First Adventure with Ansible

So — Ansible… I saw the post from Jason* a while back and was very intrigued, then I saw the post(s) from Kirk** and was even more intrigued; BUT I unfortunately put it on the back burner while doing my SP lab studies. To be honest it all looked a bit over my head (not being very *nix competent). Well I was talking to my co-worker up here in Seattle about an upcoming project that he’s got, and turns out there will be a lot of repetitive configs to do. I sent him a link to the above sites and he just totally ran with it. The next day I saw him at the office he showed me this at work building multiple configs just based off of variables for each device with a single process. Super cool!

I guess at this point, the question is: how is this any better than using Excel w/ variables, or some VB script, a Python script, or even just ‘find+replace’? Well on the face of it maybe there isn’t a super compelling reason since all of those methods do the same thing at the end of the day. For me, the interesting points in favor of Ansible is that it can do stuff to things other than a text file — Ansible can be used to a far greater extent — dynamic host/variable files, actually deploying configurations, doing config diff type work, and do server stuff too! At this point, all I know first hand is that Ansible can do some cool config creation, and update text file configs (basically diff existing conifgs and update with appropriate variables etc.), but I’m hoping to do some more learning/labbing and see if I can get it to push configs to real devices and do config diffs etc.

The rest of this post is a combination of several things: Kirk’s post and all his examples, help from my co-worker to help clarify some of the *nix stuff for me, and some trial and error. I tried to comment everything out to explain in layman’s terms what each line/section was doing. I hope that they make sense and are accurate! 🙂

Basic Installation:

# use pip to install
sudo easy_install pip
sudo pip install ansible

# make directory for ansible host files in the etc directory
sudo mkdir /etc/ansible

# create your host file in /etc/ansible, example as follows:
localhost ansible_ssh_user=[put your username here]

# make sure you have a local public key for SSH for whatever user you are using
ssh-keygen -t rsa -C “[put your username here]”

# after making the key, ensure that it’s in the .ssh authorized_keys file; I was just copying the key, but as my co-worker pointed out that would overwrite any existing config, so use cat to append to the file instead
cat ~/.ssh/ >> ~/.ssh/authorized_keys

# Super important note — on OSX, go to system pref, sharing, and enable remote login! If this is not enabled you won’t be able to SSH to local host and that breaks what we are trying to do

Initial Testing:

# at this point, you should be able to test running ansible against the localhost and have success
ansible -m ping

# this should result in: | success >> {
“changed”: false,
“ping”: “pong”

Create File Structure:

# make directory for ansible roles/tasks; putting mine in dropbox to make life easy for me
mkdir /Users/[user]/Dropbox/Ansible

# within the new directory, create directories for ‘configs’ and ‘roles’
cd /Users/[user]/Dropbox/Ansible
mkdir configs
mkdir roles

# within roles, create a ‘router’ role for testing, within ‘router’ create ‘tasks’ ‘templates’ and ‘vars’
mkdir /roles/router
mkdir /roles/router/tasks
mkdir /roles/router/templates
mkdir /roles/router/vars

Create Initial Files

# create a site file in yaml format; good link describing this:
# basically each site will have a site (perhaps customer in my case), the site will define which hosts are in the site, and which roles are applied to hose hosts; i believe that we can have multiple ‘names’ within the yaml file, and that each of those names (Routers, Edge Routers, Access Switch, etc.) can have different roles assigned within the file — also hosts can be assigned to multiple roles/names. This is a super simple initial test config
# last note; this is in the root ansible directory in my dropbox folder
vi site.yml

– name: Generate Configs for Site
hosts: localhost

– router

# create a tasks file; this is in /roles/router/tasks/
vi /roles/router/tasks/main.yml

– name: Generate Configs for Site
template: src=IOS_RTR_Test.j2 dest=/Users/[user]/Dropbox/Ansible/configs/{{item.hostname}}.txt
with_items: IOS_RTR_TEST

# create a file that holds the variables that will be put into the template, this will be put into /roles/router/vars
# important note: this variables file appears to need to be the same name as the tasks file!
vi /roles/router/vars/main.yml

– {hostname: TEST1}
– {hostname: TEST2}

# create our basic template, that includes our items to be replaced by ansible; this will go in /roles/router/templates
vi /roles/router/templates/IOS_RTR_Test.j2
hostname {{item.hostname}}

Here are some awesome links that were instrumental in getting this working, the first is Kirk Byers website who is a total stud and is running an awesome Python for Network folks email class that I’ve been digging. The second is a co-worker Jason Edelman out of the opposite side of the country who’s blog I found totally by accident but am also digging, you should check them both out.


I also had a lot of help from my co-worker up here in the Seattle area — especially surrounding the SSH key stuff since all that in unix/linux is foreign to me.




Totally posted that all without actually showing how to run the script to do a thing, so heres how to do that. From your Ansible directory (in my case the one in Dropbox), run the following:

ansible-playbook site.yml

This makes lotsa cool output happen on the terminal, then POOF you have two config files (if you did the same test stuff as in this post) sitting in your configs file. Cool part here is that you can go in and change the hostnames of these files (the actual configs) then go back in and re-run the playbook and it updates the hostnames automagically… lots of magicness happening here.

2 thoughts on “First Adventure with Ansible

  1. Can you expand on some of the ssh problems and solutions. I can ping the localhost but I’m failing to authenticate on the switch.I can ssh to it no problem from term but I’m prompted for a password everytime. I think the problem is with the key exchange.

    • If you’re just running this locally to generate configs, there’s no need to connect via SSH. Try adding ” gather_facts: no” under “hosts: localhost” in the site.yml file.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.