Notes Ansible

Ansible Network

Tâches supplémentaires

  • désactiver les bannières

Spécificités automation réseau : https://docs.ansible.com/ansible/2.5/network/getting_started/network_differences.html

Types de connexion Ansible

https://docs.ansible.com/ansible/latest/network/user_guide/platform_index.html

Connexion IOS CLI

Exemple IOS CLI group_vars/ios.yml

ansible_connection: network_cli
ansible_network_os: ios
ansible_user: myuser
ansible_ssh_pass: !vault...
ansible_become: yes
ansible_become_method: enable
ansible_become_pass: !vault...
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'

Exemple NXOS CLI group_vars/nxos.yml

ansible_connection: network_cli
ansible_network_os: nxos
ansible_user: myuser
ansible_ssh_pass: !vault...
ansible_become: yes
ansible_become_method: enable
ansible_become_pass: !vault...
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'

Exemple NX-API group_vars/nxos.yml

ansible_connection: httpapi
ansible_network_os: nxos
ansible_user: myuser
ansible_ssh_pass: !vault...
proxy_env:
  http_proxy: http://proxy.example.com:8080

Exemples proposés ICND2

  • Tripod RIPv2, OSPFv2, OSPFv3, EIGRP-4, EIGRP-6
  • Campus LAN : VTP, DTP, 802.1Q, First Hop Security, HSRP-4, HSRP-6, PVST+ Load balancing, OSPFv2, OSPFv3, EIGRP-4, EIGRP-6, Internet Gateway
  • NAT
  • Infrastructure : DNS, NTP, SNMPv3, DHCP, RA, DHCPv6 stateful, DHCPv6 stateless

en IOSv, IOS-XE, NX-OS

Construction de roles

  • enable dhcp server
  • enable dhcp relay server
  • enable dns cache server
  • RA disable SLAAC
  • RA enable dhcpv6 Stateless
  • RA enable dhcpv6 Stateful
  • enable dhcpv6 Stateless server
  • enable dhcpv6 Stateful server
  • enable ntp server
  • enable ntp client

Modules à exploiter

Mise en place de playbooks

Roles :

  • Activer des interfaces
  • Activer IPv4
  • Activer IPv6

Suggestions

  • STP Tree
  • Switchport Hardening

Roles :

  • OSPF Router
  • EIGRP Router

Structure

Définition des Variables

Définition d’un livre de jeu

Concepts

  • Playbook ou AdHoc Mode
  • Facts
  • Variables

Langages

  • YAML
  • Jinja2

Push Model

Structure

  • Hosts
  • hosts_vars
  • roles

Facts

Variables

handlers

Notes

  • Installation de Ansible sur la machine de contrôle
  • Approvisionnement de l’infrastructure
  • Création d’un livre de jeu (playbooks)
    • dossier du livre de jeu
    • fichier de configuration ansible.cfg
    • Fichier(s) d’inventaire
    • Modules
  • Automation système
    • Déploiement
    • Récupération de données

Installation Ansible AWX

Dépendances

sudo -i
apt-add-repository ppa:ansible/ansible
apt-get update
apt-get upgrade
apt-get install ansible docker docker.io git python-pip
pip install docker-py
service docker start
mkdir awx-install
cd awx-install
git clone https://github.com/ansible/awx.git
git clone https://github.com/ansible/awx-logos.git
cd awx/installer/

Configuration de l’installation

cat ./inventory

Lancement de l’installation

ansible-playbook -i inventory install.yml

Source: Ansible Linklight - Networking

This content is a multi-purpose toolkit for effectively demonstrating Ansible’s capabilities on network equipment (Arista, Cisco, Cumulus, Juniper etc) or providing informal workshop training in various forms – instructor-led, hands-on or self-paced.

Presentation

Want the Presentation Deck? Its right here: Ansible Networking Linklight Deck

Ansible Engine Networking Exercises

  • Lab 01: Using Ansible to gather data from network devices
  • Lab 02: Using Ansible to configure, backup and restore
  • Lab 03: Using Ansible for templating as well as utilizing parsers

Network Diagram

Red Hat Ansible Automation

Additional information

Red Hat Ansible Automation

Red Hat® Ansible® Automation consists of three products:

  • Red Hat® Ansible® Tower: Built for operationalizing and scaling automation, managing complex deployments and speeding up productivity. Extend the power of Ansible Tower with Workflows and Surveys to streamline jobs and simple tools to share solutions with your team.

  • Red Hat® Ansible® Engine: a fully supported product built on the foundational capabilities of the Ansible project. Also provides support for select modules including Infoblox.

  • Red Hat® Ansible® Network Automation: provides support for select networking modules from Arista (EOS), Cisco (IOS, IOS XR, NX-OS), Juniper (JunOS), Open vSwitch, and VyOS. Includes Ansible Tower, Ansible Engine, and curated content specifically for network use cases.

Automation gns3-server

Pré-requis : instructions de virtualisation activée ou virtualisation imbriquée.

Livres de jeu pour installer gns3-server :

Role Ansible-Galaxy pour installer gns3-server :

Collections Ansible-Galaxy pour interagir avec l’API REST de serveurs GNS3 grâce à gns3fy :

Checks :

  • Nested Virt
  • Ubuntu Bionic

Procédure :

  • Terraform
    • Scaleway
    • GCP
    • Azure
    • Packet
    • AWS
  • Ansible
    • libvirtd
    • openvpn
    • docker-engine
    • fail2ban
    • gns3-server
    • routing
    • file sync