Introduction to Ansible

Why Automation?
• Tasks in code
• Collaboration
• Eliminate errors
• Write once
• Lazines
• Etc….
Possible Used Cases Includes
• Configuration Management
• Maintenance
• Configuration Audit
• Upgradation
Configuration Management
Lets say an ISP needs to configure 100s or 1000s of vlans on n number of devices to accommodate new
customers
A customer needs to deploy a new data center or new site which consists large number of devices and variety
of vendors.

Legacy Solution Ansible Solution

Prepare configuration for all the devices. We can use Ansible module to generate the configuration
and to configure the devices as well.
Login to the devices one by one and configure it.
Think about the time it is going to take when we
prepare the configuration of the devices one by one.
Then login to the devices one by one to configure
them.
This could be error prone.
Power Maintenance/ Power Issue
Devices went down and came back up.
How to confirm
whether all the devices has come back online.
whether the connectivity has restored or not.

Legacy Solution Ansible Solution

Login to all the devices one by one and run the set of command one by We can ping a set of devices with Ansible and can fetch the required
one. information like
show runn Fetching Configuration before and after the maintenance.
show version uptime of all the devices
show int status routing information
show ip ospf neighbor link status
show ip bgp neighbor
All the commands used in legacy solution can be run
in one go with Ansible on a set of devices.
ISP Maintenance/ Flap
Service restoration
Routing Neighborship, Routes
Interface status

Legacy Solution Ansible Solution

Login to all the devices one by one and run the set of command one by We can ping a set of devices with Ansible and can fetch the required
one. information like
ping 8.8.8.8 Connectivity with Internet & Intranet
show int status uptime of all the devices
show ip ospf neighbor routing information
show ip bgp neighbor link status
show runn
show version
All the commands used in legacy solution can be run
in one go with Ansible on a set of devices.
Some other use cases can be
Configuration Audit
OS Upgradation

Legacy Solution Ansible Solution

Perform the tasks on individual devices. Perform the tasks on multiple devices.
Installation Requirements
The OS that works well with Ansible are
Fedora
Linux 7
CentOS

CentOS 7 → http://isoredirect.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Everything-1804.iso

Work around for Windows Users.

Microsoft Windows as a control machine is not supported.
Windows users need to install either VMware workstation or Oracle VM Virtual Box. VMware has license issues so, Oracle VM Virtual Box is best.

Oracle VM Virtual Box → https://www.oracle.com/technetwork/server-storage/virtualbox/downloads/index.html

Python 2.6 or later/Python 3

We also need a text editor.

VIM
Notepad++ → https://notepad-plus-plus.org/download/v7.6.html
Sublime → https://www.sublimetext.com/
Tools for Network Engineers
We have few tools to practice Ansible from networking perspective. GNS3 & EVE.

Use following link for GNS3 →

https://www.youtube.com/watch?v=x9pGYyEqLYs&list=PLhfrWIlLOoKNFP_e5xcx5e2GDJIgk3ep6
GNS3 supports a variety of vendors. It supports Cisco (Routers, Switches, WLC, Prime), Palo Alto, F5, Juniper and many others. We can use
ansible with all the supported vendors.

Use following link for EVE-NG →

http://www.eve-ng.net/
Ansible Introduction
Ansible, at its core, is a task execution engine.
It provides a method to easily define one or more actions to be performed on one or more Servers/Network
Devices. We don’t need to login to the device. These tasks can target the local system Ansible is running from,
as well as other systems Ansible can reach over the network.

Open Source hosted on GitHub written in Python. User interaction is YMAL.

Github is a code repository, which can be integrated to other tools like Jenkins to develop CI/CD model.
YAML works as a key pair value. It`s user friendly and human readable.

Ansible is the most suitable tools for Network Automation.

It works on SSH and most of the network devices are accessible over SSH.
It does not need any agent to be installed on the remote device. We will not be able to install agent on most of
the network devices.
As an agent can`t be installed, so, we can`t use a tool which works on pull mechanism. We need a tool which
works on push mechanism. Ansible works on push mechanism.
The only requirement is the generic username and password. There might be some security related issues with
generic username and password. Now we have CyberArk module which can help us to resolve this.
Ansible and
Other
Automation
Tolls
Installation and Verification
Follow the link to install Ansible on different OS ->
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html

Follow the following steps to install Ansible in CentOS7

yum update
yum install epel-release
yum install python-pip
pip install --upgrade pip
yum install ansible

Alternatively, Ansible can be installed via Python pip in a Python virtual environment. This is useful if
I want to make use of multiple versions of Ansible or if I'm operating in an environment where I do
not have rights to install things in the system path.

If we are using GNS3 to practice Ansible with networking, then we do not need to install Ansible. Its
pre-installed. We just need to configure it.

If we are using eve-ng then we need to install linux and install Ansible.
Once the Ansible is installed successfully, use following commands to verify:
which ansible -> check the availability of Ansible
version --ansible -> check which version is installed
Version
configuration file in use at etc/ansible/ansible/cfg
module search path is the default.
Once Ansible is installed go to cd /etc/ansble/ and run ll/ls it will show all the files and folders.

Ansible.cfg → Certain settings in Ansible are adjustable via a configuration file (ansible.cfg).
Hosts → Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of systems listed in
Ansible’s inventory, which defaults to being saved in the location /etc/ansible/hosts. You can specify a different inventory file using the -i
<path> option on the command line.
Roles → In Ansible, Role is a primary mechanism for breaking a playbook into multiple files.
 Ansible
Architecture
A brief explanation of Ansible and Its parts
Ease of getting started
• An inventory of targets – hosts file with target hosts (network devices)
• A state to assert – tasks (fetching information or configuration)
• Credential to log into a device – works on SSH which is already open in the network
Inventory
A set of potential target hosts to execute tasks on. Inventories are not specifically tied to a set of Ansible instructions.
Multiple inventories can exist and be used at execution time.

[access-switches]
as-01 as-01
as-02 as-02
cs-01 [core-switches]
cs-02 cs-01
cs-02

Hosts or groups are used in patterns as an entity to target or as an entity to skip from within a target. Patterns support wild
cards and even regular expressions.
 . ---
- name: Get ARP
hosts: core-switches
Playbook and gather_facts: false
tasks:
Its - name: Show ARP
Components raw: show arp

Playbook Play Task

Control Node
Any machine with Ansible installed. You can run commands and playbooks, invoking /usr/bin/ansible or
/usr/bin/ansible-playbook, from any control node. You can use any computer that has Python installed on it as
a control node - laptops, shared desktops, and servers can all run Ansible. However, you cannot use a Windows
machine as a control node. You can have multiple control nodes.
Managed Nodes
The network devices (and/or servers) you manage with Ansible. Managed nodes are also sometimes called
“hosts”. Ansible is not installed on managed nodes.
Inventory
A list of managed nodes. An inventory file is also sometimes called a “hostfile”. Your inventory can specify
information like IP address for each managed node. An inventory can also organize managed nodes, creating
and nesting groups for easier scaling.
Modules
The units of code Ansible executes. Each module has a particular use, from administering users on a specific
type of database to managing VLAN interfaces on a specific type of network device. You can invoke a single
module with a task, or invoke several different modules in a playbook.
Tasks
The units of action in Ansible. You can execute a single task once with an ad-hoc command.
Playbooks
Ordered lists of tasks, saved so you can run those tasks in that order repeatedly. Playbooks can include
variables as well as tasks. Playbooks are written in YAML and are easy to read, write, share and understand.
Lets see a
sample
Playbook
Ad-hoc
• Ad-Hoc commands and Play-Books both can be used to fetch
information from network devices and for troubleshooting purpose.
• Ad-hoc commands are very useful and handy for troubleshooting and
pulling out configurations or output of a command and then saving it
to some files for future purpose.
• Ad-hoc commands are like IOS commands with some more
arguments running directly on the devices, while ad-hoc command
runs from the Ansible server, the only difference is the syntax.
Examples of Hd-hoc commands
ansible all -m raw -a "show version" -u cisco -k | grep SUCCESS
SSH password:
Core1 | SUCCESS | rc=0 >>
Core2 | SUCCESS | rc=0 >>

ansible all -m raw -a "show version" -u cisco -k | grep 'SUCCESS\|UNREACHABLE'

SSH password:
Core2 | SUCCESS | rc=0 >>
Core1 | SUCCESS | rc=0 >>

Access1 | UNREACHABLE! => {

Access2 | UNREACHABLE! => {
Access3 | UNREACHABLE! => {