Ansible Network Automation: Modules
Ibrahim ElSawy
![Ibrahim ElSawy]()
Ibrahim ElSawy
Telco Cloud Operation | IP Backbone Planning | Master of Engineering Telecom Networks | Red hat OpenShift Administration | Ansible Automation | CCNP Service Provider
In today's hyper-connected world, where the demand for faster, more reliable, and secure networks continues to grow, the manual configuration and management of network infrastructure have become increasingly challenging. Network automation is a revolutionary approach that is transforming the way we design, deploy, and operate networks. By leveraging cutting-edge technologies like artificial intelligence (AI), machine learning (ML), and software-defined networking (SDN), network automation is driving efficiency, scalability, and agility in network operations.
Ansible ships with a number of modules that can be executed directly on remote hosts or through Playbooks.
Users can also write their own modules. These modules can control system resources, like services, packages, or files, or handle executing system commands.
ansible --help command provides information about the function, syntax, operands of commands. this information is obtained and displayed on your terminal session in response for your request for help.
As shown in below snippet ansible command has many options reflecting to wide capabilities like
Privilege Escalation Options: to control how and which user you become as on target hosts.
Connection Options: to control as whom and how to connect to hosts.
[ielsawy@black_diamond ~]$ ansible --help
usage: ansible [-h] [--version] [-v] [-b] [--become-method BECOME_METHOD]
[--become-user BECOME_USER] [-K] [-i INVENTORY] [--list-hosts]
[-l SUBSET] [-P POLL_INTERVAL] [-B SECONDS] [-o] [-t TREE] [-k]
[--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
[-c CONNECTION] [-T TIMEOUT]
[--ssh-common-args SSH_COMMON_ARGS]
[--sftp-extra-args SFTP_EXTRA_ARGS]
[--scp-extra-args SCP_EXTRA_ARGS]
[--ssh-extra-args SSH_EXTRA_ARGS] [-C] [--syntax-check] [-D]
[-e EXTRA_VARS] [--vault-id VAULT_IDS]
[--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES]
[-f FORKS] [-M MODULE_PATH] [--playbook-dir BASEDIR]
[-a MODULE_ARGS] [-m MODULE_NAME]
pattern
Define and run a single task 'playbook' against a set of hosts
positional arguments:
pattern host pattern
optional arguments:
--ask-vault-pass ask for vault password
--list-hosts outputs a list of matching hosts; does not execute
anything else
--playbook-dir BASEDIR
Since this tool does not use playbooks, use this as a
substitute playbook directory.This sets the relative
path for many features including roles/ group_vars/
etc.
--syntax-check perform a syntax check on the playbook, but do not
execute it
--vault-id VAULT_IDS the vault identity to use
--vault-password-file VAULT_PASSWORD_FILES
vault password file
--version show program's version number, config file location,
configured module search path, module location,
executable location and exit
-B SECONDS, --background SECONDS
run asynchronously, failing after X seconds
(default=N/A)
-C, --check don't make any changes; instead, try to predict some
of the changes that may occur
-D, --diff when changing (small) files and templates, show the
differences in those files; works great with --check
-M MODULE_PATH, --module-path MODULE_PATH
prepend colon-separated path(s) to module library (def
ault=~/.ansible/plugins/modules:/usr/share/ansible/plu
gins/modules)
-P POLL_INTERVAL, --poll POLL_INTERVAL
set the poll interval if using -B (default=15)
-a MODULE_ARGS, --args MODULE_ARGS
module arguments
-e EXTRA_VARS, --extra-vars EXTRA_VARS
set additional variables as key=value or YAML/JSON, if
filename prepend with @
-f FORKS, --forks FORKS
specify number of parallel processes to use
(default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory INVENTORY, --inventory-file INVENTORY
specify inventory host path or comma separated host
list. --inventory-file is deprecated
-l SUBSET, --limit SUBSET
further limit selected hosts to an additional pattern
-m MODULE_NAME, --module-name MODULE_NAME
module name to execute (default=command)
-o, --one-line condense output
-t TREE, --tree TREE log output to this directory
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
Privilege Escalation Options:
control how and which user you become as on target hosts
--become-method BECOME_METHOD
privilege escalation method to use (default=sudo), use
`ansible-doc -t become -l` to list valid choices.
--become-user BECOME_USER
run operations as this user (default=root)
-K, --ask-become-pass
ask for privilege escalation password
-b, --become run operations with become (does not imply password
prompting)
Connection Options:
control as whom and how to connect to hosts
--private-key PRIVATE_KEY_FILE, --key-file PRIVATE_KEY_FILE
use this file to authenticate the connection
--scp-extra-args SCP_EXTRA_ARGS
specify extra arguments to pass to scp only (e.g. -l)
--sftp-extra-args SFTP_EXTRA_ARGS
specify extra arguments to pass to sftp only (e.g. -f,
-l)
--ssh-common-args SSH_COMMON_ARGS
specify common arguments to pass to sftp/scp/ssh (e.g.
ProxyCommand)
--ssh-extra-args SSH_EXTRA_ARGS
specify extra arguments to pass to ssh only (e.g. -R)
-T TIMEOUT, --timeout TIMEOUT
override the connection timeout in seconds
(default=10)
-c CONNECTION, --connection CONNECTION
connection type to use (default=smart)
-k, --ask-pass ask for connection password
-u REMOTE_USER, --user REMOTE_USER
connect as this user (default=None)
Some modules do not make sense in Ad-Hoc (include, meta, etc)
ansible-doc displays information on modules installed in Ansible libraries. It displays a terse listing of plugins and their descriptions, provides a printout of their documentation strings, examples mentioned in each module can be copied in the developed Playbooks.
[ielsawy@black_diamond ~]$ ansible-doc
usage: ansible-doc [-h] [--version] [-v] [-M MODULE_PATH]
[--playbook-dir BASEDIR]
[-t {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars}]
[-j] [-F | -l | -s | --metadata-dump]
[plugin [plugin ...]]
plugin documentation tool
positional arguments:
plugin Plugin
optional arguments:
--metadata-dump **For internal testing only** Dump json metadata for
all plugins.
--playbook-dir BASEDIR
Since this tool does not use playbooks, use this as a
substitute playbook directory.This sets the relative
path for many features including roles/ group_vars/
etc.
--version show program's version number, config file location,
configured module search path, module location,
executable location and exit
-F, --list_files Show plugin names and their source files without
summaries (implies --list)
-M MODULE_PATH, --module-path MODULE_PATH
prepend colon-separated path(s) to module library (def
ault=~/.ansible/plugins/modules:/usr/share/ansible/plu
gins/modules)
-h, --help show this help message and exit
-j, --json Change output into json format.
-l, --list List available plugins
-s, --snippet Show playbook snippet for specified plugin(s)
-t {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars}, --type {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,module,strategy,vars}
Choose which plugin type (defaults to "module").
Available plugin types are : ('become', 'cache',
'callback', 'cliconf', 'connection', 'httpapi',
'inventory', 'lookup', 'netconf', 'shell', 'module',
'strategy', 'vars')
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--list or -l option can be used to list all installed modules and grep to filter this the listed modules related to a specific topic, for example:
BGP related modules
[root@black_diamond ~]# ansible-doc -l | grep bgp
ce_bgp_af Manages BGP Address-family configuration on HUAWEI CloudEngine switch...
pn_vrouterbgp CLI command to add/remove/modify vrouter-bgp
eos_bgp Configure global BGP protocol settings on Arista EOS
iosxr_bgp Configure global BGP protocol settings on Cisco IOS-XR
pn_vrouter_bgp_network CLI command to add/remove vrouter-bgp-network
nxos_bgp_af Manages BGP Address-family configuration
nxos_bgp_neighbor_af Manages BGP address-family's neighbors configuration
nxos_bgp_neighbor Manages BGP neighbors configurations
frr_bgp Configure global BGP settings on Free Range Routing(FRR)
ios_bgp Configure global BGP protocol settings on Cisco IOS
ce_bgp Manages BGP configuration on HUAWEI CloudEngine switches
cnos_bgp Manage BGP resources and attributes on devices running CNOS
nxos_bgp Manages BGP configuration
ce_evpn_bgp Manages BGP EVPN configuration on HUAWEI CloudEngine switches
fortios_router_bgp Configure BGP in Fortinet's FortiOS and FortiGate
onyx_bgp Configures BGP on Mellanox ONYX network devices
ce_bgp_neighbor_af Manages BGP neighbor Address-family configuration on HUAWEI CloudEngi...
ce_evpn_bgp_rr Manages RR for the VXLAN Network on HUAWEI CloudEngine switches
ce_bgp_neighbor Manages BGP peer configuration on HUAWEI CloudEngine switches
pn_vrouter_bgp CLI command to add/modify/remove vrouter-bgp
领英推荐
vmware related modules
[root@black_diamond ~]# ansible-doc -l | grep vmware
vmware_category Manage VMware categories
vmware_host_feature_info Gathers info about an ESXi host's feature capability information
vmware_maintenancemode Place a host into maintenance mode
vmware_host_vmhba_info Gathers info about vmhbas available on the given ESXi host
vmware_cluster Manage VMware vSphere clusters
vmware_host_capability_facts Gathers facts about an ESXi host's capability information
vmware_datastore_maintenancemode Place a datastore into maintenance mode
vmware_vm_info Return basic info pertaining to a VMware machine guest
vmware_migrate_vmk Migrate a VMK interface from VSS to VDS
vmware_host_feature_facts Gathers facts about an ESXi host's feature capability information
vmware_guest_powerstate Manages power states of virtual machines in vCenter
vmware_tag_info Manage VMware tag info
vmware_vm_host_drs_rule Creates vm/host group in a given cluster
vmware_dvswitch_uplink_pg Manage uplink portproup configuration of a Distributed Switch
vmware_vm_vss_dvs_migrate Migrates a virtual machine from a standard vswitch to distributed
vmware_guest_disk_facts Gather facts about disks of given virtual machine
vmware_datastore_info Gather info about datastores available in given vCenter
vmware_dvswitch_lacp Manage LACP configuration on a Distributed Switch
vmware_host_ipv6 Enables/Disables IPv6 support for an ESXi host system
vmware_content_library_info Gather information about VMware Content Library
vmware_vm_vm_drs_rule Configure VMware DRS Affinity rule for virtual machine in given clust...
vmware_portgroup Create a VMware portgroup
vmware_about_facts Provides information about VMware server to which user is connecting ...
vmware_guest_custom_attributes Manage custom attributes from VMware for the given virtual machine
vmware_host_firewall_facts Gathers facts about an ESXi host's firewall configuration information
vmware_about_info Provides information about VMware server to which user is connecting ...
vmware_tag Manage VMware tags
vmware_export_ovf Exports a VMware virtual machine to an OVF file, device files and a m...
vmware_host_config_info Gathers info about an ESXi host's advance configuration information
vmware_guest_snapshot_info Gather info about virtual machine's snapshots in vCenter
vmware_guest Manages virtual machines in vCenter
vmware_vswitch Manage a VMware Standard Switch to an ESXi host
vmware_host_facts Gathers facts about remote ESXi hostsystem
vmware_target_canonical_facts Return canonical (NAA) from an ESXi host system
vmware_host_service_manager Manage services on a given ESXi host
vmware_host Add, remove, or move an ESXi host to, from, or within vCenter
vmware_vmkernel_facts Gathers VMKernel facts about an ESXi host
vmware_resource_pool_info Gathers info about resource pool information
vmware_object_role_permission Manage local roles on an ESXi host
vmware_guest_boot_info Gather info about boot options for the given virtual machine
vmware_guest_video Modify video card configurations of specified virtual machine in give...
vmware_host_package_facts Gathers facts about available packages on an ESXi host
vmware_guest_customization_info Gather info about VM customization specifications
vmware_guest_info Gather info about a single VM
vmware_dvswitch Create or remove a Distributed Switch
vmware_portgroup_info Gathers info about an ESXi host's Port Group configuration
vmware_local_user_info Gather info about users on the given ESXi host
vmware_host_scanhba Rescan host HBA's and optionally refresh the storage system
vmware_vcenter_settings Configures general settings on a vCenter server
vmware_cluster_ha Manage High Availability (HA) on VMware vSphere clusters
vmware_folder_info Provides information about folders in a datacenter
vmware_target_canonical_info Return canonical (NAA) from an ESXi host system
vmware_host_package_info Gathers info about available packages on an ESXi host
vmware_vm_storage_policy_info Gather information about vSphere storage profile defined storage poli...
vmware_host_firewall_info Gathers info about an ESXi host's firewall configuration information
vmware_vmotion Move a virtual machine using vMotion, and/or its vmdks using storage ...
vmware_datastore_cluster Manage VMware vSphere datastore clusters
vmware_cluster_drs Manage Distributed Resource Scheduler (DRS) on VMware vSphere cluster...
vmware_host_datastore Manage a datastore on ESXi host
vmware_guest_tools_upgrade Module to upgrade VMTools
vmware_drs_rule_info Gathers info about DRS rule on the given cluster
vmware_local_role_info Gather info about local roles on an ESXi host
vmware_host_ntp_info Gathers info about NTP configuration on an ESXi host
vmware_host_powerstate Manages power states of host systems in vCenter
vmware_dvs_portgroup_find Find portgroup(s) in a VMware environment
vmware_host_dns_facts Gathers facts about an ESXi host's DNS configuration information
vmware_host_lockdown Manage administrator permission for the local administrative account ...
vmware_dvswitch_nioc Manage distributed switch Network IO Control
vmware_vmkernel_ip_config Configure the VMkernel IP Address
vmware_guest_screenshot Create a screenshot of the Virtual Machine console
vmware_host_ssl_info Gather info of ESXi host system about SSL
vmware_host_ssl_facts Gather facts of ESXi host system about SSL
vmware_vmkernel_info Gathers VMKernel info about an ESXi host
vmware_dvs_host Add or remove a host from distributed virtual switch
vmware_datacenter Manage VMware vSphere Datacenters
vmware_content_deploy_template Deploy Virtual Machine from template stored in content library
vmware_host_snmp Configures SNMP on an ESXi host system
vmware_vswitch_info Gathers info about an ESXi host's vswitch configurations
vmware_host_config_manager Manage advanced system settings of an ESXi host
vmware_drs_group_facts Gathers facts about DRS VM/Host groups on the given cluster
vmware_guest_customization_facts Gather facts about VM customization specifications
vmware_guest_disk_info Gather info about disks of given virtual machine
vmware_drs_rule_facts Gathers facts about DRS rule on the given cluster
vmware_host_vmhba_facts Gathers facts about vmhbas available on the given ESXi host
vmware_vmkernel Manages a VMware VMkernel Adapter of an ESXi host
vmware_host_hyperthreading Enables/Disables Hyperthreading optimization for an ESXi host system
vmware_local_user_facts Gather facts about users on the given ESXi host
vmware_host_active_directory Joins an ESXi host system to an Active Directory domain or leaves it
vmware_dvs_portgroup_info Gathers info DVS portgroup configurations
vmware_dvswitch_pvlans Manage Private VLAN configuration of a Distributed Switch
vmware_host_powermgmt_policy Manages the Power Management Policy of an ESXI host system
vmware_cfg_backup Backup / Restore / Reset ESXi host configuration
vmware_guest_tools_wait Wait for VMware tools to become available
vmware_vm_shell Run commands in a VMware guest operating system
vmware_vspan_session Create or remove a Port Mirroring session
vmware_dvs_portgroup Create or remove a Distributed vSwitch portgroup
vmware_portgroup_facts Gathers facts about an ESXi host's Port Group configuration
vmware_guest_disk Manage disks related to virtual machine in given vCenter infrastructu...
vmware_host_kernel_manager Manage kernel module options on ESXi hosts
vmware_evc_mode Enable/Disable EVC mode on vCenter
vmware_guest_snapshot Manages virtual machines snapshots in vCenter
vmware_category_facts Gather facts about VMware tag categories
vmware_host_dns_info Gathers info about an ESXi host's DNS configuration information
vmware_vcenter_statistics Configures statistics on a vCenter server
vmware_host_service_info Gathers info about an ESXi host's services
vmware_local_role_facts Gather facts about local roles on an ESXi host
vmware_vswitch_facts Gathers facts about an ESXi host's vswitch configurations
vmware_host_capability_info Gathers info about an ESXi host's capability information
vmware_guest_boot_manager Manage boot options for the given virtual machine
vmware_vsan_cluster Configure VSAN clustering on an ESXi host
vmware_guest_sendkey Send USB HID codes to the Virtual Machine's keyboard
vmware_local_role_manager Manage local roles on an ESXi host
vmware_host_acceptance Manage the host acceptance level of an ESXi host
vmware_host_service_facts Gathers facts about an ESXi host's services
vmware_host_ntp_facts Gathers facts about NTP configuration on an ESXi host
vmware_host_vmnic_info Gathers info about vmnics available on the given ESXi host
vmware_guest_vnc Manages VNC remote display on virtual machines in vCenter
vmware_content_library_manager Create, update and delete VMware content library
vmware_host_firewall_manager Manage firewall configurations about an ESXi host
vmware_drs_group Creates vm/host group in a given cluster.
vmware_category_info Gather info about VMware tag categories
vmware_host_vmnic_facts Gathers facts about vmnics available on the given ESXi host
vmware_dvs_portgroup_facts Gathers facts DVS portgroup configurations
vmware_resource_pool Add/remove resource pools to/from vCenter
vmware_dns_config Manage VMware ESXi DNS Configuration
vmware_guest_network Manage network adapters of specified virtual machine in given vCenter...
vmware_guest_custom_attribute_defs Manage custom attributes definitions for virtual machine from VMware
vmware_guest_find Find the folder path(s) for a virtual machine by name or UUID
vmware_cluster_vsan Manages virtual storage area network (vSAN) configuration on VMware v...
vmware_cluster_info Gather info about clusters available in given vCenter
vmware_guest_boot_facts Gather facts about boot options for the given virtual machine
vmware_host_config_facts Gathers facts about an ESXi host's advance configuration information
vmware_resource_pool_facts Gathers facts about resource pool information
vmware_tag_manager Manage association of VMware tags with VMware objects
vmware_host_ntp Manage NTP server configuration of an ESXi host
vmware_guest_move Moves virtual machines in vCenter
vmware_guest_file_operation Files operation in a VMware guest operating system without network
vmware_deploy_ovf Deploys a VMware virtual machine from an OVF or OVA file
vmware_local_user_manager Manage local users on an ESXi host
vmware_drs_group_info Gathers info about DRS VM/Host groups on the given cluster
junos related modules
[root@black_diamond ~]# ansible-doc -l | grep junos
junos_rpc Runs an arbitrary RPC over NetConf on an Juniper JUNOS device
junos_lacp_interfaces Manage Link Aggregation Control Protocol (LACP) attributes of interfa...
junos_l2_interface Manage Layer-2 interface on Juniper JUNOS network devices
junos_user Manage local user accounts on Juniper JUNOS devices
junos_scp Transfer files from or to remote devices running Junos
junos_lacp Manage Global Link Aggregation Control Protocol (LACP) on Juniper Jun...
junos_banner Manage multiline banners on Juniper JUNOS devices
junos_package Installs packages on remote devices running Junos
junos_config Manage configuration on devices running Juniper JUNOS
junos_l3_interface Manage L3 interfaces on Juniper JUNOS network devices
junos_lldp_interface Manage LLDP interfaces configuration on Juniper JUNOS network devices
junos_lldp_interfaces Manage link layer discovery protocol (LLDP) attributes of interfaces ...
junos_facts Collect facts from remote devices running Juniper Junos
junos_lldp Manage LLDP configuration on Juniper JUNOS network devices
junos_l3_interfaces Manage Layer 3 interface on Juniper JUNOS devices
junos_l2_interfaces Manage Layer-2 interface on Juniper JUNOS devices
junos_command Run arbitrary commands on an Juniper JUNOS device
junos_lldp_global Manage link layer discovery protocol (LLDP) attributes on Juniper JUN...
junos_ping Tests reachability using ping from devices running Juniper JUNOS
junos_netconf Configures the Junos Netconf system service
junos_logging Manage logging on network devices
junos_vlan Manage VLANs on Juniper JUNOS network devices
junos_linkagg Manage link aggregation groups on Juniper JUNOS network devices
junos_lag_interfaces Manage Link Aggregation on Juniper JUNOS devices
junos_interfaces Manages interface attributes of Juniper Junos OS network devices
junos_static_route Manage static IP routes on Juniper JUNOS network devices
junos_vlans Create and manage VLAN configurations on Junos OS
junos_interface Manage Interface on Juniper JUNOS network devices
junos_vrf Manage the VRF definitions on Juniper JUNOS devices
junos_system Manage the system attributes on Juniper JUNOS devices
ansible-doc <module_name> command is used to show details of a specific module illustrating the purpose, options, and configuration capabilities. in addition to a simple playbook example using this module.
[ielsawy@black_diamond ~]$ ansible-doc iosxr_interfaces
> IOSXR_INTERFACES (/usr/lib/python2.7/site-packages/ansible/modules/network/iosxr/iosxr_interfaces.py)
This module manages the interface attributes on Cisco IOS-XR network devices.
* This module is maintained by The Ansible Network Team
OPTIONS (= is mandatory):
- config
A dictionary of interface options
[Default: (null)]
elements: dict
suboptions:
description:
description:
- Interface description.
type: str
duplex:
choices:
- full
- half
description:
- Configures the interface duplex mode. Default is auto-negotiation when not configured.
type: str
enabled:
default: true
description:
- Administrative state of the interface.
- Set the value to `True' to administratively enable the interface or `False'
to disable it.
type: bool
mtu:
description:
- Sets the MTU value for the interface. Applicable for Ethernet interfaces only.
- Refer to vendor documentation for valid values.
type: int
name:
description:
- Full name of the interface to configure in `type + path' format. e.g. `GigabitEthernet0/0/0/0'
required: true
type: str
speed:
description:
- Configure the speed for an interface. Default is auto-negotiation when not configured.
type: int
type: list
EXAMPLES:
---
- name: Configure Ethernet interfaces
iosxr_interfaces:
config:
- name: GigabitEthernet0/0/0/2
description: 'Configured by Ansible'
enabled: True
- name: GigabitEthernet0/0/0/3
description: 'Configured by Ansible Network'
enabled: False
duplex: full
state: merged
ansible ad-hoc command combined with previously mentioned optional arguments can be used to query information from the network node or apply a change on it using one of the existing ansible modules without developing a playbook.
-m MODULE_NAME, --module-name MODULE_NAME
-a MODULE_ARGS, --args MODULE_ARGS module arguments
can you expect the output of below ad-hoc commands? :)
[ielsawy@black_diamond ~]$ ansible core-routers-cisco -m iosxr_command -a "commands='show version | include uptime'"
[ielsawy@black_diamond ~]$ ansible esxi-servers -m vmware_vm_info -a "commands='esxcli network vm list'"
[ielsawy@black_diamond ~]# ansible -m ios_facts core-routers-cisco
[ielsawy@black_diamond ~]# ansible -m ios_facts -a 'gather_subset=config' core-routers-cisco
References: