Saturday, December 13, 2014

Manage OpenWRT devices with Ansible


Manage OpenWRT devices with Ansible

I'm tired to ssh to multiple devices to type the sames commands over and over, so I decided to implement a configuration management tool.

There are a lot of tools out there like Puppet, Chef, Ansible, Salt, ... but I liked a simple one and that doesn't require to install agents on devices because of OpenWRT and network devices. Thus, I choose ansible.

Ansible installation is straight forward and well documented .

Public key authentication

I don't want to use passwords so I need to set up public key authentication, for servers you can follow this guide and use:

root@bastille1:/# ssh-copy-id user@server1.home

but you need to do an extra step for OpenWRT devices because they have dropbear instead of OpenSSH. Otherwise, you can do it with the next command

cat .ssh/ | ssh root@wrtdevice.home 'cat > /etc/dropbear/authorized_keys && chmod 600 /etc/dropbear/authorized_keys'

It's important to have the right permissions so public-key authentication could work.

Ansible configuration

OpenWRT devices don't have an sftp serve so you need to modify the file /etc/ansible/ansible.cfg to use scp instead:

scp_if_ssh = True

OpenWRT devices uses to have low flash memory and python is not installed on them, so we need to use the raw module, as you can see in the module description

Another is speaking to any devices such as routers that do not have any Python installed. In any other case, using the shellor command module is much more appropriate. Arguments given to raw are run directly through the configured remote shell. Standard output, error output and return code are returned when available. There is no change handler support for this module. This module does not require python on the remote system, much like the script module.

Now I can start to use Ansible playbooks

root@bastille1:~# ansible wrt1.home -m raw -v -a 'ls /etc' -u root
wrt1.home | success | rc=0 >>