cloud,

Ansible for Network Automation

Follow · 9 mins read
Share this

Ansible for Network Automation

  • install GNS3 GUI
  • install and setup GNS3 VM

First Lab to test GNS3 setup

  • Create a lab with 2 PC and 1 SW
  • add IP address for PCs
    PC1> ip 10.1.1.1 255.255.255.0 
    
  • test a ping from one PC to another
  • remember to save device configuration

Importing image to GNS3

Goto Edit -> Preferences -> Dynamips -> ISO Routers

  • click New -> Browse the image (bin)
  • Choose Yes when ask for decompress
  • remember to refer the Cisco/GNS3 site for minimum memory requirement

Importing appliance to GNS3

https://docs.gns3.com/1_3RdgLWgfk4ylRr99htYZrGMoFlJcmKAAaUAc8x9Ph8/index.html

  • Download applicance file from website

Configure a router

sh ip int br                    # show ip interface details
conf t                          # configure terminal
copy running-config startup-config
                                # save running configuration to startup

NetworkAutomation Component

  • download NetworkAutomation Component appliance from marketpalce which is a docker image with Ansible pre-installed.

Ansible Network Modules and Adhoc commands

root@NetworkAutomation-1:~# ansible S1 -m raw -a "show version" -u david -k

Ref:

  • https://docs.ansible.com/ansible/latest/modules.html
  • https://docs.ansible.com/ansible/latest/modules_by_category.html
  • https://docs.ansible.com/ansible/latest/raw_module.html

Ansible Ad Hoc commands:

root@NetworkAutomation-1:~# ansible S1 -m raw -a "show version" -u david -k

root@NetworkAutomation-1:~# ansible S1 -m raw -a "show run" -u david -k

root@NetworkAutomation-1:~# ansible gns3-core -i ./gns3hosts -m raw -a "show version" -u david -k

root@NetworkAutomation-1:~# ansible gns3-core -i ./gns3hosts -m raw -a "show version" -u david -k | grep flash0

root@NetworkAutomation-1:~# ansible gns3-core -i ./gns3hosts -m raw -a "show version" -u david -k | grep 'SUCCESS\|Software'

root@NetworkAutomation-1:~# ansible gns3-core -i ./gns3hosts -m raw -a "show version" -u david -k | grep 'SUCCESS\|Version'

root@NetworkAutomation-1:~# ansible gns3-core -i ./gns3hosts -m raw -a "show run" -u david -k | grep 'username'

root@NetworkAutomation-1:~# ansible gns3-core -i ./gns3hosts -m raw -a "show run" -u david -k | grep 'SUCCESS\|username'
root@NetworkAutomation-1:~# ansible gns3-core -i ./gns3hosts -m raw -a "show run" -u david -k | grep 'username' > usernames.txt

root@NetworkAutomation-1:~# cat usernames.txt

root@NetworkAutomation-1:~# ansible gns3-core -i ./gns3hosts -m raw -a "show run" -u david -k > shrun.txt

root@NetworkAutomation-1:~# cat shrun.txt

root@NetworkAutomation-1:~# more shrun.txt

root@NetworkAutomation-1:~# ansible gns3-core -i ./gns3hosts -m raw -a "show ver" -u david -k > shver.txt

root@NetworkAutomation-1:~# more shver.txt | grep Version

root@NetworkAutomation-1:~# more shver.txt | grep 'SUCCESS\|Version'

root@NetworkAutomation-1:~# ansible all -i gns3hosts -m raw -a "show arp" -u david -k 

root@NetworkAutomation-1:~# ansible all -i gns3hosts -m raw -a "show arp" -u david -k | grep 71

root@NetworkAutomation-1:~# ansible all -i gns3hosts -m raw -a "show arp" -u david -k | grep 'SUCCESS\|71'

root@NetworkAutomation-1:~# ansible all -i gns3hosts -m raw -a "show arp" -u david -k | grep 'SUCCESS\|\.71'

root@NetworkAutomation-1:~# ansible all -i gns3hosts -m raw -a "show mac address-table" -u david -k 

root@NetworkAutomation-1:~# ansible all -i gns3hosts -m raw -a "show mac address-table" -u david -k | grep 7a

root@NetworkAutomation-1:~# ansible all -i gns3hosts -m raw -a "show mac address-table" -u david -k | grep 'SUCCESS\|fe7a'

root@NetworkAutomation-1:~# ansible all -i gns3hosts -m raw -a "show mac address-table" -u david -k | grep 'SUCCESS\|fe7a'

root@NetworkAutomation-1:~# cat gns3hosts

Ansible CLI Playbook

Appendix

HP : https://docs.gns3.com/appliances/hp-vsr1001.html

Nested Virtualization - VirtualBox https://www.virtualbox.org/manual/ch09.html#nested-virt

Driver is probably stuck stopping/starting

Steps:

Navigate to “C:\Program Files\Oracle\VirtualBox\drivers\vboxdrv” Right click on “VBoxDrv.inf” file and select Install option Open the Console as a administrator and run the following command

vboxmanage cli

https://blog.scottlowe.org/2016/11/10/intro-to-vbox-cli/

vboxmanage startvm k8s vboxmanage list runningvms

https://www.virtualbox.org/manual/ch08.html#vboxmanage-modifyvm

vboxmanage modifyvm Ubuntu –nested-hw-virt on

Instal vmware workstation ubuntu

https://phoenixnap.com/kb/install-vmware-workstation-ubuntu

Add IP to VM

sudo ip addr add 192.168.1.14/24 dev eth0 sudo ip link set dev eth0 up sudo ip route add default via 192.168.1.1

sudo vi /etc/network/interfaces

sudo /etc/init.d/networking restart

To configure a dynamic or Static IP address

auto eth0
iface eth0 inet dhcp

## Or configure a static IP
auto eth0
iface eth0 inet static
  address 192.168.1.14
  gateway 192.168.1.1
  netmask 255.255.255.0
  network 192.168.1.0
  broadcast 192.168.1.255

Configure VLAN with IP

conf t
int vlan 100
ip address IP subnet

VLANs

show vlans

ac-02#vlan database 
ac-02(vlan)# 
 

ac-02(config)#int vlan 100            
                            # create vlan interface
ac-02(config)#no interface vlan 100
                            # delete vlan interface

assign to port

ac-02(config)#interface range fastEthernet 1/0 - 5
ac-02(config-if-range)#switchport mode access 
ac-02(config-if-range)#switchport access vlan 100

assign IP to VLAN

ac-02(config)#interface vlan 100
ac-02(config-if)#ip address 10.1.10.70 255.255.255.0

Appendix

https://srijit.com/working-cisco-ios-gns3/

to take full backup

terminal length 0 show run

Configure HP Switch (5130)

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03182828#N10013 http://patg.net/ansible,comware,switches/2014/10/16/ansible-comware/ https://porter.io/github.com/HPENetworking/ansible-hpe-cw7

Ansible Modules

  • https://hp-ansible.readthedocs.io/en/latest/list_of_All_modules.html
  • https://github.com/HPENetworking/ansible-hpe-cw7

Configuring password authentication for console login

<HPE> system-view
[HPE] line aux 0
[HPE-line-aux0] authentication-mode password

# Password is password
[HPE-line-aux0] set authentication password simple <PASSWORD>
[HPE-line-aux0] user-role network-admin

# save config
[HPE-line-aux0] save force

SSH on vty

[ds-01]line vty 0
[ds-01-line-vty0]authentication-mode scheme 
[ds-01-line-vty0]set authentication password simple password
[ds-01-line-vty0]protocol inbound ssh
[ds-01-line-vty0]user-role network-admin

Configuring SSH login on the device

  1. Create a key ```
system-view System View: return to User View with Ctrl+Z. [ds-01]public-key local create rsa name ansiblekey The range of public key modulus is (512 ~ 2048). If the key modulus is greater than 512, it will take a few minutes. Press CTRL+C to abort. Input the modulus length [default = 1024]: Generating Keys... . Create the key pair successfully. ``` 2. Enable SSH ``` [ds-01]ssh server enable [ds-01]ssh user hp service-type all authentication-type password [ds-01]netconf ssh server enable ``` ``` [ds-01]sftp server enable scp server enable ``` Enabling NETCONF over SSH [ds-01]sftp server enable Configuring the user lines for SSH login Configuring a client's host public key [ds-01]display public-key local rsa public then find the key and copy for next command [ds-01]public-key peer ansible-nw Enter public key view. Return to system view with "peer-public-key end" command. [ds-01-pkey-public-key-ansible-nw] [ds-01-pkey-public-key-ansible-nw]peer-public-key end 3. Create an SSH user ``` # local-user hp password simple hp123 service-type ssh http https authorization-attribute user-role network-admin # line vty 0 15 authentication-mode scheme user-role network-admin ``` And specify the authentication mode. By default, no SSH user is configured on the device. ``` [ds-01]ssh user ansible service-type stelnet authentication-type password ``` 1. Enter VTY line view or class view. ``` [ds-01]line vty 0 [ds-01-line-vty0]authentication-mode scheme [ds-01-line-vty0]protocol inbound ssh ``` ### Install HP Comware 7 Python Library While in a terminal session on your Linux machine, execute one of the following blocks of commands: Latest From Source ``` $ git clone https://github.com/HPENetworking/pyhpecw7.git $ cd pyhpecw7 $ sudo python setup.py install ``` Latest Stable Release via PIP (not supported yet) $ sudo pip install pyhpecw7 ### Install HP Ansible Modules First go back to your home directory. $ cd Perform a clone of this project. $ git clone https://github.com/HPENetworking/ansible-hpe-cw7 Navigate to the new hp-ansible directory. $ cd hp-ansible ### HOW TO ENABLE NETCONF ON COMWARE7: https://networkgeekstuff.com/networking/hp-networking-comware-netconf-interface-quick-tutorial-using-pythons-ncclient-and-pyhpecw7/ Simple, here is a configuration snapshot that actually enables both NETCONF over SSH layer and creates a single user “admin” with password “admin” to access it. ``` ssh server enable netconf ssh server enable local-user admin class manage password simple admin service-type telnet ssh terminal authorization-attribute user-role network-admin line vty 0 15 authentication-mode scheme user-role network-operator idle-timeout 15 0 ``` ### Check Comware Ansible Documentation `$ ansible-doc -M library/ comware_vlan` ### Assign port with VLAN ``` [ds-01]interface ge3/0 [ds-01-GigabitEthernet3/0]port link-mode bridge [ds-01-GigabitEthernet3/0]port link-type access [ds-01-GigabitEthernet3/0]port access vlan 100 ``` # Appendix - [Connect GNS3 to the Internet (local server)](https://docs.gns3.com/1vFs-KENh2uUFfb47Q2oeSersmEK4WahzWX-HrMIMd00/index.html) # Troubleshooting https://docs.ansible.com/ansible/latest/network/user_guide/network_debug_troubleshooting.html ## SSH Error ``` root@NW-Auto-100:~/ansible# ssh cisco@\10.1.10.51 ssh: error while loading shared libraries: libgssapi_krb5.so.2: cannot open shared object file: No such file or directory ## Solution root@NW-Auto-100:~/ansible# /sbin/ldconfig -v ``` ## discovered_interpreter_python": "/usr/bin/python" ``` fatal: [ac-02]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "msg": "[Errno -2] Name or service not known"} ``` - https://www.toptechskills.com/ansible-tutorials-courses/how-to-fix-usr-bin-python-not-found-error-tutorial/ ## Ansible with netconf - [Netconf enabled Platform Options](https://docs.ansible.com/ansible/latest/network/user_guide/platform_netconf_enabled.html) ## Enable scp on IOS device scp ~/Downloads/c2960x-universalk9-mz.152-2.E5.bin sysadmin1@192.0.2.1:flash2:/ Password: Administratively disabled. To fix that, get into config mode and run: ip scp server enable Ref: https://www.ispcolohost.com/2016/08/16/scping-an-ios-image-to-a-cisco-2960xr-stack/ - sometimes it happens due to encryption or integrity mismatch between SCP server and ASA. so you can support all cipher methods by the following 2 command (I face the same issue and TAC fixed bu those command) - ``` ssh cipher encryption all ssh cipher integrity all ``` ## References - [Getting Started with Ansible for Network Automation](https://docs.ansible.com/ansible/latest/network/getting_started/index.html) - [Ansible for Network Automation](https://docs.ansible.com/ansible/latest/network/index.html) - [Ansible Network Examples](https://docs.ansible.com/ansible/latest/network/user_guide/network_best_practices_2.5.html) - [Advanced Topics with Ansible for Network Automation](https://docs.ansible.com/ansible/latest/network/user_guide/) - [Platform Options](https://docs.ansible.com/ansible/latest/network/user_guide/platform_index.html) - [Netconf enabled Platform Options](https://docs.ansible.com/ansible/latest/network/user_guide/platform_netconf_enabled.html) - [Ansible for Network Automation Tutorial](https://www.networkcomputing.com/networking/ansible-network-automation-tutorial)

Latest Stories

How to attend Red Hat Remote Exam ? Every details you need to know

In August 2020, Red Hat announced the availability of Remote exams for students and the entire Learning community were so happy, yes we can attend Red Hat exams from our home or offic...

In redhat, Nov 09, 2020
How to Import Existing VMWare VM’s into Terraform

Terraform is an amazing tool for your infrastructure automation. Everything about your infrastructure can be write as code and maintain by team; means your infrastructure is transpare...

In terraform, Nov 04, 2020
Connecting Ansible Tower to Git Server with Self Signed Certificates

So many questioned me when I mention git server in an Ansible Tower environment; and later I realized that, most of them are keeping their projects inside Ansible Tower !!!

In Ansible, Oct 12, 2020
HashiCorp Certified Terraform Associate – Learning & Exam Tips

I started using Terraform somewhere in 2018, but very limited usage as I thought it is just another tool for provisioning infrastructure and other services – or a variant of Vagrant; ...

In terraform, Sep 18, 2020
How to Pass CKA & CKAD Exams ? 10 Tips for Kubernetes Exams

Here see the best tips for Kubernetes Exams - Certified Kubernetes Administrator (CKA) & Certified Kubernetes Application Developer (CKAD).

In kubernetes, Aug 15, 2020

Featured