Add some docs

doc/commands.cli

@@ -0,0 +1,91 @@
+set cli config-output-format set
+set cli scripting-mode on
+configure
+set network interface ethernet ethernet1/1 layer3 ndp-proxy enabled no
+set network interface ethernet ethernet1/1 layer3 ip 10.163.2.20/24
+set network interface ethernet ethernet1/1 layer3 lldp enable no
+set network interface ethernet ethernet1/1 layer3 interface-management-profile NP_IM_INTERNAL
+set network interface ethernet ethernet1/1 comment "internal network"
+set network interface ethernet ethernet1/2 layer3 ndp-proxy enabled no
+set network interface ethernet ethernet1/2 layer3 lldp enable no
+set network interface ethernet ethernet1/2 layer3 interface-management-profile NP_IM_EXTERNAL
+set network interface ethernet ethernet1/2 layer3 ip 10.163.3.20/24
+set network interface ethernet ethernet1/2 comment "external network"
+set network profiles monitor-profile default interval 3
+set network profiles monitor-profile default threshold 5
+set network profiles monitor-profile default action wait-recover
+set network profiles interface-management-profile NP_IM_INTERNAL http no
+set network profiles interface-management-profile NP_IM_INTERNAL https yes
+set network profiles interface-management-profile NP_IM_INTERNAL ssh yes
+set network profiles interface-management-profile NP_IM_INTERNAL ping yes
+set network profiles interface-management-profile NP_IM_INTERNAL telnet no
+set network profiles interface-management-profile NP_IM_EXTERNAL http no
+set network profiles interface-management-profile NP_IM_EXTERNAL https no
+set network profiles interface-management-profile NP_IM_EXTERNAL ssh yes
+set network profiles interface-management-profile NP_IM_EXTERNAL ping yes
+set network profiles interface-management-profile NP_IM_EXTERNAL telnet no
+set network virtual-router VR_EXTERNAL ecmp algorithm ip-modulo
+set network virtual-router VR_EXTERNAL protocol bgp enable no
+set network virtual-router VR_EXTERNAL protocol bgp routing-options graceful-restart enable yes
+set network virtual-router VR_EXTERNAL protocol rip enable no
+set network virtual-router VR_EXTERNAL protocol ospf enable no
+set network virtual-router VR_EXTERNAL protocol ospfv3 enable no
+set network virtual-router VR_EXTERNAL interface ethernet1/2
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_DEFAULT destination 0.0.0.0/0
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_DEFAULT interface ethernet1/2
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_DEFAULT nexthop ip-address 10.163.3.1
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_172.16.0.0_12 destination 172.16.0.0/12
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_172.16.0.0_12 interface ethernet1/2
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_172.16.0.0_12 nexthop next-vr VR_INTERNAL
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_192.168.0.0_16 destination 192.168.0.0/16
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_192.168.0.0_16 interface ethernet1/2
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_192.168.0.0_16 nexthop next-vr VR_INTERNAL
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_10.0.0.0_8 destination 10.0.0.0/8
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_10.0.0.0_8 interface ethernet1/2
+set network virtual-router VR_EXTERNAL routing-table ip static-route SR_10.0.0.0_8 nexthop next-vr VR_INTERNAL
+set network virtual-router VR_INTERNAL ecmp algorithm ip-modulo
+set network virtual-router VR_INTERNAL protocol bgp enable no
+set network virtual-router VR_INTERNAL protocol bgp routing-options graceful-restart enable yes
+set network virtual-router VR_INTERNAL protocol rip enable no
+set network virtual-router VR_INTERNAL protocol ospf enable no
+set network virtual-router VR_INTERNAL protocol ospfv3 enable no
+set network virtual-router VR_INTERNAL interface ethernet1/1
+set network virtual-router VR_INTERNAL routing-table ip static-route SR_DEFAULT destination 0.0.0.0/0
+set network virtual-router VR_INTERNAL routing-table ip static-route SR_DEFAULT interface ethernet1/1
+set network virtual-router VR_INTERNAL routing-table ip static-route SR_DEFAULT nexthop ip-address 10.163.2.1
+set deviceconfig system type dhcp-client send-hostname yes
+set deviceconfig system type dhcp-client send-client-id no
+set deviceconfig system type dhcp-client accept-dhcp-hostname no
+set deviceconfig system type dhcp-client accept-dhcp-domain no
+set deviceconfig system update-server updates.paloaltonetworks.com
+set deviceconfig system update-schedule threats recurring weekly day-of-week wednesday
+set deviceconfig system update-schedule threats recurring weekly at 01:02
+set deviceconfig system update-schedule threats recurring weekly action download-only
+set deviceconfig system timezone Canada/Eastern
+set deviceconfig system service disable-telnet yes
+set deviceconfig system service disable-http yes
+set deviceconfig system hostname fwazrcchp02
+set deviceconfig system domain gazmet.com
+set deviceconfig system ntp-servers primary-ntp-server ntp-server-address timedmz1.gazmet.com
+set deviceconfig system ntp-servers primary-ntp-server authentication-type none
+set deviceconfig system ntp-servers secondary-ntp-server ntp-server-address timedmz2.gazmet.com
+set deviceconfig system ntp-servers secondary-ntp-server authentication-type none
+set deviceconfig system dns-setting servers primary 10.68.1.74
+set deviceconfig system dns-setting servers secondary 10.16.50.19
+set deviceconfig setting config rematch yes
+set deviceconfig system panorama local-panorama panorama-server avmtl-panorama-p001.gazmet.com
+set deviceconfig setting management hostname-type-in-syslog FQDN
+set deviceconfig setting management initcfg type dhcp-client send-hostname yes
+set deviceconfig setting management initcfg type dhcp-client send-client-id no
+set deviceconfig setting management initcfg type dhcp-client accept-dhcp-hostname no
+set deviceconfig setting management initcfg type dhcp-client accept-dhcp-domain no
+set deviceconfig setting management initcfg hostname fwazrcchp02
+set deviceconfig setting management initcfg username master
+set deviceconfig setting management initcfg public-key c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FDdUNmSWJzaXhpOWVXUUs1TnhFYmRmcTRPeCtEb1kvL2tQWHpHazZuTjN3THl5cVBhWEo4cG9lR2hlcmVRamE0TUd4Sk5NVTVJU2lLeUE0T09jSWVLSzVMK2phcTRoQmJFNjUxR2Z5OEJWa3BLeWExTmpXM0R3aU8wMEt2OGplbXVjUkJ2bWJzNHVMekswajlmblFybGJNM3NVa2haSUZFZC9Pem0zbmhwNWN4ZHZRbktDY2RWYU45Mmpodk9maW5pdWJyRkRxbzJCZVpqVTBadUc0V2Fhc2s5MFBSOFpKRzVtZ3FwNGRjQitlaW8wc2tXVU85SGI2VldOejlkUGJLNHExYXpQeFBlUzJPSmJESkI0S1hCaTdpWUhteXdRRjY2Mmhma3hMV0ZSazMwMVFWMkI3VEFuQVhLbFBuRjJUcjYrS2g4blB6d2RqUmNiYUF1QUFGczZFYzU2ZVAzQlRhT1EvOUoyNkoxWXlOMGVFT2crOXRyY1NuakF0Z1lFY2dNekNYczdBZE5rcUNtRUE1a1NCS3JES09UdVM3d1M5S0FXaSszNi9PdVh2TUNWUWsvMmZBK0dFdHhQem9Hd3N5bG1NVDRXdHVHTWZLUUZ0aVdnbHdSc3RLQ0htWXRZOHdJK3o4OUJPVzVPOXA4WnRhcHMzbmhIK24yU1NQdjg5MlU9Cg==
+set mgt-config users master phash $1$hddqkagq$lajwKchF6MOvCbv589RqP.
+set mgt-config users master public-key c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FDdUNmSWJzaXhpOWVXUUs1TnhFYmRmcTRPeCtEb1kvL2tQWHpHazZuTjN3THl5cVBhWEo4cG9lR2hlcmVRamE0TUd4Sk5NVTVJU2lLeUE0T09jSWVLSzVMK2phcTRoQmJFNjUxR2Z5OEJWa3BLeWExTmpXM0R3aU8wMEt2OGplbXVjUkJ2bWJzNHVMekswajlmblFybGJNM3NVa2haSUZFZC9Pem0zbmhwNWN4ZHZRbktDY2RWYU45Mmpodk9maW5pdWJyRkRxbzJCZVpqVTBadUc0V2Fhc2s5MFBSOFpKRzVtZ3FwNGRjQitlaW8wc2tXVU85SGI2VldOejlkUGJLNHExYXpQeFBlUzJPSmJESkI0S1hCaTdpWUhteXdRRjY2Mmhma3hMV0ZSazMwMVFWMkI3VEFuQVhLbFBuRjJUcjYrS2g4blB6d2RqUmNiYUF1QUFGczZFYzU2ZVAzQlRhT1EvOUoyNkoxWXlOMGVFT2crOXRyY1NuakF0Z1lFY2dNekNYczdBZE5rcUNtRUE1a1NCS3JES09UdVM3d1M5S0FXaSszNi9PdVh2TUNWUWsvMmZBK0dFdHhQem9Hd3N5bG1NVDRXdHVHTWZLUUZ0aVdnbHdSc3RLQ0htWXRZOHdJK3o4OUJPVzVPOXA4WnRhcHMzbmhIK24yU1NQdjg5MlU9Cg==
+set mgt-config users master permissions role-based superuser yes
+set mgt-config password-complexity enabled yes
+set mgt-config password-complexity minimum-length 8
+exit
+set cli scripting-mode off

doc/en_vrac.md

@@ -0,0 +1,150 @@
+# En vrac
+
+## Availability set
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_availability_set.yml ./run.sh -vv -e "{avss: [{name: 'jdongmohub-eca1-gen-avs01', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', platform_fault_domain_count: 2, platform_update_domain_count: 2, sku: 'Aligned', state: 'present'}]}"
+```
+
+## Storage account
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_storage_account.yml ./run.sh -vv -e "{sas: [{name: 'jdongmohubeca1gensa01', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', access_tier: 'Hot', account_type: 'Standard_LRS', blob_cors: [], force_delete_nonempty: true, https_only: true, kind: 'StorageV2', state: 'present', tags: {'env': 'test', 'provisioner': 'ansible'}}]}"
+```
+
+## Log analytics workspace
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_analytics_workspace.yml ./run.sh -vv -e "{laws: [{name: 'jdongmohub-eca1-gen-ngfw-law01', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', location: 'canadacentral', retention_in_days: 90, state: 'present'}]}"
+```
+
+## sentinel
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_sentinel.yml ./run.sh -vv -e "{sentinels: [{law: {name: 'jdongmohub-eca1-gen-ngfw-law01', subscriptionid: 'd89d587d-8a3f-4e4d-ac5a-636b4aa7b5d8'}, resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', location: 'canadacentral', state: 'present'}]}"
+```
+
+## Routing table
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_routing_table.yml ./run.sh -vv -e "{rts: [{name: 'jdongmohub-eca1-gw-rt', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', disable_bgp_route_propagation: false, state: 'present'}, {name: 'jdongmohub-eca1-sub01-rt', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', state: 'present'}, {name: 'jdongmohub-eca1-sub02-rt', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', state: 'present'}]}"
+```
+
+## Network security group
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_network_security_group.yml ./run.sh -vv -e "{nsgs: [{name: 'jdongmohub-eca1-nsg01', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', purge_rules: true, rules: [{name: 'Allowtcp22', description: 'Allow incoming tcp traffic on port 22', protocol: 'Tcp', destination_port_range: 22, access: 'Allow', direction: 'Inbound', priority: 122}, {name: 'Allowtcp443', description: 'Allow incoming tcp traffic on port 443', protocol: 'Tcp', destination_port_range: 443, access: 'Allow', direction: 'Inbound', priority: 443}], state: 'present'}]}"
+```
+
+## Subnet
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_subnet.yml ./run.sh -vv -e "{subnets: [{name: 'GatewaySubnet', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', virtual_network_name: 'jdongmohub-eca1-gen-vnet01', address_prefix_cidr: '10.225.135.0/28', route_table: 'jdongmohub-eca1-gw-rt', state: 'present'}, {name: 'jdongmohub-eca1-mgt-sub01', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', virtual_network_name: 'jdongmohub-eca1-gen-vnet01', address_prefix_cidr: '10.220.135.0/28', route_table: 'jdongmohub-eca1-sub01-rt', state: 'present'}]}"
+ANSIBLE_PLAYBOOK_FILE=playbook_subnet.yml ./run.sh -vv -e "{subnets: [{name: 'jdongmohub-eca1-trust-prod-sub02', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', virtual_network_name: 'jdongmohub-eca1-gen-vnet01', address_prefix_cidr: '10.225.135.16/28', route_table: 'jdongmohub-eca1-sub02-rt', state: 'present'}]}"
+```
+```
+subnets:
+  - name: 'GatewaySubnet'
+    resource_group: 'jdongmohub-nonprod-eca1-gen-rg01'
+    virtual_network_name: 'jdongmohub-eca1-gen-vnet01'
+    address_prefix_cidr: '10.225.135.0/28'
+    route_table: 'jdongmohub-eca1-gw-rt'
+    state: 'present'
+  - name: 'jdongmohub-eca1-mgt-sub01'
+    resource_group: 'jdongmohub-nonprod-eca1-gen-rg01'
+    virtual_network_name: 'jdongmohub-eca1-gen-vnet01'
+    address_prefix_cidr: '10.220.135.0/28'
+    route_table: 'jdongmohub-eca1-sub01-rt'
+    state: 'present'
+  - name: 'jdongmohub-eca1-trust-prod-sub02'
+    resource_group: 'jdongmohub-nonprod-eca1-gen-rg01'
+    virtual_network_name: 'jdongmohub-eca1-gen-vnet01'
+    address_prefix_cidr: '10.225.135.16/28'
+    route_table: 'jdongmohub-eca1-sub02-rt'
+    state: 'present'
+  - name: 'jdongmohub-eca1-trust-nprod-sub03'
+    resource_group: 'jdongmohub-nonprod-eca1-gen-rg01'
+    virtual_network_name: 'jdongmohub-eca1-gen-vnet01'
+    address_prefix_cidr: '10.220.135.16/28'
+    route_table: 'jdongmohub-eca1-sub03-rt'
+    state: 'present'
+  - name: 'jdongmohub-eca1-untrust-prod-sub04'
+    resource_group: 'jdongmohub-nonprod-eca1-gen-rg01'
+    virtual_network_name: 'jdongmohub-eca1-gen-vnet01'
+    address_prefix_cidr: '10.225.135.32/28'
+    route_table: 'jdongmohub-eca1-sub04-rt'
+    state: 'present'
+  - name: 'jdongmohub-eca1-untrust-nprod-sub05'
+    resource_group: 'jdongmohub-nonprod-eca1-gen-rg01'
+    virtual_network_name: 'jdongmohub-eca1-gen-vnet01'
+    address_prefix_cidr: '10.220.135.32/28'
+    route_table: 'jdongmohub-eca1-sub05-rt'
+    state: 'present'
+
+```
+
+## Network interface card
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_network_interface_card.yml ./run.sh -vv -e "{nics: [{name: 'jdongmohub-eca1-mgt-nic01', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', create_with_security_group: true, enable_accelerated_networking: false, enable_ip_forwarding: false, security_group: 'jdongmohub-eca1-nsg01', subnet_name: 'jdongmohub-eca1-mgt-sub01', virtual_network: 'jdongmohub-eca1-gen-vnet01', state: 'present'}, {name: 'jdongmohub-eca1-trust-prod-nic02', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', create_with_security_group: true, enable_accelerated_networking: false, enable_ip_forwarding: false, security_group: 'jdongmohub-eca1-nsg01', subnet_name: 'jdongmohub-eca1-trust-prod-sub02', virtual_network: 'jdongmohub-eca1-gen-vnet01', state: 'present'}]}"
+```
+```
+nics:
+  - name: "jdongmohub-eca1-mgt-nic01"
+    dns_servers: []
+    create_with_security_group: true
+    enable_accelerated_networking: false
+    enable_ip_forwarding: false
+    resource_group: "{{ base_name }}-rg01"
+    security_group: "{{ base_name }}-allowtcp22"
+    subnet_name: "spi-dns-caea-sim-ssh-subnet01"
+    virtual_network: 'jdongmohub-eca1-gen-vnet01'
+    state: "present"
+  - name: "jdongmohub-eca1-trust-prod-nic02"
+    dns_servers: []
+    create_with_security_group: true
+    enable_accelerated_networking: false
+    enable_ip_forwarding: false
+    resource_group: "jdongmohub-nonprod-eca1-gen-rg01"
+    security_group: "jdongmohub-eca1-nsg01"
+    subnet_name: ""
+    virtual_network:
+      name: ""
+      resource_group: ""
+    state: "present"
+    tags:
+      "env": "test"
+      "provisioner": "ansible"
+```
+
+## User defined route
+```
+```
+
+## Virtual machine
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_virtual_machine.yml ./run.sh -vv -e "{vms: [{name: 'jdongmohub-eca1-relay-vm01', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', network_interfaces: ['jdongmohub-eca1-trust-prod-nic02'], managed_disk_type: 'StandardSSD_LRS', os_disk_size_gb: 200, ip_allocation: 'Disabled', remove_on_absent: ['virtual_storage'], restarted: false, ssh_password_enabled: true, storage_account_name: 'jdongmohubeca1gensa01', subnet_name: 'jdongmohub-eca1-trust-prod-sub02', virtual_network: 'jdongmohub-eca1-gen-vnet01', vm_size: 'Standard_B1s', image: {publisher: 'OpenLogic', offer: 'CentOS', sku: '7.1', version: 'latest'}, admin_username: 'admin', admin_password: '********', state: 'present'}]}" 
+vms:
+  - name: "{{ base_name }}-vm-syslog"
+    admin_username: admin
+    admin_password: ********
+    image:
+      publisher: 'OpenLogic'
+      offer: "CentOS"
+      sku: '7.5'
+      version: 'latest'
+    resource_group: '{{ base_name }}-rg01'
+    network_interfaces:
+      - "{{ base_name }}-nic06"
+    managed_disk_type: "StandardSSD_LRS"
+    os_disk_size_gb: 500
+    ip_allocation: "Disabled"
+    remove_on_absent:
+      - "virtual_storage"
+    restarted: false
+    ssh_password_enabled: true
+    storage_account_name: 'jdongmocaeasa03'
+    subnet_name: "spi-dns-caea-sim-ssh-subnet01"
+    virtual_network: "spi-dns-caea-sim-vnet01"
+    vm_size: 'Standard_B1s'
+    state: 'present'
+    tags:
+      "env": "dev"
+      "provisioner": "ansible"
+```
+
+## Load balancer
+```
+```

doc/resource_group.md

@@ -0,0 +1,33 @@
+#Resource Group
+This is a quick howto on resource group playbook
+
+##Variables
+```
+---
+rgs:
+  - name:
+    location:
+    force_delete:
+    state:
+    tags:
+      "env": "prod"
+      "provisioner": "ansible"
+...
+```
+
+##Commands
+
+- List resource group
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_resource_group.yml ./run.sh -vv -e "{rgs: [{name: 'jdongmohub-nonprod-eca1-gen-rg01', location: 'canadaeast'}]}"  -e action="list"
+```
+
+- Create resource group
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_resource_group.yml ./run.sh -vv -e "{rgs: [{name: 'jdongmohub-nonprod-eca1-gen-rg01', location: 'canadaeast', state: 'present'}]}"
+```
+
+- Delete resource group containing resources
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_resource_group.yml ./run.sh -vv -e "{rgs: [{name: 'jdongmohub-nonprod-eca1-gen-rg01', force_delete: true}]}" -e action="absent"
+```

doc/virtual_network.md

@@ -0,0 +1,36 @@
+#Resource Group
+This is a quick howto on resource group playbook
+
+##Variables
+```
+---
+vnets:
+  - name:
+    address_prefixes_cidr: []
+    dns_servers:
+    location:
+    purge_address_prefixes:
+    resource_group:
+    state:
+    tags:
+      "env": "prod"
+      "provisioner": "ansible"
+...
+```
+
+##Commands
+
+- List virtual network
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_virtual_network.yml ./run.sh -vv -e "{vnets: [{name: '', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01'}]}"  -e action="list"
+```
+
+- Create virtual network
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_virtual_network.yml ./run.sh -vv -e "{vnets: [{name: 'jdongmohub-nonprod-eca1-gen-vnet01', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', address_prefixes_cidr: ["10.220.135.0/25", "10.225.135.0/25"], location: 'canadaeast', state: 'present'}]}"
+```
+
+- Delete virtual network
+```
+ANSIBLE_PLAYBOOK_FILE=playbook_virtual_network.yml ./run.sh -vv -e "{vnets: [{name: 'jdongmohub-nonprod-eca1-gen-vnet01', resource_group: 'jdongmohub-nonprod-eca1-gen-rg01', state: 'absent'}]}"
+```