Thursday, November 18, 2021

Exploring Ansible for Networking: From Ad-Hoc Commands to Playbooks

 Ansible proved to be a very useful tool that can make our life easier.

today, I am writing about my learning experience using Ansible and what my baby-steps toward the automation and programmability world of networking!

let's start with mentioning that Ansible has two ways (as I know) of configuration to interact with network devices or servers.

1. the short way > ad-hoc

2. the more advanced way > ansible playbooks

Ansible ad-hoc provides an easy and fast access to devices from your terminal and enables you to execute commands faster then the usual process, and also can help you access a list of multiple hosts at the same time and do stuff like gathering information in one line of command. 

here in my example below you can see how I used the ansible command to access a switch with ip of "10.211.10.36" and used some of the usual commands that we use on Cisco IOS to show configuration or information to do our daily tasks.












the ansible command I used was:

%ansible all -i ./hosts -m raw -a "show interface status" -u samer -k 

here the "all" means all the hosts ip addresses in the file name "hosts"

another output can be seen here below to "show arp" on the same switch:











while seeing the output like this seems very easy, but there might be some problems face you to get to the point that line of command can run without errors, so here is what I got and managed to fix with some google search:

1. Error about deffie-helman group between my MACOS and the switch which 

Fix:

Note: this error will be seen also when you try to make a direct ssh from your terminal to the switch without even using ansible, which makes it a problem in the ssh of the MACOS in this case and here is how to solve.

a. Go to cd /etc/ssh/ and use $sudo nano ssh_config

b. uncomment the following parts






c. paste the following at the end of the same file






save the changes and try to ssh again from your terminal, if that works then try your ad-hoc command and it should work fine.

2. Error about failing the connect to host via SSH and this showed up after fixing error 1 

Failed to connect to the host via ssh: mux_client_request_session: exitval sent twice\r\n"

Fix:

paste the following into the ansible.cfg file by using nano and then saving the changes

connection: local


I hope this was helpful 


Samer R. Saleem



Friday, November 5, 2021

Ansible Another Step Into Network Automation

 What is Ansible?

Ansible is a Network Automation tool, it works with YAML to push or get configs from a network device or group of devices or hosts.

Ansible works with SSH, which means you need to have NETMIKO or PARAMIKO installed along with your Python in order for Ansible codes to work.

how to Install Ansible?

simply by typing this command into your terminal (linux or MAC) $pip install ansible

you can then check your installed version using the command $ansible --version

like below:







Since we already mentioned that Ansible work with YAML as data modeling language, then this means we need to install YAML as well, you can install by:

$pip install PyYAML

below link shows more documents about YAML:

https://pypi.org/project/PyYAML/ 


NOTE: you might face problem while trying to run an Ansible code because of SSH keys between your Computer and the Network/host you are trying to connect to and this will cause an error similar to the following screen:






there is a workaround for this by adding some part in the configuration into the ansible.cfg file as below:





you can open a file and name it as ansible.cfg with nano

$nano ansible.cfg

then add

[defaults]

host_key_checking = false


save the file and run your ansible code again.


Ok, now onto writing a simple Ansible code to get_facts from a Cisco IOS device.

1. in order to do that, you need to have a list of hosts/host configured and that will be created in the same directory that I will be creating my ansible code from, which will be:

samer@Samers-MacBook-Pro ansibleproject % pwd

/Users/samer/Documents/ansibleproject







[cisco] is the group of devices/hosts, so it means you can list your hosts below just like Im listing (10.211.10.36) here for my testing.

[cisco:vars] as you can see is the other information like the OS and username and password of the device/host listed in group Cisco above.

Ok now let us create the Ansible code, which will be by creating a file that I named as test.yml (YAML) format file.








as you can see the file starts with (---)

then (-) name, group of hosts, connection type (SSH), then the tasks that ansible will be doing on the host (tasks:)

NOTE: white-spaces are really important and you will face problem in running the codes if you did not have the correct spacing. 

example of error caused by missing space:







Ok, so our ansible task will be to get the software version of the host (10.211.10.36) and this is done with the last task named "VIEW OS VERSION" which has the var: ansible_net_version

how to run the code now?

$ansible-playbook -i hosts testing.yml

Of course my terminal is already inside the same directory, if your path was not in same directory then you need to add the full path for the files.

(-i) here means inventory which means play ansible against the inventory in the path hosts and the ansible file is testing.yml

ansible will check the hosts/groups in the file called hosts and use the login information in the [var] to login to the host using SSH (NETMIKO/PARAMIKO).

once you fix all of the white-spaces issues and run the code, you should get the following screen of output:






The green screen! OK=1 and failed=0.


Note, you can use ad-hoc command for ansible to push fast commands and do things quickly on one host using the following format:

$ansible 10.211.10.36 -m raw -a "show version" -u samer -k

where k is prompt for password.

this is my introduction into Ansible for Network Automation.


good resources can be found here:

https://developer.cisco.com/startnow/

https://docs.ansible.com/ansible/latest/collections/cisco/ios/ios_command_module.html#examples

https://learningnetwork.cisco.com/s/question/0D53i00000mt0ZGCAY/mastering-ansible-for-the-devnet-associate-exam-derek-winchester




I hope this was useful.

Samer R. Saleem




Securing Small Businesses: A Roadmap to Continuity and Confidence

  In an ever-expanding world of cyberspace, the prevalence of cyber-attacks grows daily. Allocating budgetary resources to network and cyber...