Ansible service: Store and run Ansible playbooks

Introduction

In the modern networking environment, the days of manual configurations, hand-jamming repetitive CLI commands, and ad-hoc scripts are numbered. At the forefront of this revolution is Ansible – an open-source tool that has seamlessly transitioned from managing servers to orchestrating complex network tasks. Before we dive deep into the ‘how-to’, let’s shed light on Ansible’s origin.

Brief History of Ansible

Ansible was born in 2012, created by Michael DeHaan, known for his contributions to the Cobbler and Func projects. Red Hat later acquired it in 2015. Initially conceptualized for application deployment and server provisioning, Ansible’s simplicity and agent-less design quickly made it a darling for system admins and, soon after, network engineers. Its idempotent nature ensures configurations are consistent and repeatable, a trait indispensable for network environments.

Use Cases for Ansible in Network Automation

1. Configuration Management: Deploying consistent configurations across a multitude of devices.
2. Continuous Compliance: Regularly validating network state against desired configurations.
3. Provisioning: Quick deployment of new devices or services in the network.
4. Operational Tasks: Collecting show outputs, updating OS images, or even automating troubleshooting tasks.

Installing Ansible

While Ansible has a broad compatibility range, for this article, we’ll focus on Ubuntu.

# Update repositories
sudo apt update

# Install Ansible via apt
sudo apt install ansible -y

Post-installation, a version check ensures successful installation:

ansible --version

Getting Started with Ansible for Network Automation

1. Inventory File

At Ansible’s heart lies the inventory – a file (by default at /etc/ansible/hosts) listing devices Ansible manages. For network devices, group them by function:

[routers]
router1 ansible_host=10.0.0.1
router2 ansible_host=10.0.0.2

2. Ansible Playbooks

A playbook is a script detailing what tasks Ansible will execute on which devices. Below is a simple playbook, backup_config.yml, backing up the configuration of Cisco routers:

---
- name: Backup Cisco Router Configs
  hosts: routers
  gather_facts: no
  tasks:
    - name: Fetch running config
      ios_command:
        commands:
          - show running-config
      register: config

    - name: Save to file
      copy:
        content: ""
        dest: "/path/to/backup/folder/.cfg"

This playbook uses the ios_command module to fetch the configuration and then saves it to a file.

3. Running the Playbook

Navigate to the playbook’s directory and execute:

ansible-playbook -i /path/to/inventory backup_config.yml

Advanced Scenarios

A. Configuration Templating with Jinja2

Often, network engineers need to deploy a similar configuration across devices, differing only in specifics. Jinja2, a templating engine for Python, works in harmony with Ansible for this task.

Suppose we have a template, interface_config.j2:

interface GigabitEthernet0/0
 description 
 ip address  

Using the template module in a playbook:

---
- name: Deploy Interface Configurations
  hosts: routers
  gather_facts: no
  tasks:
    - name: Push interface configs
      ios_config:
        src: /path/to/interface_config.j2

Variables like interface_description can be defined in the inventory, a separate variables file, or even fetched from external sources.

B. Integrating with Git for Version Control

Ansible playbooks and configurations can integrate with Git, ensuring versioning and a source of truth.

In your playbook directory:

git init
git add .
git commit -m "Initial commit of network playbooks"

Now, your playbooks are under Git version control. With platforms like GitHub or GitLab, collaboration, CI/CD pipelines, and rollback become effortless.

C. Rolling Updates

When updating device software or configurations, network disruptions are undesirable. Ansible’s serial attribute ensures updates roll out in defined groups.

---
- name: Upgrade Device OS
  hosts: routers
  gather_facts: no
  serial: 2
  tasks:
    - name: Upgrade OS
      ios_command:
        commands:
          - "upgrade command sequence"

Here, devices under the routers group will be upgraded two at a time, ensuring network integrity.

Conclusion

The power of Ansible in network automation is immense, blending the might of software programming with network engineering. Beyond basic playbooks, there’s a universe of modules, integrations, and patterns to explore. Network engineers equipped with Ansible are not just configuring devices – they’re …

Categories: Network Automation, Tutorials

Updated: August 13, 2023