madnessy.ansible_mikrotik

Disclaimer:

This playbook is not finished.
I created it for my own home setup, so feel free to add or improve it.
This playbook is designed for RouterOS version 6.44.3.

How to Use:

1. Add this to your Ansible configuration (ansible.cfg):

   [paramiko_connection]
   pty=False
   

2. Add this to your host variables:

   ansible_network_os: routeros
   

3. Copy the variables easily:
   Just copy the defaults file (defaults/main.yml) to your hostvars directory and rename the original main.yml (in defaults/) to something else so it won’t be processed.

Example Playbook:

- hosts: hosts
  remote_user: admin
  connection: network_cli
  gather_facts: false
  roles:
   - ansible-mikrotik

What This Playbook Can Do:

Hardening:

• Basic security hardening as recommended by MikroTik.

Firewall:

• Add firewall policies, but not remove any.

Interfaces:

• Create a 802.3ad or balance-xor bond.
• Disable interfaces.
• Create interface lists.

VLANs:

• Create VLANs based on bridge filtering.
• Assign interfaces to VLANs (tagged/untagged).
• Assign networks/DHCP servers to VLANs.

Wireless:

• Create a basic security profile.
• Create a virtual WLAN interface.
• Set the master VLAN interface and configure channels.

Generic:

• Add backup and upgrade scripts (untested).
• Set up an NTP client.

VPN:

• Still to be done.

Other Remarks:

• Check the defaults file; it may help explain things I missed.

To-Do List:

• Revise bond creation to be static, similar to how firewall policies are added.

Testing:

Notes:

• Using Pipenv for package management.
• Running Molecule with a custom QEMU VM creator and MikroTik RouterOS.

Example Commands:

$ pipenv update
$ pipenv shell
$ molecule create
$ molecule converge
$ molecule destroy

License:

MIT