" }
      - { src: "switches/nsw2.cfg", dest: "nsw2.cfg" }
      - { src: "switches/nsw11.cfg", dest: "nsw11.cfg" }

  tasks:
    - name: Ensure git is installed
      ansible.builtin.package:
        name: git
        state: present
    - name: Check if Git repo already exists
      ansible.builtin.stat:
        path: "{{ repo_dest }}/.git"
      register: git_repo_present

    - name: Check for uncommitted changes
      ansible.builtin.command: git status --porcelain
      args:
        chdir: "{{ repo_dest }}"
      register: git_status
      when: git_repo_present.stat.exists

    - name: Add all changes (tracked und neue Dateien)
      ansible.builtin.command: git add .
      args:
        chdir: "{{ repo_dest }}"
      when: git_status.stdout != ""

    - name: Commit changes (falls etwas zum Commit vorhanden ist)
      ansible.builtin.command: >
        bash -c "git diff --cached --quiet || git commit -m 'Auto-commit uncommitted changes before Ansible sync'"
      args:
        chdir: "{{ repo_dest }}"
      when: git_status.stdout != ""

    - name: Push changes to Gitea
      ansible.builtin.command: git push origin {{ git_branch }}
      args:
        chdir: "{{ repo_dest }}"
      when: git_status.stdout != ""

    - name: Clone Gitea repository (HTTPS with token)
      ansible.builtin.git:
        repo: "{{ repo_url }}"
        dest: "{{ repo_dest }}"
        version: "{{ git_branch }}"
        update: yes

    - name: Copy files into repository
      ansible.builtin.copy:
        src: "{{ item.src }}"
        dest: "{{ repo_dest }}/{{ item.dest }}"
      loop: "{{ files_to_add }}"

    - name: Git add files
      ansible.builtin.command:
        cmd: "git add {{ item.dest }}"
        chdir: "{{ repo_dest }}"
      loop: "{{ files_to_add }}"

    - name: Git commit changes
      ansible.builtin.command:
        cmd: "git commit -m '{{ commit_msg }}'"
        chdir: "{{ repo_dest }}"
      register: git_commit
      failed_when: git_commit.rc != 0 and "'nothing to commit'" not in git_commit.stderr

    - name: Git push to Gitea
      ansible.builtin.command:
        cmd: "git push origin {{ git_branch }}"
        chdir: "{{ repo_dest }}"