Ansible for Network Automation

References

Privilege Escalation

Sample environment variable

1
2
3
4
ansible_connection: network_cli
ansible_network_os: ios
ansible_become: yes
ansible_become_method: enable

Communication Protocols

ansible_connection Protocol Requires Persistent?
network_cli CLI over SSH network_os setting yes
netconf XML over SSH network_os setting yes
httpapi API over HTTP/HTTPS network_os setting yes
local depends on provider provider setting no

Network modules

Arista EOS = eos_* Cisco IOS/IOS-XE = ios_* Cisco NX-OS = nxos_* Cisco IOS-XR = iosxr_* F5 BIG-IP = bigip_* F5 BIG-IQ = bigiq_* Juniper Junos = junos_* VyOS = vyos_*

and modules as

  • *_facts
  • *_command
  • *_config

And more

Ansible Network Playbooks

Sample Playbookf or ios

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
- name: configure cisco routers
  hosts: routers
  connection: network_cli
  gather_facts: no
  vars:
    dns: "8.8.8.8 8.8.4.4"

  tasks:
   - name: configure hostname
     ios_config:
       lines: hostname 

   - name: configure DNS
     ios_config:
       lines: ip name-server 

Another one for interface config Ansible Playbook

Ansible Network Roles

https://galaxy.ansible.com/ansible-network

network-engine This role provides the foundation for building network roles by providing modules and plugins that are common to all Ansible Network roles.

Galaxy

config_manager

This role is designed to provide a network platform agnostic approach to managing the active (running) configuration file on a remote device. This role requires one (or more) platform provider roles to execute properly. Galaxy

Install roles

1
2
ansible-galaxy install ansible-network.cisco_ios
ansible-galaxy install ansible-network.config_manager

Update existing role

1
ansible-galaxy install ansible-network.network_engine,v2.7.0 --force

Task Reference

Using username and password for authentication

1
2
3
4
5
6
7
8
9
10
11
12
- name: User usernname
  vars:
    cli:
      username: user1
      password: password
      transport: cli
  tasks:
    - name: Test Login
      ios_config:
        provider: "
        .
        .

Reboot ios device

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
---
- name: reboot ios device
  cli_command:
    command: reload
    prompt:
      - Save?
      - confirm
    answer:
     - y
     - y

  # To make sure the current connection to the network device 
  # is closed so that the socket can be reestablished to the network 
  # device after the reboot takes place. 
- name: reset the connection
  meta: reset_connection


- name: Wait for the network device to reload
  wait_for_connection:
    delay: 10

Backup eos

Backup configuration

1
2
3
4
5
6
7
8
9
10
---
- name: BACKUP NETWORK CONFIGURATIONS
  hosts: arista
  gather_facts: false

  tasks:

    - name: BACKUP CONFIG
      eos_config:
        backup: yes

Backup using cli_command

  • run arbitrary commands on network devices using cli_command
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
---
- name: RUN COMMAND AND PRINT TO TERMINAL WINDOW
  hosts: arista
  gather_facts: false

  tasks:

    - name: RUN ARISTA COMMAND
      cli_command:
        command: show run
      register: backup

    - name: PRINT TO TERMINAL WINDOW
      copy:
        content: ""
        dest: ".backup"

Change config

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# vars
show_interfaces: "show ip interface brief"
backup: "show running-config"
save: "write memory"
ntp_commands: ntp server 192.168.1.1

---
- name: CHANGE CONFIGURATION
  hosts: routers
  gather_facts: false

  tasks:

    - name: LOAD NTP CONFIGURATION
      cli_config:
        config: ""
      notify:
        - SAVE CONFIGURATION

  handlers:

    - name: SAVE CONFIGURATION
      cli_command:
        command: ""

# Show interface
    - name: RUN SHOW COMMAND
      cli_command:
        command: ""
      register: command_output

Add VLAN nxos

1
2
3
4
5
6
7
8
9
10
11
---
- name: deploy vlans
  hosts: cisco
  gather_facts: no
  
  tasks:
    - name: ensure vlans exist
      nxos_vlan:
        vlan_id: 100
        admin_state: up
        name: WEB

Add config iso_config

1
2
3
4
5
6
7
8
9
10
---
- name: snmp ro/rw string configuration
  hosts: cisco
  gather_facts: no
  tasks:
    - name: ensure snmp strings are present
      ios_config:
        lines:
          - snmp-server community ansible-public RO
          - snmp-server community ansible-private RW

comments powered by Disqus