Jump to content


Photo

Using Ansible with the Barracuda Web Application Firewall for automating the configuration

ansible restapi waf automation

  • Please log in to reply
No replies to this topic

#1 Aravindan Anandan

Aravindan Anandan
  • Barracuda Team Members
  • 72 posts

Posted 21 June 2017 - 02:29 AM

Ansible (https://www.ansible.com), can be used to automate configuration in an IT infrastructure. This article provides an example for using Ansible to configure the Barracuda WAF using the RESTAPI v1.

Ansible's built in URI module (http://docs.ansible.com/ansible/uri_module.html) is used for calling the API on the WAF. 

 

Playbook yaml file:

=============================

 

---
###Based on Barracuda WAF REST API version 1###
###This playbook can be used to setup a service using the Barracuda WAF REST APIv1, when the username and password is provided in the script###
### WAF DETAILS ###
- hosts: ansible_host
  tasks:
  - name: Set WAF URL
    set_fact:
      waf_ip_port : '10.11.31.231:8000'
 
### WAF LOGIN TOKEN GENERATION ###
  - name: login token
    uri:
      url: http://{{ waf_ip_port }}/restapi/v1/login
      method: POST
      body: '{"username":"admin", "password":"admin"}'
      body_format: json
      headers:
        Content-Type: "application/json"
    register: token
  - debug:
      msg: "{{token.json}}"
 
### WAF SERVICE CREATION - HTTP ###
  - name: Create a HTTP Service
    uri:
      url: http://{{ waf_ip_port }}/restapi/v1/virtual_services
      method: POST
      user: "{{ token.json.token }}"
      password: ""
      force_basic_auth: yes
      body: '{"name":"ansible_service", "ip_address":"10.11.31.222", "port":"9999", "type":"http", "address_version":"ipv4", "vsite":"default", "group":"production"}'
      body_format: json
      headers:
        Content-Types: "application/json"
      status_code: 201
    register: svcname
  - debug:
      msg: "{{svcname.json}}"
 
### WAF SERVICE LOOKUP ###
  - name: get services
    uri:
      url: http://{{ waf_ip_port }}/restapi/v1/{{svcname.json.id}}/ansible_service
      method: GET
      user: "{{ token.json.token }}"
      password: ""
      force_basic_auth: yes
    register: service_info
  - debug:
      msg: "{{service_info.json}}"
 

 

===============================

 

We would love to know about more use cases. Please reply to this post with the WAF feature for which you would like to see an Ansible playbook example.