Skip to content

2019-02-23 Ansible

Ansible Network Automation

Ansible for network automation#

Why Ansible for network automation?#

  • Automate repetitive tasks
  • Use the same tool for network, operations and development work
  • Separate the tasks in playbooks from the execution layer in Ansible modules for multi-vendor devices
  • Benefit from community and vendor generated modules
  • Communicate securely with network hardware over SSH and HTTPS

Ansible can be used to configure hubs, switches, routers, bridges and other network devices.

Basic concepts#

  • Control node: any non-Windows computer with Python, ansible and ansible-playbook installed
  • Managed nodes: network devices and servers managed by Ansible. These are sometimes called hosts
  • Inventory: a list used to organise managed nodes. Sometimes called a hostfile
  • Modules: units of code that Ansible executes
  • Tasks: units of action in Ansible
  • Playbook: an ordered list of tasks. It can include variables, tasks and roles. Playbooks are written in YAML

How network automation is different#

  • Unlike most Ansible modules, network modules do not run on managed nodes
  • The majority of network devices cannot run Python
  • Ansible network modules are executed on the control node, where Ansible commands are called
  • Use the control node for backup files
  • Network modules do not update configuration files on managed nodes, because network configuration is not usually written in files

Communication protocols#

  • Communication protocols include XML over SSH, CLI over SSH and API over HTTPS
  • The right protocol depends on the platform and purpose
  • The most common is CLI over SSH
  • Set the protocol with the ansible_connection variable

Common values:

  • network_cli: CLI over SSH
  • netconf: XML over SSH
  • httpapi: API over HTTP/HTTPS
  • local: depends on the platform and module

Network platform module prefixes#

  • Arista: eos_
  • Cisco: ios_, iosxr_ or nxos_
  • Juniper: junos_
  • VyOS: vyos_

Privilege escalation#

  • On network devices the equivalent of sudo is enable mode
  • As of Ansible 2.6 you can use become: yes with become_method: enable

Example group vars or host vars file:

ansible_connection: network_cli
ansible_network_os: ios
ansible_become: yes
ansible_become_method: enable

Be aware that Ansible 2.4 and 2.5 had issues in this area.

Run your first command and playbook#

Requirements#

  1. Ansible 2.5 or newer installed
  2. One or more network devices compatible with Ansible

Sources#