cloud,

Ansible for Network Automation

· 4 mins read
Share this

Read : How Network Automation is Different

References

Privilege Escalation for Network Devices in Ansible

Sample environment variable

ansible_connection: network_cli
ansible_network_os: ios
ansible_become: yes
ansible_become_method: enable

Communication Protocols

ansible_connection Protocol Requires Persistent?
network_cli CLI over SSH network_os setting yes
netconf XML over SSH network_os setting yes
httpapi API over HTTP/HTTPS network_os setting yes
local depends on provider provider setting no

Network modules

Arista EOS = eos_* Cisco IOS/IOS-XE = ios_* Cisco NX-OS = nxos_* Cisco IOS-XR = iosxr_* F5 BIG-IP = bigip_* F5 BIG-IQ = bigiq_* Juniper Junos = junos_* VyOS = vyos_*

and modules as

  • *_facts
  • *_command
  • *_config

And more

Ansible Network Playbooks

Sample Playbookf or ios

- name: configure cisco routers
  hosts: routers
  connection: network_cli
  gather_facts: no
  vars:
    dns: "8.8.8.8 8.8.4.4"

  tasks:
   - name: configure hostname
     ios_config:
       lines: hostname 

   - name: configure DNS
     ios_config:
       lines: ip name-server 

Another one for interface config Ansible Playbook

Ansible Network Roles

https://galaxy.ansible.com/ansible-network

network-engine This role provides the foundation for building network roles by providing modules and plugins that are common to all Ansible Network roles.

Galaxy

config_manager

This role is designed to provide a network platform agnostic approach to managing the active (running) configuration file on a remote device. This role requires one (or more) platform provider roles to execute properly. Galaxy

Install roles

ansible-galaxy install ansible-network.cisco_ios
ansible-galaxy install ansible-network.config_manager

Update existing role

ansible-galaxy install ansible-network.network_engine,v2.7.0 --force

Task Reference

Using username and password for authentication

- name: User usernname
  vars:
    cli:
      username: user1
      password: password
      transport: cli
  tasks:
    - name: Test Login
      ios_config:
        provider: "
        .
        .

Reboot ios device

---
- name: reboot ios device
  cli_command:
    command: reload
    prompt:
      - Save?
      - confirm
    answer:
     - y
     - y

  # To make sure the current connection to the network device
  # is closed so that the socket can be reestablished to the network
  # device after the reboot takes place.
- name: reset the connection
  meta: reset_connection


- name: Wait for the network device to reload
  wait_for_connection:
    delay: 10

Backup eos

Backup configuration

---
- name: BACKUP NETWORK CONFIGURATIONS
  hosts: arista
  gather_facts: false

  tasks:

    - name: BACKUP CONFIG
      eos_config:
        backup: yes

Backup using cli_command

  • run arbitrary commands on network devices using cli_command
---
- name: RUN COMMAND AND PRINT TO TERMINAL WINDOW
  hosts: arista
  gather_facts: false

  tasks:

    - name: RUN ARISTA COMMAND
      cli_command:
        command: show run
      register: backup

    - name: PRINT TO TERMINAL WINDOW
      copy:
        content: ""
        dest: ".backup"

Change config

# vars
show_interfaces: "show ip interface brief"
backup: "show running-config"
save: "write memory"
ntp_commands: ntp server 192.168.1.1

---
- name: CHANGE CONFIGURATION
  hosts: routers
  gather_facts: false

  tasks:

    - name: LOAD NTP CONFIGURATION
      cli_config:
        config: ""
      notify:
        - SAVE CONFIGURATION

  handlers:

    - name: SAVE CONFIGURATION
      cli_command:
        command: ""

# Show interface
    - name: RUN SHOW COMMAND
      cli_command:
        command: ""
      register: command_output

Add VLAN nxos

---
- name: deploy vlans
  hosts: cisco
  gather_facts: no

  tasks:
    - name: ensure vlans exist
      nxos_vlan:
        vlan_id: 100
        admin_state: up
        name: WEB

Add ACL (Access Control List)

https://dodgydudes.se/ansible-net104/

Add config iso_config

---
- name: snmp ro/rw string configuration
  hosts: cisco
  gather_facts: no
  tasks:
    - name: ensure snmp strings are present
      ios_config:
        lines:
          - snmp-server community ansible-public RO
          - snmp-server community ansible-private RW

Resources

Appendix

  • DEVNET developer.cisco.com -> https://developer.cisco.com/site/sandbox/ -> https://devnetsandbox.cisco.com/

eg: IOS XE on CSR Latest Code Always On https://devnetsandbox.cisco.com/RM/Diagram/Index/38ded1f0-16ce-43f2-8df5-43a40ebf752e?diagramType=Topology

add variables

[routers:vars] ansile_user=developer ansible_password=password ansible_connection=network_cli ansible_network_os=iso ansible_port=8181 #if diff port

Download IOS Images

Reference Repos

  • https://github.com/nleiva/ansible-networking
  • https://github.com/zjleblanc/ansible-network-mgmt/tree/master
  • https://github.com/zjleblanc/ansible-cisco-demos

Latest Stories

Featured