ansible · jce-redhat · Sep 18, 2024 · Aug 28, 2024 · Aug 28, 2024 · Aug 28, 2024
diff --git a/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml b/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml
@@ -6,32 +6,34 @@
     mode: "0755"
 
 - name: Create HTML report
+  check_mode: false
   ansible.builtin.template:
     src: report.j2
     dest: "{{ file_path }}/network.html"
     mode: "0644"
-  check_mode: false
 
 - name: Copy CSS over
+  check_mode: false
   ansible.builtin.copy:
     src: "css"
     dest: "{{ file_path }}"
     directory_mode: true
     mode: "0775"
-  check_mode: false
 
 - name: Copy logos over
-  ansible.builtin.copy:
-    src: "{{ item }}"
-    dest: "{{ file_path }}"
-    directory_mode: true
-    mode: "0644"
   loop:
     - "webpage_logo.png"
     - "redhat-ansible-logo.svg"
     - "router.png"
+  loop_control:
+    loop_var: logo
   check_mode: false
+  ansible.builtin.copy:
+    src: "{{ logo }}"
+    dest: "{{ file_path }}"
+    directory_mode: true
+    mode: "0644"
 
-# - name: Display link to Linux patch report
-#   ansible.builtin.debug:
-#     msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/network.html"
+- name: Display link to Linux patch report
+  ansible.builtin.debug:
+    msg: "Please go to http://{{ hostvars[report_server]['ansible_host'] }}/reports/network.html"
diff --git a/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml b/collections/ansible_collections/demo/patching/roles/report_server/tasks/apache.yml
@@ -2,14 +2,6 @@
 - name: Include system variables
   ansible.builtin.include_vars: "{{ ansible_system }}.yml"
 
-- name: Permit traffic in default zone for http service
-  ansible.posix.firewalld:
-    service: http
-    permanent: true
-    state: enabled
-    immediate: true
-  check_mode: false
-
 - name: Install httpd package
   ansible.builtin.yum:
     name: httpd
@@ -30,8 +22,10 @@
     mode: "0644"
   check_mode: false
 
-- name: Install httpd service
+- name: Start httpd service
   ansible.builtin.service:
     name: httpd
     state: started
   check_mode: false
+
+...
diff --git a/network/README.md b/network/README.md
@@ -18,12 +18,15 @@ These demos leverage playbooks from a [git repo](https://github.com/nleiva/ansib
 
 ### Inventory
 
-These demos leverage "always-on" instances for Cisco IOS, IOSXR, and NXOS from [Cisco DevNet Sandboxes](https://developer.cisco.com/docs/sandbox/#!getting-started/always-on-sandboxes). These instances are shared and do not provide admin access but they are instantly avaible all the time meaning not setup time is required.
+These demos leverage "always-on" instances for Cisco IOS, IOSXR, and NXOS from [Cisco DevNet Sandboxes](https://developer.cisco.com/docs/sandbox/#!getting-started/always-on-sandboxes). These instances are shared and do not provide admin access but they are instantly avaible all the time meaning no setup time is required.
 
-A **`Network Inventory`** is created when setting up these demos and a dynamic source is added to populate the Always-On instances. Review the inventory file [here](https://github.com/nleiva/ansible-net-modules/blob/main/hosts).
+A **`Demo Inventory`** is created when setting up these demos and a dynamic source is added to populate the Always-On instances. Review the inventory file [here](https://github.com/nleiva/ansible-net-modules/blob/main/hosts).  Demo Inventory is the default inventory for **`Product Demos`**.
 
 ## Suggested Usage
 
+**NETWORK / Report** - Use this job to gather facts from Cisco Network devices and create a report with information about the device such as code version, along with configuration information about layers 1, 2, and 3.  This shows how Ansible can be used to gather facts and build reports.  Generating html pages is just one potential output.  This information can be used in a number of ways, such as integration with different network management tools.
+  - to run this you will first need to run the **`Deploy Cloud Stack in AWS`** job template to deploy the report server.  This will ask you for an SSH public key.  After running this playbook, you will need to add the SSH private key to the **`Demo Credential`** before you can run the report, so it can connect to the report server.
+
 **NETWORK / Configuration** - Use this job to execute different [Ansible Network Resource Modules](https://docs.ansible.com/ansible/latest/network/user_guide/network_resource_modules.html) to deploy golden configs. Below is a list of the different resources the can be configured with a link to their golden config.
   - [acls](https://github.com/nleiva/ansible-net-modules/blob/main/acls.cfg)
   - [banner](https://github.com/nleiva/ansible-net-modules/blob/main/banner.cfg)
@@ -36,3 +39,41 @@ A **`Network Inventory`** is created when setting up these demos and a dynamic s
   - [prefix_lists](https://github.com/nleiva/ansible-net-modules/blob/main/prefix_lists.cfg)
   - [snmp](https://github.com/nleiva/ansible-net-modules/blob/main/snmp.cfg)
   - [user](https://github.com/nleiva/ansible-net-modules/blob/main/user.cfg)
+
+**NETWORK / DISA STIG** - Use this job to run the DISA STIG role (in check mode) and show how Ansible can be used for configuration compliance of network devices.  Click into tasks to see what is changed for each compliance rule, i.e.:
+{
+  "changed": true,
+  "warnings": [
+    "To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device"
+  ],
+  "commands": [
+    "ip http max-connections 2"
+  ],
+  "updates": [
+    "ip http max-connections 2"
+  ],
+  "banners": {},
+  "invocation": {
+    "module_args": {
+      "defaults": true,
+      "lines": [
+        "ip http max-connections 2"
+      ],
+      "match": "line",
+      "replace": "line",
+      "multiline_delimiter": "@",
+      "backup": false,
+      "save_when": "never",
+      "src": null,
+      "parents": null,
+      "before": null,
+      "after": null,
+      "running_config": null,
+      "intended_config": null,
+      "backup_options": null,
+      "diff_against": null,
+      "diff_ignore_lines": null
+    }
+  },
+  "_ansible_no_log": false
+}
diff --git a/network/report.yml b/network/report.yml
@@ -21,16 +21,12 @@
       when: ansible_network_os == 'cisco.nxos.nxos'
 
     - name: Gather all network resource and minimal legacy facts [Cisco IOS XR]
+      ignore_errors: true
       cisco.iosxr.iosxr_facts:
         gather_subset: min
         gather_network_resources: all
       when: ansible_network_os == 'cisco.iosxr.iosxr'
 
-#   # The dig lookup requires the python 'dnspython' library
-#   - name: Resolve IP address
-#     ansible.builtin.set_fact:
-#       ansible_host: "{{ lookup('community.general.dig', inventory_hostname)}}"
-
 - name: Create network reports
   hosts: "{{ report_server }}"
   become: true

diff --git a/network/setup.yml b/network/setup.yml
@@ -15,28 +15,21 @@ controller_projects:
     default_environment: Networking Execution Environment
 
 controller_inventories:
-  - name: Network Inventory
+  - name: Demo Inventory
     organization: Default
 
 controller_inventory_sources:
   - name: DevNet always-on sandboxes
     source: scm
-    inventory: Network Inventory
+    inventory: Demo Inventory
     overwrite: true
     source_project: Network Golden Configs
     source_path: hosts
 
-controller_hosts:
-  - name: node1
-    inventory: Network Inventory
-    variables:
-      ansible_user: rhel
-      ansible_host: node1
-
 controller_templates:
   - name: NETWORK / Configuration
     organization: Default
-    inventory: Network Inventory
+    inventory: Demo Inventory
     survey_enabled: true
     project: Network Golden Configs
     playbook: main.yml
@@ -70,7 +63,7 @@ controller_templates:
   - name: "NETWORK / Report"
     job_type: check
     organization: Default
-    inventory: Network Inventory
+    inventory: Demo Inventory
     project: "Ansible official demo project"
     playbook: "network/report.yml"
     notification_templates_started: Telemetry
@@ -99,7 +92,7 @@ controller_templates:
   - name: "NETWORK / DISA STIG"
     job_type: check
     organization: Default
-    inventory: Network Inventory
+    inventory: Demo Inventory
     project: "Ansible official demo project"
     playbook: "network/compliance.yml"
     notification_templates_started: Telemetry