Ansible

Overview

  • Automation tool using Python modules and YAML playbook files to connect to devices and push config
  • Agentless - Python scripts are run locally before config is pushed down
  • Documentation on Ansible and its modules located here

Core Concepts

  • Ansible config file
    • ansible.cfg used to declare details about the deployment. By default searched for first in the current directory, then the home directory, then /etc/ansible/ansible.cfg
  • Inventory file
    • Identifies hosts managed by Ansible. By default stored at ‘/etc/ansible/hosts’ directory in file called ‘hosts’. Location can be declared when running playbook with -i.
  • Viewing data
    • With Ansible, tasks that generate results are returned in JSON format
    • To view this data you can either use verbose output (-v) or save the output to a variable and view it with debug:
    • You can also save this variable data to a file with stdout[0].
    • Example of saving JSON data to a variable for viewing/saving: ```YAML
  • name: OPERATIONAL COMMANDS ON CISCO hosts: all connection: network_cli gather_facts: no tasks:
    • name: SEND SHOW VERSION ios_command: commands: show version register: output
    • name: VIEW VERSION OUTPUT debug: var: output
    • name: STORE OUTPUT copy: content: “{{ output.stdout[0] }}” dest: “./cfgs/{{ inventory_hostname }}.txt” ```

Commands

  • ansible-playbook -i <inventory> <playbook> - Running an Ansible playbook.
  • You can use the -v flag for verbose output and the --check flag to see what will happen when you run the playbook without making any changes
  • ansible-doc ios_config - You can check Ansible documentation for a particular module offline with this command (instead of in browser here)

Useful Modules

  • cisco.ios.ios_config - Used to push configuration to IOS devices - doc here
  • cisco.ios.ios_facts - Used to collect data (facts) from IOS devices - doc here
  • cisco.ios.ios_command - Send a command and return the result - useful to use with show commands to get the output back - doc here

Ansible File Examples

Inventory Files (INI format)
[all:vars]
ansible_python_interpreter=/home/kbyers/VENV/ansible/bin/python
ansible_connection=local

[local]
localhost

[cisco]
pynet-rtr1 host=10.10.10.70
pynet-rtr2 host=10.10.10.71

[cisco:vars]
device_type=cisco_ios
username=pyclass
password=invalid

[arista]
pynet-sw1 host=10.10.10.72
pynet-sw2 host=10.10.10.73
pynet-sw3 host=10.10.10.74
pynet-sw4 host=10.10.10.75

[arista:vars]
username=admin1
password=invalid
eapi_port=443

[nxos]
nxos1 host=10.10.10.126
nxos2 host=10.10.10.240

[nxos:vars]
username=pyclass
password=invalid
Inventory Files (YAML format)
---
all:
  vars:
    ansible_python_interpreter: "/home/kbyers/VENV/ansible/bin/python"
    ansible_connection: "local"
  children:
    cisco:
      hosts:
        pynet-rtr1:
          ansible_host: "10.10.10.70"
        pynet-rtr2:
          ansible_host: "10.10.10.71"
      vars:
        device_type: "cisco_ios"
        username: "pyclass"
        password: "invalid"
    arista:
      hosts:
        pynet-sw1:
          ansible_host: "10.10.10.72"
        pynet-sw2:
          ansible_host: "10.10.10.73"
        pynet-sw3:
          ansible_host: "10.10.10.74"
        pynet-sw4:
          ansible_host: "10.10.10.75"
      vars:
        username: "admin1"
        password: "invalid"
        eapi_port: "443"
    nxos:
      hosts:
        nxos1:
          ansible_host: "10.10.10.126"
        nxos2:
          ansible_host: "10.10.10.240"
      vars:
        username: "pyclass"
        password: "invalid"
Playbook Example
- name: Save Configurations (IOS)
  hosts: cisco
  gather_facts: no
  vars:
    creds:
      host: "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
  tasks:
    - ios_command:
        provider: "{{ creds }}"
        commands: show run
      register: show_run

    - copy:
        content: "{{ show_run.stdout[0] }}"
        dest: "CFGS/{{ inventory_hostname }}.txt"

- name: Save running config to file (Arista)
  hosts: arista
  gather_facts: no
  tasks:
    - eos_command:
        host: "{{ host }}"
        username: "{{ username }}"
        password: "{{ password }}"
        transport: https
        commands: show running-config
        encoding: text
      register: show_run

    - copy:
        content: "{{  show_run.output[0].result.output }}"
        dest: "CFGS/{{ inventory_hostname }}.txt"

- name: Save running config to file (NXOS)
  hosts: nxos
  gather_facts: no
  vars:
    creds:
        host: "{{ host }}"
        username: "{{ username }}"
        password: "{{ password }}"
        transport: cli

  tasks:
    - nxos_command:
        provider: "{{ creds }}"
        commands: show running-config
      register: show_run

    - copy:
        content: "{{ show_run.stdout[0] }}"
        dest: "CFGS/{{ inventory_hostname }}.txt"