DO457 - ch02s09

Bookmark this page

Lab: Implementing an Ansible Playbook

Configure and perform administrative tasks on managed nodes using a playbook.

Outcomes

Create a custom Ansible inventory.
Generate an automation content navigator configuration file.
Create and run an Ansible playbook to configure the Message of the Day (MOTD) banners on network devices.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command installs the required software, downloads an automation execution environment, and creates the project directory for the exercise.

[student@workstation ~]$ lab start implement-review

Instructions

Create an Ansible inventory file named inventory in the /home/student/implement-review directory. Use the information in the following table to organize the groups in the Ansible inventory. Create as many inventory groups of managed nodes as needed.
Managed node Operating system
iosxe1.lab.example.com IOS XE
iosxe2.lab.example.com IOS XE
junos1.lab.example.com Junos
junos2.lab.example.com Junos
Use the information in the following tables to define group variables for all the managed nodes in the Ansible inventory.
Table 2.3. IOS Devices
Variable Value
ansible_user student
ansible_ssh_private_key_file ~/.ssh/lab_rsa
ansible_connection ansible.netcommon.network_cli
ansible_network_os cisco.ios.ios

Table 2.4. Junos Devices
Variable Value
ansible_user student
ansible_ssh_private_key_file ~/.ssh/lab_rsa
ansible_connection ansible.netcommon.netconf
ansible_network_os junipernetworks.junos.junos

The variables from the tables control the way Ansible connects to the managed nodes:
- ansible_user specifies which username to use when connecting to the managed node.
- ansible_ssh_private_key_file specifies the private key file to use as authentication when connecting to the managed node.
- ansible_connection determines the connection type to the managed node.
- ansible_network_os informs Ansible of the network platform of the managed node.
Open the /home/student/implement-review directory in Visual Studio Code.
In VS Code, click View → Explorer and then click File → Open Folder.
Navigate to Home → implement-review and then click Open.
Note
If prompted, select Trust the authors of all files in the parent folder 'student' in the pop-up window, and then click Yes, I trust the authors.
Create a custom static inventory named inventory in the /home/student/implement-review directory. Complete the following substeps if you do it in VS Code:
Click File → New File, enter inventory as the file, and then click Create New File.
Click Create File in the Files window behind VS Code. The Files window closes after the inventory file is created.
Edit the Ansible inventory file so that it contains the following content:
[ios] iosxe[1:2].lab.example.com [junos] junos[1:2].lab.example.com [network_devices:children] ios junos [network_devices:vars] ansible_user=student ansible_ssh_private_key_file=~/.ssh/lab_rsa [ios:vars] ansible_connection=ansible.netcommon.network_cli ansible_network_os=cisco.ios.ios [junos:vars] ansible_connection=ansible.netcommon.netconf ansible_network_os=junipernetworks.junos.junos
Generate the automation content navigator configuration file in the /home/student/implement-review directory. Configure this file as follows:
- Add an entry for the Ansible inventory file.
- Use the hub.lab.example.com/ee-supported-rhel8:latest image as the default automation execution environment.
- Set the pull policy to missing.
- Set the mode to stdout.
- Disable the creation of playbook artifacts.
Use the ansible-navigator settings --effective command in a terminal to display the effective settings. Add the --eei and --pp options to the automation content navigator command to specify the automation execution environment image and the missing pull policy. Redirect the command output into a file named sample.yml.
If you are using VS Code, click Terminal → New Terminal to open a terminal.
[student@workstation implement-review] ansible-navigator settings \ --effective --eei hub.lab.example.com/ee-supported-rhel8 \ --pp missing > sample.yml
Rename the sample.yml file to ansible-navigator.yml.
[student@workstation implement-review] mv sample.yml ansible-navigator.yml
Edit the ansible-navigator.yml file removing the lines not related to what was requested, and adding an entry for the inventory file. After updating the ansible-navigator.yml file, it must have the following content.
--- ansible-navigator: ansible: inventory: entries: - ./inventory execution-environment: image: hub.lab.example.com/ee-supported-rhel8:latest pull: policy: missing mode: stdout playbook-artifact: enable: false
Note
This lab solution removes lines so that you can focus on a small group of settings, but the lines do not need to be removed.
Create a playbook called motd_banner.yml in the /home/student/implement-review directory. Add two plays to the playbook with the necessary entries to set up a MOTD banner on the IOS and Junos managed nodes. The MOTD banner is a message displayed immediately after logging in to the managed node. The banner must read "This is an Ansible-managed node".
Note
Remember to always give meaningful names to plays and tasks, to make clear what they are doing.
You can use the cisco.ios.ios_banner module to configure the banner in the IOS devices and the junipernetworks.junos.junos_banner module to configure the banner in the Junos devices.
For the IOS managed nodes, use a handler that runs the cisco.ios.ios_config module to ensure that the banner changes are persistent.
The junipernetworks.junos.junos_banner module requires that the netconf service be enabled on the Junos managed nodes. You can use the junipernetworks.junos.junos_netconf module to enable the Junos netconf service on port 830.
Either in the GNOME terminal or in VS Code, create the motd_banner.yml file in the /home/student/implement-review directory. Add the following entry to the beginning of the file to indicate YAML format.
---
Add the following entry in the playbook file to define the start of the first play.
- name: Configure a banner on IOS devices
Add the following entries to indicate that the play applies to the IOS network devices, and to disable fact gathering for these managed nodes. Make sure that the beginning of the entries are indented two spaces.
hosts: ios gather_facts: false
Add the following entries to define the beginning of the task list and the first task. Indent the beginning of the task list two spaces, and indent the line for the first task four spaces. Pay attention to adding two more spaces to the indentation of each lower level.
tasks: - name: Configure a MOTD banner cisco.ios.ios_banner: banner: motd text: This is an Ansible-managed node state: present
Changes made by the cisco.ios.ios_banner module are not persistent. Add the highlighted lines so that if the Configure a MOTD banner task results in a change, the task triggers a handler that saves the running configuration to the startup configuration.
Indent the notify line at the same level as the module name, and indent the handlers line at the same level as the tasks line.
tasks: - name: Configure a MOTD banner cisco.ios.ios_banner: banner: motd text: This is an Ansible-managed node state: present notify: ios_save_changes handlers: - name: ios_save_changes cisco.ios.ios_config: save_when: always
Add the following entries to the motd_banner.yml playbook to denote the start of the second play. Indicate that the play applies to the Junos network devices, and disable fact gathering for these managed nodes.
Make sure that the beginning of the entry is not indented, and indent the beginning of the next entries two spaces.
- name: Configure a banner on Junos devices hosts: junos gather_facts: false
Add the following entries to define the beginning of the task list and the first task for the second play. The task must enable the netconf service on port 830. Set the ansible_connection variable to ansible.netcommon.network_cli to override the value set in the inventory file.
Pay attention to the indentation for each level.
Indent the beginning of the task list two spaces, and indent the first task four spaces.
The lines for the variables definition and the junipernetworks.junos.junos_netconf module have six spaces of indentation.
The defined ansible_connection variable and the parameters for the junipernetworks.junos.junos_netconf module are indented eight spaces.
tasks: - name: Enable the netconf service on port 830 vars: ansible_connection: ansible.netcommon.network_cli junipernetworks.junos.junos_netconf: netconf_port: 830 state: present
Add the following entries to define the second task for the second play. Use the junipernetworks.junos.junos_banner module to configure the MOTD message. Indent the line for the task name four spaces. Indent the beginning of the module entry six spaces, and indent the beginning of the module parameters eight spaces.
- name: Configure a MOTD banner junipernetworks.junos.junos_banner: banner: motd text: This is an Ansible-managed node state: present
The complete motd_banner.yml playbook reads as follows:
--- - name: Configure a banner on IOS devices hosts: ios gather_facts: false tasks: - name: Configure a MOTD banner cisco.ios.ios_banner: banner: motd text: This is an Ansible-managed node state: present notify: ios_save_changes handlers: - name: ios_save_changes cisco.ios.ios_config: save_when: always - name: Configure a banner on Junos devices hosts: junos gather_facts: false tasks: - name: Enable the netconf service on port 830 vars: ansible_connection: ansible.netcommon.network_cli junipernetworks.junos.junos_netconf: netconf_port: 830 state: present - name: Configure a MOTD banner junipernetworks.junos.junos_banner: banner: motd text: This is an Ansible-managed node state: present
Note
You can use different names for the plays and tasks than this solution uses.

Managed node	Operating system
`iosxe1.lab.example.com`	IOS XE
`iosxe2.lab.example.com`	IOS XE
`junos1.lab.example.com`	Junos
`junos2.lab.example.com`	Junos

Variable	Value
`ansible_user`	`student`
`ansible_ssh_private_key_file`	`~/.ssh/lab_rsa`
`ansible_connection`	`ansible.netcommon.network_cli`
`ansible_network_os`	`cisco.ios.ios`

Variable	Value
`ansible_user`	`student`
`ansible_ssh_private_key_file`	`~/.ssh/lab_rsa`
`ansible_connection`	`ansible.netcommon.netconf`
`ansible_network_os`	`junipernetworks.junos.junos`

Run the motd_banner.yml playbook using automation content navigator. Optionally, verify the MOTD banner on managed nodes for the IOS and Junos devices.

Use the ansible-navigator run command to run the motd_banner.yml playbook. Read through the generated output to ensure that all tasks completed successfully.

[student@workstation implement-review]$ ansible-navigator run motd_banner.yml

PLAY [Configure a banner on IOS devices] ***************************************

TASK [Configure a MOTD banner] *************************************************
changed: [iosxe1.lab.example.com]
changed: [iosxe2.lab.example.com]

RUNNING HANDLER [ios_save_changes] *********************************************
changed: [iosxe2.lab.example.com]
changed: [iosxe1.lab.example.com]

PLAY [Configure a banner on Junos devices] *************************************

TASK [Enable the netconf service on port 830] **********************************
changed: [junos1.lab.example.com]
changed: [junos2.lab.example.com]

TASK [Configure a MOTD banner] *************************************************
changed: [junos1.lab.example.com]
changed: [junos2.lab.example.com]

PLAY RECAP *********************************************************************
iosxe1.lab.example.com     : ok=2    changed=2    unreachable=0    failed=0  ...
iosxe2.lab.example.com     : ok=2    changed=2    unreachable=0    failed=0  ...
junos1.lab.example.com     : ok=2    changed=2    unreachable=0    failed=0  ...
junos2.lab.example.com     : ok=2    changed=2    unreachable=0    failed=0  ...

Click File → Close Folder in VS Code to close the /home/student/implement-review directory, or run the cd command in a GNOME terminal to return to the student home directory.
```
[student@workstation implement-review]$ cd
```

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade implement-review

Finish

As the student user on the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish implement-review

Discuss Network Automation with Red Hat Ansible Automation Platform

Go to community

Welcome to the Red Hat Ansible for Network Automation (DO457) group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Ansible for Network Automation! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO457.Read more about Red Hat Ansible for Network Automation here.

3120

Revision: do457-2.3-7cfa22a

Network Automation with Red Hat Ansible Automation Platform

Lab: Implementing an Ansible Playbook

Note

Note

Note

Note