5. introduction to cisco-specific Ansible Nework Modules

Preview

Welcome to the Ansible video training for network engineers, especially Cisco network engineers. Now we can work with Cisco-specific Ansible network modules. Therefore, in this part we will will look at ansible network modules and specifically with Cisco network modules. To work with these modules, let’s start monitoring Cisco devices with an ad hoc command, but using Cisco network modules instead of raw modules that we have run in previous videos. In the next few videos we will also cover configuring Cisco devices using these modules and the Ansible playbook.

Introduction to cisco-specific ansible network modules

access ansible codes of this course in github

this is a video-based training therefore the output of running commands are not show in the text.

In docs.ansible.com we have a special area for network modules. In this section we see many famous network devices and vendors like aruba, cisco asa, checkpoint, F5, ios, ios xr, junos and many others. In the ios section we see many modules for monitoring and configuring network devices such as ios_bgp to configure bgp. ios_command a general ios module for executing commands in Cisco ios devices. ios_config mainly for the configuration of ios devices and not for monitoring. Ios_facts for getting metadata information from remote devices like hardware and software information and many other modules.

If you move on to the ios_command module, it is written that this module does not support executing commands in configuration mode. There are many parameters that we can use when using this module. auth_pass parameter specifies the password to use if required to enter privileged mode on the remote device. If authorize is false, then this argument does nothing. authorize parameter Instructs the module to enter privileged mode on the remote device before sending any commands. notice that here says to use network_cli connection type that I will explain in a few minutes. The only required parameter in this module is commands parameter which will be run in remote devices. with provider parameter you can pass the information required to connect to remote device like username, password and enable password. As you can see there is an explanation for every parameter and also some examples. Examples are in the format of playbook, which I’ll explore in the next few videos.

Let’s go to ios_facts module. This module Collects a base set of device facts from a remote device that is running IOS like software and hardware information. since extracted many information from this module, with gather_subset, you can customize the ouput to the specific information like hardware, config and interfaces.

We will explore ios_config module in the next videos.

So far we have used raw module. so netconf did not have to be activated on Cisco devices. For the Cisco module, however, we need to activate the standard netconf protocol and Yang data structure model in Cisco devices. With the help of netconf, our commands are translated into the standard Yang data structure model and transferred to the device via the netconf protocol and XML coding.

To better understand the protocol of netconf and yang data structure model, you can assume that the yang data structure is somehow similar to the MIB data structure in the snmp protocol and that netconf is similar to the snmp protocol itself. The most important difference between snmp and netconf is that you mainly configure devices with netconf, but with snmp you  mainly monitor devices.

So I enable netconf in cisco ios xe devices with “netconf ssh” and “netconf-yang”. To make sure that netconf is already enabled in cisco devices and you can explore and config yang data structure with Netconf, use this command from ansible machine.

# ssh rayka@192.168.1.95 -p 830 -s netconf

If yang data structure is returned then everything works fine.

now we run ansible commands with ios_command and ios_facts modules.

# ansible csr -m ios_command -a "commands='show runn | inc username'"

we receive connection type error. If you remember in ios_command module, it was written that connection type should be network_cli. To explain more, Unlike most Ansible modules, network modules do not run on the managed nodes. network modules use a different methodology than the other (Linux/Unix and Windows) modules use. Because Ansible is written and executed in Python. Because the majority of network devices can not run Python, the Ansible network modules are executed on the Ansible control node, where ansible or ansible-playbook runs.

network-cli, netconf and local are some connection types.

how network modules are different in Ansible

In this link you can see that network_cli connection type requires network_os be introduced into ansible controller. For this reason we are adding two new variables to the inventory file.

ansible_connection: ansible.netcommon.network_cli
ansible_network_os: cisco.ios.ios

these variables can also be defined in many other places like ansible.cfg.

again we run this command

# ansible csr -m ios_command -a "commands='show runn | inc username'"

This time we receive another error that paramiko is not installed. paramiko is a Python implementation of the SSHv2 protocol. This is needed on the Ansible control machine to be reasonably efficient with connections.

So we have to install paramiko

# pip3 install paramiko

Again we run ansible command

# ansible csr -m ios_command -a "commands='show runn | inc username'"

This time it is ok

if you want not to receive any warning that the module is using python2 instead of python3. You can ignore it by setting deprecation_warnings=False in ansible.cfg or uninstall python2.

# apt-get remove python
# apt-get remove python-minimal
# alias python='/usr/bin/python3'

Now we can use the ios_command module to run another monitoring command to make sure it is working.

# ansible csr -m ios_command -a "commands='show ip interface brief | exc unass'"

Another important module is ios_facts, which you can use to extract inventory information of your network.

# ansible csr -m ios_facts

we can limit the ouput with gather_subset parameter with all, min, hardware, config, and interfaces.

# ansible csr -m ios_facts -a "gather_subset=min"

In the next video we will start to ansible playbook with an practical example. How to get backups of network devices

Back to: Ansible for Network Engineers > ansible playbook

Leave a comment

Your email address will not be published. Required fields are marked *