In the last section we implemented backup solutions with the help of Cisco-specific modules ios_command and ios_config. In this section, we’re going to take a closer look at these two modules as they are the most important modules you need to automate Cisco devices (ansible cisco ios modules).

First, let’s look at the “ios_command” module. As we saw earlier, the commands parameter is the only required parameter to run commands on Cisco devices. With ios_command, however, you can only execute the command in enable mode and not in configuration mode. You cannot do any configuration with this module.

access ansible codes of this course in github

this is a video-based training therefore the output of running commands are not show in the text.

cisco ios_command module in ansible website

cisco ios_config module in ansible website

We’ve also already seen provider parameter where we pass credential to connect to the devices. for example: IP Address, Port number, Username, Password and enable Password if required.

I would like to introduce you to a new parameter, “wait_for”. With this parameter, you can expect special keywords to be matched against the output of your commands. If these keywords do not appear in the output, the task will fail. For example, suppose you want to run a command but for a specific iOS version. so you want to be sure that you can see the version number in the output of “show version” command.

If multiple conditions are specified then with “match” parameter, with “any” or “all”, you can determine whether all conditions must be met or just one match is sufficient.

To better understand this module, let’s look at some examples and run a few of them. In the first example, you simply run “show version” command. In the second example, run the “show version” command and expect the IOS keyword to appear in the output of the command. The third example shows that the value of the commands parameter is a list so you can use to run multiple commands. The fourth example also runs several commands, but expects IOS in the output of the “show version” command and Loopback0 in the output of the “show interfaces” command. The last example shows what happens when you run a command that requires confirmation before running. With “prompt” and “answer” you can pre-answer any question you may be asked.

Now let’s run a simple example to monitor a device through ios_command module.

root@debian:~/ansible-project1# cat ios_command.yaml
---
- hosts: csr
  gather_facts: false
  connection: network_cli

  tasks:
    - name: test ios_command module
      ios_command:
        commands:
          - show version
          - show interfaces
        wait_for:
          - result[0] contains ios
          - result[1] contains Ethernet

The “ios_config” module is another Cisco-specific module that is mainly used for configuration. “lines” is the most important parameter through which you can execute several commands in configuration mode. “parents” allows you to specify the section in which these commands should run, for example in interface configuration mode. The “src” parameter is another way of giving input commands that points to a source file and replaces the “line” and “parent” parameters.

With the parameter “before”, you can make some preliminary commands before any changes. For example, you want to change an access list, but before you change it, you can remove the previous access list and recreate it. Notice that the commands in the “before” section will run if the commands in “line” section can run successfully, otherwise commands in the “before” section will also not be run. also there is a similar “after” parameter,  which you can set a list of commands. The list of commands in “after” section, will be run only if the commands in “line” section can run successfully.

The “backup” parameter is used to get a backup from the configuration of devices. We implemented this in the previous video and we won’t talk about it anymore.

Another important parameter set in the ios_config module is the compliance check. Through the compliance check, you can make sure that certain commands are the same on all devices. Use the “intent_config” parameter to provide the master configurations that you want to check whether they are consistent on all devices. With “diff_against” you ask whether ansible compare the intended configuration with running-config or startup-config.

To better understand this module, let’s look at some examples and run a few of them.

In the first example, the host name of the device is changed as defined in the inventory file. Second example Change the IP address and description of the Ethernet1 interface. Third example configure “ip helper-address” in three interfaces with the help of loop which is implemented with “with_items”. We have a specific video for creating loops. The fourth example goes to “policy-map”, then to “class” and then to “police cir”. then two commands inside this section is entered: “confirmation-action” and “exceeding-action”. The next example is the compliance checking. with compliance checking, the configuration of the device is not changed. it simply compares the configuration in the master.cfg file with running-config and indicate the difference. The last examples are the combination of ansible playbook and jinja2 template. We will discuss it in a specific video.

Now let’s run a simple example to config a device through ios_config module.

root@debian:~/ansible-project1# cat ios_config.yaml
---
- hosts: csr
  gather_facts: false
  connection: local

  tasks:
    - name:  test ios config module
      ios_config:
        lines:
          - description test
          - shutdown
          - ip address 172.31.1.1 255.255.255.0
        parents: interface GigabitEthernet2

In the next video I will introduce you some simple troubleshooting commands in ansible.

 

Back to: Ansible for Network Engineers > ansible playbook

Leave a Reply

Your email address will not be published. Required fields are marked *


Post comment