This document provides an overview and introduction to Ansible and how it can be used for server and network device automation. It describes Ansible's key features such as being agentless, using YAML playbooks to define automation tasks, and supporting both Linux/Unix and network devices. The document demonstrates examples of using Ansible to automate tasks on Linux servers and Cisco network devices. It also provides resources for learning more about Ansible including recommended books, websites, and links to documentation and tutorials.
2. www.anm.com
Who we are
Klaus Mueller
Senior Solutions Architect, ANM
• Route/Switch CCIE #5450
• 30+ years experience in IT
• 20 years experience working with
State/Local, Healthcare, Education,
and Commercial in New Mexico
• Specialize in campus and data
center networks
Ian Logan
Senior Solutions Architect, ANM
• 20 years at NMSU
– Data center architecture
– Private networks for energy
management systems
– Unix & Linux systems administration
• Specialize in data center
virtualization and automation
3. www.anm.comwww.anm.com
ANM is headquartered in
Albuquerque, NM and
operates in Colorado,
Texas and New Mexico. In
addition to Albuquerque,
ANM has offices in
Denver (CO),
Colorado Springs (CO)
and El Paso (TX).
4. www.anm.com
Evolution of Network Configuration
First Cisco Router
1986
Latest Cisco Router
2018
CLI via console
and Telnet
CLI via console
and SSH
8. www.anm.com
To be fair…
Data Center Network Fabrics
Cisco ACI VMware NSX
Software Defined Networks
Network Function Virtualization (NFV)
Network Programmability
APIs and Standards
NetDevOps
“Infrastructure as Code”
9. www.anm.com
More on “Software Defined”
Software Defined Networks
Many approaches:
• Controller-based, centralized data plane (e.g.
OpenFlow)
• Central policy engine (e.g. Cisco ACI)
Focus has been on data center – ACI, Vmware NSX
Evolving to WAN (SD-WAN – e.g. Viptela, Riverbed),
and Access (SD-Access – e.g. Cisco Digital Network
Architecture, aka DNA)
Very promising, still early in adoption in most orgs.
10. www.anm.com
“The Holy Grail”
Be like Facebook
Automatically
deploy a fully
populated rack
of servers and
network gear
with minimal
intervention.
Or somewhere in between…
• Standardized configs
• Automated deployment
• Push changes quickly
• Automate repetitive tasks
12. www.anm.com
• Python
– Scripting
• Linux (or Mac OS X)
– Using open-source tools
• Templating
– Jinja
• Programmability
– REST APIs
– YAML, JSON, XML
– NETCONF
• Data Models
– YANG
Network Engineers need new skills
13. www.anm.com
“DevOps Tools”
can help bridge the gap
• Automation
– Configuration
deployment and
management
• Open Source
• Community Driven
• Many learning
resources
• Chef and Puppet
– Agent-based
• Ansible and Salt
– Agent-less
14. www.anm.com
• Agent-less
• Works well for both
network and servers
• Idempotent
configuration
management
• Modular framework
• Supported by Red Hat
• Works with templates
and variables
• Communicates over
SSH
• Simple templating
language (Playbooks =
YAML)
Ansible – “The Easier Button”
16. www.anm.com
Ansible – Deep dive
How would you describe Ansible in one
sentence?
• A tool for expressing the desired state of a
system at a high level.
18. www.anm.com
Ansible – Deep dive
• Requirements for installing Ansible
– Python 2.6/2.7 or 3.5 and newer
– A Unix like system to act as the control machine
19. www.anm.com
Ansible – Deep dive
Playbook
Ansible
Engine
Managed
Node
SSH
• Inventory Host File
• API
• Modules
• Password Vault
• Unix/Linux/Windows
• Cisco IOS/NXOS/ACI
• vSphere
• And many more…
• A YAML doc
• Living MOP
20. www.anm.com
Ansible – Deep dive
• Choices on installing Ansible
– Vendor packages or Python pip
– Packages might be a little stale but ease of
maintenance is probably worth it.
24. www.anm.com
Ansible – Deep dive
Ansible’s inventory system:
• A simple text file.
• Dynamic inventory from AWS, OpenStack, etc.
• You can use both simultaneously.
25. www.anm.com
Ansible – Deep dive
Ansible host file:
• INI style formatting
• Group names are in []
• Hosts can belong to
multiple groups
• Groups can be nested
26. www.anm.com
Ansible – Deep dive
Linux demo environment:
– Precreated a user named “ansible” on each
machine
– SSH authorized_keys configuration
– Added sudo configuration for the ansible user
– These steps are all optional, but they make the
demo easier.
28. www.anm.com
Ansible – Deep dive
Ansible facts & variables:
• Facts are variables that describe the system
being managed
• Facts can be automatically gathered
• You reference a variable with “{{ variable }}”
29. www.anm.com
Ansible – Deep dive
Ansible facts & variables:
• You can get all of the facts for a device with a
one liner
– ansible ios-devices -c network_cli -m ios_facts
– ansible linux -m setup
30. www.anm.com
Ansible – Deep dive
• Gathering facts
takes a while
• On a Linux host it
there are over 100
facts
• Output from many one liners will be in JSON
31. www.anm.com
Ansible – Deep dive
Ansible playbooks:
• Playbooks are our tool for automating
complex tasks.
• Playbooks also allow us to express
orchestration across multiple managed nodes.
• They’re written as YAML documents.
32. www.anm.com
Ansible – Deep dive
YAML:
• Indentation matters!!
– Indent to group related items
• # begins a comment
• - - - begins a YAML document
• - to denote list elements
33. www.anm.com
Ansible – Deep dive
A sample playbook:
• Hosts: the target nodes
• Become* do we need
elevated privileges?
• Tasks: list of things to do
– We call these plays
• Yum is an ansible module
– Name: httpd – a RPM name
– State: present or absent
35. www.anm.com
Ansible – Deep dive
Playbooks can be executable scripts:
• Add a “#!/usr/bin/ansible-playbook” as the
first line
• Make the file executable
43. www.anm.com
Ansible – Deep dive
Make sure you write the entire command!
– Ios_config module makes comparisons between
the playbook and the running config.
– If its not an exact match, the command is
executed at every run.
44. www.anm.com
Ansible – Deep dive
We’re not using SSH keys to login to the router,
where’s the password?
• We can store the password in a variable.
• Variables can be stored in encrypted files
called vaults.
45. www.anm.com
Ansible – Deep dive
How do we organize per host or group
variables?
• We can put them in the playbook itself.
• We can create host/group variables in the
host_vars/group_vars directory.
– One file for each host/group.
46. www.anm.com
Ansible – Deep dive
Host variables for an IOS device
• Ansible_connection: network_cli removes the
need for python on the node
• Ansible_network_os: ios, vyos, junos, etc.
• Ansible_ssh_pass: the login password
48. www.anm.com
DevOps: “The 3 Ways”
via Gene Kim, et al
see “The Phoenix Project”
and “The DevOps Handbook”
49. www.anm.com
E.g. Use Cases
• Regular, repetitive tasks
• Large-scale infrequent tasks
– pushing config changes to large
number of devices
• In-frequent tasks that require
consistency
– e.g. device deployment
• Building Flow: Theory of
Constraints
– manual tasks that take a long
time that can be automated
• Pushing configs to multiple
device
• Templatizing config changes
• Automating config changes
• Automating deployments
• Reporting and compliance
53. www.anm.com
Links
• Ansible.com
– Documentation and Quick Start videos:
docs.ansible.com
• Developer.cisco.com
– ”Introduction to Ansible”
https://learninglabs.cisco.com/lab/ansible-02_ansible-intro/step/1
– “NetDevOps” videos – Ansible for Cisco configuration management
https://developer.cisco.com/video/net-prog-basics/05-netdevops
– “Getting Hands on with Ansible” Learning Lab
https://learninglabs.cisco.com/lab/ansible-03_ansible-hands-on/step/1
54. www.anm.com
Contact Us
• See us at ANM table in the Vendor Fair
– Demo capability
• Email us:
– Klaus.Mueller@anm.com
– Ian.Logan@anm.com
• https://www.slideshare.net/klausternm
• www.anm.com