Ansible for Network Automation Overview

I love Ansible. It's by far one of my favorite IT automation tools. We can use it to manage and configure hundreds of devices, from Windows servers to Linux servers and even routers and switches. Yeah, routers and switches. And that's what we're talking about today. Ansible Network Automation. What's going on guys? Welcome back to Network Chuck. Ah, it's so good. In my last video, we talked about Ansible, an IT automation tool that requires no programming knowledge at all. Anyone can pretty much walk into this and start using it without too much trouble. And we talked about, Hey, what is it? What is it for? How can we use it? We went through an example in a lab. You can check that out up here, but we mainly focused on administering Linux servers. But what about networking? I mentioned Cisco routers and switches. We can do this with... Ansible. In fact, it's one of the more popular tools for network engineers, just because you don't need to know Python. You don't need to know any of that. And that's what we're doing in this video. I'm going to walk you through how to quickly set up Ansible to control routers and switches. And like most of my videos, you'll have an opportunity to get your hands dirty, your feet wet. We're going to actually do stuff on Cisco routers. You don't need a lab in your own home. There's stuff available for free. Thanks to Cisco DevNet. Oh, and by the way, did you hear? The new CCMP course is released on CBT Nuggets. So if you're looking at getting your CCMP, your Cisco Certified Networking Professional Certification Enterprise, training for the Encore exam is now live. Check it out, link below. It is by far the best training you can find for CCMP, hands down. Now, I'm not just saying this because I had a hand in it, because I am on there, but we had a whole bunch of other trainers, Jeremy Char, Keith Barker, Jeff Kish, Jacob Moran, Knox Hutchinson. It's an all-star cast. So what are you waiting for? Start working on that CCMP today. You can get a seven day free trial if you're not already a subscriber and getting back to Ansible. I also talk a lot more about other network automation tools in that course. We cover puppet chef salt stack, which you're required to know about for the CCMP exam now. So go check that out. Okay. Ansible Cisco routers switches. Let's go first. Let's set up Ansible right now. I'm going to sent OS box has nothing installed on it just yet. I'll walk you through it from the ground up first. Let's do some updates. I'll do yum update dash Y to make sure my repositories are all updated who mine took a bit, but here we go next. We'll make sure we have the EP EL release installed because that's how we can get Ansible. We'll do yum install, EP EL dash release dash Y. And here we go again. Now we wait. It's great though. Get some more coffee. Hey, it's already done. And now we can finally install Ansible. We'll do yum install, Ansible dash Y and now we're ready to rock. Well, not just yet. We need to change one thing in the Ansible configuration file. So we'll get to that location right now, CD, et cetera, Ansible. CD means change directory. We're gonna go to this directory. Now let's list our contents real quick. And there's our Ansible configuration file. Let's edit that sucker. So I'll do VI as my text editor. That's the editor I'm using Ansible.cfg. I will scroll down probably about, uh, halfway through the document. Hard to tell though. You're looking for something called host key checking equals false. We want to disable this so we can play nicely with our Cisco devices without having to upload SSH keys, all that headache. This is just a lab. Don't worry about it. So I'm going to hit I to edit, remove that hashtag or pound symbol, then I'll hit escape colon WQ to jump out. Now to manage our Cisco routers and switches, we need to add them to our inventory file or our host file. For more information about what that is and how that works, Look back at the previous video or the course below for CBT nuggets. Now this is the fun part. We're going to take advantage of free access to DevNet's Cisco routers and switches. They make it freely available in their sandboxes. Let me show you how to connect to those right now. The website is developer.cisco.com. If you don't already have an account with DevNet, go ahead and set up a free account. If you're getting into network automation, this is almost required. Actually, I'm going to say it is required. Do it now. Now the links to the routers we'll be using are below. I'll load up the first one real quick. It's an always on sandbox. Cisco iOS XE and here's the information we care about right about here host name the port and the login information and then I'll pull up the second router while we're at it link below for that this is another version of that same router we'll scroll down to our information we care about bam right here now why are we using two routers well you don't have to you can use one router but I want to demonstrate how we can manage configurations enter commands on multiple devices from one spot our control node in Ansible now quick note While these routers are available right now, and what you're seeing here is live as of the time of this recording, this could change. I don't manage this website. There might be a different version of this router. They might be undergoing maintenance. So just keep that in mind. So let's get back to our Ansible server here and I will jump into my host file, vi host. And we're gonna add some hosts right now. I'm gonna go down to the bottom here where I can edit some things. Hit I to start editing and we'll add our routers. I'm going to group my routers in a group called routers using opening and closing brackets. And just underneath that, I will enter my host information. Let's go grab those router. Number one is right here. I'll copy that address, paste that there. And then let's grab the second one. Here is his host information and we'll put it just below. Now here will be the main difference between accessing Linux devices and network devices like Cisco routers and switches. The difference being the variables we use to connect. So let's start defining our variables for this entire group opening bracket. I'll say routers is the group I want to mess with. I'll put a colon and put VARS. And anything below this will be our variables for that group. Let's do login credentials first Ansible underscore user. And I'll say equals. What was that username again? It was developer developer. And then just underneath that Ansible underscore password equals. And I'll just snag that right here and paste. Another variable will absolutely need is the connection type because we're not connecting to Linux boxes. we're connecting to routers. So it'll be Ansible underscore connection equals, and we'll put in network underscore CLI. We're dealing with the CLI command line interface of a network device. The next variable will be Ansible underscore network underscore OS equals. We have to help Ansible understand what operating system we're connecting to, because it could be an Arista device. It could be iOS XR. So we have to let Ansible know, hey, this is what we're dealing with. This particular iOS will just be... iOS. And then one more variable because Cisco DevNet is using the SSH port of 8, 1, 8, 1, instead of the default 22, we need to make sure that Ansible knows about that. So we'll say Ansible underscore port equals 8, 1, 8, 1. Now that guys is pretty much it for the host file. We've got our routers listed and then we have the variables of how we can connect to these devices, how Ansible can interact with them. I'm going to hit escape colon. WQ to write and quit. And we're good. I'm gonna clear my screen. So we have something fresh here and let's see if this works. So we'll start with the Ansible command. We'll specify that we want to mess with our routers. That's the group we're gonna be interacting with. I'll specify dash M for module and I'll use the ping module just to make sure things are up and running. Bam. Okay. We got a pong back. So we know we can at least reach them via the ping module. Now let's run some ad hoc Cisco iOS commands. So I'm gonna clear this out once more. I'll start with a good old favorite show IP interface brief. One of my favorite commands as well as Jeremy Charles, the command will be Ansible. I'll specify the routers group, put dash M for module. And the module we're using is iOS underscore command. Now we'll do dash A and then we'll specify which command we're using. So then I'll do double quote commands equals single quote. And then between the single quotes, I'll be putting my command. So it'll be show IP interface brief. And you can abbreviate like you normally would on the command line. The single quote to close that out, double quote to close out the entire thing. And let's see if this works. If this does work, we'll get the show IP interface brief output from both routers right here with just one command. Yes. Would you look at that? How cool is that? How powerful is that? Let me scroll up and make sure I got both hosts. Yes, sir. We did. Oh, that's amazing. Powerful, right? Imagine if you had 100 devices. Just like that, you got all their information or their IP interface information. Now, entering commands ad hoc on Ansible is cool. It's fun, but it's not the most powerful way we can use Ansible. Let's try a playbook out. Now, what's a playbook? Well, if you wanna find out, check out my last video up there or check out the course I created on CBC Nuggets to find out more. Now, just to test, I have a playbook ready to go. Here it is. Here is my YAML file, which is my playbook. And I've got one play in here. This is my play named general config. You can see that my host, I'm applying it to my routers group. So both the routers that we put into the host file in the Ansible host inventory. And we're doing two things. The first task is we're adding a banner. And in this playbook, we're using the iOS banner module. Now, what's a module? Well, you can look back at my previous video where I talk about that. But they're basically small programs to help us apply configuration to our devices. We're using the iOS banner module to, what do you think we're doing? We're modifying the banner on this device. Specifically, we're modifying the login banner. And we're changing it to Nicolas Cage is the Tiger King. And we're making sure that the state of that banner is present. And then we have another task in this play named add loopback. And we're adding a loopback interface. We're using the iOS interface module. And we're going to make sure that loopback 21 is present. Now, I love Cisco DevNet because we're actually going to make these changes to the router. They allow us to do that. So let's do it. So to set this up, I'm first going to grab the contents of this file. All that beautiful YAML, copy it, get back to our terminal here, our server, and I'll create a new file. I'll do vi, we'll call this devnet.yml, our YAML file. I'll hit I to start editing this and I will paste this code in there. I'll hit escape colon WQ to write and quit. It's ready to go. Let's test it out. So, to run a playbook in Ansible, the command will be ansible-playbook and then we just specify the file, devnet.yml. Let's do this, let's go. It worked! Check it out. Okay, if we go back to the play-by-play here. Task add banner. Bam. Changed. Bam. Changed on both devices. Task. Add loopback. Bam. Changed. Bam. Changed. Play recap. Both are okay. We changed two things. Two tasks were changed. Awesome. What happens if you run it again? Let's run the play once more. Okay. What happened? Nothing. Nothing happened. And that's supposed to happen because what Ansible did is it went to both of these devices and made sure that the banner was where it should be. The state was present. It was present. No need to make that change. I dim to I dim potency. I can never say that stinking word. It will forever trip me up. Same thing for loopback. No change needed. That sure beats copying and pasting config into a router. Cause when you copy and paste, it's going to try and apply that config every time it won't check and see if it's there or not, which could for some commands and some configurations really screw things up. This is a lot cleaner, a lot better. Now I feel like we need to log into one of these devices and make sure our changes actually happen. So let's go check that out. I'll log into the first one here on port 81, eight, one developer. Ah, look, there it is right there. Already the login banner, Nicholas cage, tiger King right now, anyone who logs into this, whoever you are, we'll see this password. Let's do a show IP interface brief. There's loop back 21. Awesome. Now let's be good dev net citizens and remove the configuration that we added. Cuz we don't want this to confuse people or offend people or whatever. So we will Go and edit the file once more, vi devnet.yml, our playbook. And we'll change the state from present. Forgot to hit I to edit. We'll change state from present to absent on both of these tasks. Escape, colon, WQ. Now let's run that play once more. And we're done. And we can see that looking back at the play-by-play here, add banner. changed add loopback now we're not adding it we're removing it we didn't change the name of these tasks but it did indeed remove we got our information let's go verify on that router we'll do show ip interface brief again loopback 21 is gone we'll do show run begin banner yeah and all we see is the message of the day which is welcome to the csr 1000v no login banner banner present perfect we cleaned up our mess now i do want you guys to go out there and mess with this Put in your own fun banners, maybe leave a message for the next person who logs in and does this. Again, so cool what DevNet does. Network automation with Ansible is super fun, and it's something you can kind of do right now in your network without too much effort. If you're able to follow this lad that we just did, that's awesome. The modules I showed you and the things I showed you were very basic, but there are a ton of stuff. If you go to Ansible's website, you get a full list of all the modules they have available. There's a ton of examples out there. And you can really, truly start to automate your network. And you don't have to go through the trouble of learning programming. Now, you should learn Python. You definitely need to. You know how I feel about that. But the point is, you don't have to, to start learning network automation. Now, as you begin to take those steps and you want to go further into this, yeah, you should definitely learn the other tools and programming and everything else. So check out cbtnuggets.com. I've got links below for the courses I've created. So again, CCNP Encore training was just released. And it's awesome. So go check that out. Then we've got training for DevNet, CCNA, programming, everything. We got you squared away. Guys, that's about it. Real quick, if you don't mind, I would love to just see what banner message you left in the comments. If you did go through and do the lab, that'd be kind of fun. And let me know what you thought of this. If you liked the video, go ahead and like it. If you want to subscribe and hang out with me more, hit that subscribe button. That's all I got. I'm going to finish up my coffee and catch you guys later.

I love Ansible. It's by far one of my favorite IT automation tools. We can use it to manage and configure hundreds of devices, from Windows servers to Linux servers and even routers and switches.

Yeah, routers and switches. And that's what we're talking about today. Ansible Network Automation. What's going on guys? Welcome back to Network Chuck.

Ah, it's so good. In my last video, we talked about Ansible, an IT automation tool that requires no programming knowledge at all. Anyone can pretty much walk into this and start using it without too much trouble. And we talked about, Hey, what is it?

What is it for? How can we use it? We went through an example in a lab.

You can check that out up here, but we mainly focused on administering Linux servers. But what about networking? I mentioned Cisco routers and switches.

We can do this with... Ansible. In fact, it's one of the more popular tools for network engineers, just because you don't need to know Python. You don't need to know any of that. And that's what we're doing in this video.

I'm going to walk you through how to quickly set up Ansible to control routers and switches. And like most of my videos, you'll have an opportunity to get your hands dirty, your feet wet. We're going to actually do stuff on Cisco routers. You don't need a lab in your own home. There's stuff available for free.

Thanks to Cisco DevNet. Oh, and by the way, did you hear? The new CCMP course is released on CBT Nuggets. So if you're looking at getting your CCMP, your Cisco Certified Networking Professional Certification Enterprise, training for the Encore exam is now live. Check it out, link below.

It is by far the best training you can find for CCMP, hands down. Now, I'm not just saying this because I had a hand in it, because I am on there, but we had a whole bunch of other trainers, Jeremy Char, Keith Barker, Jeff Kish, Jacob Moran, Knox Hutchinson. It's an all-star cast. So what are you waiting for? Start working on that CCMP today.

You can get a seven day free trial if you're not already a subscriber and getting back to Ansible. I also talk a lot more about other network automation tools in that course. We cover puppet chef salt stack, which you're required to know about for the CCMP exam now. So go check that out. Okay.

Ansible Cisco routers switches. Let's go first. Let's set up Ansible right now. I'm going to sent OS box has nothing installed on it just yet. I'll walk you through it from the ground up first.

Let's do some updates. I'll do yum update dash Y to make sure my repositories are all updated who mine took a bit, but here we go next. We'll make sure we have the EP EL release installed because that's how we can get Ansible.

We'll do yum install, EP EL dash release dash Y. And here we go again. Now we wait. It's great though.

Get some more coffee. Hey, it's already done. And now we can finally install Ansible.

We'll do yum install, Ansible dash Y and now we're ready to rock. Well, not just yet. We need to change one thing in the Ansible configuration file.

So we'll get to that location right now, CD, et cetera, Ansible. CD means change directory. We're gonna go to this directory. Now let's list our contents real quick.

And there's our Ansible configuration file. Let's edit that sucker. So I'll do VI as my text editor. That's the editor I'm using Ansible.cfg. I will scroll down probably about, uh, halfway through the document.

Hard to tell though. You're looking for something called host key checking equals false. We want to disable this so we can play nicely with our Cisco devices without having to upload SSH keys, all that headache. This is just a lab. Don't worry about it.

So I'm going to hit I to edit, remove that hashtag or pound symbol, then I'll hit escape colon WQ to jump out. Now to manage our Cisco routers and switches, we need to add them to our inventory file or our host file. For more information about what that is and how that works, Look back at the previous video or the course below for CBT nuggets. Now this is the fun part.

We're going to take advantage of free access to DevNet's Cisco routers and switches. They make it freely available in their sandboxes. Let me show you how to connect to those right now.

The website is developer.cisco.com. If you don't already have an account with DevNet, go ahead and set up a free account. If you're getting into network automation, this is almost required.

Actually, I'm going to say it is required. Do it now. Now the links to the routers we'll be using are below. I'll load up the first one real quick.

It's an always on sandbox. Cisco iOS XE and here's the information we care about right about here host name the port and the login information and then I'll pull up the second router while we're at it link below for that this is another version of that same router we'll scroll down to our information we care about bam right here now why are we using two routers well you don't have to you can use one router but I want to demonstrate how we can manage configurations enter commands on multiple devices from one spot our control node in Ansible now quick note While these routers are available right now, and what you're seeing here is live as of the time of this recording, this could change. I don't manage this website.

There might be a different version of this router. They might be undergoing maintenance. So just keep that in mind.

So let's get back to our Ansible server here and I will jump into my host file, vi host. And we're gonna add some hosts right now. I'm gonna go down to the bottom here where I can edit some things.

Hit I to start editing and we'll add our routers. I'm going to group my routers in a group called routers using opening and closing brackets. And just underneath that, I will enter my host information. Let's go grab those router.

Number one is right here. I'll copy that address, paste that there. And then let's grab the second one.

Here is his host information and we'll put it just below. Now here will be the main difference between accessing Linux devices and network devices like Cisco routers and switches. The difference being the variables we use to connect.

So let's start defining our variables for this entire group opening bracket. I'll say routers is the group I want to mess with. I'll put a colon and put VARS. And anything below this will be our variables for that group. Let's do login credentials first Ansible underscore user.

And I'll say equals. What was that username again? It was developer developer. And then just underneath that Ansible underscore password equals. And I'll just snag that right here and paste.

Another variable will absolutely need is the connection type because we're not connecting to Linux boxes. we're connecting to routers. So it'll be Ansible underscore connection equals, and we'll put in network underscore CLI. We're dealing with the CLI command line interface of a network device.

The next variable will be Ansible underscore network underscore OS equals. We have to help Ansible understand what operating system we're connecting to, because it could be an Arista device. It could be iOS XR. So we have to let Ansible know, hey, this is what we're dealing with. This particular iOS will just be...

iOS. And then one more variable because Cisco DevNet is using the SSH port of 8, 1, 8, 1, instead of the default 22, we need to make sure that Ansible knows about that. So we'll say Ansible underscore port equals 8, 1, 8, 1. Now that guys is pretty much it for the host file.

We've got our routers listed and then we have the variables of how we can connect to these devices, how Ansible can interact with them. I'm going to hit escape colon. WQ to write and quit.

And we're good. I'm gonna clear my screen. So we have something fresh here and let's see if this works.

So we'll start with the Ansible command. We'll specify that we want to mess with our routers. That's the group we're gonna be interacting with.

I'll specify dash M for module and I'll use the ping module just to make sure things are up and running. Bam. Okay.

We got a pong back. So we know we can at least reach them via the ping module. Now let's run some ad hoc Cisco iOS commands. So I'm gonna clear this out once more. I'll start with a good old favorite show IP interface brief.

One of my favorite commands as well as Jeremy Charles, the command will be Ansible. I'll specify the routers group, put dash M for module. And the module we're using is iOS underscore command.

Now we'll do dash A and then we'll specify which command we're using. So then I'll do double quote commands equals single quote. And then between the single quotes, I'll be putting my command.

So it'll be show IP interface brief. And you can abbreviate like you normally would on the command line. The single quote to close that out, double quote to close out the entire thing.

And let's see if this works. If this does work, we'll get the show IP interface brief output from both routers right here with just one command. Yes. Would you look at that?

How cool is that? How powerful is that? Let me scroll up and make sure I got both hosts.

Yes, sir. We did. Oh, that's amazing. Powerful, right?

Imagine if you had 100 devices. Just like that, you got all their information or their IP interface information. Now, entering commands ad hoc on Ansible is cool.

It's fun, but it's not the most powerful way we can use Ansible. Let's try a playbook out. Now, what's a playbook?

Well, if you wanna find out, check out my last video up there or check out the course I created on CBC Nuggets to find out more. Now, just to test, I have a playbook ready to go. Here it is.

Here is my YAML file, which is my playbook. And I've got one play in here. This is my play named general config.

You can see that my host, I'm applying it to my routers group. So both the routers that we put into the host file in the Ansible host inventory. And we're doing two things.

The first task is we're adding a banner. And in this playbook, we're using the iOS banner module. Now, what's a module? Well, you can look back at my previous video where I talk about that.

But they're basically small programs to help us apply configuration to our devices. We're using the iOS banner module to, what do you think we're doing? We're modifying the banner on this device. Specifically, we're modifying the login banner.

And we're changing it to Nicolas Cage is the Tiger King. And we're making sure that the state of that banner is present. And then we have another task in this play named add loopback.

And we're adding a loopback interface. We're using the iOS interface module. And we're going to make sure that loopback 21 is present.

Now, I love Cisco DevNet because we're actually going to make these changes to the router. They allow us to do that. So let's do it.

So to set this up, I'm first going to grab the contents of this file. All that beautiful YAML, copy it, get back to our terminal here, our server, and I'll create a new file. I'll do vi, we'll call this devnet.yml, our YAML file.

I'll hit I to start editing this and I will paste this code in there. I'll hit escape colon WQ to write and quit. It's ready to go. Let's test it out.

So, to run a playbook in Ansible, the command will be ansible-playbook and then we just specify the file, devnet.yml. Let's do this, let's go. It worked!

Check it out. Okay, if we go back to the play-by-play here. Task add banner.

Bam. Changed. Bam. Changed on both devices. Task.

Add loopback. Bam. Changed. Bam. Changed.

Play recap. Both are okay. We changed two things. Two tasks were changed. Awesome.

What happens if you run it again? Let's run the play once more. Okay.

What happened? Nothing. Nothing happened.

And that's supposed to happen because what Ansible did is it went to both of these devices and made sure that the banner was where it should be. The state was present. It was present. No need to make that change.

I dim to I dim potency. I can never say that stinking word. It will forever trip me up.

Same thing for loopback. No change needed. That sure beats copying and pasting config into a router.

Cause when you copy and paste, it's going to try and apply that config every time it won't check and see if it's there or not, which could for some commands and some configurations really screw things up. This is a lot cleaner, a lot better. Now I feel like we need to log into one of these devices and make sure our changes actually happen.

So let's go check that out. I'll log into the first one here on port 81, eight, one developer. Ah, look, there it is right there.

Already the login banner, Nicholas cage, tiger King right now, anyone who logs into this, whoever you are, we'll see this password. Let's do a show IP interface brief. There's loop back 21. Awesome.

Now let's be good dev net citizens and remove the configuration that we added. Cuz we don't want this to confuse people or offend people or whatever. So we will Go and edit the file once more, vi devnet.yml, our playbook.

And we'll change the state from present. Forgot to hit I to edit. We'll change state from present to absent on both of these tasks.

Escape, colon, WQ. Now let's run that play once more. And we're done. And we can see that looking back at the play-by-play here, add banner. changed add loopback now we're not adding it we're removing it we didn't change the name of these tasks but it did indeed remove we got our information let's go verify on that router we'll do show ip interface brief again loopback 21 is gone we'll do show run begin banner yeah and all we see is the message of the day which is welcome to the csr 1000v no login banner banner present perfect we cleaned up our mess now i do want you guys to go out there and mess with this Put in your own fun banners, maybe leave a message for the next person who logs in and does this.

Again, so cool what DevNet does. Network automation with Ansible is super fun, and it's something you can kind of do right now in your network without too much effort. If you're able to follow this lad that we just did, that's awesome. The modules I showed you and the things I showed you were very basic, but there are a ton of stuff.

If you go to Ansible's website, you get a full list of all the modules they have available. There's a ton of examples out there. And you can really, truly start to automate your network.

And you don't have to go through the trouble of learning programming. Now, you should learn Python. You definitely need to. You know how I feel about that.

But the point is, you don't have to, to start learning network automation. Now, as you begin to take those steps and you want to go further into this, yeah, you should definitely learn the other tools and programming and everything else. So check out cbtnuggets.com.

I've got links below for the courses I've created. So again, CCNP Encore training was just released. And it's awesome.

So go check that out. Then we've got training for DevNet, CCNA, programming, everything. We got you squared away.

Guys, that's about it. Real quick, if you don't mind, I would love to just see what banner message you left in the comments. If you did go through and do the lab, that'd be kind of fun. And let me know what you thought of this.

If you liked the video, go ahead and like it. If you want to subscribe and hang out with me more, hit that subscribe button. That's all I got.

I'm going to finish up my coffee and catch you guys later.

Transcript for:Ansible for Network Automation Overview

Transcript for:
Ansible for Network Automation Overview