You woke up one morning in a cold sweat from a nightmare you had about a potential network security breach. You realized that your network contains valuable digital assets that should be protected. You have been doing your job as a network administrator, so it is pretty secure, but you want to put more security measures around your network devices just to be sure.
To start with, you break the objective down into two actionable items:
- Upgrading the devices to the latest version of the software, which requires:
- Uploading the image to the device.
- Instructing the device to boot from the new image.
- Proceeding to reboot the device.
- Verifying that the device is running with the new software image.
- Configuring the appropriate access control list on the networking devices, which includes the following:
- Constructing the access list on the device.
- Configuring the access list on the interface, which in most cases is under the interface configuration section so that it can be applied to the interfaces.
Being an automation-focused network engineer, you want to write scripts to reliably configure the devices and receive feedback from the operations. You begin to research the necessary commands and APIs for each of the steps, validate them in the lab, and finally deploy them in production. Having done a fair amount of work for OS upgrade and ACL deployment, you hope the scripts are transferable to the next generation of devices. Wouldn't it be nice if there was a tool that could shorten this design-develop-deployment cycle?
In this chapter and in Chapter 5, The Python Automation Framework – Beyond Basics, we will work with an open source automation tool called Ansible. It is a framework that can simplify the process of going from business logic to network commands. It can configure systems, deploy software, and orchestrate a combination of tasks. Ansible is written in Python and has emerged as one of the leading automation tools supported by network equipment vendors.
In this chapter, we will take a look at the following topics:
- A quick Ansible example
- The advantages of Ansible
- The Ansible architecture
- Ansible Cisco modules and examples
- Ansible Juniper modules and examples
- Ansible Arista modules and examples
At the time of writing this book, Ansible release 2.5 is compatible with Python 2.6 and 2.7, with Python 3 support recently coming out of the technical review. Just like Python, many of the useful features of Ansible come from the community-driven extension modules. Even with Ansible core module supportability with Python 3, many of the extension modules and production deployments are still in Python 2 mode. It will take some time to bring all the extension modules up from Python 2 to Python 3. Due to this reason, for the rest of this book, we will use Python 2.7 with Ansible 2.2.
Why Ansible 2.2? Ansible 2.5, released in March 2018, offers many new network module features with a new connection method, syntax, and best practices. Given its relatively new features, most of the production deployment is still pre-2.5 release. However, in this chapter, you will also find sections dedicated to Ansible 2.5 examples for those who want to take advantage of the new syntax and features.
As one can tell from the previous chapters, I am a believer in learning by examples. Just like the underlying Python code for Ansible, the syntax for Ansible constructs are easy enough to understand, even if you have not worked with Ansible before. If you have some experience with YAML or Jinja2, you will quickly draw the correlation between the syntax and the intended procedure. Let's take a look at an example first.