Getting Started with your first Ansible Playbook for Network Automation

Installing Ansible and related components


Updating Yum
# sudo yum -y update


Install python3-pip
# sudo yum install python3-pip


Install/upgrade ansible to latest version

# sudo pip3 install ansible


Install/upgrade ansible to latest version

# sudo pip3 install paramiko


Verify the status/version of tools installed
pip3 --version
python3 --version
ansible --version

Install and check version of ansible installed

[developer@devbox Network_Support]$ansible --version
ansible 2.7.8
  config file = /home/developer/Network_Support/ansible.cfg
  configured module search path = ['/home/developer/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.5 (default, Jul 19 2018, 10:49:52) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]



Create inventory file

[developer@devbox Network_Support]$vi inventory

# Inventory file for Ansible

[P-Switches]
P-1 ansible_host=172.16.30.82
P-2 ansible_host=172.16.30.83

[PE-Switches]
PE-1 ansible_host=172.16.30.84
PE-2 ansible_host=172.16.30.85
PE-3 ansible_host=172.16.30.86

[all:vars]
ansible_network_os=ios
In the above inventory file, we specified two groups namely P-Switches and PE-Switches with two and three hosts within them respectively.
Ansible groups can be useful for segregating the devices based on make & model, sites, function, etc and then these groups can be used in ansible-playbooks to define the scope for tasks.



Create a playbook specifying the tasks

[developer@devbox Network_Support]$vi sh_ip_int_bri.yaml
---
- name: Define Parameters
  hosts: PE-Switches
  gather_facts: no
  connection: network_cli
  tasks:
   - name: Get the config
     cli_command:
      command: show ip interface brief
     register: result
   - debug: var=result.stdout_lines
In the above playbook, we are defining the groups on which the tasks will be executed and defining the tasks. for the hosts:, we can set the value to 'PE-Switches', 'P-Switches' or 'all' as desired.

Run the Ansible playbook


[developer@devbox Network_Support]$ansible-playbook sh_ip_int_bri.yaml -i /home/developer/Network_Support/inventory -u cisco -k
SSH password:
PLAY [Define Parameters] *******************************************************************************************************************
TASK [Get the config] **********************************************************************************************************************
ok: [PE-1]
ok: [PE-3]
ok: [PE-2]
TASK [debug] *******************************************************************************************************************************
ok: [PE-1] => {
    "result.stdout_lines": [
        "Interface                  IP-Address      OK? Method Status                Protocol",
        "GigabitEthernet0/1         10.0.128.5      YES TFTP   up                    up      ",
        "GigabitEthernet0/2         10.0.0.21       YES TFTP   up                    up      ",
        "GigabitEthernet0/3         10.0.0.29       YES TFTP   up                    up      ",
        "GigabitEthernet0/4         10.0.0.33       YES TFTP   up                    up      ",
        "Loopback0                  192.168.0.9     YES TFTP   up                    up"
    ]
}
ok: [PE-3] => {
    "result.stdout_lines": [
        "Interface                  IP-Address      OK? Method Status                Protocol",
        "GigabitEthernet0/1         10.0.128.22     YES TFTP   up                    up      ",
        "GigabitEthernet0/2         10.0.128.29     YES TFTP   up                    up      ",
        "GigabitEthernet0/3         10.0.128.10     YES TFTP   up                    up      ",
        "GigabitEthernet0/4         10.0.0.49       YES TFTP   up                    up      ",
        "GigabitEthernet0/5         10.0.0.45       YES TFTP   up                    up      ",
        "Loopback0                  192.168.0.11    YES TFTP   up                    up"
    ]
}
ok: [PE-2] => {
    "result.stdout_lines": [
        "Interface                  IP-Address      OK? Method Status                Protocol",
        "GigabitEthernet0/1         10.0.128.6      YES TFTP   up                    up      ",
        "GigabitEthernet0/2         10.0.128.18     YES TFTP   up                    up      ",
        "GigabitEthernet0/3         10.0.0.26       YES TFTP   up                    up      ",
        "GigabitEthernet0/4         10.0.0.37       YES TFTP   up                    up      ",
        "GigabitEthernet0/5         10.0.0.41       YES TFTP   up                    up      ",
        "Loopback0                  192.168.0.6     YES TFTP   up                    up"
    ]
}
PLAY RECAP *********************************************************************************************************************************
PE-1                       : ok=2    changed=0    unreachable=0    failed=0
PE-2                       : ok=2    changed=0    unreachable=0    failed=0
PE-3                       : ok=2    changed=0    unreachable=0    failed=0
]


The flags in the ansible-playbook command set seven values:
  • the host group(s) to which the command should apply (in this case, all)
  • the inventory (-i, the device or devices to target - without the trailing comma -i points to an inventory file)
  • the connection method (-c, the method for connecting and executing ansible)
  • the user (-u, the username for the SSH connection)
  • the SSH connection method (-k, please prompt for the password)
  • the module (-m, the ansible module to run)
  • an extra variable ( -e, in this case, setting the network OS value)


Specifying SSH port in Ansible Inventory

If ssh port for hosts is different than the default port 22, it can be specified in the inventory file with colon (:) after hostname.

#vi inventory

# Inventory file for Ansible
 [XE]
ios-xe-mgmt.cisco.com:8181
ios-xe-mgmt-latest.cisco.com:8181
 [XR]
sbx-iosxr-mgmt.cisco.com:8181



Useful Links


Comments

  1. Thank you for sharing amazing and useful information with everyone. Ansible playbook captures show output from multiple show commands on a Cisco router and then stores the output in a text file that is the host name of the device and runbook also helps. Runbooks vs playbooks are tools best used in tandem. But also build your organization towards a greater goal of removing human toil altogether by embracing practices that have been built into development workflows for years.

    ReplyDelete

Post a Comment

Popular posts from this blog

Anyconnect SSL-Client VPN with Self-signed Certificate on Cisco ASA

Filtering Routes in BGP using Route-maps and Prefix-list

Open Shortest Path First (OSPF)

IKEv2 IPsec Site-to-Site VPN configuration on Cisco ASA 8.4(x)

IPsec VPN as a Backup for Point-to-Point Link using IP SLA

Border Gateway Protocol (BGP)

Cisco ASA Active/Active Failover Configuration

Bypassing Proxy Server in Google Chrome

Cisco ASA Active/Standby Failover Configuration