DO457 - ch02s03

Preface A: Introduction

Section A.1: Red Hat Ansible for Network Automation

Section A.2: Orientation to the Classroom Environment

Chapter 1: Deploying Ansible

Section 1.1: Preparing to Install Ansible

Section 1.2: Orientation to Lab Activities

Section 1.3: Installing Ansible

Section 1.4: Guided Exercise: Installing Ansible on the Control Node

Section 1.5: Guided Exercise: Identifying Resources for Installed Plug-ins

Section 1.6: Defining Ansible's Scope

Section 1.7: Creating Ansible Inventories

Section 1.8: Guided Exercise: Creating Host Inventories

Section 1.9: Configuring Ansible

Section 1.10: Guided Exercise: Configuring Ansible

Section 1.11: Lab: Deploying Ansible

Chapter 2: Running Commands and Plays

Section 2.1: Executing Ad Hoc Commands

Section 2.2: Guided Exercise: Executing Ad Hoc Commands

SectionSection 2.3: Preparing Ansible Playbooks

Section 2.4: Guided Exercise: Converting an Ad Hoc Command to a Play

Section 2.5: Building a Play with Multiple Tasks

Section 2.6: Guided Exercise: Building a Play with Multiple Tasks

Section 2.7: Composing Playbooks with Multiple Plays

Section 2.8: Guided Exercise: Composing Playbooks with Multiple Plays

Section 2.9: Lab: Running Commands and Plays

Chapter 3: Parameterizing Automation

Section 3.1: Defining Variables

Section 3.2: Guided Exercise: Defining and Using Variables

Section 3.3: Controlling Tasks with Loops and Conditions

Section 3.4: Guided Exercise: Controlling Tasks with Loops and Conditions

Section 3.5: Transforming Variable Data with Filters

Section 3.6: Guided Exercise: Looping Over a Filtered List

Section 3.7: Working with Roles

Section 3.8: Guided Exercise: Creating and Using Roles

Section 3.9: Customizing Data with Jinja2 Templates

Section 3.10: Guided Exercise: Generating Config Statements with Jinja2

Section 3.11: Lab: Parameterizing Automation

Chapter 4: Administering Ansible

Section 4.1: Ansible in the Enterprise

Section 4.2: Safeguarding Sensitive Data with Ansible Vault

Section 4.3: Guided Exercise: Safeguarding Sensitive Data with Ansible Vault

Section 4.4: Running Plays with Encrypted Data

Section 4.5: Guided Exercise: Running Plays with Encrypted Data

Section 4.6: Protecting Resources with Ansible Vault

Section 4.7: Guided Exercise: Protecting Resources with Ansible Vault

Section 4.8: Creating Inventories Using YAML

Section 4.9: Guided Exercise: Creating Inventories Using YAML

Section 4.10: Generating and Using Dynamic Inventories

Section 4.11: Guided Exercise: Generating and Using Dynamic Inventories

Section 4.12: Centrally Running Ansible with Red Hat Ansible Tower

Section 4.13: Guided Exercise: Navigating the Red Hat Ansible Tower Web Interface

Section 4.14: Guided Exercise: Creating Inventories in Red Hat Ansible Tower

Section 4.15: Lab: Administering Ansible

Chapter 5: Automating Simple Network Operations

Section 5.1: Gathering Network Information with Ansible

Section 5.2: Guided Exercise: Gathering Facts

Section 5.3: Guided Exercise: Viewing System Settings

Section 5.4: Configuring Network Devices

Section 5.5: Guided Exercise: Backing Up Network Device Configurations

Section 5.6: Configuring the Host Name

Section 5.7: Guided Exercise: Configuring the Host Name

Section 5.8: Configuring System Settings

Section 5.9: Guided Exercise: Configuring System Settings

Section 5.10: Generating Configuration Settings from Jinja2 Templates

Section 5.11: Guided Exercise: Configuring From Templates

Section 5.12: Guided Exercise: Configuring Settings From Templates

Section 5.13: Enabling and Disabling Interfaces

Section 5.14: Guided Exercise: Bouncing an Interface

Section 5.15: Guided Exercise: Bouncing Specified IOS Interfaces

Section 5.16: Reinitializing Layer 3 Interfaces

Section 5.17: Guided Exercise: Reinitializing Layer 3 on VyOS Devices

Section 5.18: Provisioning the Start-up Network

Section 5.19: Guided Exercise: Provisioning the Start-up Network

Section 5.20: Provisioning Spine and Leaf Devices

Section 5.21: Guided Exercise: Provisioning Spine and Leaf Devices

Section 5.22: Setting Parameters with Ansible Tower Surveys

Section 5.23: Guided Exercise: Setting Parameters with Ansible Tower Surveys

Section 5.24: Lab: Automating Simple Network Operations

Chapter 6: Automating Complex Network Operations

Section 6.1: Aggregating Logged Events to Syslog

Section 6.2: Guided Exercise: Aggregating Logged Events to Syslog

Section 6.3: Managing Access Control Lists on IOS

Section 6.4: Guided Exercise: Managing Access Control Lists on IOS

Section 6.5: Enabling SNMP

Section 6.6: Guided Exercise: Enabling SNMP

Section 6.7: Overcoming Real-world Challenges

Section 6.8: Guided Exercise: Provisioning the Consolidation Network

Section 6.9: Implementing Dynamic Routing with OSPF

Section 6.10: Guided Exercise: Implementing Dynamic Routing with OSPF

Section 6.11: Guided Exercise: Verifying End-to-End Reachability

Section 6.12: Implementing OSPF with Multiple Autonomous Systems

Section 6.13: Guided Exercise: Provisioning the Break Up Network

Section 6.14: Implementing Dynamic Routing with EBGP

Section 6.15: Guided Exercise: Implementing Dynamic Routing with EBGP

Section 6.16: Upgrading the Network

Section 6.17: Guided Exercise: Upgrading VyOS

Section 6.18: Lab: Automating Complex Operations

Chapter 7: Comprehensive Review

Section 7.1: Comprehensive Review

Section 7.2: Lab: Deploying Ansible

Section 7.3: Lab: Executing Commands and Plays

Section 7.4: Lab: Parameterizing Automation

Section 7.5: Lab: Administering Automation

Section 7.6: Lab: Automating Simple Network Operations

Section 7.7: Lab: Automating Complex Network Operations

Appendix A: Table of Lab Network Hosts and Groups

Section A.1:

Appendix B: Connection and Authentication Variables

Section B.1:

Appendix C: Editing Files with Vim

Section C.1: Guided Exercise: Editing Files with Vim

Appendix D: IOS Minimal Management Configuration

Section D.1: Restoring IOS Configuration Settings

Appendix E: Layer 3 Addresses for Lab Network

Section E.1:

Appendix F: Ansible Variable Types

Section F.1: Ansible Variable Types and Precedence

Appendix G: Changing the Screen Resolution

Section G.1: Changing the Screen Resolution

Bookmark this page

P 1 2 3 4 5 6 7 A A A A A A A

Preparing Ansible Playbooks

Objectives

After completing this section, you should be able to:

Create a simple playbook.
Check playbook syntax with ansible-playbook --syntax-check.

Tasks

A task is the application of a module to perform a specific unit of work. An example of a task in a play is shown below.

tasks:
  - name: Backup configuration
    ios_config:
      backup: yes

Plays and Playbooks

A play is a sequence of tasks to be applied, in order, to one or more hosts, whereas a playbook is a YAML file containing one or more plays.

Visualizing Plays and Playbooks

An example of a play in a playbook is shown below.

---
- name: backup router configurations
  hosts: routers
  connection: network_cli
  gather_facts: no

  tasks:
    - name: gather ios_facts
      ios_facts:
      register: version

    - debug:
      msg: "{{version}}"

    - name: Backup configuration
      ios_config:
        backup: yes

Interpreting YAML

YAML is a human-friendly language that concisely represents objects as data. Additional characteristics of YAML include:

Files start with three dashes (---) that mark the start of the document.
Comments begin with the pound sign (#).
Indentation is significant, and spaces must be used rather than tabs.
Elements at the same level (items in the same list, for instance) must have the same indentation.
Children of an item are indented more than the parent.

YAML Object Types Using Block Style

Unquoted scalar

Network

Sequence of scalars

- 10.0.0.1
- 192.168.0.1
- 172.16.0.1

Mapping scalars to scalars

IPv4: 10.10.17.42/24
IPv6: "fd42:e5a1:ef5d:6030:0:0:0:2/64"

Mapping scalars to sequences

rtr01:
  - GigabitEthernet1
  - GigabitEthernet2

rtr02:
  - eth0
  - eth1

Sequence of mappings

-
  name: GigabitEthernet2
  ipv4: 172.16.2.2/30
  ipv6: "fd42:e5a1:ef5d:6030:0:0:0:2/64"
-
  name: eth1
  ipv4: 10.10.10.1/30
  ipv6: "fdbc:bda:8486:7118:0:0:0:1/64"

Mapping of mappings

vyos:
  ansible_network_os: vyos
  ansible_user: vyos

ios:
  ansible_network_os: ios
  ansible_user: admin

YAML Object Types Using Flow Style

Sequence of scalars

[ GigabitEthernet1, GigabitEthernet2, GigabitEthernet3 ]

Mapping scalars to scalars

{ name: eth1, ipv4: 10.10.5.1/30, ipv6: "fdb5:4b4e:4574:c6bb:0:0:0:1/64" }

Sequence of sequences

- [name, ipv4, ipv6]
- [GigabitEthernet1, 172.16.2.2/30, "fdb5:4b4e:4574:c6bb:0:0:0:1/64"]
- [GigabitEthernet2, 10.10.5.2/30, "fdb5:4b4e:4574:c6bb:0:0:0:2/64"]

Sequence of mappings

- { name: GigabitEthernet2, ipv4: 172.16.2.2/30 }
- { name: GigabitEthernet4, ipv4: 172.16.10.1/30 }

Mapping of mappings

GigabitEthernet1: {ipv4: 10.0.0.1/30, ipv6: "fdb5:4b4e:4574:c6bb::1/64"}
GigabitEthernet2: {
    ipv4: 192.168.5.1/30,
    ipv6: "fdea:230f:c3cf:c287:0:0:0:1/64"
}

Encoding Plays in YAML

How are Ansible plays encoded in YAML?

A playbook is a list of one or more plays.
Each play is a hash/dictionary; that is to say, a YAML sequence of key:value mappings.
A play must include host and tasks mappings, and may include a name mapping, as well as other mappings depending on which plug-ins are being used.
Plays can import or include files, other playbooks, task lists, and so on.

Mapping the Terrain

Which key:value pairs are used to define plays in playbooks?

Plays can be named or anonymous. It is useful to name your plays. For example, name:playname. Ideally, a name communicates clearly the purpose of a play.
Plays take a list of tasks and apply them to a list of hosts or host groups.

---
- name: a play that backs up configs
  hosts:
    - routers

  tasks:
    - name: backup the running config
      ios_config:
        backup: yes

Choosing a Module: ping or ios_ping

ping

A trivial test module that always returns pong on successful contact.
This is not an ICMP ping, and requires Python on the remote node.
It usually does not make sense in playbooks, but is useful from /usr/bin/ansible to verify the ability to log in and that a usable Python is configured.

ios_ping

Tests reachability using ping from network device to a remote destination using available routes. This module is specific to devices running the IOS network operating system.

Running ios_ping Ad Hoc Command

Tests reachability by pinging from an IOS network device to a remote destination.

[user@host ~]$ ansible -m ios_ping host-identifier -a "dest=ip-address"

Using ios_ping in a Playbook

Tests reachability, in a playbook, by pinging from a network device to a remote destination.

---
- name: a reachability test
  hosts: rtr1

  tasks:
    - name: "test reachability to rtr1"
      ios_ping:
        dest: rtr1

Discuss Red Hat Ansible for Network Automation

Go to community

Welcome to the Red Hat Ansible for Network Automation (DO457) group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Ansible for Network Automation! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO457.Read more about Red Hat Ansible for Network Automation here.

3120

Revision: do457-2.5-4693601