Ansible ではじめるネットワーク自動化2. l A 6 o
e a
l e a n o .
b ko il
2
2
7. Cisco IOS IOS-XR NX-OS Juniper Junos Arista
EOS 40
◦
7
•
•
• E DF
• 0
• E 9
•
• I
• FJ
• E
• AD C C
• AD F DC
• 0
• B A F
• AA0
• AA0
• AA0
• 0
• 0
• 0
• 60
•
• DE B C E
• DE 0
• AA BDF
• 0
• 0 6
• EDC5 E
• CDF
• E
•
• F A E
• I FDE
• 0
•
• 60
• 0 6
• 0E C C
• 0
• 1 0
• J E
• -6 0
• 0
• L0
https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html
10. Ansible 2.5
◦ network_cli: Cisco IOS Arista EOS VyOS
◦ netconf: Juniper Junos
◦ httpapi: Cisco NX-OS Arista EOS HTTP(S) API Ansible 2.6
Ansible 2.4
◦ local:
10
- hosts: ios
connection: network_cli
[ios:vars]
ansible_connection=network_cli
•• Playbook
14. *_facts
◦ gather_facts: yes Ansible
*_facts
◦ ios_facts
◦ junos_facts
◦ eos_facts
◦ vyos_facts
14
- hosts: ios
gather_facts: yes
connection: network_cli
tasks:
- ios_facts:
16. IOS EOS enable
16
ansible_become
yes/no: no
ansible_become_method
network_cli enable
ansible_become_pass
[ios:vars]
ansible_connection=network_cli
ansible_network_os=ios
ansible_become=yes
ansible_become_method=enable
ansible_become_pass=enablepass999
•
NW
18. 1-1:
show version Ansible
18
Hostname: vsrx1
Model: firefly-perimeter
JUNOS Software Release [12.1X47-D15.4]
( ) (
2 13
Hostname: vsrx1
Model: firefly-perimeter
JUNOS Software Release [12.1X47-D15.4]
20. 1-1: Playbook
20
- hosts: junos
gather_facts: no
tasks:
- name: show command test
junos_command:
commands:
- show version
register: result
- name: debug output
debug:
msg: "{{ result.stdout_lines[0] }}"
result
• Playbook show01.yml
junos
junos_command ( 1)
1 junos_command
https://docs.ansible.com/ansible/latest/modules/junos_command_module.htmlç
debug
21. 1-1:
21
[vagrant@centos7 demo]$ ansible-playbook -i inventory show01.yml
PLAY [junos] ******************************************************************
TASK [show command test] ******************************************************
ok: [172.16.0.1]
TASK [debug output] ***********************************************************
ok: [172.16.0.1] => {
"msg": [
"Hostname: vsrx1",
"Model: firefly-perimeter",
"JUNOS Software Release [12.1X47-D15.4]"
]
}
PLAY RECAP ********************************************************************
172.16.0.1 : ok=2 changed=0 unreachable=0 failed=0
•
ansible-playbook
show version
22. 1-1:
22
"msg": {
"changed": false,
"failed": false,
"stdout": [
"Hostname: vsrx1¥nModel: firefly-perimeter¥nJUNOS Software Release [12.1X47-D15.4]"
],
"stdout_lines": [
[
"Hostname: vsrx1",
"Model: firefly-perimeter",
"JUNOS Software Release [12.1X47-D15.4]"
]
]
}
- name: debug output
debug:
msg: "{{ result }}"
- name: debug output
debug:
msg: "{{ result.stdout_lines[0] }}"
result
1 1 stdout_lines 0
commands
[ ] COMMAND MODULE DEEP DIVE FOR NETWORKS
https://www.ansible.com/blog/command-module-deep-dive-for-networks
24. 1-2:
show configuration
24
( ) ) 21
21 3
## Last commit: 2018-06-28 05:45:49 UTC by root
version 12.1X47-D15.4;
system {
host-name vsrx1;
root-authentication {
encrypted-password "$1$nq.....
ssh-rsa "ssh-rsa AAAAB3Nz.....
}
login {
user vagrant {
uid 2000;
class super-user;
authentication {
ssh-rsa "ssh-rsa .....
}
}
}
services {
ssh {
root-login allow;
}
netconf {
ssh;
}
web-management {
http {
interface ge-0/0/0.0;
}
## Last commit: 2018-06-28 05:45:49 UTC by root
version 12.1X47-D15.4;
system {
host-name vsrx1;
root-authentication {
encrypted-password "$1$nq.....
ssh-rsa "ssh-rsa AAAAB3Nz.....
}
login {
user vagrant {
uid 2000;
class super-user;
authentication {
ssh-rsa "ssh-rsa .....
}
}
}
services {
ssh {
root-login allow;
}
netconf {
ssh;
}
web-management {
http {
interface ge-0/0/0.0;
}
25. 1-2: Playbook
25
- hosts: junos
gather_facts: no
tasks:
- name: show command test
junos_command:
commands:
- show configuration
register: result
- name: save config to file
copy:
content: "{{ result.stdout[0] }}"
dest: "show_config_{{ inventory_hostname }}.txt"
copy
• Playbook show02.yml
junos junos_command
IP
26. 1-2:
26
[vagrant@centos7 demo]$ ansible-playbook -i inventory show02.yml
PLAY [junos] **********************************************************
TASK [show command test] **********************************************
ok: [172.16.0.1]
TASK [save config to file] ********************************************
changed: [172.16.0.1]
PLAY RECAP ************************************************************
172.16.0.1 : ok=2 changed=1 unreachable=0 failed=0
•
ansible-playbook
27. 1-2:
27
[vagrant@centos7 demo]$ cat show_config_172.16.0.1.txt
## Last changed: 2018-06-28 05:45:50 UTC
version 12.1X47-D15.4;
system {
host-name vsrx1;
root-authentication {
encrypted-password "$1$nq.N1UsY$Jx...( )...";
ssh-rsa "ssh-rsa AAAAB3NzaC1yc2...( )....";
}
...( )....
ge-0/0/1 {
unit 0 {
family inet {
address 172.16.0.1/24;
}
}
}
...( )....
}
•
IP
show configuration
29. 1-3: show CSV
show interfaces
CSV
29
2 4 3 1 ) 2
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 134, SNMP ifIndex: 507
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, …
Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Current address: 08:00:27:ae:f4:51, Hardware address: 08:00:27:ae:f4:51
Last flapped : 2018-06-28 05:45:29 UTC (04:54:28 ago)
Input rate : 3432 bps (7 pps)
Output rate : 4256 bps (4 pps)
Active alarms : None
Active defects : None
Interface transmit statistics: Disabled
Logical interface ge-0/0/0.0 (Index 69) (SNMP ifIndex 509)
Flags: SNMP-Traps 0x4000 Encapsulation: ENET2
Input packets : 522
Output packets: 580
Security: Zone: Null
[TextFSM ]
^¥s+
[CSV ]
{{ }}
( C 5
30. 1-3: show CSV Playbook
30
- hosts: junos
gather_facts: no
tasks:
- name: show command test
junos_command:
commands:
- show interfaces
register: result
- name: output csv file
template:
src: "./template_interface_junos.txt"
dest: "./result_interface.csv"
vars:
parsed_result: "{{ result.stdout[0] | parse_cli_textfsm('juniper_junos_show_interfaces.template') }}"
• Playbook show03.yml
junos junos_command
TextFSM
parsed_result
template
CSV
parse_cli_textfsm
https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#network-cli-filters
https://tekunabe.hatenablog.jp/entry/2017/09/23/parse_cli_textfsm
31. 1-3: show CSV CSV
31
"INTERFACE","ADMIN_STATE","LINK_STATUS","HARDWARE_TYPE"
{% for r in parsed_result %}
"{{ r['INTERFACE'] }}","{{ r['ADMIN_STATE'] }}","{{ r['LINK_STATUS'] }}","{{ r['HARDWARE_TYPE'] }}"
{% endfor %}
• CSV template_interface_junos.txt
show interfaces
r[‘XXXX’]
for
CSV
2 2 2
32. 1-3: show CSV TextFSM
32
Value Required INTERFACE (¥S+)
Value LINK_STATUS (¥w+)
Value ADMIN_STATE (¥S+)
Value HARDWARE_TYPE (¥S+)
Value MTU (¥d+|Unlimited)
Start
^¥s+Logical¥s+interface¥s+${INTERFACE}
^Physical¥s+interface:¥s+${INTERFACE},¥s+${ADMIN_STATE},¥s+Physical¥s+link¥s+is¥s+${LINK_STATUS}
^.*ype:¥s+${HARDWARE_TYPE},.*MTU:¥s+${MTU}.* -> Record
^.*MTU:¥s+${MTU}.* -> Record
^.*flags -> Record
EOF
• TextFSM juniper_junos_show_interfaces.template
TextFSM
Junos show interfaces
https://raw.githubusercontent.com/networktocode/ntc-templates/master/templates/juniper_junos_show_interfaces.template
33. 1-3: show CSV
33
[vagrant@centos7 demo]$ ansible-playbook -i inventory show03.yml
PLAY [junos] **********************************************************
TASK [show command test] **********************************************
ok: [172.16.0.1]
TASK [output csv file] ************************************************
changed: [172.16.0.1]
PLAY RECAP
***********************************************************************
172.16.0.1 : ok=2 changed=1 unreachable=0 failed=0
• ansible-playbook
CSV
34. 1-3: show CSV CSV
34
• CSV result_interface.csv
"INTERFACE","ADMIN_STATE","LINK_STATUS","HARDWARE_TYPE","MTU"
"ge-0/0/0","Enabled","Up","Ethernet","1514"
"ge-0/0/0.0","","","","1500"
"gr-0/0/0","Enabled","Up","GRE","Unlimited"
"ip-0/0/0","Enabled","Up","IP-over-IP","Unlimited"
"lsq-0/0/0","Enabled","Up","LinkService","1504"
"lt-0/0/0","Enabled","Up","Logical-tunnel","Unlimited"
"mt-0/0/0","Enabled","Up","GRE","Unlimited"
"sp-0/0/0","Enabled","Up","Adaptive-Services","9192"
"sp-0/0/0.0","","","","9192"
"sp-0/0/0.16383","","","","9192"
"ge-0/0/1","Enabled","Up","Ethernet","1514"
"ge-0/0/1.0","","","","1500"
"ge-0/0/2","Enabled","Up","Ethernet","1514"
"ge-0/0/2.0","","","","1500"
"dsc","Enabled","Up","Software-Pseudo","Unlimited"
"gre","Enabled","Up","GRE","Unlimited"
"ipip","Enabled","Up","IP-over-IP","Unlimited"
"irb","Enabled","Up","Ethernet","1514"
"lo0","Enabled","Up","Loopback","Unlimited"
"lo0.16384","","","","Unlimited"
"lo0.16385","","","","Unlimited"
"lsi","Enabled","Up","LSI","1496"
"mtun","Enabled","Up","GRE","Unlimited"
"pimd","Enabled","Up","PIM-Decapsulator","Unlimited"
"pime","Enabled","Up","PIM-Encapsulator","Unlimited"
"pp0","Enabled","Up","PPPoE","1532"
"ppd0","Enabled","Up","PIM-Decapsulator","Unlimited"
"ppe0","Enabled","Up","PIM-Encapsulator","Unlimited"
"st0","Enabled","Up","Secure-Tunnel","9192"
"tap","Enabled","Up","Interface-Specific","Unlimited"
"vlan","Enabled","Down","VLAN","1518"
CSV
CSV
37. 2-1: Playbook
37
- hosts: junos
gather_facts: no
tasks:
- name: config test
junos_config:
lines:
- set system ntp server 10.0.0.123
• Playbook set01.yml
Junos
junos_config 1
1 junos_config
https://docs.ansible.com/ansible/latest/modules/junos_config_module.html
38. 2-1:
38
[vagrant@centos7 demo]$ ansible-playbook -i inventory set01.yml
PLAY [junos] *********************************************************
TASK [config test] ***************************************************
changed: [172.16.0.1]
PLAY RECAP
**********************************************************************
172.16.0.1 : ok=1 changed=1 unreachable=0 failed=0
• ansible-playbook
42. 2-2: Playbook
42
- hosts: junos
gather_facts: no
tasks:
- name: config test
junos_config:
src: template_ntp_junos.txt
vars:
ntp_servers:
- 10.0.1.123
- 10.0.2.123
- 10.0.3.123
- 10.0.4.123
- 10.0.5.123
• Playbook set02.yml
NTP IP
ntp_servers
Junos
junos_config
43. 2-2:
43
{% for n in ntp_servers %}
set system ntp server {{ n }}
{% endfor %}
• template_ntp_j.txt
for
Playbook
ntp_servers
2 2 2
•
set system ntp server 10.0.1.123
set system ntp server 10.0.2.123
set system ntp server 10.0.3.123
set system ntp server 10.0.4.123
set system ntp server 10.0.5.123
44. 2-2:
44
[vagrant@centos7 demo]$ ansible-playbook -i inventory set02.yml
PLAY [junos] *********************************************************
TASK [config test] ***************************************************
changed: [172.16.0.1]
PLAY RECAP
**********************************************************************
172.16.0.1 : ok=1 changed=1 unreachable=0 failed=0
• ansible-playbook
45. 2-2:
45
root@vsrx1> show configuration system ntp | display set
set system ntp server 10.0.0.123
set system ntp server 10.0.2.123
set system ntp server 10.0.3.123
set system ntp server 10.0.4.123
set system ntp server 10.0.5.123
root@vsrx1>
•
48. 2-3: Playbook
48
- hosts: junos
gather_facts: no
tasks:
- name: confirm
pause:
prompt: "continue? [y/N]"
register: input
- name: abort
fail:
when: input.user_input != "y"
- name: config test
junos_config:
lines:
- set system ntp server 10.0.0.123
• Playbook set03.yml
Junos
junos_config
pause
input
y
49. 2-3: 1:
49
[vagrant@centos7 demo]$ ansible-playbook -i inventory set03.yml
PLAY [junos] ******************************************************
TASK [confirm] ****************************************************
[confirm]
continue? [y/N]: y
ok: [172.16.0.1]
TASK [abort] ******************************************************
skipping: [172.16.0.1]
TASK [config test] ************************************************
changed: [172.16.0.1]
PLAY RECAP ********************************************************
172.16.0.1 : ok=2 changed=1 unreachable=0 failed=0
•
y
y
ansible-playbook
50. 2-3: 2:
50
[vagrant@centos7 demo]$ ansible-playbook -i inventory set03.yml
PLAY [junos]
********************************************************************
TASK [confirm]
********************************************************************
[confirm]
continue? [y/N]: N
ok: [172.16.0.1]
TASK [abort] ********************************************************
fatal: [172.16.0.1]: FAILED! => {"changed": false, "msg": "Failed as
requested from task"}
PLAY RECAP
*********************************************************************
172.16.0.1 : ok=1 changed=0 unreachable=0 failed=1
• ansible-playbook
N
y
52. changed
*_config
changed
52
- name: config
ios_config:
lines:
- ntp ser 10.0.0.123
RouterA# sh run | inc ntp
ntp server 10.0.0.123
•
• Playbook
server ser
172.16.0.2 : ok=1 changed=1 unreachable=0 failed=0
172.16.0.2 : ok=1 changed=1 unreachable=0 failed=0
Playbook
changed
•
•
. = / *- . / /= - /. = / = /? =/. - .
== ##. - / - # /# =/ =# /= # / * ./# : = . = / - . / /= - /. = / = /? =/. - .
53. SSH
53
fatal: [172.16.0.2]: FAILED! => {"msg": "paramiko: The authenticity of host
'172.16.0.2' can't be established.¥nThe ssh-rsa key fingerprint is xxxxxxx."}
ansible.cfg
1 [defaults]
host_key_checking = False
export ANSIBLE_HOST_KEY_CHECKING=False
2 [paramiko_connection]
host_key_auto_add = True
export ANSIBLE_PARAMIKO_HOST_KEY_AUTO_ADD=True
3 SSH - -
•
fatal: [172.16.0.1]: FAILED! => {"msg": "Unknown host key [xxxxxxx] for
[172.16.0.1]"}
netconf
network_cli
2 netconf
54. Ansible 2.4
54
c u
#
c u
# P
c u
c u -5 2 55
5
2 / . -5 . -5 :4
/ - : -5 2 2 5 -5
2 55han b
se [ se
. / ogpur A
-5 # ]ki tudogpur mid
https://www.slideshare.net/akira6592/ansible25nw-92031433
57. ◦
◦ https://docs.ansible.com/
◦ Ansible for Network Automation
◦ https://docs.ansible.com/ansible/latest/network/index.html
◦ Platform Options OES IOS Junos
◦ https://docs.ansible.com/ansible/latest/network/user_guide/platform_index.html
◦
◦ https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html
◦ Ansible
◦ https://www.slideshare.net/akira6592/networkengineermeetsansible-85889620
◦ Ansible
◦ https://www.slideshare.net/akira6592/ansibleadhocnetworkautomation
◦ Ansible 2.5
◦ https://www.slideshare.net/akira6592/ansible25nw-92031433
57