In this Ansible IOS_Command Example post I will share a simple Ansible Playbook that will write an ACL to a Cisco Switch.
This playbook will work equally well on any Cisco device and once you grasp the concepts of using the IOS_Command Module and also the IOS_Config module you can configure whatever you want.
The IOS Command module is documented here – http://docs.ansible.com/ansible/latest/ios_command_module.html
There are the two parameters that I will highlight and I am using in my example playbook
- authorize – yes / no – This parameter enters privileged mode on the Cisco device if code says yes
- waitfor – List of conditions to wait for before progressing with the Playbook
Ansible IOS_Config Module
The IOS Config module is documented here – http://docs.ansible.com/ansible/latest/ios_config_module.html
So let’s get into the playbook
- hosts: 3560-SW1
- name: Configure ACL on Cisco Switch
- access-list 99 permit 172.16.1.100
- name: Verify ACL is present
- sh access-l
- result contains 'permit 172.16.1.100'
- name: SAVE CONFIG
This is a very simple play that is very self explanatory just by reading the Jinja2 code
It will configure a line in an access list using the IOS_Config module it then verifies if that line is there using the ios_command module and finally saves the config using the IOS_Config module again.
Note: This playbook was written in Ansible 2.3 – the latest version 2.4 has another parameter in the IOS_Config module called save_when
This can be set to always / never / modified.
So the config can be saved only when it was modified.
The playbook is available on my GitHub – https://github.com/rogerperkin/playbooks
For a more in depth discussion on installing Ansible and running a playbook to backup a Cisco Router – Check out my Ansible for Network Engineers page