In this Cisco Ansible tutorial for beginners I will take you from the very beginning, installing Ansible on Ubuntu, to setting up the folders and running through a simple playbook which will backup the configuration of a Cisco router. I will say that I am not a Linux expert so if you notice any Linux errors or better ways of doing things please comment and I will update this article.
What is Ansible?
Ansible is a free-software platform for configuring and managing computers or network devices which combines multi-node software deployment, ad hoc task execution, and configuration management. (description taken from wikipedia)
It can also be used for network management. The beauty of Ansible is that it is does not require an agent on the host system it uses SSH for transport. As long as Ansible can make an SSH connection to the target device you are good to go. Ansible used to be primarily used for server administration but in the last few years more and more network modules have been added to the software and Ansible is a skill that all Network Engineers should be getting up to speed on.
There are two versions, free and paid. The paid version is called Ansbile Tower and will not be described here.
This Ansible tutorial will cover the free version installed on an Ubuntu desktop.
Ansible Tutorial Step 1 – How to Install Ansible on Ubuntu
You can install Ansible on many versions of Linux but for this tutorial I will using Ubuntu 16.04 LTS running within VMWorkstation Pro
For my lab I am running this on on my laptop. I will run 2 VMs, the first is Ubuntu Desktop to run Ansible and the other will be a Cisco CSR1000V router.
From this point on I am assuming that you have a clean version of Ubuntu installed.
There will be a few enhancements I make to Ubuntu to make running Ansible easier which will be detailed along the way.
Installing Ansible
Before we start lets just establish that Ansible is not already installed on this system.
You can do this with the ansible –version command
roger@ubuntu:~$ ansible --version The program 'ansible' is currently not installed. You can install it by typing: sudo apt install ansible
The best way to get Ansible for Ubuntu is to add the project’s PPA (personal package archive) to your system.
Open a terminal and run the command:
sudo apt-get update
Then run the command
sudo apt-get install software-properties-common
Now the package is installed you can install Ansible by entering the following command.
sudo apt-add-repository ppa:ansible/ansible
You will need to press ENTER to accept the PPA addition.
Next run the command
sudo apt-get update
Finally to install Ansible run the command
sudo apt-get install ansible
Ansible is now installed and can be verified with the command
ansible --version
At the time of writing the current Ansible version is 2.2.1.0
roger@ubuntu:~$ ansible --version ansible 2.2.1.0 config file = /etc/ansible/ansible.cfg configured module search path = Default w/o overrides roger@ubuntu:~$
Ok so now we have Ansible installed lets start using it.
Enable Colorful Terminal in Debian and Ubuntu
One of the extras I have enable in my Ubuntu install is the colorful terminal as shown below
To get the coloured prompt you need to edit the file .bashrc
This process is described here
Start using Ansible
The first thing to do is to drop into the Ansible folder and explore the default folder structure.
From your home prompt run the command
cd /etc/ansible
then issue a dir and let’s see whats in there
In the default Ansible installation there are two files and a directory
ansible.cfg contains all the default values and the main ones are listed below
# some basic default values... #inventory = /etc/ansible/hosts #library = /usr/share/my_modules/ #remote_tmp = ~/.ansible/tmp #local_tmp = ~/.ansible/tmp #forks = 5 #poll_interval = 15 #sudo_user = root #ask_sudo_pass = True #ask_pass = True #transport = smart #remote_port = 22 #module_lang = C #module_set_locale = False
For this tutorial we are not going to touch the Ansible.cfg file but you just need to be aware of it’s location.
For this tutorial we just need to be aware that the default inventory file location is /etc/ansible/hosts
This file defines all the hosts you will be connecting to – so let’s look at that file.
From within the Ansible directory lets edit the hosts file
vi hosts
You can see all hosts in the default file are commented out
For our backup Cisco Router playbook we just need to add one router in there so I am going to add a group called CSR-Routers and add one router.
My hosts files now looks like this
# Ex 2: A collection of hosts belonging to the CSR-Routers' group [CSR-Routers] CSR-01 ansible_host=192.168.244.129
You can enter names of devices in here if your Ubuntu host can resolve them in DNS but for this basic tutorial I am just using the ansible_host command
I can now reference this host in one of two ways. Either by calling CSR-Routers or CSR-01. If I call CSR-Routers my playbook will action on every device within the CSR-Routers group if I call CSR-01 in my playbook then it will only action on that single device.
What is an Ansible Playbook?
Before we go any further I just need to define one term that you will be using every day whilst working with Ansible and that is a playbook. In simple terms a playbook is a file formatted in YAML
YAML stands for YAML Ain’t Markup Language but is also referred to as Yet Another Markup Language. Basically YAML is a very readable code that defines all the actions and tasks that your playbook will perform. Let’s look at the finished playbook below to backup a cisco router and go through each line step by step in a very quick Ansible playbook tutorial.
Ansible Playbook to Backup Cisco Router
My playbook is called backup_cisco_router.yaml
---
- hosts: CSR-01
gather_facts: true
connection: local
tasks:
- name: show run
ios_command:
commands:
- show run
host: "{{ ansible_host }}"
username: roger
password: KanKu009
register: config
- name: save output to /etc/ansible/backups
copy:
content: "{{ config.stdout[0] }}"
dest: "/etc/ansible/backups/show_run_{{ inventory_hostname }}.txt"
I have this saved in a folder called playbooks /etc/ansible/playbooks
I have also created a folder called backups in /etc/ansible/backups
Let’s step through each line
— the first line of any YAML file has to start with three dashes – this denotes it as a YAML file
– hosts: CSR-01 the next line starts with a single dash and defines the hosts that this playbook should run agains, in this case our single CSR router
gather_facts: true this line needs to be here to define we are collecting information
connection: local this defines the connection will be made from this box
tasks: we now start to define the actual task that will run
– name: show run – this is the name of our first task
ios_command: this is an ansible module and is some code within the Ansible core that can be used to run commands in ios – more info here
commands: what follows here is the command that will be run
– show run in our case show run
host: “{{ ansible_host }}” this defines the connection variables for the ansible host – username / password etc
username: local username defined on the router
password: local password defined on the router
register: config Once Ansible has connected to the router and run the show run command it registers that information to a variable called config (you can call this what you want)
-name save output to /etc/ansible/backups – this is the name of the next task and is just a description
copy: this is calling another Ansible Module called copy
content: “{{ config.stdout[0] }}” this registers the config to a format called stdout
dest: “/etc/ansibe/backups/show_run_{{ inventory_hostname }}.txt” – this defines the destination and filename format which will be show_run_hostname.txt
Running the Ansible Playbook
So we now have an Ansible playbook written, we have defined a host and we now need to run the playbook.
I have a CSR1000v router running so lets see what happens
To run an Ansible Playbook you run the command
ansible-playbook <playbook name>
so in our case
ansible-playbook backup_cisco_router.yaml
You can see the descriptions of each task and if the play was successful.
In this case the playbook failed as it failed to connect to the router 192.168.244.129:22
The problem in this case is the password was wrong on the router – I am going to change the password and run the play again
This time you can see the playbook ran successfully and the task status has moved to changed=1
This means the backup file has changed.
If we now go to /etc/ansible/backups we can see our backup file
Conclusion
So we have successfully created an Ansible Playbook that will backup a single Cisco router, you can hopefully see that this could easily be scaled out to perform this task on 100’s or 1000’s of devices and also to run other commands like sh ip int brief, sh log, sh ip ospf neighbor etc.
Ansible is a very powerful tool and is going to change the way network engineers work in the future.
I hope you enjoyed this simple tutorial and there will be more to come.
Read about Rogers' CCIE Journey here "My CCIE Journey."
You can read more about who Roger is here About Roger.
Feel free to Send Roger a message here
Follow Roger on Twitter -- Google Plus and on Linkedin
Hi! My name is Roger and I’m the guy behind rogerperkin.co.uk. I passed my CCIE in Routing & Switching in August 2015 and this blog was setup to aid my study. It is now the home to my ramblings on all things networking.
Leave a Reply