Better Ansible Network Automation

with Roles and Custom Modules

John McDonough Season 2, Talk 7
NetDevOps Engineer, DevNet Sandbox
Twitter: @johnamcdonough https://developer.cisco.com/netdevops/live
 http://cs.co/ndl
Help us track NetDevOps Live Interest!

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What are we going to talk about?
• Ansible Roles vs. Modules
• What’s the difference?
• Let’s Make a Module
• Typically Python
• Self Documenting

• Idempotent

• Let’s Make a Role

• Self-Contained / Portable
• Loosely Coupled

• Share with ansible-galaxy

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
 ✓ I have contributed to Ansible
but there is much I don’t know.
Before we ✓ Ansible is evolving, true today
start… could be less true tomorrow.
✓ I always happy to know a
better way.

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
The name refers to the fictional
instantaneous hyperspace
communication system "ansible"

As featured in Orson Scott Card's Ender's Game

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ansible Roles and Modules

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What’s the difference?
Roles – The Instructions Modules – The Tools
• Self-contained and portable • Do One Thing Well
• Written in YAML • Python or PowerShell
• Use for common configurations • Uses APIs and/or CLI tools
• Enforcement of standards • Abstract complexity from user
• Called from a playbook • Called by an Ansible task

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Let’s Make a Module

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Let’s Make a Module – Python
• Create and Activate a
Python Virtual Environment
• python –m venv venv
• source venv/bin/activate

• Install Ansible
• pip install ansible
• Install other requirements
as needed
• pip install requests
• pip install pylint
https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Let’s Make a Module – Module Sections
• Modules have distinct sections
• Sh-Bang
• DOCUMENTATION
• imports
• main()
• AnsibleModule Class
• Argument Spec
• Required If
• Supports Check Mode
• Determine State / Update if required
• Exit – with result
https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Let’s Make a Module – Development and Testing
• Local Module Testing
• Ansible modules have an
implied JSON contract
• JSON IN → MODULE  JSON OUT

• Playbook Module Testing

• Run with a playbook

• Ensure your code looks good,

You might share it.
• pylint
pylint does not respect virtual envs
• Use $(which pylint) in virtual env
https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html
https://docs.ansible.com/ansible/latest/dev_guide/testing_sanity.html
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Let’s Make a Role

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Let’s Make a Role – Initialization
• Ansible Role Tools
• ansible-galaxy init <role-name>

• defaults - default variables for the role.

• files - files for the role.
• handlers – tasks run at play completion.
• meta - meta data for the role, if
publishing on galaxy.ansible.com
• tasks - tasks executed by the role.
• vars - other variables for the role.
• templates - templates for the role.
https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Let’s Make a Role – Tasks and Variables
• Tasks
• tasks/main.yml
• Contains tasks for role
• Can reference variables from role
and from playbook
• Variables
• default/main.yml
• If defined nowhere else
• lowest precedence
• vars/main.yml
• Contains variables for the role
https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Let’s Make a Role – Call from Playbook
• Call the role from the playbook
• Make use of playbook variables
• Make use of loops
• Make use of YAML anchors and
aliases
vars:
login_info: &login_info
hostname: "{{ hostname }}"
username: "{{ username }}"
password: "{{ password }}"

<<: *login_info
https://docs.ansible.com/ansible/latest/user_guide/playbooks.html
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Summing up

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
What did we talk about?
• The Difference between Ansible
Modules and Roles
• Tasks oriented

• Playbook oriented

• How to Create an Ansible Module

• With Python

• Other languages can be used

• How to Create an Ansible Role

• For reuse

• Consistency in Deployments

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Webinar Resource List
• Learning Labs
• Introduction to Ansible
https://developer.cisco.com/learning/modules/sdx-ansible-intro
• ACI and Ansible
https://developer.cisco.com/learning/modules/ansible-aci-intro

• DevNet Sandboxes
• ACI Always On https://snadboxapicdc.cisco.com

• Code Samples
• Ansible on DevNet’s Code Exchange
https://developer.cisco.com/codeexchange/explore/#search=ansible
• Webinar Code
https://developer.cisco.com/codeexchange/github/repo/movinalot/aci_modules
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
NetDevOps Live! Code Exchange Challenge
developer.cisco.com/codeexchange
Take what you’ve seen today
and apply to an active project.
Then submit it to Code
Exchange!

Example: Create an Ansible Module for a

playbook task that currently uses the shell or
command modules.
Example: Create an Ansible Role for a task or
set of tasks common to several playbooks.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Looking for more about NetDevOps?
• NetDevOps on DevNet
developer.cisco.com/netdevops
• NetDevOps Live!
developer.cisco.com/netdevops/live
• NetDevOps Blogs
blogs.cisco.com/tag/netdevops
• Network Programmability Basics Video Course
developer.cisco.com/video/net-prog-basics/

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Got more questions? Stay in touch!

John McDonough developer.cisco.com

[email protected] @CiscoDevNet
@johnamcdonough facebook.com/ciscodevnet/
http://github.com/movinalot http://github.com/CiscoDevNet
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
https://developer.cisco.com/netdevops/live
@netdevopslive