cloud,

Ansible for Network Automation

Follow · 4 mins read
Share this

Read : How Network Automation is Different

References

Privilege Escalation for Network Devices in Ansible

Sample environment variable

ansible_connection: network_cli
ansible_network_os: ios
ansible_become: yes
ansible_become_method: enable

Communication Protocols

ansible_connection Protocol Requires Persistent?
network_cli CLI over SSH network_os setting yes
netconf XML over SSH network_os setting yes
httpapi API over HTTP/HTTPS network_os setting yes
local depends on provider provider setting no

Network modules

Arista EOS = eos_* Cisco IOS/IOS-XE = ios_* Cisco NX-OS = nxos_* Cisco IOS-XR = iosxr_* F5 BIG-IP = bigip_* F5 BIG-IQ = bigiq_* Juniper Junos = junos_* VyOS = vyos_*

and modules as

  • *_facts
  • *_command
  • *_config

And more

Ansible Network Playbooks

Sample Playbookf or ios

- name: configure cisco routers
  hosts: routers
  connection: network_cli
  gather_facts: no
  vars:
    dns: "8.8.8.8 8.8.4.4"

  tasks:
   - name: configure hostname
     ios_config:
       lines: hostname 

   - name: configure DNS
     ios_config:
       lines: ip name-server 

Another one for interface config Ansible Playbook

Ansible Network Roles

https://galaxy.ansible.com/ansible-network

network-engine This role provides the foundation for building network roles by providing modules and plugins that are common to all Ansible Network roles.

Galaxy

config_manager

This role is designed to provide a network platform agnostic approach to managing the active (running) configuration file on a remote device. This role requires one (or more) platform provider roles to execute properly. Galaxy

Install roles

ansible-galaxy install ansible-network.cisco_ios
ansible-galaxy install ansible-network.config_manager

Update existing role

ansible-galaxy install ansible-network.network_engine,v2.7.0 --force

Task Reference

Using username and password for authentication

- name: User usernname
  vars:
    cli:
      username: user1
      password: password
      transport: cli
  tasks:
    - name: Test Login
      ios_config:
        provider: "
        .
        .

Reboot ios device

---
- name: reboot ios device
  cli_command:
    command: reload
    prompt:
      - Save?
      - confirm
    answer:
     - y
     - y

  # To make sure the current connection to the network device 
  # is closed so that the socket can be reestablished to the network 
  # device after the reboot takes place. 
- name: reset the connection
  meta: reset_connection


- name: Wait for the network device to reload
  wait_for_connection:
    delay: 10

Backup eos

Backup configuration

---
- name: BACKUP NETWORK CONFIGURATIONS
  hosts: arista
  gather_facts: false

  tasks:

    - name: BACKUP CONFIG
      eos_config:
        backup: yes

Backup using cli_command

  • run arbitrary commands on network devices using cli_command
---
- name: RUN COMMAND AND PRINT TO TERMINAL WINDOW
  hosts: arista
  gather_facts: false

  tasks:

    - name: RUN ARISTA COMMAND
      cli_command:
        command: show run
      register: backup

    - name: PRINT TO TERMINAL WINDOW
      copy:
        content: ""
        dest: ".backup"

Change config

# vars
show_interfaces: "show ip interface brief"
backup: "show running-config"
save: "write memory"
ntp_commands: ntp server 192.168.1.1

---
- name: CHANGE CONFIGURATION
  hosts: routers
  gather_facts: false

  tasks:

    - name: LOAD NTP CONFIGURATION
      cli_config:
        config: ""
      notify:
        - SAVE CONFIGURATION

  handlers:

    - name: SAVE CONFIGURATION
      cli_command:
        command: ""

# Show interface
    - name: RUN SHOW COMMAND
      cli_command:
        command: ""
      register: command_output

Add VLAN nxos

---
- name: deploy vlans
  hosts: cisco
  gather_facts: no
  
  tasks:
    - name: ensure vlans exist
      nxos_vlan:
        vlan_id: 100
        admin_state: up
        name: WEB

Add ACL (Access Control List)

https://dodgydudes.se/ansible-net104/

Add config iso_config

---
- name: snmp ro/rw string configuration
  hosts: cisco
  gather_facts: no
  tasks:
    - name: ensure snmp strings are present
      ios_config:
        lines:
          - snmp-server community ansible-public RO
          - snmp-server community ansible-private RW

Appendix

  • DEVNET developer.cisco.com -> https://developer.cisco.com/site/sandbox/ -> https://devnetsandbox.cisco.com/

eg: IOS XE on CSR Latest Code Always On https://devnetsandbox.cisco.com/RM/Diagram/Index/38ded1f0-16ce-43f2-8df5-43a40ebf752e?diagramType=Topology

add variables [routers:vars] ansile_user=developer ansible_password=password ansible_connection=network_cli ansible_network_os=iso ansible_port=8181 #if diff port

Download IOS Images

Latest Stories

CKA & CKAD - Kubernetes Exam Tips, Learning Path and Certification

Since kubernetes is getting wide acceptance, Kubernetes Certification is the most trending one in IT circle now. I have completed both recently (March – April 2020) and I started gett...

In kubernetes, May 03, 2020
Start Your OpenShift Journey with these Free Red Hat Training Programs

Red Hat OpenShift Container Platform is one of the best kubernetes platform for enterprises. As we know kubernetes and OpenShift are multi-component stack and not easy to learn withou...

In openshift, Mar 09, 2020
Installing oVirt 4 with Self-Hosted Engine on Enterprise Linux

oVirt is one of the best free and open-source virtualization solution with enterprise level features. Installing oVirt cluster is simple and straight forward and you can refer the ins...

In oVirt, Mar 05, 2020
ansible-tower-service, Start or Stop Ansible Tower

As we know, Ansible Tower is a multi-component system including Ansible, Tower API, RabbitMQ, Database (managed or external) etc. And will be more complicated when you install Ansible...

In ansible, Feb 19, 2020

Featured