Ansible Setup And Preparation

Ansible , a great tool for Net-Ops

Sarah Williams

Ansible is a simple , agent less tool to help you automate your daily tasks. Ansible is very popular for Linux and dev-ops administrators and they use it to make their life easier. 

From simple tasks such as installation and configuration of Apache, MySQL, PostGreSQL, Tomcat , etc to complex service based configuration.

How Ansible can help us?

Ansible can help network engineers to automate the tasks. simplify the mass configurations and ensure that the configuration is done right.


How to Setup Ansible 

Installing Ansible from scratch

Keeping it simple ,to setup Ansible we need a Linux host to install Ansible. once the ansible installed, we will using ssh to the host and use ansible to communicate with our bare metal switches running Cumulus Linux.



How to install Ansible  

For Demo , we have used a Ubuntu 14.04 Server (Trusty). 

below commands will install Ansible on the host : 

$ sudo apt-get install software-properties-common 

$ sudo apt-add-repository ppa:ansible/ansible 

$ sudo apt-get update 

$ sudo apt-get install ansible


To verify that ansible is installed properly , you can use below commands

$ ansible --version

$ ansible-galaxy --help





Inventory 

List of all switches

We use an Inventory file to tell ansible what are the targets (servers, switches, routers, etc).

Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of systems listed in Ansible’s inventory file, which defaults to being saved in the location /etc/ansible/hosts.

You can create other host files and use -i paramater while calling ansible to point ansible to your inventory file.

Remember Ansible uses SSH to connect to hosts. it is very important to enable key authentication on Cumulus instead of password authentication. with key authentication we will load the key files on ansible host . with password authentication you have to specify the username and password in Ansible host file which is not recommended.

However in our demo we use the password authentication to show you how to do the basic configurations, then we will generate a key and upload it to all switches using Ansible.


to check the current available hosts use the below command

$ ansible --list-hosts all


Here we have created a inventory file for 6 bare metal switches which are all running Cumulus Linux.


/etc/ansible/hosts

[leaf-switches] 

192.168.212.131 ansible_user=cumulus ansible_ssh_pass=CumulusLinux!

192.168.212.132 ansible_user=cumulus ansible_ssh_pass=CumulusLinux!

192.168.212.133 ansible_user=cumulus ansible_ssh_pass=CumulusLinux!

192.168.212.134 ansible_user=cumulus ansible_ssh_pass=CumulusLinux!

[spine-switches] 

192.168.212.135 ansible_user=cumulus ansible_ssh_pass=CumulusLinux!

192.168.212.136 ansible_user=cumulus ansible_ssh_pass=CumulusLinux!


And we can verify that by entering the below command 


$ ansible --list-hosts all




Now we have added our switches to the inventory list. ansible knows what are the leaf and spine switches.

We can use Ansible ping to verify reachability to the switches.  Remember the Ansible Ping is not ICMP echo ping, instead it uses SSH to check reachability and logging in to the hosts.



You will receive some warning about the ssh key fingerprint as this is the first time the ansible host is connecting to Cumulus switches.

You need to type yes for each host.





 Tasks

You define the tasks, Ansible will do all

Now Ansible has access to bare metal switches running Cumulus Linux. we can continue to execute tasks on switches.

starting by simple tasks , getting the host name of the switches:

$ ansible -m command -a "hostname" all




Playbooks 

Inventory + Multiple Tasks 

Playbooks performs multiple tasks on a group of hosts specified in playbook file.

our goal is to create a ansible playbook which can upload the public key file to all the switches. once it is uploaded we can remove the clear text credentials from inventory file and ansible will be able to use public key to authenticate against switches.

To start we need to generate ssh key pair on ansible host. use the below command on ansible host to generate :

$ ssh-keygen


Above command will generate public and private keys and place them in user folder.

in below example, we have created a playbook file which will upload the ssh public key to all the switches.

the file format is in Yaml.


/home/DEV-OPS/manage_ssh_keys.yml 

---

- hosts: all

tasks:

- authorized_key: user=cumulus key="{{lookup('file','/home/cumulus/.ssh/id_rsa.pub')}}"


To execute the playbook use the below command :

$ ansible-playbook manage_ssh_keys.yml




Now we can delete the passwords from host file, however we will keep the user parameter as we are connecting to the switches as cumulus.


/etc/ansible/hosts

[leaf-switches]

192.168.212.131 ansible_user=cumulus

192.168.212.132 ansible_user=cumulus

192.168.212.133 ansible_user=cumulus

192.168.212.134 ansible_user=cumulus

[spine-switches]

192.168.212.135 ansible_user=cumulus

192.168.212.136 ansible_user=cumulus  


For verification we will use the ansible ping

$ ansible -m ping all




As seen we are able to access all the switches and authentication has happened based on ssh keys.


Conclusion 

 

It could be a little difficult in the beginning to setup and get used to these tools, but once you built couple of playbooks you will discover the power of Net-Ops.

This post was only the basic setup environment for Ansible Cumulus. we will cover more networking features in next posts.