Ansible Network Automation
This is my first article on LinkedIn, and its about using Ansible to Automate Network Devices. Ansible has been around for quite some time - but of recent it is an area of exponential growth, specifically in the space of Network Automation.
Ansible uses custom designed modules written in python to communicate with all types of devices and the best part about it - is the fact that there's no dependency on any agent to be installed on the end device.
In this article, I'm going to provide an overview of ansible and its main components and some simple steps to start your journey to automating your network devices.
Ansible Overview
What is Ansible:
Ansible is one of the leading open source automation software that can be used to automate various platforms and devices through everyday connection protocols such as SSH for Linux, winrm for Windows Systems and API's almost everything else.
As a vendor agnostic framework Ansible can automate Arista (EOS), Cisco (IOS, IOS XR, NX-OS), Juniper (JunOS), Open vSwitch and VyOS
Red Hat Ansible Engine is the hardened version of the ansible available in the community.
More information on Red Hat Ansible Engine can be found here.
What is Ansible Tower:
Red Hat Ansible Tower is deployed on top of Ansible Engine to provide additional layers of control, knowledge and delegation to the Enterprise. It provides an easy to use UI with some great features of linking multiple playbooks into a fully nested workflow.
More information on Red Hat Ansible Tower can be found here.
What is an Ansible Playbook?
Ansible Playbooks define a set of instructions that you want to execute on your managed hosts. Playbooks are written in simple YAML format, meanings its simple to read and understand.
Here is a sample playbook for obtaining basic information about a cisco ios device using a module called ios_facts.
---
- name: backup router configurations
hosts: cisco
connection: network_cli
gather_facts: no
tasks:
- name: gather ios_facts
ios_facts:
- name: The name of the playbook
- hosts: The hosts that you want to run the playbook against
- connection: The connection type that you want to run for this playbook.
- tasks: The tasks that you want to run in this playbook - the tasks will call ansible modules to do the heavy lifting and perform the job on the managed hosts.
What is a Module?
Modules are the ones that do the actual work in ansible, they are what gets executed in each playbook task. Red Hat Ansible Engine ships with over 1600+ modules included to support various systems and devices.
For Network Automation, Ansible has over 570+ Modules thats supported for more than 40 different network devices.
You can find more information on supported ansible modules here.
What is an Inventory?
The Inventory defines the set of hosts that ansible will manage and automate.
Guide for Network Automation using Ansible:
Prerequisites:
- Ansible is installed on the control node
- Network connectivity exists between the control node and the managed hosts (network device)
Step 1: Define the inventory file in your project directory:
The inventory defined has a host group called [cisco] and within the host group there are 2 routers (rtr1 and rtr2) with specific variables about the host including ip address, username and operating system for each host.
[cisco] rtr1 ansible_host=10.0.0.1 ansible_ssh_user=admin ansible_network_os=ios rtr2 ansible_host=20.0.0.1 ansible_ssh_user=admin ansible_network_os=ios
Step 2: Define your ansible.cfg config file in the same project directory
The ansible config file lays out a set of parameters to be used for this particular project. It defines which inventory file to use and also defines the private key thats required to login to the router.
Note. You could also use a variable under the inventory called ansible_ssh_pass to define the password for the router instead of the ssh key.
[defaults]
connection = smart
timeout = 60
inventory = <inventory file<>
host_key_checking = False
private_key_file = <private key file for admin user on router>
Step 3. Verify connection to the router by running adhoc command to gather facts about the cisco device.
ansible cisco -m ios_facts -c network_cli
If it works well and the connection is established - you are ready to write a playbook.
Step 4. Write a basic playbook to take a backup of the cisco devices called backup_ios.yml
---
- name: backup router configurations
hosts: cisco
connection: network_cli
gather_facts: no
tasks:
- name: gather ios_facts
ios_facts:
register: version
- debug:
msg: "{{version}}"
- name: Backup configuration
ios_config:
backup: yes
Step 5. Run the playbook.
ansible-playbook backup-ios.yml
TASK [gather ios_facts] ****************************************************************************************************************************************************************************************************************************************
ok: [rtr1]
ok: [rtr2]
TASK [debug] ***************************************************************************************************************************************************************************************************************************************************
ok: [rtr1] => {
"msg": {
"ansible_facts": {
"
ok: [rtr2] => {
"msg": {
"ansible_facts": {
TASK [Backup configuration] ************************************************************************************************************************************************************************************************************************************
ok: [rtr1]
ok: [rtr2]
PLAY RECAP *****************************************************************************************************************************************************************************************************************************************************
rtr1 : ok=3 changed=0 unreachable=0 failed=0
rtr2 : ok=3 changed=0 unreachable=0 failed=0
Thats a simple guide to getting started with automating your network device.
Want to learn more?
Over the course of the next few months, We will be running some Ansible linklight workshops in Melbourne, Sydney, Brisbane and Perth on how to automate network devices using Ansible.
The workshop is enabled by our networks automation team, for more information visit https://network-automation.github.io/linklight/
To register your interest please reach out via linkedIn.
packet core solution architect in Ericsson
5 年how to run Ericsson EPG command with Ansible??
Solution Architect - Network Applications and Cloud Infrastructure at Ericsson
6 年Thanks for the crash course in Ansible. Nice overview. Look forward to your future articles.?
Technology Advisor | Principal Architect | Mentor | Innovator | 5G | Strategy
6 年Good job!
Senior Program Marketing Manager @Red Hat EMEA ?? | ?? Cloud Services Marketing | ?????? SaaS-PaaS Marketing | ?? AI Platform Marketing | ?? Product Marketing | ?? Community builder
6 年Awesome! ????
Great job Vinni