5 files changed, 221 insertions, 4 deletions
diff --git a/docs/configexamples/ansible.rst b/docs/configexamples/ansible.rst
new file mode 100644
index 00000000..fc243c44
--- /dev/null
+++ b/docs/configexamples/ansible.rst
@@ -0,0 +1,216 @@
+:lastproofread: 2023-10-18
+
+.. _examples-ansible:
+
+###############
+Ansible example
+###############
+
+Setting up Ansible on a server running the Debian operating system.
+===================================================================
+
+In this example, we will set up a simple use of Ansible to configure multiple VyoS routers.
+We have four pre-configured routers with this configuration:
+
+Using the general schema for example:
+
+.. image:: /_static/images/ansible.png
+   :width: 80%
+   :align: center
+   :alt: Network Topology Diagram
+
+We have four pre-configured routers with this configuration:
+
+.. code-block:: none
+
+	set interfaces ethernet eth0 address dhcp
+	set service ssh
+	commit
+	save
+
+* vyos7 - 192.0.2.105
+* vyos8 - 192.0.2.106
+* vyos9 - 192.0.2.107
+* vyos10 - 192.0.2.108
+
+Install the Ansible:
+====================
+.. code-block:: none
+
+	# apt-get install ansible
+	Do you want to continue? [Y/n] y
+
+Install the paramiko:
+=====================
+
+.. code-block:: none
+
+	#apt-get install -y python3-paramiko
+
+Check the version:
+==================
+
+.. code-block:: none
+
+	# ansible --version
+	ansible 2.10.8
+	config file = None
+	configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
+	ansible python module location = /usr/lib/python3/dist-packages/ansible
+	executable location = /usr/bin/ansible
+	python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
+
+Basik configuration of the ansible.cfg:
+=======================================
+
+.. code-block:: none
+
+	# nano /root/ansible.cfg
+	[defaults]
+	host_key_checking = no
+
+Add all the hosts of VyOS:
+==========================
+
+.. code-block:: none
+
+	# nano /root/hosts
+	[vyos_hosts]
+	vyos7 ansible_ssh_host=192.0.2.105
+	vyos8 ansible_ssh_host=192.0.2.106
+	vyos9 ansible_ssh_host=192.0.2.107
+	vyos10 ansible_ssh_host=192.0.2.108
+
+Add general variables:
+======================
+
+.. code-block:: none
+
+	# mkdir /root/group_vars/
+	# nano /root/group_vars/vyos_hosts
+	ansible_python_interpreter: /usr/bin/python3
+	ansible_network_os: vyos
+	ansible_connection: network_cli
+	ansible_user: vyos
+	ansible_ssh_pass: vyos
+
+
+Add the simple playbook with the tasks for each router:
+=======================================================
+
+.. code-block:: none
+
+	# nano /root/main.yml
+	
+	---
+	- hosts: vyos_hosts
+	gather_facts: 'no'
+	tasks:
+		- name: Configure general settings for the vyos hosts group
+		vyos_config:
+			lines:
+			- set system name-server 8.8.8.8
+			- set interfaces ethernet eth0 description '#WAN#'
+			- set interfaces ethernet eth1 description '#LAN#'
+			- set interfaces ethernet eth2 disable
+			- set interfaces ethernet eth3 disable
+			- set system host-name {{ inventory_hostname }}
+			save:
+			true
+	
+Start the playbook:
+===================
+
+.. code-block:: none
+
+	ansible-playbook -i hosts main.yml
+	PLAY [vyos_hosts] **************************************************************
+	
+	TASK [Configure general settings for the vyos hosts group] *********************
+	ok: [vyos9]
+	ok: [vyos10]
+	ok: [vyos7]
+	ok: [vyos8]
+	
+	PLAY RECAP *********************************************************************
+	vyos10                     : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+	vyos7                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+	vyos8                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+	vyos9                      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+
+Check the result on the vyos10 router:
+======================================
+
+.. code-block:: none
+
+	vyos@vyos10:~$ show interfaces
+	Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
+	Interface        IP Address                        S/L  Description
+	---------        ----------                        ---  -----------
+	eth0             192.0.2.108/24                    u/u  WAN
+	eth1             -                                 u/u  LAN
+	eth2             -                                 A/D
+	eth3             -                                 A/D
+	lo               127.0.0.1/8                       u/u
+					::1/128
+	
+	vyos@vyos10:~$ sh configuration commands | grep 8.8.8.8
+	set system name-server '8.8.8.8'
+
+The simple way without configuration of the hostname (one task for all routers):
+================================================================================
+
+.. code-block:: none
+
+	# nano /root/hosts_v2
+	[vyos_hosts_group]
+	vyos7 ansible_ssh_host=192.0.2.105
+	vyos8 ansible_ssh_host=192.0.2.106
+	vyos9 ansible_ssh_host=192.0.2.107
+	vyos10 ansible_ssh_host=192.0.2.108
+	[vyos_hosts_group:vars]
+	ansible_python_interpreter=/usr/bin/python3
+	ansible_user=vyos
+	ansible_ssh_pass=vyos
+	ansible_network_os=vyos
+	ansible_connection=network_cli
+
+	# nano /root/main_v2.yml
+	---
+	- hosts: vyos_hosts_group
+	
+	connection: network_cli
+	gather_facts: 'no'
+	
+	tasks:
+		- name: Configure remote vyos_hosts_group
+		vyos_config:
+			lines:
+			- set system name-server 8.8.8.8
+			- set interfaces ethernet eth0 description WAN
+			- set interfaces ethernet eth1 description LAN
+			- set interfaces ethernet eth2 disable
+			- set interfaces ethernet eth3 disable
+			save:
+			true
+		  
+.. code-block:: none
+		  
+	# ansible-playbook -i hosts_v2 main_v2.yml
+	
+	PLAY [vyos_hosts_group] ********************************************************
+	
+	TASK [Configure remote vyos_hosts_group] ***************************************
+	ok: [vyos8]
+	ok: [vyos7]
+	ok: [vyos9]
+	ok: [vyos10]
+	
+	PLAY RECAP *********************************************************************
+	vyos10                     : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+	vyos7                      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+	vyos8                      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+	vyos9                      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+	
+
+In the next chapter of the example, we'll use the Ansible with jinja2 templates and variables.
diff --git a/docs/configexamples/autotest/Wireguard/Wireguard.rst b/docs/configexamples/autotest/Wireguard/Wireguard.rst
index 93092afe..7e287bcf 100644
--- a/docs/configexamples/autotest/Wireguard/Wireguard.rst
+++ b/docs/configexamples/autotest/Wireguard/Wireguard.rst
@@ -44,7 +44,7 @@ After this, the public key can be displayed, to save for later.
 
 .. code-block:: none
 
-   vyos@central:~$ generate pki wireguard
+   vyos@central:~$ generate pki wireguard key-pair
    Private key: cMNGHtb5dW92ORG3HS8JJlvQF8pmVGt2Ydny8hTBLnY=
    Public key: WyfLCTXi31gL+YbYOwoAHCl2RgS+y56cYHEK6pQsTQ8=
 
diff --git a/docs/configexamples/ha.rst b/docs/configexamples/ha.rst
index 1ceda8e9..1badf231 100644
--- a/docs/configexamples/ha.rst
+++ b/docs/configexamples/ha.rst
@@ -303,7 +303,7 @@ public interface.
 .. code-block:: none
 
    set nat source rule 10 destination address '!192.0.2.0/24'
-   set nat source rule 10 outbound-interface 'eth0.50'
+   set nat source rule 10 outbound-interface name 'eth0.50'
    set nat source rule 10 source address '10.200.201.0/24'
    set nat source rule 10 translation address '203.0.113.1'
 
diff --git a/docs/configexamples/index.rst b/docs/configexamples/index.rst
index 5528d280..7134e14c 100644
--- a/docs/configexamples/index.rst
+++ b/docs/configexamples/index.rst
@@ -21,6 +21,7 @@ This chapter contains various configuration examples:
    qos
    segment-routing-isis
    nmp
+   ansible
    policy-based-ipsec-and-firewall
    site-2-site-cisco
 
diff --git a/docs/configexamples/policy-based-ipsec-and-firewall.rst b/docs/configexamples/policy-based-ipsec-and-firewall.rst
index 1f969453..9b7ba73a 100644
--- a/docs/configexamples/policy-based-ipsec-and-firewall.rst
+++ b/docs/configexamples/policy-based-ipsec-and-firewall.rst
@@ -194,9 +194,9 @@ And NAT Configuration:
 
     set nat source rule 10 destination group network-group 'REMOTE-NETS'
     set nat source rule 10 exclude
-    set nat source rule 10 outbound-interface 'eth0'
+    set nat source rule 10 outbound-interface name 'eth0'
     set nat source rule 10 source group network-group 'LOCAL-NETS'
-    set nat source rule 20 outbound-interface 'eth0'
+    set nat source rule 20 outbound-interface name 'eth0'
     set nat source rule 20 source group network-group 'LOCAL-NETS'
     set nat source rule 20 translation address 'masquerade'