Introduction to CLI Automation with Ansible
Tim Nothnagel, Architect, Cisco Milivoje Mirovic, Systems Architect, Cisco
LTRRST-1954 Cisco Webex Teams
Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 • Introduction to Ansible
• Using Ansible • Command Line, Playbooks & Templates
• Lab Introduction
• Lab Scenario
• Lab Execution
• Conclusion
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Session Objective
• Understanding of the basic principles of Ansible
• Being able to write a playbook including various Ansible concepts
• Getting hands-on experience in using Ansible with IOS-XE, IOS-XR and NX-OS
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Timetable
• 2:00 pm - 2:30 pm Ansible & Lab Intro
• 2:30 pm - 5:45 pm Lab time
• 5:45 pm - 6:00 pm Wrap up
Coffee and sugar break halfway through the lab.
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Some Related Sessions
• LABACI-1030 – Automating ACI with Ansible (walk in lab)
• DEVNET-2215 – How to Write an Ansible Module (Thursday 9am)
• LABDCN-1258 – Network automation with Ansible (walk in lab)
• BRKDCN-2025 – Maximizing Network Programmability and Automation (Thursday 11am)
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Introduction to Ansible Ansible Characteristics
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Documentation: Installing Ansible https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
• On Fedora: $ sudo dnf install ansible • On RHEL and CentOS: $ sudo yum install ansible • Ubuntu $ sudo apt update $ sudo apt install software-properties-common $ sudo apt-add-repository --yes --update ppa:ansible/ansible $ sudo apt install ansible • MacOS: $ pip3 install ansible
• Windows is not supported as controller
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Getting started with Ansible
Ansible Controller Targets
SSH (user/pass, public key)
1. Push configuration 2. Get configuration/state 3. Execute commands
ansible.cfg Inventory Playbooks Modules
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Using Ansible Common Ansible Terms ? Let‘s first cover the basic terms and concepts.
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Ansible Configuration – ansible.cfg
• The place for adjusting default settings based on your requirements • Multiple alternative places for parameters and settings exist • Typically, default settings are sufficient for most users
• Precedence order of Ansible configuration files (in this order): 1. ANSIBLE_CONFIG (an environment variable) This lab uses ansible.cfg in 2. ansible.cfg (in the current directory) scenario/project directory 3. .ansible.cfg (in the home directory) 4. /etc/ansible/ansible.cfg(global ansible configuration)
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Further reading: Inventory – hosts file https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
$ cat ansible/hosts [core] • INI format file usually called ‘hosts’ CORE_XR ansible_host=198.18.1.5
[branch1] • Defines the hosts which Ansible manages BRANCH_1_CSR ansible_host=198.18.1.12 BRANCH_1_SWITCH ansible_host=198.18.1.11
• Hosts can be grouped together with [] [branch2] BRANCH_2_CSR ansible_host=198.18.1.22 • Additional optional parameters can be defined BRANCH_2_SWITCH ansible_host=198.18.1.21 [csr] BRANCH_1_CSR ansible_host=198.18.1.12 • Where does Ansible look for the inventory file: BRANCH_2_CSR ansible_host=198.18.1.22
• Option 1 (Default): /etc/ansible/hosts [switch] BRANCH_1_SWITCH ansible_host=198.18.1.11 • Option 2: “inventory” parameter in local ansible.cfg BRANCH_2_SWITCH ansible_host=198.18.1.21 • Option 3: -i
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Further reading: https://docs.ansible.com/ansible/latest/user_guide/modules.html Modules https://docs.ansible.com/ansible/latest/modules/modules_by_category.html
• Prepared “scripts“ performing actions on a host • E.g. Commands, APIs • All modules ship with Ansible • Enormous variety of Ansible modules • You can write your own modules Network modules per Ansible version 2000
1500
1000
500
0 2.5 2.6 2.7 2.8 2.9
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Further reading: https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html Ad-hoc Commands https://docs.ansible.com/ansible/latest/modules/ping_module.html
• Allows you to execute tasks quickly without saving steps • Useful to understand the basics of how Ansible works
• ansible -m
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Further reading: Playbooks https://docs.ansible.com/ansible/latest/user_guide/playbooks.html
$ cat sample.yaml --- - hosts: control • Ansible‘s method of procedures (MoP) gather_facts: no connection: local
• Playbooks store task sequences for later reuse tasks: - name: PING ANSIBLE CONTROL • Can have one or more plays and tasks ping: - name: DATE COMMAND ON CONTROL • Playbooks are written in YAML command: date
$ ansible-playbook sample.yaml
PLAY [control] **********************************************************************************************************************
TASK [PING ANSIBLE CONTROL] ********************************************************************************************************************** ok: [localhost] …
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Further reading: Jinja2 Templates https://docs.ansible.com/ansible/latest/user_guide/playbooks_templating.html
• Jinja2 templates further enhance modelling $ cat ios_interface.yaml - hosts: branch1[0] capabilities, e.g. including native configlets gather_facts: no connection: local
• Jinja2 templates have access to Ansible vars: interfaces: variables and implement many filters and tests - name: GigabitEthernet4 intf_address: 10.1.10.2 for validation intf_netmask: 255.255.255.252 - name: GigabitEthernet5 • Templating is executed on Ansible controller intf_address: 10.1.10.6 intf_netmask: 255.255.255.252 $ cat ios_interface.j2 {% for interface in interfaces %} tasks: {% if interface.name.startswith('Gigabit') %} - name: BUILD DATA INTERFACE CONFIG interface {{ interface.name }} template: ip address {{ interface.intf_address }} {{ interface.intf_netmask }} src: templates/ios_interface.j2 no shutdown dest: configs/ios_interface.cfg exit ! - name: CONFIGURE DATA INTERFACES {% endif %} ios_config: {% endfor %} src: configs/ios_interface.cfg
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Ansible vs.|& Cisco NSO 10,000-feet Comparison
Ansible • Run to completion or error • No rollback • Increasing amount of protocols • Explicit “tasks” to wrap CLI or operation
Cisco NSO • Transactions – all or nothing • Rollback built-in • Variety of southbound protocols (Netconf, REST, SNMP, ...) • Model based abstraction via YANG
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Further reading: Reference Architectures https://www.ansible.com/networks-with-cisco-nso-ansible Spanning Applications and Networks
Application Centric Connectivity Centric
Ansible Playbooks NSO
NSO Ansible Playbooks
App App App App
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Lab Introduction Lab Setup
• Lab contains 1 XRv core router, 2 CSR1kv branch routers, 2 NX-OSv switches and 2 VMs to verify end-to-end connectivity
• Ansible VM (Ubuntu) Ansible control node,
• Windows VM with tools: text editor, Putty ssh client
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Lab Access
• Use the Cisco AnyConnect Client with your Cisco dCloud Lab VPN settings to connect to your lab instance
• Connect to the Windows machine using RDP client • Direct ssh access to the Ansible controller using with Putty
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Alternative Lab Access Cisco dCloud is used for this lab
Click “View” to get more lab access details
In-browser Remote Desktop session
dCloud Lab VPN details
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 Lab Access, cont.
Windows Workstation provides access to multiple resources
Putty: Double-click to directly log into the Ansible controller
Atom: Text editor with yaml syntax highlighting & FileSync plugin to copy files from/to Ansible controller
Chrome: Access to Internet & Ansible Docs
Maestro: Access to VIRL (not required for this Lab)
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Lab Scenario Lab Scenario
Exercise Ansible Concepts & Objectives
1 Basics: ansible.cfg, inventory Ad-Hoc Operations, modules 2 Playbooks, parents, wait_for, tags, variables Prepare core config for CORE_XR: Loopback0 Interface, global OSPF activation 3 loop, when, Jinja2 templates, register, debug Activate OSPF on BRANCH_1_CSR, configure interfaces on CORE_XR and BRANCH_1_CSR (Optional) Using Netconf/YANG with Ansible 4 nxos_nxapi, device-specific modules OSPF & Interface configuration on BRANCH_1_SWITCH 5 Playbook optimization, import_playbook Re-use playbooks to deploy configuration for BRANCH_2 service
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 Things we should have said
• No best practices
• Lab guide provides less and less help
• Be careful when copy and paste quotes
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Lab Time Exercise 1 - Location matters!
• Ansible will look for ansible.cfg in the following order • Environment variable ANSIBLE_CONFIG • Current directory • Home directory • Directory /etc/ansible
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Exercise 2 – To quote or not to quote
• Ansible will treat {{ }} as dictionary when specified after module • ”{{ }}” is required to indicate as variable
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Exercise 3 – Prefer more specific modules
• Prefer more specific modules • Use swiss army knife modules as last gate of resort • Improves Idempotency
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Wrap Up Conclusion
• Ansible is simple and easy to kickstart
• Ansible can work together with Cisco NSO
• Before you write a shell script consider to write a playbook!
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Complete your online session • Please complete your session survey survey after each session. Your feedback is very important.
• Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events Mobile App or by logging in to the Content Catalog on ciscolive.com/emea.
Cisco Live sessions will be available for viewing on demand after the event at ciscolive.com.
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Continue your education
Demos in the Walk-In Labs Cisco Showcase
Meet the Engineer Related sessions 1:1 meetings
LTRRST-1954 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Thank you