How to connect the CISCO Nexus with Ansible over GNS3 simply?
I want to deploy and send command to Cisco Nexus OS with this ansible. In fact, I do not have real hardware switch and router, therefore I will use GNS3 simualator for this.
1. Environments.
To produce this environment. I need CISCO Nexus and Ansible over GNS3. If I want to apply in real world, I will follow this instruction, which explan how to install ansible control node. In GNS3 marketplace, there is appliance which offer the feature for ansible. I will use this.
With this GNS3 appliance, I will produce this topology like below.
After configuration with above topology, I can login every switch/router with SSH like below.
In Network Automation host of GNS3, Ansible is pre-installed. I can verify the version like below. In my case, 2.7.11 is installed.
Now, I am ready to use ansible to deploy CISCO Nexus OS over GNS3.
2. Element of Ansible to use.
From this instruction, there are serveral elements to use ansible.
When I met these concepts as the network engineer, it is not simple to understand. In my opinions, "Control Node" is the machine to create command and transfer to the switch/router. "Managed Nodes" are the switch/router. Inventory is the list of switch/router to access, which has IP address and username. "Task" is the action which like "show verson" command. "Playbooks" is the group of the "Task". In ansible, there are 2 option to run, ansible and ansible-playbook. I will show detail later in this post.
3. Variable Syntax for Ini-stype and Yml formation.
In this middle of this instruction, there are syntax example. During create inventory or playbook, I will meet 2 types of files, ini-style and yml format. They have different format to define variable. In ini-sytpe, key=value is correct. In yml format, key:value is correct.
4. Create the Inventory file.
"Working with Inventory" and "Build Your Inventory" are instruction how to create Inventory file. This inventory file is the list of switch which can be access with IP address and username. In this inventory file, I can list per host and make group with hosts.
From here, I can verify "/etc/ansible" directory is used default. In this directory, there are 2 files and 1 directory. "ansible.cfg" is the global configuration file. "hosts" is the inventory file.
In this post, I will try to access CISCO Nexus for the network automation. To create Inventory file, I should know how to define the connection method to switch/router. In this instruction, some parameters are explained. At first, I need to how to method to connection. In my case, I will select "network_cli" which is made by "CLI over SSH".
Second, I need what kinds of OS type will be existed. In my case, I have to try to access CISCO Nexus, there It should be nxos.
If I use the "Catalyst", I may use "enable" command.
With these factors, I can create Inventory file like below. I want to make "gns3_datacenter" which has zone_core, zone_1 and zone 2 elements.
|
[gns3_datacenter] |
":children" option is used to include element into the group. ":vars" option is used to define varaible such as ansibile host and ansible_connection. In this instruction, there are the behavioral inventory parameters
5. Create Password valut.
So far, I defined the host to access. However, the password part has still left. In ansible, there is the way to protect sensitive variable with ansible-vault such as password.
For this, I need to config file. In this "/etc/ansible/ansible.cfg", vault_password_file is commented. I need to change this part with what I want. In my case, "/etc/ansible/vault_password_file" is used.
After then, I will create vault_password_file with command below.
|
# echo "ansible_password" > /etc/ansible/vault_password_file |
After I create this file, I will create encrypted password with this value.
|
# ansible-vault encrypt_string --vault-id admin@/etc/ansible/vault_password_file 'ansible' --name 'ansible_password' # ansible-vault encrypt_string --vault-id <H/W username>@<vault_password_file Path> '<H/W password>' --name 'ansible_password' |
I will meet this error. I have searched through google so many times. However, I can not find out why this is happen. However, I have to comment "vault_password_file" again in "/etc/ansible/ansible.cfg".
After comment, I can run command above. I will get result like below. Memorize this value. Please note un-comment "vault_password_file".
6. Organizing host and group variables
I create ansible password with vault. Now I need to add this parameter into the configuration. At this time, I will use "Organizing host and group variables" method. Because the password could be different each Hardware devices. In ansible, "group_vars/" and "host_vars/" will be used to define. Please read this instruction.
Now I will create "group_vars" directory and create file with "group name" in Inventory file. In my case, I will use "gns3_datacenter"
Now I will add the "ansible_password" above into "/etc/ansible/group_vars/gns3_datacenter"
7. Create Playbook to run command
In this ansible instruction, there is simple example. I will write like below.
|
root@NetworkAutomation-1:/etc/ansible# cat first_playbook.yml - name: first playbook hosts: gns3_datacenter tasks: - name: show version nxos_command: commands: show version |
"hosts" parameter mean that group or host name in Inventory file. In the "tasks", I need to add module. In my case, I will use network module. This instruction will be helpful. In this example, I use "nxos_command" module. The below example come from "nxos_command".
8. Run Playbook.
I will run the playbook with "ansible-playbook" command. In these instructions, "Run your first network ansible command" and "Run the playbook with the command", It will be helpful.
|
ansible all -i vyos.example.net, -c network_cli -u my_vyos_user -k -m vyos_facts -e ansible_network_os=vyos the host group(s) to which the command should apply (in this case, all)
ansible-playbook -i vyos.example.net, -u ansible -k -e ansible_network_os=vyos first_playbook.yml |
In my case, I will select second method. I can run the ansible-playbook like below.
9. Debug and Display Result.
I check everything is good. However, I can not view the result by the monitor. For this, I will use "debug" and "register" concept. Now, I will revise the playbook like below.
|
# cat first_playbook.yml - name: first playbook hosts: gns3_datacenter tasks: - name: show version nxos_command: commands: show version register: message - debug: var=message.stdout_lines |
With red contents, I will get the result like below.
10. Troubleshooting
If I meet this error, I need to check the username and password.
To print out the result, I can meet "variable is not defined" message.
I will replace the "register" and "debug" part like below
|
- name: nxos_command nxos_command: commands: show version register: message - debug: msg: "{{ message }}" |
And then, I will get like this also.
Reference
[ 1 ] https://docs.gns3.com/appliances/cisco-nxosv9k.html
[ 2 ] https://www.youtube.com/watch?v=Pcksyle-roE
[ 3 ] https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-the-control-node
[ 4 ] https://docs.ansible.com/ansible/latest/network/getting_started/basic_concepts.html
[ 5 ] https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
[ 6 ] https://docs.ansible.com/ansible/latest/network/getting_started/network_differences.html
[ 7 ] https://docs.ansible.com/ansible/latest/network/getting_started/first_playbook.html#create-and-run-your-first-network-ansible-playbook
[ 8 ] https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html
[ 9 ] https://docs.ansible.com/ansible/latest/modules/debug_module.html
[ 10 ] https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#registering-variables