A bunch of Jinja2 templates and YAML object files to output YANG in NETCONF compatible XML ACL rules.
Based on the current ietf YANG model draft
- ACL Template - A collection of services, description and target hosts.
- SACP - Service Access Control Policy. YAML mappings containing a list of rules and the owner of the service.
- Rules - YAML mappings containing a rule definition, including source/destination IPs and ports and the action.
- Objects - YAML mappings of common host/network/ip variables. Can be recursive using Jinja2 variable syntax.
- Ruleset - A compiled access list in YAML format still containing Jinja2 variables referencing objects.
- Compiled ACL - The end result, as either CLI configuration or YANG XML, generated by an Ansible playbook and Jinja2 templates.
- Templates - The Jinja2 template files that convert a compiled ACL in to either CLI compatible config, or NETCONF compatible XML.
Step 1:
Update definition files in:
./objects/ - Any object variables
./rules/ - ACL rule definitions
./services/ - Service definitions containing the above rule definitions
./ACL_templates/ - An ACL template containing multiple services
Note: Any new object files added need to be included in the playbook.yml
Step 2:
Generate an ACL.yaml template file with:
./tools/generateRuleset.py <ruleset>
Step 3:
Edit example_playbook.yaml
to reference the appropriate objects and ACL file.
Run:
ansible-playbook -i hosts example_playbook.yaml
-
/tools/SRtoYAML.py - Feed it an SROS/TiMOS ACL configlet and some YAML object definitions it'll spit out YAML that we can consume
-
/tools/yamilfy.py - Consumes legacy World of ACL object files and spits out YAML object definitions for use above
-
/tools/netconf-tool.py - A small script to interact with a device via NETCONF