Welcome to the Ansible video training for network engineers, especially Cisco network engineers. In the last video we installed Ansible with both Python 2 and Python 3. However, before we start using Ansible for network automation, there is one more step we need to take to prepare Ansible. That is preparing ansible Configuration and Inventory file which we’re talking about in this video (Ansible basic Configuration and creating Inventory File ini Format).
When we use the Ansible –version command it will show the exact location of the configuration file, which by default is in /etc/ansible/ansible.cfg.
# ansible –version
this is a video-based training therefore the output of running commands are not show in the text.
The first line shows the location of ansible configuration file.
If we filter the contents of the ansible configuration file to show only the inventory file, we see that the inventory file is located in /etc/ansible/hosts by default. As we explained in the first Ansible Training video, we add to the inventory file all the devices that we want Ansible Controller to manage them.
# cat /etc/ansible/ansible.cfg | grep inventory
as you can see, default inventory file is located in /etc/ansible/hosts.
Fortunately, you can override both default Ansible configuration file and default inventory file for each project, since each project may have its own configuration parameters and a different list of devices to be managed remotely.
It is therefore recommended to create a folder with its own configuration and inventory file for each project. By project I mean the projects with different remote devices and configuration parameters. This video examines some configuration parameters.
For example, let’s create a folder named ansible-project1. Then in this folder we will create two files named ansible.cfg and also hosts file.
In ansible.cfg we define the location of the inventory file which will be used for this project and some other basic parameters as follows.
# nano ansible.cfg
inventory = ./hosts # This means that the location of the inventory file for this project is in the current folder.
timeout = 60s # this is ssh timeout
host_key_checking = false # This means that ansible does not have to check and confirm the value of the ssh public key during the connection
forks = 100 # This means the Maximum number of devices that can be managed at the same time. The default is 5, which is not suitable for large environments.
To check ansible configuration file we use the command
# ansible-config view
And to check the configurations that are different from default , use the command
# ansible-config dump --only-changed
In the hosts inventory file we create the names or IP of the devices that are to be managed remotely in this project. Preferably use the name of the devices instead of the IP addresses and make sure that these names can be resolved via the DNS server or the local /etc/hosts file.
So first we update /etc/hosts file with two csr routers that I have prepared already and then we create the inventory file.
# nano /etc/hosts 192.168.1.95 csr1 192.168.1.96 csr2
To make sure names can be resolved, we ping them by name.
# ping csr1 # ping csr2
I have already configured two CSR routers for our laboratory.
I downloaded ova files from Cisco sites. As you can see, the latest version is 17.03.03 but my version is 17.01.01.
The configuration of the CSR routers are exactly the same with the configuration that I have made in the first video of this training. Just giving the IP address and enabling SSH, as you can see here.
Now let’s create an inventory hosts file in the ansible project folder. In the first step we enter the name of both CSR routers to ensure that it is correctly integrated into ansible.
# nano hosts csr1 csr2
Then we use the following commands to ensure that the configuration file and hosts file defined for this folder are used for the ansible and not the original ones.
# ansible –version # ansible --list-hosts all
You can see that the correct configuration and host files are being used for this project.
If we leave this project folder, the original configuration and hosts file will be used. We can check it with the same commands.
# cd.. # ansible –version
You can see that the configuration file has been changed to the default file.
# ansible --list-hosts all
You can also see that the default inventory file is empty.
As we saw in the first video, devices can be grouped in the inventory file so they can be managed at the same time when we call the name of the group instead of the device name.
For example, let’s put two csr routers in the same group named csr.
[csr] csr1 csr2
Also we create another two another groups with the names junos und cisco.
[cisco] core1 core2 csr1 csr2 [junos] access1 access2
As you can see, a device can be in different groups. When you call a group, all devices in the group are called to be managed or monitored.
Another capability of inventory file is that you can have hierarchical structure. For example
[router:children] cisco junos
means that the router is the parent group for the cisco and junos groups. When you call the router, then all devices in the cisco and junos groups will be called in ansible to be managed.
If the name of devices are similar, you can use the array feature of the inventory file to reduce the number of lines to be configured. For example instead of
[srx] srx1 srx2 srx3
you can configure
In the next few videos we will have a dedicated video on how to configure variables in ansible. Variables such as username, password and port that ansible can use to connect to devices are the variables that ansible has special name for them and we call them special variables. for example ansible_user and ansible_port are two of these variables.
suppose that ansible should connect to all devices with username rayka and port 22, but for some of them which are into group srx, the username is root and the ssh port is 2222. we can configure it as follows.
[all:vars] ansible_user = rayka ansible_port = 22 [srx:vars] ansible_user = root ansible_port = 2222
now assume that a special device access1 is not resolved with either the DNS or the /etc/hosts file, and the username and port of this device is also different. We can configure ansible_host special variable to assign the IP address of device directly in inventory file. We can also configure username and port with special variables right next to the device name.
[junos] access1 ansible_host=10.10.10.1 ansible_user=sara ansible_port=2222 access2
To ensure that every configuration now fits Ansible, let’s check the output of “show version” in CSR routers through ansible.
# ansible csr -m raw -u rayka -a "show version" -k
now we are completely ready to use ansible. In the next video, we’re going to introduce Ansible modules specific to Cisco devices. then we will try to examine some of them using Ansible ad hoc commands.
root@debian:~/ansible-project1# cat hosts [csr] csr1 csr2 [cisco] core1 core2 csr1 csr2 [junos] access1 ansible_host=10.10.10.1 ansible_user=sara ansible_port=2222 access2 [router:children] cisco junos [srx] srx[1..3] [all:vars] ansible_user = rayka ansible_port = 22 [junos:vars] ansible_user = root ansible_port = 2222