Ansible Network Automation

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
everyone david bumble back with a very special guest in this case it's donald donald i know you mainly from being a co-author of these books with todd lammle but tell us a bit more about yourself hey david i'm a principal consultant at a large uh cisco partner there so i work as a subject matter expert for pretty much all things cisco these days so that's the boring routing and switching stuff to wireless to uh collaboration um all and to the funder sdn things like aci and sd-wan all that fun stuff and in later years i've become the cloud sme there i am azure solutions x career to devops expert uh and then i moved on to be more of a devops uh sme there for um uh dealing for various automation needs uh in the project there but uh they always find a reason to copy in the middle of night so i'm quite busy yeah i mean for everyone's reference i really recommend these books that todd and donald wrote i remember reading the sdn section and the automation section that donald specifically wrote and i thought it was a brilliant part of the book he explains very practically and very easily how things work and donald that gets us to our topic in the book you discuss ansible so could you just for everyone who's watching give us a quick overview or description of what ansible is and why you would recommend that for someone who wants to get into network automation or devnet or something the best way to think about ansible is that it's automation's easy button because what it does is it lets you define more your intent and what you want to do more than all the step by steps kind of thing there so if you uh if i remember correctly from my book i write out a simple example how to do something in python it turns out to be about 60 lines or so and the point being there is when you code something in python you need to tell it every little step of what you need to do whereas if you're using something like ansible you can use the abstraction to say hey i just want a web server installed uh figure out how to install rather than uh telling it okay you need to run yum or after something like that and push the configuration so it makes it very nice for um abstraction it also has a nice feature called item potency and the idea here is that it's only going to do something if it needs to be done and the benefit there is it's not going to run a mindlessly run a script every single time there because what if that causes an outreach on your router there because you're pushing a new loopback address and taking out your bgp or something like that whereas with idempotency what you're saying is that hey i'm going to check that router first make sure there's a that loopback isn't there and then if it is i'm going to skip the next step and if it is i'm going to create it so it gives you a lot more flexibility and more confidence to be able to run the script every single time without having any um unexpected disasters unless you know of course you've messed something up in your configuration but that's the point of automation you can always cause big issues pretty quickly i don't want to keep you any any longer donald can you give us an example because what you're going to show us hopefully is uh practical examples of using ansible yeah so i figured i would go through the basics of uh configuring um some stuff on um some cisco gear that'd be great and we'll walk through some of the fundamentals and stuff that we need to um that you need to uh be aware of and i'm sure you have some questions as we go along oh definitely yeah i'm going to push it uh so this is my pie charm i use this as my main ide for most uh coding stuff there so what i've done is i've just created an empty uh project there we were just calling david's ansible and what we're going to do is just walk through some of the foundations that we need to get answer up and running and then we'll get this synced to my server with some github magic and then we'll do some examples and see what kind of fun we can have that'd be great all right so first thing i'm going to do is create a file and the first file that i want to create is going to be hosts and i can call this anything i want an extension but i'm going to show you the simple way of creating a host file and then we'll show you the new and improved way we're going to call this dot ini which it denotes the ini format and this is a really easy format that is going to let us define what host ansible knows about and we do this because ansible does not have any agent to inform ansible of what hosts are used like puppet does so we have to tell answer explicitly what hosts are out there and how do we connect to them so just before you carry on donald can you give us a quick like 30 second uh you mentioned like agent so what is agent agentless and you've mentioned the difference between puppet and um ansible all right so um the main difference between these tools just as a reminder is that uh the iac tools come into one of two categories we have agents and agentless now like most things in the ccna they kind of tell you most of the truth there but when you get dig deeper it gets more complicated than that but for right now uh the ccna says that the agent is required for a puppet and they want it for chef for agentless the only one on the list is ansible which is what we're talking about today and what this means is that um if i wanted to use puppet on a cisco router i need to have my switch where i just say instead of a rotor and then i would use what's called the guest shell feature to deploy the puppet agent on top of it and then the puppet agent would register to the puppet master which is topic for another day and it would say hi i am an agent on the switch's guest shell and then puppet will be able to say okay i can push commands to it whereas ansible we don't have any of that structure so the what we have to do is we have to define uh what's called inventory file and what this is going to do is just going to find okay here is our switch here is our router and we're going to tell it how we're actually going to connect to it there so we'll have our user our pass all that kind of stuff and it will be uh stored in this file and then we reference that when we do our configurations there's some more advanced things we can do like we can do what's called a dynamic inventory so it can query like say your cloud environment and um pull that up or we can do more um fancy stuff but for the most part the inventory file is a text file that we have all the information in and then for puppet and whatnot we have an agent that we actually install something on the computer to do it that host file is your inventory file yep yes great and i mean you use ansible i just want to ask all the questions that people may be asking ansible typically uses ssh to ssh to a radar switch yeah yeah so typically ansible will use ssh for his connections it can also use um depending on the solution it can use various apis so for example if you have like an arista switch you can use the eapi which is their extensible api if you're on the nexus switch you can use the uh nx api which is the nexus api yeah so it depends on the solution and when we get into the actual um meat and potatoes ansible so you can see uh exactly what is used for different uh modules or playbooks is what they call them but we'll we'll concentrate on ssh for today yeah yeah great all right so in the host uh ini file this is a really simple file we're not gonna spend too much time on it because it's kind of boring but what you do is all uh you need to tell it what groups you care about and what posts are in there so for example i have an ansible environment i have some routers that are running and for convenience sake right now i am actually running them as virtual machines so i have three routers and then i also have a linux server too if we have time to look at it there but we might have to save that for another day but the main thing is i have three uh modern cisco routers running that i should be able to connect to and if we connect to those routers before we get too deep into it the main things that we need here because this ssh is we need to make sure we have our login set up so what i've done is i have set up um a simple admin uh password i have set up a secret and then i have set up um uh authentication so that it uses aaa and that's all i've really done on the router so far so you haven't created ip addresses anything like that yet uh there is actually get rid of this guy uh so so all i should have on here now is a virtual report group which is for guest show and that's not really something we talked about today and then we have our management connection which is in the brf it's doing something about dhv but we have our uh management connection and uh management vrf and everything else is basically the same except for my login stuff so uh real basic uh configuration here and um is ssa you're gonna show us how to set up the ssh portion was that enabled already uh it's our name already so cisco's pretty easy you just need a domain name so i'm just going to say domain packet once i type it correctly apparently automation can't save you from typos people but um and then all you need to do is just make sure you have a key so just generate modulus and then that's all you really need to do for most systems there and then you might also need to go uh under the lines say transport import ssh and that's all you really need to do for ssh on the cisco device um yeah basically it wants to work you just give it enough details for it to be able to connect and just to make sure i understand and for everyone's benefit you running vmware workstation or fusion or something locally and you've just got these as three vms running is that right yeah just to show you what that looks like so i have um the next gen um i guess current gen now um virtual routers from cisco the um 8 000 bees yeah and all i've done is i've deployed them and then one trick i do for a lab which you might like is that i add a serial port and then i pump the uh serial information to a what's called a named pipe which is uh basically a connection socket and then from there i connect to the um uh session view of my secure crt uh to the name pipe there and this is how i assimilate a serial connection um without having to uh mess with ip addresses and ssh or whatnot there so this way if we need to reboot the router what out there we don't get disconnected and all that kind of fun stuff so that's all all the tricks i've done for the lab that's great so basic ssh basic ip address that's really all you need if i had a physical device and now we can do the ansible portion yeah exactly all right so back to our friendly pie charm here we go so the i and i dead simple first thing we need to do is tell what group we're doing and we do this just by putting it in square brackets so if i want routers i can say routers and then i tell it what i want there so if i have dns names which could do i can say akb31 dot the packet for whatever or i can do it by ip address it's totally up to your environment so my ips here are 1081 82 the only caveat is if you use ipad sorry if you use domain names you've obviously got to have a dns server or something that's reserved yeah you would have to make sure you have entries and keep them up to date uh yeah really depends on what suits your environment usually if a lab you don't really care that much to be honest but um it's always worth a shot there uh now you can do it this way there's nothing wrong with there or if you want to save some room you can take advantage of um some of the syntax that lets you have more flexibility so i can do this in one line by just saying opening up another square brackets and saying one three and basically this is saying okay this is 81 82 and 83 so the first number is where you start your um loop and the last numbers where you end it there so if i had 10 routers i'm going to say well nine runners i could say uh nine and then that's going to uh go from 81 to 89 there it's just a way of helping us uh save a little bit of typing there because if you have a proper inventory you could have quite a lot of devices in here so anyway i put them back to three or i'm going to forget about it uh i could also if i had a switch i want to connect to i could say switches and we could say that we want um let's say i think that's 241 is my switch and then if i had to group this together i could just say hey this is going to be uh dc children if i can type and then i would just say hey this is routers and this is switches and you build it up that way anyway we're not going to bother with that we're just going to focus on rogers right now and the names the names are just names that you've made up it doesn't have to be riders or switches yeah i could call this david's super now i would have to type this if i want to reference it in the playbook there so someone might look at you that's a bit that's a bit that's a bit too long so let's rather just go with routers yeah router's probably that is where we go here um i like to try and keep this relatively descriptive um when you get into um more production there you wanna you'll take more advantage of the uh subgroups what not like i showed you there and when we get into the next format to give you even more flexibility so now we have this we are telling asphalt okay point here but we're not telling it how to actually connect so what we need to do is give it a variable section and what we do is we say the name of the thing which is routers i will say bars for variables and in here we have to give it some um information of how we're connecting and um what we're connecting to and uh how we're actually connecting it there so this stuff is online but this kind of burned to my memory so i'm just going to say that the connection for a network device is going to be network cli and when we get into the actual documentation side of things i'll show you how to verify this kind of stuff there but um depending on how you actually connect to the device there whether it's free api or ssh whatnot there this will change but for the most part network cli is a safe bet and then the next thing it asks you or is need to know what type of device it is so that's network os and in our case this is ios because of cisco and then if it was junos would be junior uh if it was juniper be junos and so on and so forth then we need to get some usernames past the loop so we're going to say user it's going to be the admin and then i just put a really simple password here which is just going to be dextro because when i was young i thought that was a cool password from ospf but i spelled it wrong and i just kept it that way that's nice so anyway uh this is um our basic um host ini file and this is um enough to connect to devices and move from there i'm just going to quickly show you the new way of doing things because it's a bit more robust and what we do here is we make a yaml file instead so we're just going to go ahead and go new file hose yaml this is our first yaml file and this is what ansible does most of its work with there so there's two main things to uh remember the ammo the first is that it always starts with three dashes on the top so it knows it's the ammo file and then the other thing is that spacing is very important in yammer so it uses spacing to determine what is um part of each section there and if you got a space even slightly wrong it's going to break everything there that's kind of why yaml can be really annoying when you're working with it but this is also why you want to use a nice editor like uh pie charm or what have you there because it will help you keep track of your spacing as you type so you hopefully we won't have too many issues here so what we're going to do is we're going to open up a group and we're just going to call this data center and then basically how we do this is we type the thing and then we have a colon after each one and then we would fill in the information as we go and what we're going to say is we're going to put some routers and switches in here so we're going to say children and then we want routers now here's where we're a little bit different because it's a bit more structured so uh before we just said that okay here's our group and here's our ips now we're just gonna have a bit more format so we're just gonna say hosts and then we have the same thing really so we can say 10 8 3 1 and basically what we're saying is we're creating a master group called data center and right now we have another subgroup called routers and then under here we have another group which is these ip addresses there so uh basically this is still considered a group we haven't put any information in it yet and that's because you're putting colons at the end yeah yeah when you press you're just pressing enter after you've typed like a group yeah so uh the tools automatically keeping um the tools are automatically keeping the space in there and i don't know if it comes out for you but uh you see here that it's maintain show up visibly showing me the line so i can see that uh how they're spaced out whereas uh if you use something like um a standard text editor is not going to maintain that there and you're guaranteed to have a problem at some point in your life yeah so we have network engineers need to move from notepad to pycharm or something yeah it's worth the investment uh i know a lot of people like why are you spending money on a text editor and it's like well i have you know i spend money on basically all the text editors but they they all have their use or at least that's what i tell myself all right so what we can also do here is under um the hosts you see when i back up there it highlights uh that i'm under this line now so if i wanted to have a host specific variable i can go ahead and say bars and then if i wanted something like test bar i can go ahead and say 999 so basically i can define whatever variables i want under the router group here and then we can do essentially the same thing for switches so just say hosts and then we're just gonna say 10 30 10 to 41 i think and then what we'll do is we will go under [Music] and it's like and so forth i felt like i wanted to add web servers what not i could uh but we're gonna go back until we get to children because basically we want the variables to apply to both the routers and the switches and we're just going to save bars again and we put basically the same information that we had before so this is going to be the absolute connection network cli and then it's going to be installed network os by the way if you forget network os uh the script will fit or the playbook will fail and i'll basically say hey i don't know what this is uh so we'll play with that once we get something going here in a minute but the good news is it looks like we're just putting a lot of effort into the host file but after we're done this we can basically dive right into the uh playing advancement there because this is ninety percent of what we need aside from the actual playbook produce go ansible user will be admin ansible oops ssh pass you might misspell dextra and we'll add a couple other things we'll say ntp servers will be 10 and 11. all right so now i have my host done and i just ask is the um is the yaml file the hosts file a a replacement of the um of the host.ini file yes so it's one or the other uh basically the same information is on here except for i added the switch and i added the ntp servers and which one is recommended today uh the amoles so it's better to to basically you have to learn yaml if you want to use ansible yeah yeah uh yeah mo is uh mandatory it's uh when we get to the playbooks everything is written in yaml uh so uh you're gonna have to learn it pretty quickly for this kind of solution and frankly other solutions like puppet you also use the ammo so uh there's no escaping it in in in your yaml file can you just explain you use dash and then the ip addresses of the ntp servers what's the difference between the item or the dash and then the the items in orange yeah so this is just an array so basically it's just saying i have multiple values and this is just saying i have a single value great all right so we have our hosts out of the way there's one more quality of life thing we can do before we move into ansible itself and that's going to create a global settings file called ansible.cfg and all this does is just gives us our defaults there so that we uh don't have too much of a painful time so we're going to just say it's going to be defaults and this is still ini format so i don't believe they made this gamble yet but i'm sure it's coming but for right now your default settings work with ini right now and the main one that we care about is host key checking false and the reason why this is important is it uses ssh keys for its um connection so what happens here is when we have our device our ansible server and it's talking to let's just say a router it's going to connect through ssh and it's going to say hold on do i know r1's keys in my ssh store and if it doesn't it's going to kill the connection because it's going to assume that if this was production you would know about and you would learn the keys already so what we do for a lab environment because we don't want a painful time because our routers are usually up for 10 20 minutes at a time and then they're deleted and created over again that kind of thing so we use host key checking and set it to false and that's just going to make it much easier for a lab but otherwise it's going to validate the ssh keys and you're going to have to manually connect to the servers before you run your script so it's going to fail or you have to do some kind of automation method to make sure that the ansible server knows about the keys that's great i mean another question i'm sure people always ask whenever i've done this people ask you're putting your passwords in in your files and clear text is there a better way to do it uh yeah there is uh so there is a feature called ansible vault and we'll talk about that i'm sure in one of these discussions but basically what it does is it encrypts the password in a really sequel format and then we can use that to encrypt the password so we're not doing it uh in plain text uh the other way you can go is uh to do entirely without ssh keys or whatnot there but uh vault is the preferred way for most people great and then the other one that is just a me thing but because we're using a newer version of ansible in fact the newest uh it starts yelling about by the way 10 versions for now we're going to change something and uh that's great information that this guy is falling but i don't need to see it every single time i run something there's like oh by the way it's going to change eventually it's like that's great guys but we don't need to see that so i'm going to set deprecation warnings to false uh this is more uh so we have cleaner opportunity to get to it so at this point we have aside from explanations what not we have uh two lines in our cfg or our cfg file and then we have a host file with hopefully no typos or spacing errors by the way while i'm here never use tab in yaml yaml does not support tab at all and it will break your file instantly so if you're going to use tab make sure you adjust your editor so that it replaces four spaces because otherwise it's going to cause you a real headache good advice but anyway uh so what we're going to do is go ahead and create a repository and i'm going to do that just by saying enable version control and what we're going to do is we're going to create a repository on my github so here's my fancy windows terminal so we're going to go to david's ansible and if we look here we have our files and we're just going to go ahead and say gh create repo nope i always hit that backwards repo create they just release the command line for uh github and trying to consciously use it more in my workflow and we're just going to call this david's ansible this is going to be a private one and we'll go ahead and say yes so what this has done is has gone ahead and created um our github link for me and my repository so if i go here and open this up in a browser you're gonna have to make this public so that other people can download it i guess i could i guess there's no harm in it um okay let me just do that again then you know we'll say break public there we go for the people so anyone watching can you just go to that link and download the code all right let's just see here if i make sure i didn't remember that by changing it on the fly was to see here go to my github it says i see you've got an error remote origin already exists is that right yeah i'm just going to go ahead and delete that in there probably and then do that again but i just want to make it clear you don't have to use git for this you don't i'm just being fancy yeah you could just copy those files onto this to a linux server yeah and that's another question donald i'm sorry i know you're busy doing something on git but do you recommend people use linux for this um you need to use linux for ansible itself uh right now i've been using windows for everything um you there is a question of whether or not you want to use wsl for ansible i find that wsl1 is um a little bit uh wanting there the fedora refresh or not refresh fedora remix is the best one for using wsl1 wsl 2 i don't really use too much because of the i use vmware workstation but it should be able to work just fine on wsl 2 and then otherwise uh i would recommend uh doing this on um some kind of linux host and on a mac uh mac works just fine yep because uh it uh has ssh and it's uh uh brew whatnot takes care of all the intricacies so you can use ants on mac just fine but it's probably you know network engineers today have to learn linux i would say so it probably makes sense just to have a linux vm or wsl or something yeah it's easy especially if you're going to be doing destructive stuff there because you might you might find out that you're breaking things all right so we're going to do is we're going to go ahead and get this in github there so you can see how that works because we need to get these files onto my linux server one way or another so we're going to say is we're going to go enable version control in github and this is just how we're in pycharm and this is just a handsome or a fancy way of getting things up and running there but we can also do this with the cli too so i'm going to show you a mix of both so we're just going to go ahead and go get i can also do other versions but git is the uh best one for most people i'm just gonna go okay here and that's gonna run again and it on the directory for us now we're gonna go back to my or rather i'm gonna open up my windows terminal and what we're going to say here is we're going to go to that directory which is coding david's and it's going public and one of the nice things about windows terminal is that it integrates nicely there so you can see that it has a bunch of git information that uh i'm sure dave and i will be talking about uh down the road there so you understand what all the stuff means yeah what we're going to do is we're going to go ahead and use the github command line to create a repository just for the fun of it and i always get this backwards so i think it's three poll three david's financial public because uh we will make this available to you guys so you can check it out there if you want to see our random spaghetti code and then we're going to go ahead and say yes and apparently i need to clean up my github so just bear with me one second i did see you made a mistake you made a typo with your ansible public but that's okay yeah no worries i'm just going to delete this guy here and it should be fine delete and what i'm doing is i just did a trial run earlier and it uh forgot to clean up my tracks or so let this be a lesson to everyone never prepare for anything just do it live because if you prepare you're gonna end up breaking something all right let's try this again all right there we go so now i can do is i can go ahead and have a look here and we have our directory so i have our three files and i'm going to go ahead and say get add ansible cfg and then our host file and we're just going to go ahead and say git commit we're going to say our first commit and we can see that we've added our three files to get here and then we want to push them to my actual online repository so i can use this in my ansible server for what will be our ansible server so oh i got an answer in the brain uh now i just want to say or get push you have to tell that we're pushing to the master because this is a new repository and again we'll make a video one of these days and talk about what all this magical stuff means and i'll push everything's up to date so if i go to my if we go to my github itself we can see that we have david's um ansible public and the cool thing is there that this will be accessible to you guys uh so you can um go to github.com the packet for our david's ansible public and this will stay up and um it's going to have our files as we go here so if i click on our host file we can see that we have that there and it's recognizing the formatting or whatnot so now we have this our next goal is to get this on to our linux server which in my case is red hat so i'm just going to go ahead and copy this key uh the ssh there and this is just going to help me do our actual syncing if you just want your own repository you won't have ssh but you can do https on your own or you can use the github cli if you're feeling of interest anyway i'm going to get to my ansible server go ahead and remove that's all that just has something else and everything else is fine so we're gonna say is we're gonna go get clone and we're going to enter in the ssh key i um copied here and it's going to go ahead and clone it so someone could just copy this and do exactly the same if they wanted to clone it onto their linux server yeah now you won't be able to do ssh as i said but yeah you can only do http uh because i manually added my ssh key into github yep so uh for authentication that's how i make sure that make sure that you are you but otherwise uh yeah you can grab this and play around with it if you feel that what we end up doing today is beneficial as a starting point and then yeah you can have fun with it so now we have here we can see that we have a folder called david's ansible public and we can see we have our ansible cfg our hosts and that's about it but right now we don't really have ansible i mean i have ansible installed and server both pretend we don't have anson so what we can do is i can go back out here and as a good practice it's always a good idea to create a virtual environment so we're just going to say python3 because ultimately ansible runs on python you can install it with pip so we're going to say that this is virtual environment and virtual environment and now to activate this so we basically have our own private container for our packages we can say source bin activate and you can see that we have a virtual environment activated in the corner and now when i install stuff it's going to install to this environment not my main system so we're going to go ahead and say hit install and you might have guessed we want ansible but before i do that we're going to make sure we install the new version of pip because otherwise we can get some issues so we're just going to say pip upgrade so we can see it's uh pip uninstalled and install 21 so that's quite the jump and then we're just going to say we want ansible and you can see that 4.0 is installing now so just for everyone's benefit the um the virtual environment is good practices like a little like container running on your virtual machine but it's not required but it's it's good practice so that you don't have conflicting versions yeah yeah it's a it's good practice i'd recommend it there when you use something like pycharm it automatically creates one for you uh so it um it keeps that isolated there because you don't want um because there's an ansible tower instance here which we'll talk about one of these days but you don't want to break an actual server because you're installing different versions of um applications there in the same way that you would use a virtual machine hopefully to test things out rather than just installing it on the server and hoping for the best so i mean basically you're demonstrating that you didn't have ansible installed and now you're installing it so you're doing everything from the beginning yeah yeah and this is going to run away for a bit but this is our entire ansible installation process uh essentially if i didn't do the virtual machine environment we just install it with pip and then there's one other thing i need to do but it's also a pip command i could have downloaded one line i was going to point it out to you though and while we're waiting the we'll talk about it so because ssh use or asphalt uses ssh uh we need to make sure we have the parameco package installed there because that's what python uses for ssh connections so we would also need to install parameco or i like to install netmeco because that installs the requirements and also has the better tool uh so let's get that 30 seconds or so all right and then we're just going to go ahead and install netmeco now if you're doing this just on your own you just do parameco but because net nico depends on piramico we can get a way of just installing this and it's gonna make sure it gets um let's see those perimeter there uh it's gonna give us uh the best of both worlds in my opinion so uh i like to do it that way there but if you want to if you took an exam or something it's best to do this one now what the red hat exam would ask you a multiple choice question it's all labs but you know what i mean there maybe you don't i don't know i'm rambling uh anyway that is ansible installed so let's go back to our davis directory and remember we have our hosts file and we have our yaml so what can we do with ansible so what we're going to say is ansible doc and then list and this is going to give us quite a lot of stuff here in fact if i do pipe this into word count we have 5634 built-in modules uh and this number goes up pretty much every version of ansible so we if we wanted to we could filter this so we could say hey i want to look at cisco ios and we can see even that's not good enough there because we also have ios xr which is the service provider platform so we're just going to say dot ios so what we have here is a bunch of things that we can run on our cisco devices when we get into there but we can see that we can push accol for example or bgp or some random configuration let's have a look at uh there are three interfaces so we're going to copy this name and if we want to see the actual help we just take off the dash and then type in the name and what this does is this gives us a description of what the module does here so this is for adding there are three options on a device there so this is adding ip addresses that kind of thing so see we can add addresses there's explains all the different fields and then if we go down we can see a bunch of examples so this is really useful for building out your playbooks when we get that far because you can basically just copy these and then you can edit them to be what you want them to be and then it'll save you a lot of typing and confusion as you work further but anyway that is how we do that so what we're going to do is we're going to run what's called an ad-hoc command and the ad-hoc command is um really just there to help us verify particular information and get us what we need so if i type ansible i can go ahead and tell i want to run on routers and then i'm going to do something called a ping and it's going to tell us hey i don't know what host to talk to what's the router's because i have to tell it to talk to one of the inventory files so we're just going to say hosts and we'll pick on the ini file so we can see that what this is doing is uh it is doing a quick sandy check now this is you might think this is talking to each host there but this is actually talking to um the host itself to make sure that all the logic is fine there so it's not actually sending anything to the router but if we wanted to we can also verify that our yaml file is fine and it is so you can see they both work the same way but we can go and find some information so if i wanted to i could do eyeliner with specs and one of the things that ansible is really nice at is it can give you a bunch of built-in facts here so we can see that for one of our routers that we have our ip addresses we can see how much space the host name what kind of uh version we're running um what masks and whatnot so we got a ton of information here that we can use for our automation if we want to there and this is all built into answers one of the leg apps it has compared to a python script because if you're doing this with python you would be manually coding this so that it it has all this information so we can see here we have like serial number we can see version and which we'll play with in a little bit and we can go from there you can see model so all in all pretty good stuff so what we're going to do is we are going to go back to our pycharm and we're going to create a first payload book what we're going to say is so basically what you did there is you the ping just verified that the um the the the ansible stuff was right and then when you did like get information you actually connected to the devices yeah yeah so uh and remember this um uh for this to work this means a few things there so one are credentials right two is that we have our post defined properly and three is that we're have our network and stuff defined properly there because if we said this was a genos device there you'd be able to connect see that the parser is different and probably freak out so uh this is just a quick sanity check to do this kind of thing there and sometimes you just need quick ad hoc information like you just want to be able to get this information but you don't want to write a whole playbook yes and you specified routers because in your yaml file you had a router section and a switches section but you just did this on the routers yeah yeah so i called this uh routers i could also choose to enter in these if i wanted to do this individually because i define these are defined as actual names so if i wanted to i could say and it would run just on that particular host but because i said routers earlier it ran on all three yeah that's great so you create a playbook now yeah yep so what is a playbook so playbook is kind of like a i call it a bash script there where it's a series of commands that you run that get your result there so a playbook will have our information for what we're connecting to uh like what groups and then we're gonna have what we actually want done inside the host there so for example let's just create a goal there where we are going to actually know what i will create the file first and then we'll talk yeah all right so we're going to say new file and it's just going to be cisco.gamil now remember we always have three lines at the top and then what we need to do is tell what host we care about so it's gonna be hosts routers and of course if i call this david special venture or whatever it was then that's what we'll call it here now if we want to be able to use enable then we will go ahead and say become is yes if you wanted to enable what you'd want to do is you want to say become password and i have the same secret for my password there so you guys can hack my lab but um basically this is how we uh how handles things like enable passwords or pseudo passwords is what they call it become and then so let's say become yes and then what we're going to do is we're going to tell it what tasks we're doing so what we're going to say is we want to great loop back oh i don't know uh 888. now how do we do that i have no idea let's have a look at our helpful so if we go back to [Music] here we can see that we have a few choices so we have ios interfaces layer two and there are three now these are usually pretty well named there so we can infer that interface is probably what we want uh layer two would be like vlans and stuff like that and they're through vip addresses so let's have a look at interfaces and let's look at our examples i like to just dive down to the examples because i can usually figure out what it's trying to tell me i see here that we're defining an interface we're saying hey here's a description we're enabling it duplex all that stuff and we can see that i don't think there's many other examples here hey good enough we'll just copy this part so we're just going to copy the front part of this yeah we'll go back to our workbook and i'm actually going to replace you with you and then we're just going to say that this is great loot back and you meet so we have here is we're calling our module and then under here we're defining our config based on what it says and we're right now this is saying that we're going to add a description to um to gigabit 2 which doesn't exist on a router so we're just going to say that it's going to be rootback.88 and we can loosely description of i will say created or dated now from here we can see if there's any other options that are relevant to us so let's go back to our help here and we can see that we will have enabled but that's probably a useful one and if we go up here we can explain what all the different fields need so basically uh if we wanted to be enabled we say enable true so go back over here and we'll just say enable true so if we're happy with that what i'm going to do is i'm going to commit and this is going to upload this stuff to my github here so we're just going to say added first playbook and we're gonna commit and push which means it's just gonna push it online all right so now on our asphalt host we need to pull our change so we can see that is pulled these files long story short so if i was to look i now have cisco.yml so that's the match could get there's other ways we could do this to sync there but it's good to at least get people thinking about how to do this kind of stuff so at this point i should be able to run this and we should create a loopback 888 with a description if this works out nicely so before you before you do that can you just check on the device and do a show run to make sure that it's not there yet oh you're doing the musician check to sleep in me all right so there's no way to date here there's a 999 so let's say 999 okay so there's nothing above my sleeves or in my sleeves not above my sleeves i know i like expression girls all right so we'll go back to our ansible and now i should be able to say ansible playbook now we call the playbook and then we tell what input for your file to use we're just going to say ho cml you can do this any order but because i just constructed this way there is basically to say run this playbook and use this host funnel if i don't we already saw what happens there where he yells at me so i'm going to try this and if things are syntaxed properly we're going to see it's going to run through the steps here and we see that it's trying to run task there and so this is where the uh it ran through everything's great so it says that it created a loopback so let's just first to see that we have a loopback up and we should see great for david here and of course we never added an ip address so that's where that comes from that's great so that's that uh oh i was not done talking about this so we can see that this has changed and it's kept track of what has changed over the play recap now because of the item potency that i mentioned if i run this again what we should see is that it ran but nothing changed so we see it just says okay nothing's changed because it says hey you already have a loopback 888 so i don't need to so if i go to one of these healthy robbers and say no if i run this again what we should see is that it's going to add one loopback candidate so that's the basics of running our first playbook you know we haven't done anything too fancy yet but that is um the nature of the beast there but what we're going to do now is just take it a step further and we're not going to get too deep into the logic we're just going to add an ip address there we're not going to worry about the duplicate ips or anything quite yet so what we're going to do is we're going to go back over to our help because health is here that's great i mean it's it's nice that it checks and makes sure that there's if it already exists it just skips over yeah and this uh you don't want to have a situation there where you say like install apache or web server or something and then it interprets that well i'm just going to do the install and what if that wipes out all your configuration or something so it's yeah yeah it's uh trying to be as minimalistic as possible so i'm going to is i like to call while iac is insanely lazy it's only going to work if it really needs to which is good yeah you don't want it to be an overachiever especially with automation there because this kind of stuff can be really scary if you're um doing this live um all right so we're gonna go back to our help which is if i scroll up do i save typing maybe okay cool so we've looked at the interfaces and to add an ip address we're just going to go ahead and say layer 3 so again we're gonna look at our help there's no shame in asking for help in this kind of stuff especially when you can copy and paste and save some typing all right so let's just see what we got here so we can see that we have a few examples so this one is adding an ip address and this one is removing it there there's a concept called state there we could say we want this to be present or we want this to be absent uh and what we want this one is we just want to say that hey we want ip address we don't really care about too much more so i'm going to go ahead and copy one of these guys and we're going to go back over to here now remember we want to make sure our lines are lined up so this is where our fancy tool for line highlighter is useful so we're going to say ip address to loop italy now we start saying loop 88 and we'll get this ip address i don't know 192 168 88. let's say 255.88 now one nice thing about this there is that you can go ahead and use slash notation it's going to figure out what makes sense for the platform so this will put this in the proper network mask for us so this point we're just going to go ahead and commit this so again we push and i really should update the description but uh oh well so now we'll go here we're just gonna say get pull so i check our cisco we now have our new field here so if i run this again you can see that it's okay with that there and it's added vip now the obvious problem if we're doing this in production is i just push the same ip to all the uh users there and uh or all the routers and unless we're doing anycast that's probably going to be a problem there so what we'd really do is we would define um in our host file we would uh create variables and we would reference them there but we're not going to get too deep into the weeds uh for our first showing unless we get where the board will find out you know i think it's i think it's long enough i mean that gives us a good idea of the of the basics yeah fair enough so donald that's fantastic i really appreciate you spending you know all this time showing us how this works um your real advocate of of ansible is that right uh yeah i quite like it the only thing i don't like is chef so we probably won't be making a video on that one yeah we'll we we won't cover chef but i mean in that what are we gonna do in the next video on the next video we'll take it a bit further there uh so um i know you guys uh like talking about security a lot there so i thought it'd be fun to use ansible as a compliance tool to make sure our configuration is um working properly yeah so like make sure that someone hasn't put a dumb password on or snmp or something like that yeah yeah so we can make sure that like um we can do what's called compliance so we can say that hey is the domain name proper on this device there or do we have these features enabled or uh just uh basically what we can take is uh we can make a basic template to uh for what the security people would like to see or the network best practices and we can have ansible not only um let us know something's wrong but we can have ansible automatically correct it for us there so if we have like a wrong domain name for example we can um have it automatically corrected there without uh having any other things going on and then i thought um if we and if we don't get sick and talk about ansible we can also talk about things like asphalt vault which is uh the security mechanism for storing passwords um and then um probably as a separate meeting there we'll talk about answer tower which is the uh big boy version of ansible that uh brings in a lot of uh centralization and um security features that a lot of people like and that's what we actually pay for so that should be uh fun to look at that'd be great so i mean yeah again i want to thank you for your time and donald look forward to those new videos thanks all right see you better brilliant [Music]
Info
Channel: David Bombal
Views: 15,434
Rating: 4.9751811 out of 5
Keywords: ansible, network automation, ansible cisco, ansible network automation, ansible for network engineers, network programmability, network automation with ansible, cisco network automation, ansible network automation tutorial, ansible tutorial, network automation ansible, learn ansible, cisco automation, ansible playbook, network automation cisco, devnet, cisco devnet, ccna, devnet associate, devnet associate (devasc 200-901), devnet cisco, Devnet tutorial, ansible cisco ios
Id: 2W_YE0fZs88
Channel Id: undefined
Length: 62min 52sec (3772 seconds)
Published: Thu Sep 30 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.