Most of the Ansible information you will find out there is about server management, but it can do so much for Network Devices, most of my Ansible work is updating production devices that cannot be rebooted and querying device configurations.
Ansible uses plays, which are a collection of tasks, to perform some action against a device. When running a play you are executing a playbook.
Below is how I setup my basic Ansible Playbook for managing Cisco IOS devices running Ansible 2.2, and at the end of this post you will have a play to gather the interface descriptions from your IOS devices.
Resources to start with:
- Ansible documentation is well written and helpful, so start here:
- Installation is done on a Linux server, and the ansible documentation takes you step by step.
- After installation learn about Playbooks and Inventory.
- Lastly, take a look at the Network Modules where you will find Cisco IOS, NXOS, and ASA modules.
- After reading the theory I found the below sites/authors helpful in understanding Ansible and Automation
- Networklore: Patrick Ogenstad has a great set of blogs about Cisco and Ansible
- Python for Network Engineers: Kirk Byers has a collection of python and ansible articles that is a great resource for automation, and he teaches courses on Network Automation.
- Codecademy: A resource for learning how to code in python and other languages.
- Securing your Passwords: Ansible has created Ansible Vault, a way to AES encrypt your passwords used for running playbooks, I recommend to start out using Ansible Vault for securing your credentials.
Files to Create
After installing Ansible, you will create the following Files: hosts.yml (Inventory of devices), secrets.yml (File for securing your passwords), and your playbook file, HelloWorld.yml, and that is it.
Ansible and its file structure are located at /etc/ansible on your linux server.
/etc/ansible/hosts.yml
The hosts file is where you define your devices and the structure of your environment. You can run ansible playbooks against an individual host, a query of hosts or by a group of hosts, and how you run the playbook is dependant on how you set up your hosts.yml file. When Setting up this file I organize it by Site and device type and function. So, for example, I will have all my IOS LAN Access switches for a site in one group, and my firewalls for that site in another group. Also, I found it easiest to make the devices reachable by hostname. You can either enter the devices in your companies DNS or you could modify the hosts file on the Linux server.
My Hosts.yml file looks like this:
--- [site1-LAN-IOS] site1-4510-1 site1-3750-1 [site1-FW] site1-asa5512-1 [site1-VG] site1-3900VG-1
/etc/ansible/secrets.yml
The secrets file is where you define the passwords for your environment. Here you can enter the different username, passwords, and enable secrets for your devices. My secrets file looks like this, please don’t use cisco as your password:
--- DeviceType1creds username: cisco password: cisco auth_pass: cisco AAAcreds username: cisco1 password: cisco1 auth_pass: cisco1
When working with your ansible-vault file read the docs, as it is an encrypted file you can not use your standard editor.
/etc/ansible/get-interface-descriptions.yml
When creating your play you define the hosts you will run the play against, and then your tasks. The below example is to collect the interface descriptions from the [site1-LAN-IOS] group, print them out to your console window and to the ansible debug file.
---
- hosts: site1-LAN-IOS
connection: local
gather_facts: False
tasks:
- name: Open secrets file
include_vars: secrets.yml
- name: Logins
set_fact:
cli:
host: "{{ inventory_hostname }}"
username: "{{ AAAcreds['username'] }}"
password: "{{ AAAcreds['password'] }}"
authorize: yes
auth_pass: "{{ AAAcreds['auth_pass'] }}"
transport: cli
- name: Get Interface Description
ios_command:
timeout: 60
commands:
- show interface description
provider: "{{ cli }}"
register: IOSLogging
- name: DEBUG time result
debug: var=IOSLogging.stdout_lines
In my next post I will go over this playbook line by line.
Adaptive Technologist 