Ansible Playbooks for Cisco Network Automation!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Hey, everyone. It's John, and today I'm gonna do a video on using Ansible playbooks, so let's just kick on and do it. Ehh, as you can see the topology is quite straight forward. We've got a basic EIGRP network up here and below it a RIP network. Now here's the thing, though, these all have IP addresses 10.0.0. 1.2.3 and same for here. 172.16.1.9-11-10 to correspond to the routers. However, just to make things easier, I've also given each router a loopback address which corresponds to it's ehh..actually router name so router 1 has a loopback of 1.1.1.1 Router 6 has a loopback of 6.6.6.6 just to make it easier. So, let's just kick on and do it then, I suppose. Let's start these nodes. The first thing I'll do actually I'll quickly show you the Ansible web page cause this is very very helpful. If you're looking for documentation for Ansible then go here. This is quite good. Ehh, so you'll notice a few things things I will be using in my playbook - a Username, obviously, I'll be using that as "John" which is the SSH login name. "Authorize" - I'm not actually gonna set that, because Authorize will essentially elevate your privileges to Privileged Exec mode, however, I've actually configured each Username to have "privilege level 15" so automatically it will go there anyway, so it's unnecessary. Ehh the "Timeout", now the Timeout is actually ten seconds, ehh, however, because I'm using virtual machines "VMware", things can run a wee bit slower than it would in real life, so I've actually extended the Timeouts just to get me a bit of leeway and the password, of course, is what the password is for your SSH connection. In this case, it's gonna be a basic password of "Cisco". So now that's out of the road, let's go and do this. Just connect to these nodes. Right, I think we're up and running, so let's just check this. First thing I need to do is put my basic configurations on my actual PC here because I've got nothing on not yet. So "ifconfig eth zero" and we'll make the IP address "192.168.1.1" with a network mask of a "/24" and we'll bring that up. We'll do a "route add default gateway up" and the default gateway IP address of the router is "1.1". So let's just test for basic connectivity! Okay, we seem to have that and lets just try to "SSH John @" I don't know 1.1.1.1. Yes. "Cisco". Okay, we seem to be able to access the router. Now, there's a few things you need to do - if you've watched my previous Ansible video I think a covered this - but I'm going to do it again just for posterity. The first thing we need to do is actually configure our Hosts file, which will essentially act like...it will essentially act like DNS, basically. So "Nano" and we'll do "etc/hosts", now this is going to resolve the router name, so if I type in "R1" it'll resolve that to the actual IP address I specify, now like I said, I used a loopback to keep that simple. So here we go. So "1.1.1.1" will be R1. "2.2.2.2" and so on, so forth. Bare with me I'll just quickly pop this in. You can actually just put in IP addresses, you don't need to put in the actual names but I prefer to do it, so it's a bit simpler. Uhh, where are we? R6. "R12". And write that out. Save that. So now if we ping "R1" it should resolve it "1.1.1.1" And get response...yeah so we do. Right, a few other things, we need to actually set our Ansible configuration file. Now, I've just got that saved here to keep things nice and easy. Again, the "timeout" I think that actual timeout in this ordinarily would be "5", again, I've extended it by a large amount because virtual machines can run slow and I'm just giving things a bit of extra leeway. So let's make this configuration file. So we'll do "nano" and we'll do...call it "ansible.cfg". Paste this in here. There we go. And...actually, see if we look at that. If we "cat" ansible what it's looking for...the inventory, the inventory will actually be a hosts file. Now we're actually gonna make that right here. So nano and...we'll do "hosts". Now, this is actually going to correspond to my topology, so as you can see I'm going to group things together so they make logical sense. I'll have a group called "routers" which is going to encompass all of these routers so R1 right through to R12, however, I'm also going to have an EIGRP section which is just going to be 1 to 8, and the RIP section which is going to be 9 to 12, plus R2 because that's also going to run RIP. So that's that. Uhh, let's go and do this then. So the first thing what you need to do with Ansible is use these square brackets that will delineate and denote an actual specified group. So if I do [routers] this is gonna be all my routers, so if I type in the word "routers", it's going include all of these ones, and again, these numbers, er, names R1, R2, will be resolved in the host config file, or, sorry, the hosts fail to the actual IP addresses, which is why I made this, rather than actually typing IP addresses for in here, I can just type in the names. So that was the purpose of that. "R6", "R7". Now, I must admit, that setting all this up might seem a little bit tedious. You think why can't you just go and just configure all that stuff? Well that's the case, but see once it's set up, then you can just keep deploying changes really really easily, so it may take a little bit of time to get set up but once you're up, you can really...it can accelerate things a lot. So [eigrp] will go from R1 to R2 R3 R4 R5 R6. And our RIP section, gonna just have R9, actually we'll put R2 aswell. R10. So if I did a basic "ansible" just on, say, RIP and I used the module "raw" - again this is an Ad Hoc command, this is not using the Playbooks yet, I'll get to that in a wee second, and we'll use the argument...will be...I don't know? What? "show ip route". User is "John" ask for a password. Oh, what did I not do there? Ansible RIP. I'm not sure what i've done there. Try "routers". Hmm, what have I made a mistake here on? Is my configuration file correct? "eigrp", "rip", seems to be okay. I've obviously done something wrong here. I don't know what I did differently there haha nevermind it works now, God knows what that was about? So, like I say, that's me, I've ran the Ad Hoc command, which is going to essentially fetch the "show ip route" command from all the routers grouped together. And, initially, Ansible. Just perform on the RIP routers and we'll just do a "show run". SSH Password. And we're gonna grab up all the running configuration files from those routers, so anyway, that was just a brief test to make sure that was working. I don't actually know what I've done there, I've obviously skipped something. Just something I've overlooked. Nevermind. As you can see, these routers don't have much on them, we've got SSH configured on them and some IP addresses, EIGRP and RIP, like i said, but they don't have any kind of like, say, Banners...anything like that so what I've done here, let me show you, I've actually written this little Playbook and it's written in "YAML" now YAML is a kind of human-readable language. And as you can see here, "hosts", that's a generic Ansible thing you would use that's going to deploy on all the routers. I could change that to eigrp just they applied to my EIGRP routers or RIP to my RIP routers. In this case I'm gonna apply to all because it's "John's generic router configuration". Eh, "gather_facts" we want to set that to false. Connection "local", you can use network CLI, but for this I'm using "local". Uhh, "vars", so now we're gonna be using...this is what you're gonna tell the CLI what the use. The Username will be "john", password "cisco". Often people "authorize" but like i said the actual username "John" has got "privilege 15" so I don't need to authorise that to elevate privileges. Timeout has been extended to 100 because I'm using a virtual machine. Now the tasks, this is actually what it's gonna display on the console, when I put this through it will say "global configuration settings", it's gonna use the CLI and here's a list of commands and if you can use these commands in global configuration mode, you can use them here, so I've just popped in a generic amount of commands just to display this. I've got "ipv6 unicast-routing", "errdisable recovery interval". Security passwords minimum length is 5. IP name-server 99 - that actually not an IP address I've got configured I've just put it in anyway. SNMP servers and...blah-dee-blah... ntp server, again, and, uhh, banner. So at the very end of it, again, this is a consistent thing you'll see with ansible register, you'll print_output and you'll debug to actually print the output on the screen. So what I'm going to do now is go to my IPvZero...so what I'm gonna do is actually create an actual configuration YAML file so we'll call this...nano and "generic.yml". Now I'm gonna go here, just "control a" to grab all that, copy you, I'm going to paste this in here. Write that out. Save. Cat that. So that's that there, now, beforehand, I used the command "ansible" and typed in the routers, used the module "raw" and I had to type in a password 'n' that. Now because the actual, eehh, the Playbook has already got the password username John configured, I don't need to do that, it's just gonna run the Playbook. So rather than use "ansible", I type "ansible-playbook" So "ansible-playbook" and we're gonna run the generic.yml. It's going to start running all these operations. Again, like I said, because we're using virtual machines, and such, it does run slower. On actual real kit. On my actual real routers and switches, this works way quicker. Maybe my computer is just slow, possibly. So it's saying I've changed router 1, 3, 2...and this is why I changed the Timeout because ordinarily this could actually just timeout and cause an issue. Come on, come on. [Music] It really is taking its time this time. So once this finishes, you will see a brief summary of what it's done, if changes were made, if the connection was successful for each independent router. Okay, so no failed connections, nothing was unreachable, changes made one. If no changes were made to it, it would be a zero so there's been a change. On the Recap there's been a change made to all these routers. So now if you go on to, say, router 2, just grab this here, and now you can see the banners already. I'll just exit out that. Push enter and there you can see we've got the banner on that. "show run". Build the configuration and we've now got security passwords min lines, all these other things, name server, all these new configurations, and that's true of all the routers cause I've deployed it to every single one. Router 5. Again, now again, this may seem a little bit overboard to configure a bunch of routers here, but if you can imagine an actual industry kind of sized network, you could be dealing with hundreds or thousands of routers, this is obviously far more efficient to deploy things with automation that it would be to manually just type everything in and you're actually less likely to make errors because, just like with DHCP will hand out IP addresses, manual configuration of IP addresses is very prone to error. So stuff like this is way better. So, like I said, the beauty of this as well is it's very very easy to make changes. So let's say I wanted to, I don't know, I want to make changes to just the RIP routers. I say okay "RIP" and let's change the community for the SNMP we'll just call this "John" actually we'll do "No" and we'll pop...and we'll do SNMP Read-Write. Okay we're doing the RIP routers maybe change this. "This is John's RIP routers" and Don't make changes, just change that a little bit. So we could do - copy all this - and then we could just make a new configuration file, so to go back to our actual...and what will we call this? Call this RIP.yml and that's going to have the changes in here, and maybe change that to "John's generic RIP configuration". Seems to be fine, and write that out. Now if we run the Ansible Playbook on RIP.yml There we go, now of course, because it just been set to configure the RIP routers, only the routers which have been configured under my...eh, my RIP commands have actually been changed. So now if we go to, say, if we do a "show", rather if we do "ansible" RIP, with a module -raw, argument "show run section banner", the username "john". Okay. Now we'll see the banners of all the - just RIP routers on this, whereas if we did... on EIGRP, check the EIGRP routers. Hmm, don't know why that's not connected to that. We had an issue connecting with router 3 for some reason, not sure why, but as you can see these still have the old banners on them, and just for posterity, let's just go on and just check on the actual routers. So router 9 is a RIP router, again, it's the RIP router one so the "show run" is going to have the different configurations on it. It's now got the different SNMP servers, versus what you would find on an EIGRP router. So that's still got the EIGRP configurations. We'll "show run" now as you can see that's got the IPvZero SNMP server. So this is just a quick demonstration to see, or rather, I'll show you what you can do with ansible playbooks. They really scale well, the larger the network is, the more convenient this becomes. Like I showed you, it's very very easy to make changes globally to large groups of net...eh routers, so for example...or switches to be honest you can do this on switches too, obviously. So long as they're configured for SSH because ansible is agentless, as long as SSH is configured on the device you can access it via Ansible. So, yep, so basically, this is just a demonstration to show you just how easy it is to make changes, how easy as this scale with Ansible. And, yeah, so that's the end of the video thanks very much and I'll see you guys soon!
Info
Channel: IPvZero
Views: 21,454
Rating: 4.889401 out of 5
Keywords: ansible, ansible playbooks, cisco network automation, python cisco, python, how to configure, explained, IPvZero
Id: xw4IinFGVzA
Channel Id: undefined
Length: 23min 17sec (1397 seconds)
Published: Thu Nov 29 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.