LTRSPG 1192

Introduction to CLI
Automation with Ansible
Tim Nothnagel, Customer Delivery Architect, Cisco

Milivoje Mirovic, Technical Solutions Architect, Cisco
LTRSPG-1192
Cisco Webex App
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install the Webex App or go directly to the Webex space Enter your personal notes here
4 Enter messages/questions in the Webex space
Webex spaces will be moderated

until February 24, 2023.
LTRSPG-1192 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
• Introduction to Ansible
• Using Ansible
• Command Line, Playbooks & Templates
Agenda • Lab Introduction

• Lab Scenario
• Lab Execution
• Conclusion
Session Objective
• Understanding of the basic principles of Ansible
• Being able to write a playbook including various Ansible concepts
• Getting hands-on experience in using Ansible with IOS-XE, IOS-XR
and NX-OS
Timetable
• 2:00 pm - 2:30 pm Ansible & Lab Intro
• 2:30 pm - 5:45 pm Lab time
• 5:45 pm - 6:00 pm Wrap up
Introduction to
Ansible
Ansible Characteristics
Open Source Con! guration

Management
Agentless
Orchestration
Simple
Deployment
Wide Adoption
Documentation:
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
Ansible Packaging
• Ansible consists basically of 2 packages
• ansible-core
• ansible
• ‘ansible-core’
• runtime
• fundamental modules & plugins
• ‘ansible’
• Community developed modules
Documentation:
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
Installing Ansible
• On Fedora: Upgrade from v2.9 and earlier not possible!
$ sudo dnf install ansible pip3 uninstall ansible
pip3 install ansible
• On RHEL and CentOS:
$ sudo yum install ansible
• Ubuntu
$ sudo apt update
$ sudo apt install software-properties-common
$ sudo apt-add-repository --yes --update ppa:ansible/ansible
$ sudo apt install ansible
• MacOS:
$ pip3 install ansible
• Windows is not supported as controller
Getting started with Ansible
Ansible Controller Network Devices
SSH / Netconf / REST
Servers
ansible.cfg Inventory Playbooks Modules
Using Ansible
Common Ansible Terms
?
Let‘s first cover the
basic terms and concepts.
Ansible Configuration – ansible.cfg
• The place for adjusting default settings based on your requirements
• Multiple alternative places for parameters and settings exist
• Typically, default settings are sufficient for most users
• Precedence order of Ansible configuration files (in this order):

1. ANSIBLE_CONFIG (an environment variable)
2. ansible.cfg (in the current directory) This lab uses ansible.cfg in
scenario/project directory
3. .ansible.cfg (in the home directory)
4. /etc/ansible/ansible.cfg (global ansible configuration)
Further reading:
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
Inventory – hosts file

$ cat ansible/hosts
• INI format file usually called ‘hosts’ [core]

CORE_XR ansible_host=198.18.1.5
• Defines the hosts which Ansible manages [branch1]

BRANCH_1_CSR ansible_host=198.18.1.12
BRANCH_1_SWITCH ansible_host=198.18.1.11
• Hosts can be grouped together with [] [branch2]
BRANCH_2_CSR ansible_host=198.18.1.22
• Additional optional parameters can be defined BRANCH_2_SWITCH ansible_host=198.18.1.21
[csr]
• Where does Ansible look for the inventory file: BRANCH_1_CSR
BRANCH_2_CSR
ansible_host=198.18.1.12
ansible_host=198.18.1.22
• Option 1 (Default): /etc/ansible/hosts [switch]
BRANCH_1_SWITCH ansible_host=198.18.1.11
• Option 2: “inventory” parameter in local ansible.cfg BRANCH_2_SWITCH ansible_host=198.18.1.21
• Option 3: -i <path> option on the command line
Further reading:
https://docs.ansible.com/ansible/latest/user_guide/modules.html
https://docs.ansible.com/ansible/latest/modules/modules_by_category.html
Modules
• Prepared “scripts“ performing actions on a host
• E.g. Commands, APIs
• Majority of modules ship with Ansible
• Starting from 2.10 modules are grouped in collections
• You can write your own modules
Network modules per Ansible
version
2000
1500
1000
500
0
2.5 2.6 2.7 2.8 2.9
Further reading:
https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html
https://docs.ansible.com/ansible/latest/modules/ping_module.html
Ad-hoc Commands
• Allows you to execute tasks quickly without saving steps
• Useful to understand the basics of how Ansible works
• ansible -m <module> [-a <arguments>] <hosts_section>

• Default module is „command“ („-m command“ can be omitted)
• „-m ping“ is the `Hello World´ of Ansible
$ ansible -a "date" control
localhost | SUCCESS | rc=0 >>
Wed May 15 05:58:55 CET 2019
$ ansible -m ping core
172.16.20.30 | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}
Further reading:
https://docs.ansible.com/ansible/latest/user_guide/playbooks.html
Playbooks
$ cat sample.yaml
---
• Ansible‘s method of procedures (MoP) - hosts: control
gather_facts: no
connection: local
• Playbooks store task sequences for later reuse tasks:
- name: PING ANSIBLE CONTROL
• Can have one or more plays and tasks ping:
- name: DATE COMMAND ON CONTROL

• Playbooks are written in YAML command: date
$ ansible-playbook sample.yaml
PLAY [control]
**********************************************************************************************************************
TASK [PING ANSIBLE CONTROL]

**********************************************************************************************************************
ok: [localhost]
…
Further reading:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_templating.html
Jinja2 Templates
• Jinja2 templates further enhance modelling $ cat ios_interface.yaml
capabilities, e.g. including native configlets

- hosts: branch1[0]
gather_facts: no
connection: local
• Jinja2 templates have access to Ansible variables vars:

and implement many filters and tests for interfaces:
- name: GigabitEthernet4
validation intf_address: 10.1.10.2
intf_netmask: 255.255.255.252
- name: GigabitEthernet5
• Templating is executed on Ansible controller intf_address: 10.1.10.6
intf_netmask: 255.255.255.252
$ cat ios_interface.j2
{% for interface in interfaces %} tasks:
{% if interface.name.startswith('Gigabit') %} - name: BUILD DATA INTERFACE CONFIG
interface {{ interface.name }} template:
ip address {{ interface.intf_address }} {{ interface.intf_netmask }} src: templates/ios_interface.j2
no shutdown dest: configs/ios_interface.cfg
exit
! - name: CONFIGURE DATA INTERFACES
{% endif %} ios_config:
{% endfor %} src: configs/ios_interface.cfg
Typical Folder Structure
Project specific inventory

Project specific configuration
YAML playbooks
Folder for configurations

created by templates
Folder for jinja2 templates
Lab Introduction
dCloud Lab Setup
• Control node: Ansible VM based on Ubuntu
• Managed nodes: 1 XRv core router, 2 CSR1kv branch routers, 2 NX-OSv switches, 2 sever
VMs
• Student VM: Windows with Atom text editor, Putty SSH client
Lab Scenario
Exercise Ansible Concepts & Objectives
1 ➢ Basics: ansible.cfg, inventory

➢ Ad-Hoc Operations, modules
2 ➢ Playbooks, parents, wait_for, tags, variables
➢ Prepare core config for CORE_XR: Loopback0 Interface, global OSPF activation
3 ➢ loop, when, Jinja2 templates, register, debug
➢ Activate OSPF on BRANCH_1_CSR, configure interfaces on CORE_XR and
BRANCH_1_CSR
➢ (Optional) Using Netconf/YANG with Ansible
4 ➢ nxos_nxapi, device-specific modules
➢ OSPF & Interface configuration on BRANCH_1_SWITCH
5 ➢ Playbook optimization, import_playbook
➢ Re-use playbooks to deploy configuration for BRANCH_2 service
Lab Access
• Use the Cisco AnyConnect Client and your provided VPN username and
password to connect to your lab instance
• Connect to the Windows machine using RDP client to address

198.18.133.252
Windows VM
Atom editor 1
Editor is syncing the folders with Ansible VM

Make sure that you download the files first.
Atom editor 2
Lab Guide http://cs.co/ltrspg1192
Things to keep in mind
• No best practices
• Lab guide provides less and less help
• Be careful when copy and paste:
indentation is important
• Lab guide: cs.co/ltrspg1192

• Lab guide pdf: cs.co/ltrspg1192pdf
• Playbooks: cs.co/ltrspg1192code
Lab Time
Ansible
vs.|&
Cisco
NSO
10,000-feet Comparison
Ansible • Run to completion or error

• No rollback
• Increasing amount of protocols
• Explicit “tasks” to wrap CLI or operation
Cisco NSO • Transactions – all or nothing

• Rollback built-in
• Variety of southbound protocols
(Netconf, REST, SNMP, ...)
• Model based abstraction via YANG
Further reading:
Reference Architectures https://www.ansible.com/networks-with-cisco-nso-ansible
Spanning Applications and Networks

Application Centric Connectivity Centric
Ansible Playbooks
NSO
NSO Ansible Playbooks
App App App App
Exercise 1 - Location matters!
• Ansible will look for ansible.cfg in the following order

• Environment variable ANSIBLE_CONFIG
• Current directory
• Home directory
• Directory /etc/ansible
Exercise 2 – To quote or not to quote
• Ansible will treat {{ }} as dictionary when specified after module

• ”{{ }}” is required to indicate as variable
Exercise 3 – Prefer more specific modules
• Always look for more specific modules

• Use swiss army knife modules as last gate of resort
• Improves Idempotency
Complete your Session Survey
• Please complete your session survey
after each session. Your feedback
is important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (open from Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events Mobile App or
by logging in to the Session Catalog and clicking the
"Attendee Dashboard” at
https://www.ciscolive.com/emea/learn/sessions/session-catalog.html
Continue
Agenda Your Education
Visit the Cisco Showcase for related demos.
Book your one-on-one Meet the Engineer meeting.
Attend any of the related sessions at the DevNet,

Capture the Flag, and Walk-in Labs zones.
Visit the On-Demand Library for more sessions

at ciscolive.com/on-demand.
Thank you

LTRSPG 1192

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LTRSPG 1192

Uploaded by

Copyright:

Available Formats

Introduction to CLI

Automation with Ansible

Tim Nothnagel, Customer Delivery Architect, Cisco

4 Enter messages/questions in the Webex space

Webex spaces will be moderated

Agenda • Lab Introduction

Open Source Con! guration

• Windows is not supported as controller

Ansible Controller Network Devices

SSH / Netconf / REST

ansible.cfg Inventory Playbooks Modules

• Precedence order of Ansible configuration files (in this order):

Inventory – hosts file

• INI format file usually called ‘hosts’ [core]

• Defines the hosts which Ansible manages [branch1]

• Option 3: -i <path> option on the command line

• ansible -m <module> [-a <arguments>] <hosts_section>

- name: DATE COMMAND ON CONTROL

TASK [PING ANSIBLE CONTROL]

capabilities, e.g. including native configlets

• Jinja2 templates have access to Ansible variables vars:

Project specific inventory

Folder for configurations

1 ➢ Basics: ansible.cfg, inventory

• Connect to the Windows machine using RDP client to address

Editor is syncing the folders with Ansible VM

• Lab guide: cs.co/ltrspg1192

Ansible • Run to completion or error

Cisco NSO • Transactions – all or nothing

Reference Architectures https://www.ansible.com/networks-with-cisco-nso-ansible

Spanning Applications and Networks

NSO Ansible Playbooks

App App App App

• Ansible will look for ansible.cfg in the following order

• Ansible will treat {{ }} as dictionary when specified after module

• Always look for more specific modules

Visit the Cisco Showcase for related demos.

Book your one-on-one Meet the Engineer meeting.

Attend any of the related sessions at the DevNet,

Visit the On-Demand Library for more sessions

You might also like