DO457 - ch04s04

Preface A: Introduction

Section A.1: Red Hat Ansible for Network Automation

Section A.2: Orientation to the Classroom Environment

Chapter 1: Deploying Ansible

Section 1.1: Preparing to Install Ansible

Section 1.2: Orientation to Lab Activities

Section 1.3: Installing Ansible

Section 1.4: Guided Exercise: Installing Ansible on the Control Node

Section 1.5: Guided Exercise: Identifying Resources for Installed Plug-ins

Section 1.6: Defining Ansible's Scope

Section 1.7: Creating Ansible Inventories

Section 1.8: Guided Exercise: Creating Host Inventories

Section 1.9: Configuring Ansible

Section 1.10: Guided Exercise: Configuring Ansible

Section 1.11: Lab: Deploying Ansible

Chapter 2: Running Commands and Plays

Section 2.1: Executing Ad Hoc Commands

Section 2.2: Guided Exercise: Executing Ad Hoc Commands

Section 2.3: Preparing Ansible Playbooks

Section 2.4: Guided Exercise: Converting an Ad Hoc Command to a Play

Section 2.5: Building a Play with Multiple Tasks

Section 2.6: Guided Exercise: Building a Play with Multiple Tasks

Section 2.7: Composing Playbooks with Multiple Plays

Section 2.8: Guided Exercise: Composing Playbooks with Multiple Plays

Section 2.9: Lab: Running Commands and Plays

Chapter 3: Parameterizing Automation

Section 3.1: Defining Variables

Section 3.2: Guided Exercise: Defining and Using Variables

Section 3.3: Controlling Tasks with Loops and Conditions

Section 3.4: Guided Exercise: Controlling Tasks with Loops and Conditions

Section 3.5: Transforming Variable Data with Filters

Section 3.6: Guided Exercise: Looping Over a Filtered List

Section 3.7: Working with Roles

Section 3.8: Guided Exercise: Creating and Using Roles

Section 3.9: Customizing Data with Jinja2 Templates

Section 3.10: Guided Exercise: Generating Config Statements with Jinja2

Section 3.11: Lab: Parameterizing Automation

Chapter 4: Administering Ansible

Section 4.1: Ansible in the Enterprise

Section 4.2: Safeguarding Sensitive Data with Ansible Vault

Section 4.3: Guided Exercise: Safeguarding Sensitive Data with Ansible Vault

SectionSection 4.4: Running Plays with Encrypted Data

Section 4.5: Guided Exercise: Running Plays with Encrypted Data

Section 4.6: Protecting Resources with Ansible Vault

Section 4.7: Guided Exercise: Protecting Resources with Ansible Vault

Section 4.8: Creating Inventories Using YAML

Section 4.9: Guided Exercise: Creating Inventories Using YAML

Section 4.10: Generating and Using Dynamic Inventories

Section 4.11: Guided Exercise: Generating and Using Dynamic Inventories

Section 4.12: Centrally Running Ansible with Red Hat Ansible Tower

Section 4.13: Guided Exercise: Navigating the Red Hat Ansible Tower Web Interface

Section 4.14: Guided Exercise: Creating Inventories in Red Hat Ansible Tower

Section 4.15: Lab: Administering Ansible

Chapter 5: Automating Simple Network Operations

Section 5.1: Gathering Network Information with Ansible

Section 5.2: Guided Exercise: Gathering Facts

Section 5.3: Guided Exercise: Viewing System Settings

Section 5.4: Configuring Network Devices

Section 5.5: Guided Exercise: Backing Up Network Device Configurations

Section 5.6: Configuring the Host Name

Section 5.7: Guided Exercise: Configuring the Host Name

Section 5.8: Configuring System Settings

Section 5.9: Guided Exercise: Configuring System Settings

Section 5.10: Generating Configuration Settings from Jinja2 Templates

Section 5.11: Guided Exercise: Configuring From Templates

Section 5.12: Guided Exercise: Configuring Settings From Templates

Section 5.13: Enabling and Disabling Interfaces

Section 5.14: Guided Exercise: Bouncing an Interface

Section 5.15: Guided Exercise: Bouncing Specified IOS Interfaces

Section 5.16: Reinitializing Layer 3 Interfaces

Section 5.17: Guided Exercise: Reinitializing Layer 3 on VyOS Devices

Section 5.18: Provisioning the Start-up Network

Section 5.19: Guided Exercise: Provisioning the Start-up Network

Section 5.20: Provisioning Spine and Leaf Devices

Section 5.21: Guided Exercise: Provisioning Spine and Leaf Devices

Section 5.22: Setting Parameters with Ansible Tower Surveys

Section 5.23: Guided Exercise: Setting Parameters with Ansible Tower Surveys

Section 5.24: Lab: Automating Simple Network Operations

Chapter 6: Automating Complex Network Operations

Section 6.1: Aggregating Logged Events to Syslog

Section 6.2: Guided Exercise: Aggregating Logged Events to Syslog

Section 6.3: Managing Access Control Lists on IOS

Section 6.4: Guided Exercise: Managing Access Control Lists on IOS

Section 6.5: Enabling SNMP

Section 6.6: Guided Exercise: Enabling SNMP

Section 6.7: Overcoming Real-world Challenges

Section 6.8: Guided Exercise: Provisioning the Consolidation Network

Section 6.9: Implementing Dynamic Routing with OSPF

Section 6.10: Guided Exercise: Implementing Dynamic Routing with OSPF

Section 6.11: Guided Exercise: Verifying End-to-End Reachability

Section 6.12: Implementing OSPF with Multiple Autonomous Systems

Section 6.13: Guided Exercise: Provisioning the Break Up Network

Section 6.14: Implementing Dynamic Routing with EBGP

Section 6.15: Guided Exercise: Implementing Dynamic Routing with EBGP

Section 6.16: Upgrading the Network

Section 6.17: Guided Exercise: Upgrading VyOS

Section 6.18: Lab: Automating Complex Operations

Chapter 7: Comprehensive Review

Section 7.1: Comprehensive Review

Section 7.2: Lab: Deploying Ansible

Section 7.3: Lab: Executing Commands and Plays

Section 7.4: Lab: Parameterizing Automation

Section 7.5: Lab: Administering Automation

Section 7.6: Lab: Automating Simple Network Operations

Section 7.7: Lab: Automating Complex Network Operations

Appendix A: Table of Lab Network Hosts and Groups

Section A.1:

Appendix B: Connection and Authentication Variables

Section B.1:

Appendix C: Editing Files with Vim

Section C.1: Guided Exercise: Editing Files with Vim

Appendix D: IOS Minimal Management Configuration

Section D.1: Restoring IOS Configuration Settings

Appendix E: Layer 3 Addresses for Lab Network

Section E.1:

Appendix F: Ansible Variable Types

Section F.1: Ansible Variable Types and Precedence

Appendix G: Changing the Screen Resolution

Section G.1: Changing the Screen Resolution

Bookmark this page

P 1 2 3 4 5 6 7 A A A A A A A

Running Plays with Encrypted Data

Objectives

After completing this section, you should be able to run a playbook that uses data or files encrypted with Ansible Vault.

Providing Access to Encrypted Data

To read data from encrypted files, Ansible needs to know the Vault password.

The --ask-vault-pass option can be used to prompt for interactive input of the password:

[user@host ~]$ ansible-playbook --ask-vault-pass site.yml
Vault password: redhat

The --vault-password-file and --vault-id options read the Vault password from the Vault password file.

Important

The Vault password file is a plain text file that contains the Vault password as a plain text string stored as a single line. This file is not encrypted, so it is vital that it be protected using file permissions or other security measures.

Use the following command to create a Vault password file for the site.yml playbook.

[user@host ~]$ ansible-playbook --vault-password-file=filename site.yml

Protecting the Vault Password File

The Vault password must be provided when accessing files encrypted using Vault. You can be prompted, and provide it interactively, or you can automate the process by creating a Vault password file. A Vault password file stores the Vault password in plain text, so it must be protected by appropriate file system permissions.

Here are some rules for protecting a Vault password file:

It should be stored in a directory that is outside of the scope of any version control software projects. This prevents it from accidentally having a copy included in project source code.
The directory where it lives should be owner-only read/write/execute.
The file itself should be owner-only read/write.

Discuss Red Hat Ansible for Network Automation

Go to community

Welcome to the Red Hat Ansible for Network Automation (DO457) group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Ansible for Network Automation! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO457.Read more about Red Hat Ansible for Network Automation here.

3120

Revision: do457-2.5-4693601