blog/ posts/ Ansible for network device configuration
Expect shortcuts | posts | NX-OS port profiles

Ansible is a python framework for provisioning, deploying and change management, and overall configuration management. A major difference between Ansible and other similar tools f.e.: (chef, puppet, cfengine etc.) is, ansible is agentless. Agentless tool in this particular context means it is a too that has no requirement for a client counterpart on the target platform/appliance/hardware. Ansible uses the standard tools available on target platforms like f.e. SSH, Telnet, SNMP, API, to manage its configuration. This difference makes ansilbe the ideal tool for configuration management of networking equipment.

Here is a ansible network modules list for network device configuration.

A personal note I must admit I have just started using ansible for network equipment configuration. Ansible has been on my personal agenda for some months already. After some hours of reading the manual additional hours of testing it, it has not been straight forward for me to understand ansible concepts and usage techniques. I have began the evaluation of ansible for 2 times and have put it aside. All scripts for managing network equipment that I have written in the past have been written in expect. Expect has been doing good work for my networks over the last 10 years. These scripts are good enough for the things I deal with.

Using internal help

ansible-doc ios_config
ansible-doc ios_facts

Configuration files syntax

If writing configuration files, there are different 2 ways of defining variables and names. The INI way of defining variables, which looks like the example below:

R1.example.com

[backbonerouter]
R2.example.com
R4.example.com

[edgerouter]
R10.example.com
R20.example.com
R30.example.com

The headings in brackets are group names, which are used in classifying systems and decisions which systems are controlled at which time, and for what purpose.

YAML way of defining variables:

all:
  router:
    R1.example.com
  children:
    backbonerouter:
      router:
        R2.example.com:
        R4.example.com:
    edgerouter:
      router:
        R10.example.com:
        R20.example.com:
        R30.example.com:

Both syntax files are valid and you will see both used in different playbooks.

Default groups

There are two default groups: all and ungrouped. all contains every host. ungrouped contains all hosts that don’t have another group aside from all. Every host will always belong to at least 2 groups. Though all and ungrouped are always present, they can be implicit and not appear in group listings like group_names.

Ad hoc commands

An interesting command line feature is the ad-hoc commands where it is possible to send a command to a bunch of clients defined f.e. in a list. It works similar to a distributed shell.

Global configuration file

Starting f.e. ansible-playbook will search for a global configuration file in following directories:

~/ansible.cfg ~/.ansible.cfg /etc/ansible/ansible.cfg

The global configuration file will have configured entries like f.e.:

  • inventory file (hosts)
  • library path
  • connection specific configuration (SSH, telnet, keys etc.)

All possible configuration options have been described at the ansible.cfg documentation page. These configurations can used used for the global ansible.cfg file.