DO457 - ch06s11

Bookmark this page

Lab: Simplifying Playbooks with Roles and Ansible Content Collections

Create Ansible Roles that use variables and tasks.

Outcomes

Create a playbook that includes tasks from other files and imports another playbook.
Configure a project to use various collection sources and install collections.
Create a playbook that uses a role provided by a collection.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command installs the required software, downloads an automation execution environment, and creates the required resources for the exercise.

[student@workstation ~]$ lab start simplify-review

Instructions

Create a playbook called monitoring.yml in the /home/student/simplify-review directory.

The playbook must include the tasks in the tasks/juniper_netconf_enable.yml file to enable NETCONF only on managed nodes in the junos inventory group.
The playbook must include the tasks in the tasks/juniper_snmp.yml file to configure the Simple Network Management Protocol (SNMP) on Juniper devices. These tasks must target managed nodes in the junos inventory group.
The playbook must also include the tasks in the cisco_snmp.yml file to configure SNMP on Cisco devices. These tasks must target managed nodes in the ios inventory group.
Likewise, the playbook must also include the tasks in the arista_snmp.yml file to configure SNMP on Arista devices. These tasks must target managed nodes in the eos inventory group.
Finally the playbook must import the syslog.yml playbook.

Open VS Code and click File → Open Folder.
Navigate to Home → simplify-review and click Open.
Note
If prompted, select Trust the authors of all files in the parent folder 'student', and then click Yes, I trust the authors.
Create a playbook in the /home/student/simplify-review directory called monitoring.yml that targets managed nodes in the junos, ios, and eos inventory groups. Add the following content to the playbook:
```
---
- name: Configure monitoring on managed network nodes
  hosts:
    - junos
    - ios
    - eos
  gather_facts: false
  tasks:
```

Add a block that runs tasks on managed nodes in the junos inventory group. In the Junos block, include the tasks from the tasks/juniper_netconf_enable.yml and tasks/juniper_snmp.yml files. Add the following content to the playbook:

...output omitted...
    - name: Juniper Junos block
      when: inventory_hostname in groups['junos']
      block:
        - name: Enable NETCONF
          ansible.builtin.include_tasks: tasks/juniper_netconf_enable.yml

        - name: Configure Juniper SNMP settings
          ansible.builtin.include_tasks: tasks/juniper_snmp.yml

Add a block that runs tasks on managed nodes in the ios inventory group. In the Cisco block, include the tasks from the tasks/cisco_snmp.yml file. Add the following content to the playbook:

...output omitted...
    - name: Cisco IOS block
      when: inventory_hostname in groups['ios']
      block:
        - name: Configure Cisco SNMP settings
          ansible.builtin.include_tasks: tasks/cisco_snmp.yml

Add a block that runs tasks on managed nodes in the eos inventory group. In the Arista block, include the tasks from the tasks/arista_snmp.yml file. Add the following content to the playbook:

...output omitted...
    - name: Arista EOS block
      when: inventory_hostname in groups['eos']
      block:
        - name: Configure Arista SNMP settings
          ansible.builtin.include_tasks: tasks/arista_snmp.yml

Add a play to import the syslog.yml playbook:

...output omitted...
- name: Configure syslog
  ansible.builtin.import_playbook: syslog.yml

The final playbook should consist of the following content:

---
- name: Configure monitoring on managed network nodes
  hosts:
    - junos
    - ios
    - eos
  gather_facts: false
  tasks:
    - name: Juniper Junos block
      when: inventory_hostname in groups['junos']
      block:
        - name: Enable NETCONF
          ansible.builtin.include_tasks: tasks/juniper_netconf_enable.yml

        - name: Configure Juniper SNMP settings
          ansible.builtin.include_tasks: tasks/juniper_snmp.yml

    - name: Cisco IOS block
      when: inventory_hostname in groups['ios']
      block:
        - name: Configure Cisco SNMP settings
          ansible.builtin.include_tasks: tasks/cisco_snmp.yml

    - name: Arista EOS block
      when: inventory_hostname in groups['eos']
      block:
        - name: Configure Arista SNMP settings
          ansible.builtin.include_tasks: tasks/arista_snmp.yml

- name: Configure syslog
  ansible.builtin.import_playbook: syslog.yml

(Optional) The previous playbook demonstrates one possible solution. Instead of using when conditions, you might create separate plays for each inventory group. That playbook might consist of the following content:

---
- name: Configure monitoring on Juniper managed network nodes
  hosts: junos
  gather_facts: false
  tasks:
    - name: Enable NETCONF
      ansible.builtin.include_tasks: tasks/juniper_netconf_enable.yml

    - name: Configure Juniper SNMP settings
      ansible.builtin.include_tasks: tasks/juniper_snmp.yml

- name: Configure monitoring on Cisco managed network nodes
  hosts: ios
  gather_facts: false
  tasks:
    - name: Configure SNMP settings
      ansible.builtin.include_tasks: tasks/cisco_snmp.yml

- name: Configure monitoring on Arisa managed network nodes
  hosts: eos
  gather_facts: false
  tasks:
    - name: Configure Arista SNMP settings
      ansible.builtin.include_tasks: tasks/arista_snmp.yml

- name: Configure syslog
  ansible.builtin.import_playbook: syslog.yml

Run the monitoring.yml playbook, and then run the verify_monitoring.yml playbook to verify that the configuration set by the monitoring.yml playbook was successful.

Switch to the Terminal tab in VS Code, or change to the /home/student/simplify-review directory in a GNOME terminal:
```
[student@workstation ~] cd ~/simplify-review
```

Run the monitoring.yml playbook to configure SNMP on all managed nodes and to configure logging on managed nodes in the ios inventory group:

[student@workstation simplify-review]$ ansible-navigator run monitoring.yml
...output omitted...
PLAY RECAP ********************************************************************
arista1.lab.example.com    : ok=2    changed=1    unreachable=0    failed=0 ...
arista2.lab.example.com    : ok=2    changed=1    unreachable=0    failed=0 ...
iosxe1.lab.example.com     : ok=3    changed=2    unreachable=0    failed=0 ...
iosxe2.lab.example.com     : ok=3    changed=2    unreachable=0    failed=0 ...
junos1.lab.example.com     : ok=4    changed=2    unreachable=0    failed=0 ...
junos2.lab.example.com     : ok=4    changed=2    unreachable=0    failed=0 ...

Run the verify_monitoring.yml playbook. The playbook displays a message for each managed node to indicate if SNMP is configured correctly, and for each managed node in the ios inventory group to indicate if logging is configured correctly.

[student@workstation simplify-review]$ ansible-navigator run verify_monitoring.yml

PLAY [Verify Junos SNMP was configured properly] ******************************
...output omitted...
TASK [Verify the correct contact info was configured] *************************
ok: [junos1.lab.example.com] => {
    "changed": false,
    "msg": "SNMP is configured properly on 'junos1.lab.example.com'."
}
ok: [junos2.lab.example.com] => {
    "changed": false,
    "msg": "SNMP is configured properly on 'junos2.lab.example.com'."
}

PLAY [Verify IOS SNMP was configured properly] ********************************
...output omitted...
TASK [Verify the correct contact info was configured] *************************
ok: [iosxe2.lab.example.com] => {
    "changed": false,
    "msg": "SNMP is configured properly on 'iosxe2.lab.example.com'."
}
ok: [iosxe1.lab.example.com] => {
    "changed": false,
    "msg": "SNMP is configured properly on 'iosxe1.lab.example.com'."
}

PLAY [Verify EOS SNMP was configured properly] ******************************
...output omitted...
TASK [Verify the correct contact info was configured] *************************
ok: [arista1.lab.example.com] => {
    "changed": false,
    "msg": "SNMP is configured properly on 'arista1.lab.example.com'."
}
ok: [arista2.lab.example.com] => {
    "changed": false,
    "msg": "SNMP is configured properly on 'arista2.lab.example.com'."
}

PLAY [Verify IOS syslog was configured properly] ******************************
...output omitted...
TASK [Verify the correct syslog server logging level was configured] **********
ok: [iosxe2.lab.example.com] => {
    "changed": false,
    "msg": "Logging is configured properly on 'iosxe2.lab.example.com'."
}
ok: [iosxe1.lab.example.com] => {
    "changed": false,
    "msg": "Logging is configured properly on 'iosxe1.lab.example.com'."
}
...output omitted...
PLAY RECAP ********************************************************************
arista1.lab.example.com    : ok=3    changed=0    unreachable=0    failed=0  ...
arista2.lab.example.com    : ok=3    changed=0    unreachable=0    failed=0  ...
iosxe1.lab.example.com     : ok=5    changed=0    unreachable=0    failed=0  ...
iosxe2.lab.example.com     : ok=5    changed=0    unreachable=0    failed=0  ...
junos1.lab.example.com     : ok=3    changed=0    unreachable=0    failed=0  ...
junos2.lab.example.com     : ok=3    changed=0    unreachable=0    failed=0  ...
localhost                  : ok=2    changed=0    unreachable=0    failed=0  ...

Configure the Ansible project in the /home/student/simplify-review directory so that the project searches for collections in the project collections directory and the /usr/share/ansible/collections directory. Configure the Ansible project so that the ansible-galaxy command retrieves collections from the classroom's private automation hub. Enable access to the rh-certified and validated repositories.
You can access the classroom's private automation hub at https://hub.lab.example.com. Log in as student using redhat123 as the password.
Create the /home/student/simplify-review/ansible.cfg file and set the collections_paths variable:
[defaults] collections_paths = ./collections:/usr/share/ansible/collections
Use a browser to navigate to the private automation hub at https://hub.lab.example.com, and then log in as student using redhat123 as the password.
From the private automation hub web UI, navigate to Collections → Repository Management. This page has the parameters that you need for configuring the ansible.cfg file. Click the Copy to clipboard icon in the CLI configuration column and the rh-certified row. Do not close your web browser window.
Note
You might need to collapse the web UI navigation bar or zoom out in your web browser to see the Copy to clipboard icon for the CLI configuration column.
Copying settings for the Red Hat certified repository
Update the ansible.cfg file and add the lines that you copied to the clipboard in the preceding step. The updated ansible.cfg file contains the following content:
[defaults] collections_paths = ./collections:/usr/share/ansible/collections [galaxy] server_list = rh-certified_repo [galaxy_server.rh-certified_repo] url=https://hub.lab.example.com/api/galaxy/content/rh-certified/ token=<put your token here>
Return to the Repo Management page in the private automation hub web UI. Click the Copy to clipboard icon in the CLI configuration column and the validated row. Do not close your web browser window.
Copying settings for the validated repository
Update the ansible.cfg file to append the lines that you copied to the clipboard in the preceding step. The updated ansible.cfg file now contains the following content:
[defaults] collections_paths = ./collections:/usr/share/ansible/collections [galaxy] server_list = rh-certified_repo [galaxy_server.rh-certified_repo] url=https://hub.lab.example.com/api/galaxy/content/rh-certified/ token=<put your token here> [galaxy] server_list = validated_repo [galaxy_server.validated_repo] url=https://hub.lab.example.com/api/galaxy/content/validated/ token=<put your token here>
Update the ansible.cfg file so that it only contains one [galaxy] section. Update the first [galaxy] section so that it lists both the rh-certified_repo and the validated_repo repositories. Remove the second [galaxy] section. The updated ansible.cfg file now contains the following content:
[defaults] collections_paths = ./collections:/usr/share/ansible/collections [galaxy] server_list = rh-certified_repo, validated_repo [galaxy_server.rh-certified_repo] url=https://hub.lab.example.com/api/galaxy/content/rh-certified/ token=<put your token here> [galaxy_server.validated_repo] url=https://hub.lab.example.com/api/galaxy/content/validated/ token=<put your token here>
Return to the private automation hub web UI. Navigate to Collections → API token management and then click Load token. Copy the API token.
Important
Loading a new token invalidates any of your previous tokens.
Using the copied token, update both token lines in the ansible.cfg file. Your token is different from the token displayed in this example. Save and close the file when done:
[defaults] collections_paths = ./collections:/usr/share/ansible/collections [galaxy] server_list = rh-certified_repo, validated_repo [galaxy_server.rh-certified_repo] url=https://hub.lab.example.com/api/galaxy/content/rh-certified/ token=19abc11a37723c1d1ace762b9d00221d2b15dad0 [galaxy_server.validated_repo] url=https://hub.lab.example.com/api/galaxy/content/validated/ token=19abc11a37723c1d1ace762b9d00221d2b15dad0
Create a requirements.yml file in the project collections directory to install the 2.0.0 version of the network.base collection. When done, install the required collection. Add the -n (or --no-deps) option to the ansible-galaxy command so that the command does not install dependencies specified by the network.base collection.
Important
In the lab environment, if you do not add the -n (or --no-deps) option to the ansible-galaxy command, then the command installs versions of the ansible.netcommon and ansible.utils collections that do not function correctly with the ansible.base.resource_manager role.
Create the /home/student/simplify-review/collections/requirements.yml file. Add the following content to require the 2.0.0 version of the network.base collection:
--- collections: - name: network.base version: 2.0.0
In the /home/student/simplify-review directory, use the ansible-galaxy command to install the required collections. Add the -r option to specify the location of the collections/requirements.yml file and the --no-deps option to prevent installing dependencies.
[student@workstation simplify-review]$ ansible-galaxy collection install \ -r collections/requirements.yml --no-deps ...output omitted... network.base:2.0.0 was installed successfully
List the installed collections:
[student@workstation simplify-review]$ ansible-galaxy collection list # /home/student/simplify-review/collections/ansible_collections Collection Version ----------------- ------- network.base 2.0.0 # /usr/share/ansible/collections/ansible_collections Collection Version ------------------------ ------- redhat.rhel_system_roles 1.20.1
Important
The output in the /usr/share/ansible/collections/ansible_collections section displays collections installed on the local system, which is different from collections installed in an automation execution environment.
To see collections available to automation content navigator from the project directory, run the following command:
[student@workstation simplify-review]$ ansible-navigator collections \ -m interactive
Create a playbook called resource_modules.yml in the /home/student/simplify-review directory. The playbook must target managed nodes in the ios inventory group. The playbook must have one task that includes the resource_manager role from the network.base collection. Define the action variable for the task and assign list as the value of the variable.
Note
The classroom private automation hub contains documentation for the network.base collection. You might use this documentation as a resource for creating the playbook.
Create a playbook in the /home/student/simplify-review directory called resource_modules.yml that targets managed nodes in the ios inventory group. Add the following contents to the playbook:
--- - name: List supported resource modules hosts: ios gather_facts: false tasks:
Add a task to the playbook that includes the resource_manager role from the network.base collection:
...output omitted... - name: Network Resource Manager ansible.builtin.include_role: name: network.base.resource_manager
Define the variable for the role in the task:
...output omitted... - name: Network Resource Manager ansible.builtin.include_role: name: network.base.resource_manager vars: action: list
The final playbook should consist of the following content:
--- - name: List supported resource modules hosts: ios gather_facts: false tasks: - name: Network Resource Manager ansible.builtin.include_role: name: network.base.resource_manager vars: action: list

Run the resource_modules.yml playbook to display resource modules for the managed nodes. The playbook runs successfully if you see output for each managed node that includes module resources, such as:

...output omitted...
        "modules": [
            "acl_interfaces",
            "acls",
            "bgp_address_family",
            "bgp_global",
...output omitted...

Run the resource_modules.yml playbook. Each managed node should display the following module resources:

[student@workstation simplify-review]$ ansible-navigator run resource_modules.yml
...output omitted...
        "modules": [
            "acl_interfaces",
            "acls",
            "bgp_address_family",
            "bgp_global",
            "hostname",
            "interfaces",
            "l2_interfaces",
            "l3_interfaces",
            "lacp",
            "lacp_interfaces",
            "lag_interfaces",
            "lldp_global",
            "lldp_interfaces",
            "logging_global",
            "ntp_global",
            "ospf_interfaces",
            "ospfv2",
            "ospfv3",
            "prefix_lists",
            "route_maps",
            "snmp_server",
            "static_routes",
            "vlans"
        ]
...output omitted...

Close the /home/student/simplify-review directory in VS Code. If you are using the GNOME terminal, return to the /home/student directory.
1. Click File → Close Folder in VS Code to close the /home/student/simplify-review directory.
2. If you are using the GNOME terminal, run the cd command to return to the student home directory:
```
[student@workstation simplify-review]$ cd
```

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade simplify-review

Finish

As the student user on the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish simplify-review

Discuss Network Automation with Red Hat Ansible Automation Platform

Go to community

Welcome to the Red Hat Ansible for Network Automation (DO457) group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Ansible for Network Automation! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO457.Read more about Red Hat Ansible for Network Automation here.

3120

Revision: do457-2.3-7cfa22a

Network Automation with Red Hat Ansible Automation Platform

Lab: Simplifying Playbooks with Roles and Ansible Content Collections

Note

Note

Important

Important

Important

Note