Bin a long time since I wrote my last post, I am pretty busy with work redesigning the data centres for my employer. Implementing as well an SDN Software-defined Network from VMware NSX but more about this later.
Ansible released some weeks ago new core modules which allows you to push directly configuration to Cisco IOS devices. More information you find here: https://docs.ansible.com/ansible/list_of_network_modules.html
I created a small automation lab in GNS3 to test the deployment of configs via Ansible to the two Cisco routers you see below. I am running VMware Fusion and used the vmnet2 (192.168.100.0/24) network for management because I run there my CentOS VM from where I deploy the configuration.
Don’t forget you need to pre-configure your Cisco router that you can connect via SSH to deploy the configuration.
Here the folder and file script structure of my Ansible example, under roles you have the different tasks I would like to execute common and logging but as well dependencies writecfg which saves the running-config to startup-config:
site.yml
hosts
group_vars/all.yml
roles/common/meta/main.yml
roles/common/task/main.yml
roles/common/templates/common.j2
roles/logging/meta/main.yml
roles/logging/tasks/main.yml
roles/logging/templates/common.j2
roles/writecfg/handlers/main.yml
The site.yml is the main script which I execute with Ansible which includes different roles for common and logging configuration:
- name: Cisco baseline configuration connection: local hosts: ios gather_facts: false roles: - role: common tags: common - role: logging tags: logging
In the hosts file, I define the hostname and IP addresses of my IOS devices
[ios] rtr01 device_ip=192.168.100.130 rtr02 device_ip=192.168.100.132
The file group_vars/all.yml defines variables which I used when the script is executed:
--- username: "ansible" password: "cisco" secret: "cisco" logserver: 192.168.100.131
Under the roles/../meta/main.yml I set a dependency on the writecfg handler to save the configuration later when I change anything on the device.
Under the roles/../tasks/main.yml I define the module which I want to execute and the template I would like to deploy
Under the roles/../templates/.. you find the Jinja2 template files which include the commands.
Under roles/writecfg/handler/main.yml is the dependencies I have with the two roles common and logging to save the configuration if something is changed on the router.
To execute the cisco-baseline Ansible script just execute the following command and see the result:
[user@desktop cisco-baseline]$ ansible-playbook site.yml -i hosts PLAY [Ensure basic configuration of switches] ********************************** TASK [common : ensure common configuration exists] ***************************** ok: [rtr02] ok: [rtr01] TASK [logging : ensure logging configuration exists] *************************** changed: [rtr02] changed: [rtr01] RUNNING HANDLER [writecfg : write config] ************************************** ok: [rtr01] ok: [rtr02] PLAY RECAP ********************************************************************* rtr01 : ok=3 changed=1 unreachable=0 failed=0 rtr02 : ok=3 changed=1 unreachable=0 failed=0 [user@desktop cisco-baseline]$
Read my new posts about Ansible Playbook for Cisco ASAv Firewall Topology or Ansible Playbook for Cisco BGP Routing Topology.