Network Automation with Red Hat Ansible Automation Platform
- Section Building an Ansible Inventory
- Guided Exercise: Building an Ansible Inventory
- Configuring Automation Content Navigator
- Guided Exercise: Configuring Automation Content Navigator
- Writing and Running Playbooks
- Guided Exercise: Configuring Device Login Banners
- Implementing Multiple Plays
- Guided Exercise: Creating a Cross-vendor Configuration Backup
- Lab: Implementing an Ansible Playbook
- Summary
Abstract
| Goal |
Create an inventory of managed nodes, write a simple Ansible Playbook, and run the playbook to automate tasks on those nodes. |
| Objectives |
|
| Sections |
|
| Lab |
|
An inventory file defines nodes in your network topology that Ansible manages. You can organize the managed nodes in groups. Groups can contain child groups, and the managed nodes can be members of many groups. You can also set variables in the inventory that apply to one managed node, or a group of them.
You use the inventory to define the set of nodes against which you run one or more tasks in a playbook.
The inventory can be static or dynamic. A static inventory is a single text file with a list of the managed nodes. The managed nodes and groups in a static inventory are fixed as long as you do not manually change them. A dynamic inventory generates a list of nodes and groups in real time. To generate a dynamic inventory, you can use a script that queries an external source, such as a configuration management database (CMDB). You can create the script, take it from the open source community, and so on.
The use of dynamic inventories is beyond the scope of this course.
You can find more information about dynamic inventories at https://docs.ansible.com/ansible/latest/inventory_guide/intro_dynamic_inventory.html
You can build a static Ansible inventory using different formats. In this course, you focus on learning the INI-style format. You can use Visual Studio Code or any other editor to create the file.
The following example is a simple static inventory file written in the INI-style format. This Ansible inventory contains a simple list of managed nodes. You can use hostnames or IP addresses for the managed nodes.
iosxe1.lab.example.com iosxe2.lab.example.com junos.lab.example.com arista.lab.example.com
You can improve the Ansible inventory by defining groups of managed nodes and including variables that apply to them.
Use brackets to define groups of managed nodes, and add the list of nodes to the group. You can use blank lines between groups for better readability.
The following example contains three groups of managed nodes in the Ansible inventory.
The cisco group contains the iosxe1.lab.example.com and iosxe2.lab.example.com managed nodes.
The juniper and arista groups contain only one managed node each.
[cisco] iosxe1.lab.example.com iosxe2.lab.example.com [juniper] junos.lab.example.com [arista] arista.lab.example.com
A managed node can belong to more than one group in the Ansible inventory.
In the previous example, suppose that you have the managed nodes distributed in the dc1 and dc2 data centers.
If you plan to run some tasks on the nodes of one of the data centers, then consider defining groups with that information.
In the following inventory, all the managed nodes belong to more than one group.
For example, the iosxe1.lab.example.com node belongs to the cisco group and to the dc1 group.
You can use as many groups as you need to organize your inventory.
[cisco] iosxe1.lab.example.com iosxe2.lab.example.com [juniper] junos.lab.example.com [arista] arista.lab.example.com [dc1] iosxe1.lab.example.com junos.lab.example.com [dc2] iosxe2.lab.example.com arista.lab.example.com
All Ansible inventories contain two special groups: the all and the ungrouped groups.
-
all This group contains all the managed nodes in the Ansible inventory.
-
ungrouped This group contains all managed nodes that do not belong to any group. Ungrouped nodes appear at the top of an inventory file before the first group is defined.
You are not required to define either the all or the ungrouped groups in the Ansible inventory because they always exist.
The inventory can include groups of groups.
You can create such groups by adding the :children suffix to the parent group.
In the following example, the routers group includes the cisco, juniper, and arista groups.
[cisco] iosxe1.lab.example.com iosxe2.lab.example.com [juniper] junos.lab.example.com [arista] arista.lab.example.com [routers:children] cisco juniper arista
A group can have both individually managed nodes and groups of managed nodes as members. The individually managed nodes should be listed in the group, and the members that are groups should be placed as children.
In the following example, the parent cisco group consists of three managed nodes: the two members of the ios group, and the nxos.lab.example.com managed node.
[ios] iosxe1.lab.example.com iosxe2.lab.example.com [cisco] nxos.lab.example.com [cisco:children] ios
Sometimes the managed nodes in your Ansible inventory might have a pattern in their names. You can use a special syntax to add a range of managed hosts to the inventory. Ranges can be numeric or alphabetical.
In the following example, instead of writing twenty lines under the group name, you can define a range of managed nodes in the cisco group using a simplified syntax:
[cisco] iosxe[01:20].lab.example.com
The meaning of the [ syntax is as follows:START:END]
STARTEND
The ranges include all values from STARTEND
192.168.[4:7].[0:255]matches all IPv4 addresses in the192.168.4.0/22network (192.168.4.0through192.168.7.255).core-rtr-[01:20].example.commatches all hosts namedcore-rtr-01.example.comthroughcore-rtr-20.example.com.[a:c].dns.example.commatches hosts nameda.dns.example.com,b.dns.example.com, andc.dns.example.com.2001:db8::[a:f]matches all IPv6 addresses from2001:db8::athrough2001:db8::f.
If leading zeros are included in numeric ranges, they are used in the pattern.
The second example above does not match core-rtr-7.example.com but does match core-rtr-07.example.com.
You can also specify a range where there are increments between the sequence in the name of the managed nodes.
Suppose that you have distributed your managed nodes from the previous example in the dc1 and dc2 data centers.
The managed nodes with an odd number in their names (iosxe01.lab.example.com, iosxe03.lab.example.com, and so on) are in the dc1 data center.
The managed nodes with an even number in their names (iosxe02.lab.example.com, iosxe04.lab.example.com, and so on) are in the dc2 data center.
The simplified Ansible inventory looks like the following:
[cisco] iosxe[01:20].lab.example.com [dc1] iosxe[01:20:2].lab.example.com [dc2] iosxe[02:20:2].lab.example.com
The meaning of the [ syntax is as follows:START:END:STRIDE]
STARTENDSTRIDE
You can define variables for managed nodes in the Ansible inventory file.
These variables might be used by your Ansible Playbook, or they might be used to provide additional information about how Ansible connects to those managed nodes.
For example, you might use the ansible_host variable to point to an IP address if the managed node does not have a DNS entry.
In the following example, a play that uses the nxos.lab.example.com managed node connects to it by using the 10.80.1.251 IP address.
nxos.lab.example.com ansible_host=10.80.1.251
You can define variables for single managed nodes (host variables), and variables that affect an entire group in your Ansible inventory (group variables). You can use the host variables and the group variables later in your playbooks.
In the following example, you define the private_ip host variable with the 172.25.250.23 value in the Ansible inventory.
You can then use the private_ip value as the IP address of the nxos.lab.example.com managed node in a private network that is reachable by the control node.
nxos.lab.example.com private_ip=172.25.250.23
To define group variables, add the :vars suffix to the group in the Ansible inventory.
For example, Ansible treats the managed nodes in the Ansible inventory as network devices if you define the ansible_connection variable with the netcommon.network_cli value.
You might define this variable for specific groups of network devices, or you might create a group that contains all your network devices, such as the network_devices group.
[network_devices:vars] ansible_connection=ansible.netcommon.network_cli
The ansible_network_os variable is commonly used by network devices to indicate the network platform to which the managed node corresponds.
In the following example, the ansible_network_os variable is set to cisco.ios.ios for the managed nodes in the cisco group, and is set to arista.eos.eos for the managed nodes in the arista group.
[cisco] iosxe1.lab.example.com iosxe2.lab.example.com [arista] arista.lab.example.com [cisco:vars] ansible_network_os=cisco.ios.ios [arista:vars] ansible_network_os=arista.eos.eos
To display the contents of your Ansible inventory, you can use the ansible-navigator command with the inventory subcommand.
[user@host ~]$ ansible-navigator inventoryTo specify an Ansible inventory path that is not the default, use the --inventory (or the -i) option.
[user@host ~]$ ansible-navigator inventory --inventory ~/my_inventoryThe following output shows the two possible options to explore the Ansible inventory.
 |
Type 0 in the main Ansible inventory page to explore the groups and group members of the Ansible inventory.
 |
Enter the number of the group that you want to explore. If the number of the group is greater than nine, type a colon before the group number, and then press Enter.
For example, to list the managed nodes in the dc2 group in the previous output, type 2 or :2 followed by Enter.
 |
Managed nodes in the dc2 group.
You can continue pressing the number of the item you want to explore, or you can press Esc to go back one level.
Press Esc as many times as you need to go back some levels, to return to the main page, or to exit the ansible-navigator command.
You can also type :q to exit.
Type 1 in the main Ansible inventory page to explore the list of managed nodes in your Ansible inventory.
 |
To obtain more information about a managed node, type the number of the node, or type a colon, the node number, and Enter.
The following output shows the information for the iosxe1.lab.example.com managed node from the previous example.
 |
By default, the ansible-navigator command uses the text-based user interface.
To disable this interactive mode, run ansible-navigator inventory using the --mode stdout (or -m stdout) option.
When browsing an Ansible inventory using the -m stdout option, you have to specify one of the following actions:
To create an inventory graph, use the
--graphaction.To specify a managed node, use the
--hostaction.HOSTTo output all host information in JSON format, use the
--listaction.
The following example shows the output using the --graph action:
[user@host ~]$ ansible-navigator inventory -m stdout --graph
@all:
|--@ungrouped:
|--@dc1:
| |--iosxe1.lab.example.com
| |--junos.lab.example.com
|--@dc2:
| |--iosxe2.lab.example.com
| |--arista.lab.example.com
|--@routers:
| |--@cisco:
| | |--iosxe1.lab.example.com
| | |--iosxe2.lab.example.com
| |--@juniper:
| | |--junos.lab.example.com
| |--@arista:
| | |--arista.lab.example.comThe --graph action can also be used to create the inventory graph of only one group of the inventory:
[user@host ~]$ ansible-navigator inventory -m stdout --graph routers
@routers:
|--@cisco:
| |--iosxe1.lab.example.com
| |--iosxe2.lab.example.com
|--@juniper:
| |--junos.lab.example.com
|--@arista:
| |--arista.lab.example.com
