DO457 - ch03s09

Bookmark this page

Lab: Managing and Running Playbooks

Commit changes to an existing Ansible project in a Git repository, use automation controller to launch a job using a playbook from that project, and review the job results.

Outcomes

Consult module documentation to identify module requirements.
Create a Git branch and update a remote Git repository.
Create an automation controller machine credential, inventory, and job template.
Launch an automation controller job template.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command creates a Git repository, creates some automation controller resources, and removes DNS settings from the Juniper Junos managed nodes.

[student@workstation ~]$ lab start run-review

Instructions

This exercise provides you with a playbook that you can use to configure DNS settings on the Juniper Junos managed nodes in your environment. The initial playbook does not work and you must fix it. After updating the playbook, create automation controller resources so that you can run the playbook as a job template.

Navigate to https://controller.lab.example.com to access the automation controller web UI. Log in as admin using redhat as the password.

Clone the git@git.lab.example.com:student/run-review Git repository into the /home/student/git-repos directory and then create the exercise branch.
Use either VS Code or the git clone command to clone the git@git.lab.example.com:student/run-review Git repository into the /home/student/git-repos directory:
[student@workstation ~]$ cd ~/git-repos/ [student@workstation git-repos]$ git clone \ git@git.lab.example.com:student/run-review
Use either VS Code or the git checkout -b exercise command to create the exercise branch and check it out:
[student@workstation git-repos]$ cd run-review [student@workstation run-review]$ git checkout -b exercise Switched to a new branch 'exercise'

The existing /home/student/git-repos/run-review/junos_dns.yml playbook fails with the Could not open socket to junos1.lab.example.com:830 error message. Update the junos_dns.yml playbook to add a task that resolves this error.

To solve this problem, you might consult documentation for the junipernetworks.junos.junos_system module.

Attempt to run the junos_dns.yml playbook from either a VS Code terminal or a GNOME terminal. The playbook fails at the Configure DNS settings task with the Could not open socket to junos1.lab.example.com:830 error message.

[student@workstation run-review]$ ansible-navigator run junos_dns.yml

PLAY [Configure DNS settings on Juniper devices] ******************************

TASK [Configure DNS settings] *************************************************
fatal: [junos1.lab.example.com]: FAILED! => {"changed": false, "module_stderr": "", "module_stdout": "\n{\"failed\": true, \"msg\": \"Could not open socket to junos1.lab.example.com:830\", \"invocation\": {\"module_args\": {\"domain_search\": [\"lab.example.com\", \"example.com\"], \"name_servers\": [\"172.25.250.220\"], \"state\": \"present\", \"active\": true, \"hostname\": null, \"domain_name\": null}}}\n\n{\"failed\": true, \"msg\": \"Could not open socket to junos1.lab.example.com:830\", \"invocation\": {\"module_args\": {\"domain_search\": [\"lab.example.com\", \"example.com\"], \"name_servers\": [\"172.25.250.220\"], \"state\": \"present\", \"active\": true, \"hostname\": null, \"domain_name\": null}}}\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"}

PLAY RECAP ********************************************************************
junos1.lab.example.com     : ok=0    changed=0    unreachable=0    failed=1 ...

Please review the log for errors.

The Configure DNS settings task uses the junipernetworks.junos.junos_system module to configure some DNS settings. Check the documentation for that module. The NOTES section indicates that the netconf system service is a requirement:
```
[student@workstation run-review]$ ansible-navigator doc \
junipernetworks.junos.junos_system
...output omitted...
NOTES:
      * This module requires the netconf system service be
        enabled on the remote device being managed.
...output omitted...
```
Type q to exit the ansible-navigator command.
Interactively check the documentation for the junipernetworks.junos.junos_netconf module. If you do not know the module name, then the following steps help you identify the module name. Run the ansible-navigator collections command. After the command enters interactive mode, type :19 and press Enter to display information about the junipernetworks.junos collection:
```
[student@workstation run-review]$ ansible-navigator collections -m interactive
   Name                   Version  Shadowed  Type       Path
...output omitted...
19│junipernetworks.junos  4.0.0    False     contained  /usr/share/ansible/co...
...output omitted...
```
Type :21 and press Enter to display information about the junos_netconf module:
```
   Junipernetworks.junos  Type     Added  Deprecated  Description
...output omitted...
21│junos_netconf          module   1.0.0  False       Configures the Junos Ne...
...output omitted...
```
Line 38 contains a note about using the network_cli connection method. Because the inventory file for the project defines a different ansible_connection method for the junos host group, you must override the connection method when you use the junipernetworks.junos.junos_netconf module.
```
36│  notes:
37│  - Tested against vSRX JUNOS version 15.1X49-D15.4, vqfx-10000 JUNOS Vers...
38│  - Recommended connection is C(network_cli). See L(the Junos OS Platform ...
```
Lines 75-78 contain an example task that uses the module. The listens_on option is an alias to the netconf_port option.
```
74│examples: |-
75│  - name: enable netconf service on port 830
76│    junipernetworks.junos.junos_netconf:
77│      listens_on: 830
78│      state: present
```
Type :q and then press Enter to exit the ansible-navigator command.
Use the VS Code editor to modify the junos_dns.yml playbook. Add the highlighted lines and then save the file. The added task overrides the ansible_connection variable that is currently defined in the inventory file for the junos host group. The entire playbook contains the following content:
```
---
- name: Configure DNS settings on Juniper devices
  hosts: junos
  gather_facts: false
  tasks:
    - name: Enable netconf service on port 830
      vars:
        ansible_connection: ansible.netcommon.network_cli
      junipernetworks.junos.junos_netconf:
        netconf_port: 830
        state: present

    - name: Configure DNS settings
      junipernetworks.junos.junos_system:
        domain_search:
          - lab.example.com
          - example.com
        name_servers:
          - 172.25.250.220
```
Note
The ansible-navigator doc -l -t connection command lists available connection plug-ins. You might run this command to find the fully qualified collection name (FQCN) of the network_cli connection plug-in. You can use either network_cli or ansible.netcommon.network_cli as the value of the ansible_connection variable.

Update the /home/student/git-repos/run-review/inventory file to remove the line that sets the ansible_ssh_private_key_file variable. Although this inventory file works correctly when used on the workstation machine, the variable does not work when running the playbook from automation controller. Automation controller cannot find the private SSH key file because the file specified by the variable is not part of the Git repository.
Use the VS Code editor to modify the inventory file so that the file only contains the following content:
[junos] junos1.lab.example.com [junos:vars] ansible_user=student ansible_connection=ansible.netcommon.netconf ansible_network_os=junipernetworks.junos.junos
Use the ansible-navigator lint and ansible-navigator run commands to check your updated files for syntax errors and to verify that your playbook runs successfully. Add the -k option to the ansible-navigator run command and, when prompted, enter Student as the SSH connection password. Stage and commit the modified files and use a descriptive commit message. Push your changes to the remote Git repository. When finished, either close the opened folder in VS Code or return to the /home/student directory from the CLI.
Check the modified playbook for style and syntax errors. The ansible-navigator lint command only returns output if the command detects potential problems:
[student@workstation run-review]$ ansible-navigator lint junos_dns.yml
Run the junos_dns.yml playbook and use the -k option. Enter Student as the SSH password:
[student@workstation run-review]$ ansible-navigator run junos_dns.yml -k SSH password: Student PLAY [Configure DNS settings on Juniper devices] ******************************* TASK [Enable netconf service on port 830] ************************************** changed: [junos1.lab.example.com] TASK [Configure DNS settings] ************************************************** changed: [junos1.lab.example.com] PLAY RECAP ********************************************************************* junos1.lab.example.com : ok=2 changed=2 unreachable=0 failed=0 ...
Use either VS Code or the CLI to add, commit, and push the changes to the remote repository. Use a descriptive commit message, such as Configure netconf service. If you choose to use the CLI, then use the git add, git commit, and git push commands:
[student@workstation run-review]$ git add junos_dns.yml inventory [student@workstation run-review]$ git commit -m "Configure netconf service" [exercise 7cd3899] Configure netconf service 2 files changed, 7 insertions(+), 1 deletion(-) [student@workstation run-review]$ git push -u origin exercise ...output omitted... To git.lab.example.com:student/run-review * [new branch] exercise -> exercise Branch 'exercise' set up to track remote branch 'exercise' from 'origin'.
If you completed this step and the previous steps using VS Code, then click File → Close Folder to close the /home/student/git-repos/run-review directory. If you completed this step and the previous steps using the CLI, then run the cd command to return to the /home/student directory:
[student@workstation run-review]$ cd
From the automation controller web UI, update the run-review project resource so that the project uses the exercise branch.
Navigate to https://controller.lab.example.com and log in as admin using redhat as the password.
Navigate to Resources → Projects and then click the Edit Project icon for the run-review project.
Enter exercise in the Source Control Branch/Tag/Commit field and then click Save. After you click Save, automation controller immediately attempts to synchronize the project. The Last Job Status field updates to indicate that the project synchronization succeeded.
Create a machine credential resource using the following information:
Field Value
Name Juniper Junos Auth
Organization Default
Credential Type Machine
Username student
SSH Private Key Content of the /home/student/.ssh/lab_rsa file.
Navigate to Resources → Credentials and click Add. Create the credential using the settings in the preceding table and then click Save.
Create an inventory resource that uses the inventory file in the project directory. Create the inventory using the following information:
Field Value
Name Juniper Junos
Organization Default
Create a source for the inventory using the following information, and then synchronize the inventory source so that the inventory contains the junos host group and the junos1.lab.example.com host:
Field Value
Name Juniper Junos Source
Source Sourced from a Project
Project run-review
Inventory file inventory
Update options Overwrite (selected)
Overwrite variables (selected)
Navigate to Resources → Inventories and then click Add → Add inventory. Create the inventory and then click Save.
From the Sources tab, click Add. Create an inventory source and then click Save.
Click Sync to synchronize the inventory source. The Last Job Status field updates to indicate that the synchronization succeeded.
Create a job template to run the junos_dns.yml playbook using the following information. Launch the job template and verify that the resulting job succeeds.
Field Value
Name Juniper Junos DNS
Inventory Juniper Junos
Project run-review
Playbook junos_dns.yml
Credentials Juniper Junos Auth
Navigate to Resources → Templates and then click Add → Add job template. Create the job template with settings from the preceding table and then click Save.
Click Launch to run the job template. The resulting job succeeds.
Navigate to Views → Jobs and look for a numbered job with Juniper Junos DNS in the name. By default, automation controller lists the most recent jobs at the top. The Juniper Junos DNS job displays a status of Successful.
(Optional) Click the name of the Juniper Junos DNS job to review the job output.
Close the /home/student/git-repos/run-review directory in VS Code. If you are using the GNOME terminal, return to the /home/student directory.
1. Click File → Close Folder in VS Code to close the /home/student/git-repos/run-review directory.
2. If you are using the GNOME terminal, run the cd command to return to the student home directory:
  [student@workstation run-review]$ cd

Field	Value
Name	`Juniper Junos Auth`
Organization	`Default`
Credential Type	`Machine`
Username	`student`
SSH Private Key	Content of the `/home/student/.ssh/lab_rsa` file.

Field	Value
Name	`Juniper Junos`
Organization	`Default`

Field	Value
Name	`Juniper Junos Source`
Source	`Sourced from a Project`
Project	`run-review`
Inventory file	`inventory`
Update options	`Overwrite` (selected)
`Overwrite variables` (selected)

Field	Value
Name	`Juniper Junos DNS`
Inventory	`Juniper Junos`
Project	`run-review`
Playbook	`junos_dns.yml`
Credentials	`Juniper Junos Auth`

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade run-review

Finish

As the student user on the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish run-review

Discuss Network Automation with Red Hat Ansible Automation Platform

Go to community

Welcome to the Red Hat Ansible for Network Automation (DO457) group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Ansible for Network Automation! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO457.Read more about Red Hat Ansible for Network Automation here.

3120

Revision: do457-2.3-7cfa22a

Network Automation with Red Hat Ansible Automation Platform

Lab: Managing and Running Playbooks

Note