26bb114ccb
* Move 2.10.0rc1 release date a few days forward. (#71270) At yesterday's meeting it was decided to have ansible-2.10.0 depend on ansible-base-2.10.1 so that we can get several fixes for ansible-base's routing (including adding the gluster.gluster collection). ansible-base-2.10.1 will release on September 8th. So we will plan on releasing ansible-2.10.0rc1 on the 10th. https://meetbot.fedoraproject.org/ansible-community/2020-08-12/ansible_community_meeting.2020-08-12-18.00.html (cherry picked from commite507c127e5
) * a few writing style updates (#71212) (cherry picked from commit4f0bd5de38
) * Fix code markups and add link to CVE (#71082) (cherry picked from commit92d59a58c0
) * Fix 404 links (#71256) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commitecea018506
) * Writing style updates to Developing dynamic inventory topic (#71245) * modified the writing style * incorporated peer feedback (cherry picked from commitecd3b52ad7
) * Fix roadmap formatting. (#71275) (cherry picked from commitee48e0b0ad
) * Update password.py (#71295) List md5_crypt, bcrypt, sha256_crypt, sha512_crypt as hash schemes in the password plugin. (cherry picked from commit1d1de2c6fd
) * Update ansible european IRC channel (#71326) Signed-off-by: Rémi VERCHERE <remi@verchere.fr> (cherry picked from commit824cd4cbeb
) * Add warning about copyright year change (#71251) To simplify project administration and avoid any legal issues, add a warning in the docs. This reflects - https://github.com/ansible/ansible/issues/45989#issuecomment-423635622 and fixes: #45989 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit606604bb97
) * subelements: Clarify parameter docs (#71177) skip_missing parameter in subelements lookup plugin is accepted from inside the dictionary. Fixes: #38182 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit6d17736ef4
) * Writing style updates to Using Variables topic (#71194) * updated topic title, underline length for headings, and incorporated peer feedback (cherry picked from commit4d68efbe24
) * cron module defaults to current user, not root (#71337) (cherry picked from commit4792d83e13
) * Update Network Getting Started for FQCN/collection world (#71188) * pull out network roles, cleanup, update first playbook examples, update gather facts section, some inventory conversion to .yml, update inventory and roles, simplify the navigation titles, fix tocs, feedback comments (cherry picked from commitf79a7c5585
) * Add documentation about info/facts module development (#71250) Fixes: #40151 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit4f993922c8
) * network: Correct documentation (#71246) ini-style inventory does not support Ansible Vault password. This fixes network_best_practices_2.5 doc. Fixes: #69039 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commita1257d75aa
) * tidies up vars page (#71339) (cherry picked from commit02ea80f6d7
) * base.yml: Fix typos (#71346) (cherry picked from commit41d7d53573
) * quick fix to change main back to devel (#71342) * quick fix to change main back to devel * Update docs/docsite/rst/dev_guide/developing_collections.rst Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit74f88c56a5
) * Add note about integration tests for new modules to the dev guide (#71345) (cherry picked from commitb82889eef5
) * update fest link (#71376) (cherry picked from commit80b8fde946
) * incorporate minimalism feedback on debugging page (#71272) Co-authored-by: bobjohnsrh <50667510+bobjohnsrh@users.noreply.github.com> (cherry picked from commit5073cfc8bc
) * fix header problem Co-authored-by: Toshio Kuratomi <a.badger@gmail.com> Co-authored-by: Sayee <57951841+sayee-jadhav@users.noreply.github.com> Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com> Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: rovshango <rovshan.go@gmail.com> Co-authored-by: Remi Verchere <rverchere@users.noreply.github.com> Co-authored-by: Jake Howard <RealOrangeOne@users.noreply.github.com> Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com> Co-authored-by: Per Lundberg <perlun@gmail.com> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
212 lines
9.1 KiB
ReStructuredText
212 lines
9.1 KiB
ReStructuredText
|
|
.. _first_network_playbook:
|
|
|
|
***************************************************
|
|
Run Your First Command and Playbook
|
|
***************************************************
|
|
|
|
Put the concepts you learned to work with this quick tutorial. Install Ansible, execute a network configuration command manually, execute the same command with Ansible, then create a playbook so you can execute the command any time on multiple network devices.
|
|
|
|
.. contents::
|
|
:local:
|
|
|
|
Prerequisites
|
|
==================================================
|
|
|
|
Before you work through this tutorial you need:
|
|
|
|
- Ansible 2.10 (or higher) installed
|
|
- One or more network devices that are compatible with Ansible
|
|
- Basic Linux command line knowledge
|
|
- Basic knowledge of network switch & router configuration
|
|
|
|
Install Ansible
|
|
==================================================
|
|
|
|
Install Ansible using your preferred method. See :ref:`installation_guide`. Then return to this tutorial.
|
|
|
|
Confirm the version of Ansible (must be >= 2.10):
|
|
|
|
.. code-block:: bash
|
|
|
|
ansible --version
|
|
|
|
|
|
Establish a manual connection to a managed node
|
|
==================================================
|
|
|
|
To confirm your credentials, connect to a network device manually and retrieve its configuration. Replace the sample user and device name with your real credentials. For example, for a VyOS router:
|
|
|
|
.. code-block:: bash
|
|
|
|
ssh my_vyos_user@vyos.example.net
|
|
show config
|
|
exit
|
|
|
|
This manual connection also establishes the authenticity of the network device, adding its RSA key fingerprint to your list of known hosts. (If you have connected to the device before, you have already established its authenticity.)
|
|
|
|
|
|
Run your first network Ansible command
|
|
==================================================
|
|
|
|
Instead of manually connecting and running a command on the network device, you can retrieve its configuration with a single, stripped-down Ansible command:
|
|
|
|
.. code-block:: bash
|
|
|
|
ansible all -i vyos.example.net, -c ansible.netcommon.network_cli -u my_vyos_user -k -m vyos.vyos.vyos_facts -e ansible_network_os=vyos.vyos.vyos
|
|
|
|
The flags in this command set seven values:
|
|
- the host group(s) to which the command should apply (in this case, all)
|
|
- the inventory (-i, the device or devices to target - without the trailing comma -i points to an inventory file)
|
|
- the connection method (-c, the method for connecting and executing ansible)
|
|
- the user (-u, the username for the SSH connection)
|
|
- the SSH connection method (-k, please prompt for the password)
|
|
- the module (-m, the Ansible module to run, using the fully qualified collection name (FQCN))
|
|
- an extra variable ( -e, in this case, setting the network OS value)
|
|
|
|
NOTE: If you use ``ssh-agent`` with ssh keys, Ansible loads them automatically. You can omit ``-k`` flag.
|
|
|
|
.. note::
|
|
|
|
If you are running Ansible in a virtual environment, you will also need to add the variable ``ansible_python_interpreter=/path/to/venv/bin/python``
|
|
|
|
|
|
Create and run your first network Ansible Playbook
|
|
==================================================
|
|
|
|
If you want to run this command every day, you can save it in a playbook and run it with ``ansible-playbook`` instead of ``ansible``. The playbook can store a lot of the parameters you provided with flags at the command line, leaving less to type at the command line. You need two files for this - a playbook and an inventory file.
|
|
|
|
1. Download :download:`first_playbook.yml <sample_files/first_playbook.yml>`, which looks like this:
|
|
|
|
.. literalinclude:: sample_files/first_playbook.yml
|
|
:language: YAML
|
|
|
|
The playbook sets three of the seven values from the command line above: the group (``hosts: all``), the connection method (``connection: ansible.netcommon.network_cli``) and the module (in each task). With those values set in the playbook, you can omit them on the command line. The playbook also adds a second task to show the config output. When a module runs in a playbook, the output is held in memory for use by future tasks instead of written to the console. The debug task here lets you see the results in your shell.
|
|
|
|
2. Run the playbook with the command:
|
|
|
|
.. code-block:: bash
|
|
|
|
ansible-playbook -i vyos.example.net, -u ansible -k -e ansible_network_os=vyos.vyos.vyos first_playbook.yml
|
|
|
|
The playbook contains one play with two tasks, and should generate output like this:
|
|
|
|
.. code-block:: bash
|
|
|
|
$ ansible-playbook -i vyos.example.net, -u ansible -k -e ansible_network_os=vyos.vyos.vyos first_playbook.yml
|
|
|
|
PLAY [First Playbook]
|
|
***************************************************************************************************************************
|
|
|
|
TASK [Get config for VyOS devices]
|
|
***************************************************************************************************************************
|
|
ok: [vyos.example.net]
|
|
|
|
TASK [Display the config]
|
|
***************************************************************************************************************************
|
|
ok: [vyos.example.net] => {
|
|
"msg": "The hostname is vyos and the OS is VyOS 1.1.8"
|
|
}
|
|
|
|
3. Now that you can retrieve the device config, try updating it with Ansible. Download :download:`first_playbook_ext.yml <sample_files/first_playbook_ext.yml>`, which is an extended version of the first playbook:
|
|
|
|
.. literalinclude:: sample_files/first_playbook_ext.yml
|
|
:language: YAML
|
|
|
|
The extended first playbook has four tasks in a single play. Run it with the same command you used above. The output shows you the change Ansible made to the config:
|
|
|
|
.. code-block:: bash
|
|
|
|
$ ansible-playbook -i vyos.example.net, -u ansible -k -e ansible_network_os=vyos.vyos.vyos first_playbook_ext.yml
|
|
|
|
PLAY [First Playbook]
|
|
************************************************************************************************************************************
|
|
|
|
TASK [Get config for VyOS devices]
|
|
**********************************************************************************************************************************
|
|
ok: [vyos.example.net]
|
|
|
|
TASK [Display the config]
|
|
*************************************************************************************************************************************
|
|
ok: [vyos.example.net] => {
|
|
"msg": "The hostname is vyos and the OS is VyOS 1.1.8"
|
|
}
|
|
|
|
TASK [Update the hostname]
|
|
*************************************************************************************************************************************
|
|
changed: [vyos.example.net]
|
|
|
|
TASK [Get changed config for VyOS devices]
|
|
*************************************************************************************************************************************
|
|
ok: [vyos.example.net]
|
|
|
|
TASK [Display the changed config]
|
|
*************************************************************************************************************************************
|
|
ok: [vyos.example.net] => {
|
|
"msg": "The new hostname is vyos-changed and the OS is VyOS 1.1.8"
|
|
}
|
|
|
|
PLAY RECAP
|
|
************************************************************************************************************************************
|
|
vyos.example.net : ok=5 changed=1 unreachable=0 failed=0
|
|
|
|
|
|
|
|
.. _network_gather_facts:
|
|
|
|
Gathering facts from network devices
|
|
====================================
|
|
|
|
The ``gather_facts`` keyword now supports gathering network device facts in standardized key/value pairs. You can feed these network facts into further tasks to manage the network device.
|
|
|
|
You can also use the new ``gather_network_resources`` parameter with the network ``*_facts`` modules (such as :ref:`arista.eos.eos_facts <ansible_collections.arista.eos.eos_facts_module>`) to return just a subset of the device configuration, as shown below.
|
|
|
|
.. code-block:: yaml
|
|
|
|
- hosts: arista
|
|
gather_facts: True
|
|
gather_subset: interfaces
|
|
module_defaults:
|
|
arista.eos.eos_facts:
|
|
gather_network_resources: interfaces
|
|
|
|
The playbook returns the following interface facts:
|
|
|
|
.. code-block:: yaml
|
|
|
|
"network_resources": {
|
|
"interfaces": [
|
|
{
|
|
"description": "test-interface",
|
|
"enabled": true,
|
|
"mtu": "512",
|
|
"name": "Ethernet1"
|
|
},
|
|
{
|
|
"enabled": true,
|
|
"mtu": "3000",
|
|
"name": "Ethernet2"
|
|
},
|
|
{
|
|
"enabled": true,
|
|
"name": "Ethernet3"
|
|
},
|
|
{
|
|
"enabled": true,
|
|
"name": "Ethernet4"
|
|
},
|
|
{
|
|
"enabled": true,
|
|
"name": "Ethernet5"
|
|
},
|
|
{
|
|
"enabled": true,
|
|
"name": "Ethernet6"
|
|
},
|
|
]
|
|
}
|
|
|
|
|
|
Note that this returns a subset of what is returned by just setting ``gather_subset: interfaces``.
|
|
|
|
You can store these facts and use them directly in another task, such as with the :ref:`eos_interfaces <ansible_collections.arista.eos.eos_interfaces_module>` resource module.
|