![Page 1: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/1.jpg)
Sean CavanaughTechnical Marketing ManagerRed Hat Ansible [email protected]@IPvSean
Ask an Expert: Ansible Network Automation
Iftikhar KhanSenior Manager, Engineering TeamRed Hat Ansible [email protected]@ifty_k
![Page 2: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/2.jpg)
For more information or to register visit: ansible.com/automates
Tampa, FL
November 14, 2018
New York, NY
December 4, 2018
Nashville, TN
October 25, 2018
![Page 3: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/3.jpg)
For more information or to register visit: ansible.com/workshops
Portland, OR
November 6, 2018
Houston, TX
November 7, 2018
Rochester
November 7, 2018
NETWORKING WORKSHOP NETWORKING WORKSHOP NETWORKING WORKSHOP
![Page 4: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/4.jpg)
WHAT WE’RE TALKING ABOUT TODAY
httpapinet_get and net_putnew netconf modulescli_command and cli_config
New Tower 3.3 UI ImprovementsTower Credential Management for Network DevicesCustom Ansible Environment Support for Ansible Tower
Ansible Network RolesQ/A with Ifty and Sean
![Page 5: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/5.jpg)
httpapi connection plugin● New top level connection method available on Ansible 2.6 and later
● To invoke use connection: httpapi
● Initially supports○ Cisco Nexus NX-API for the NX-OS platform ○ Arista eAPI for the EOS platform
● The httpapi method is implied by the ansible_network_os
Networking Platform ansible_network_os httpapi method
Arista EOS ansible_network_os=eos eAPI
Cisco NX-OS ansible_network_os=nxos NX-API
![Page 6: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/6.jpg)
httpapi connection plugin example---- name: httpapi Playbook hosts: leaf01 connection: httpapi gather_facts: false tasks: - name: type a simple arista command eos_command: commands: - show version | json register: command_output
- name: print command output to terminal window debug: var: command_output.stdout[0]["version"]
![Page 7: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/7.jpg)
net_get and net_put● agnostic network modules
● requires connection: network_cli type
● Support SCP or SFTP transfer protocols
● Requires scp installed and enabled on control and target nodes
![Page 8: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/8.jpg)
net_get and net_put example---- name: PLAYBOOK SHOWCASING NET_GET AND NET_PUT hosts: leaf01 connection: network_cli gather_facts: false tasks: - name: COPY FILE FROM THE NETWORK DEVICE TO ANSIBLE CONTROLLER net_get: src: running_cfg_eos1.txt
- name: COPY FILE FROM THE ANSIBLE CONTROLLER TO THE NETWORK DEVICE net_put: src: temp.txt
![Page 9: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/9.jpg)
netconf● network management protocol developed and standardized by the IETF
● alternative to SSH command line (network_cli) and device APIs (httpapi)
● Three netconf specific modules
○ netconfg_get - fetch configuration/state data from NETCONF enabled network devices
○ netconf_rpc - execute operations on NETCONF enabled network devices
○ netconf_config - netconf device configuration, module allows the user to send a configuration XML file to a netconf device, and detects if there was a configuration change.
![Page 10: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/10.jpg)
netconf - converting RPC to a Playbook<rpc> <get-interface-information> <interface-name>ge-2/3/0</interface-name> <detail/> </get-interface-information></rpc>]]>]]> - name: GET INTERFACE INFO netconf_rpc: display: json rpc: get-interface-information content: interface-name: "em1.0"
![Page 11: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/11.jpg)
---- name: RUN A NETCONF COMMAND hosts: juniper gather_facts: no connection: netconf
tasks:
- name: GET INTERFACE INFO netconf_rpc: display: json rpc: get-interface-information content: interface-name: "em1.0" register: netconf_info
netconf - full example
![Page 12: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/12.jpg)
cli_command and cli_config● agnostic network modules, available Ansible 2.7 and later
● requires connection: network_cli type
![Page 13: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/13.jpg)
[cisco]rtr1 ansible_host=54.201.149.175 rtr2 ansible_host=34.222.129.140 rtr3 ansible_host=34.219.120.71
[cisco:vars]ansible_user=adminansible_network_os=ios
[arista]leaf01 ansible_host=34.217.176.5leaf02 ansible_host=34.217.176.6
[arista:vars]ansible_user=adminansible_network_os=eos
ansible_network_os identifies operating system and plugins to use
Networking Inventory
![Page 14: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/14.jpg)
---- name: AGNOSTIC PLAYBOOK hosts: cisco gather_facts: no connection: network_cli tasks:
- name: CONFIGURE DNS cli_config: config: ip name-server 8.8.8.8
- name: CHECK CONFIGURATION cli_command: command: show run | i ip name-server register: cisco_output
cli_* - full example
![Page 15: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/15.jpg)
What is Tower?
Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and RESTful API.
Red Hat Ansible Tower
https://www.ansible.com/tower
![Page 16: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/16.jpg)
Red Hat Ansible Tower● When would I need Tower vs the command-line Ansible?
○ When 2 or more people start using the same Playbooks in their organization.
○ When I need a central point of execution ○ When I need an API to control my Playbooks○ When I need integrations with TACACS+, RADIUS, SAML, AD○ When I am doing more than just networks
● How do I get started?○ Free Workshops, Free Trials (Linux, Vagrant, AWS EC2)○ Red Hat Global Learning Services: https://red.ht/2jVOvNg
![Page 17: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/17.jpg)
New Tower 3.3 UI Improvements
Credentials
Orgs, Users and Teams
Notifications
Get more things done,with less clicks!
![Page 18: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/18.jpg)
More Top Level Info under Jobs
Who launched this job
When the job was launched
What the job was launched against
![Page 19: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/19.jpg)
Network Credential Management
● Treat network devices just like servers!
● SSH keys or username/pass
● Utilizing AES-256 in CBC mode alongside a SHA-256 HMAC.
![Page 20: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/20.jpg)
Ansible Environment
● More flexibility
● Control which version of Ansible on a per-Job basis
● No more locking of Tower to specific Engine release
![Page 21: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/21.jpg)
https://galaxy.ansible.com/ansible-network
Ansible Network Roles
Network Activities for Operators
● Distributed through Ansible Galaxy
● Data driven workflows for performing network operator tasks
● Extensible and adaptable for any platform, any device
● Fully Supported through your Red Hat Subscription
![Page 22: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/22.jpg)
cloud_vpn - Network RolePurpose Providers Ansible Version
Agnostic role for creating IPSEC VPN tunnels between two clouds or endpoints.
Cloud: AWS, Azure, OpenStackEndPoints:AWS VPN, VyOS, Cisco CSR, RHEL, CentOS
2.6+
Functions Example
● create_vpn● delete_vpn
- include_role: name: ansible-network.cloud_vpn
- include_role: name: ansible-network.cloud_vpn tasks_from: delete_vpn
https://galaxy.ansible.com/ansible-network/cloud_vpn
Cisco CSR on AWS RHEL on Azure
VPN
![Page 23: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/23.jpg)
config_manager - Network RolePurpose Providers Ansible Version
platform agnostic approach tomanaging the active (running) configuration file on network devices
VyOS, Junos OS, Arista EOS, Cisco IOS, IOS-XR, IOS-XE, NX-OS
2.6+
Functions Example
● get● load● save
---- hosts: network gather_facts: false roles: - name ansible-network.config_manager function: get
https://galaxy.ansible.com/ansible-network/config_manager
Cisco IOS-XE
Juniper Junos
Arista EOS
![Page 24: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/24.jpg)
yang - Network RolePurpose Providers Ansible Version
platform agnostic approach tomanaging the active (running) configuration file on network devices
Cisco IOS-XR and Juniper Junos 2.6.2+
Functions Example
● configure● spec● fetch
- hosts: iosxr connection: netconf gather_facts: false tasks: - name: include yang role include_role: name: ansible-network.yang tasks_from: fetch
https://galaxy.ansible.com/ansible-network/yang
Cisco IOS-XE
Juniper Junos
![Page 25: Ask an Expert: Ansible Network Automation an Expert...network management protocol developed and standardized by the IETF alternative to SSH command line (network_cli) and device APIs](https://reader030.vdocuments.us/reader030/viewer/2022041012/5ebe6099e53533366247a7f7/html5/thumbnails/25.jpg)
25
github.com/network-automation
facebook.com/ansibleautomation
twitter.com/ansible