An introduction to Ansible for Network Automation

“Streamline your network management with Ansible – the ultimate automation tool for efficient and reliable operations.”

An Introduction to Ansible for Network Automation

Tired of tedious, error-prone manual configurations on your network devices? Network automation is no longer a luxury but a necessity for managing today’s complex infrastructure. Ansible has emerged as a leading open-source solution, empowering network engineers to streamline operations, minimize human errors, and reclaim valuable time for strategic initiatives.

Network automation has quickly moved from a “nice to have” to an essential part of managing modern infrastructure. The days of manually logging into routers and switches, typing out repetitive commands, and hoping no typos sneak through are fading fast. Automation tools help us keep up with growing networks, reduce human errors, and free up time for more interesting projects. One of the standout tools in this space is Ansible.

So, what exactly makes Ansible such a popular choice among network engineers and automation professionals? Let’s break it down.

Why Ansible for Network Automation?

Ansible has become a go-to automation tool for network engineers and IT professionals due to its simplicity and power in managing network devices, servers, and applications without the need for agents. It works by connecting to devices over SSH or APIs. You describe the desired state of your network devices using simple, human-readable instructions, and Ansible efficiently handles the execution to achieve that state.

The real beauty of Ansible lies in its use of YAML (Yet Another Markup Language) for defining tasks and configurations. YAML is designed to be human-readable, making it straightforward to learn and use, even for those who aren’t primarily programmers. This accessibility makes Ansible a powerful tool for fostering collaboration between network engineers and development teams.

Key Benefits of Ansible for Network Automation

Reduce Network Errors with Ansible’s Automation Capabilities

Manual configurations are prone to human error. Ansible lets you define the correct setup once in a playbook, and it applies that configuration flawlessly and consistently across your network, significantly reducing the risk of typos and misconfigurations.

Accelerate Network Deployments Using Ansible Playbooks

Need to roll out configuration changes to multiple network devices simultaneously? Ansible’s parallel execution capabilities enable you to push updates to dozens or even hundreds of routers and switches in a single operation, saving countless hours compared to manual methods.

Ensure Consistent Network Configurations with Ansible’s Idempotency

Ansible is idempotent, meaning it only makes changes if a device’s current state doesn’t match the desired state defined in your playbook. If everything is already configured correctly, Ansible does nothing. This ensures that your network configurations remain uniform and prevents unintended changes.

Automate Repetitive Network Tasks and Free Up Engineering Time

Routine network administration tasks, such as device backups, software upgrades, security compliance checks, and VLAN provisioning, can be automated with Ansible. This frees up valuable time for network engineers to focus on more complex problem-solving, strategic planning, and innovation.

Scale Your Network Automation with Ansible’s Flexible Architecture

Whether you’re managing a small lab environment or a large-scale service provider network, Ansible’s architecture is designed to scale with your growing infrastructure needs. You can easily manage an increasing number of devices without significant changes to your automation workflows.

Agentless Network Automation: Simplify Management and Security with Ansible

Unlike some other automation tools, Ansible operates in an agentless manner. It communicates with network devices over standard protocols like SSH and network APIs, eliminating the need to install and manage agents on every device. This simplifies deployment, reduces overhead, and enhances security by minimizing the attack surface.

Getting Started with Ansible

If you’re new to Ansible, don’t worry—it’s designed to be approachable. Here’s a quick overview of how to begin automating your network devices. Basic networking knowledge and SSH access to your devices are helpful prerequisites.

Step 1: Install Ansible

Ansible works on Linux, macOS, and Windows (via WSL or virtual environments). Installation is straightforward:

• For Linux (Debian/Ubuntu):
  sudo apt install ansible
• For Red Hat-based systems:
  sudo yum install ansible
• For macOS (with Homebrew):
  brew install ansible

After installing, check that it’s working:

ansible --version

ansible [core 2.15.1]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/your_user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/your_user/.ansible/collections:/usr/share/ansible/collections
  python version = 3.11.4 (main, Jun  7 2023, 11:52:19) [GCC 13.1.0]
  jinja version = 3.1.2
  libyaml = True

Step 2: Define Your Inventory

Links to the playbooks, ansible.cgf, host and lab files can be found on my Ansible GitHub

The Ansible inventory file acts as a roadmap, defining the devices Ansible will manage. You can organize your devices into logical groups, making it easier to target specific sets of equipment. A simple hosts file might look like this:

[routers]
London ansible_host=192.168.47.194
Manchester ansible_host=192.168.47.132
asia ansible_host=192.168.47.226
Americia ansible_host=192.168.47.217

[routers:vars]
ansible_user=YouTube
ansible_ssh_pass=YouTube1
ansible_port=22
ansible_connection=network_cli
ansible_network_os=cisco.ios.ios

[switches]
Mgmt_Switch_london ansible_host=192.168.1.20
Mgmt_Switch_newyork ansible_host=10.0.1.15
Mgmt_Switch_tokyo ansible_host=172.16.5.25

[switches:vars]
ansible_user=YouTube123
ansible_ssh_pass=YouTube123
ansible_port=22
ansible_connection=network_cli

[servers]
web_server_01 ansible_host=192.168.2.100
db_server_02 ansible_host=192.168.2.101
app_server_03 ansible_host=192.168.2.102

[servers:vars]
ansible_user=linux_admin
ansible_ssh_pass=server_pw
ansible_port=22
ansible_connection=ssh

You can also use a dynamic inventory that pulls devices from a source like a database or API or even from an inventory management platform like Netbox —useful for larger environments.

Step 3: Write Your First Playbook

Ansible playbooks, written in human-readable YAML, define the desired state of your network. They consist of plays that target specific hosts (defined in your inventory) and contain a series of tasks executed by Ansible modules. Here’s a simple example to configure a router banner:

- name: Configure router banner
  hosts: routers
  gather_facts: no
  tasks:
    - name: Set login banner
      cisco.ios.ios_banner:
        banner: login
        text: |
          Unauthorized access prohibited.
          Only YouTube members are allowed access.
          Please contact Richard Killeen for more information.
        state: present

This playbook targets all devices within the routers group and uses the ios_config module to set a login banner on Cisco IOS devices.

Step 4: Run the Playbook

Once your playbook is ready, use this command to execute it:

ansible-playbook 1st-playbook.yml

Ansible connects to the devices listed in your inventory, runs the tasks, and gives you a summary of what changed.

(RichardKilleen) dickie@Beelink-Max:~/RichardKilleen$ ansible-playbook 1st-playbook.yml

PLAY [Configure router banner] *********************************************************************************************************************************************************************

TASK [Set login banner] ****************************************************************************************************************************************************************************
ok: [London]
ok: [Manchester]
ok: [asia]
ok: [Americia]

PLAY RECAP *****************************************************************************************************************************************************************************************
Americia                   : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
London                     : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
Manchester                 : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
asia                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Best Practices for Ansible in Network Automation

To maximise the effectiveness of Ansible in your network automation efforts, consider adopting these best practices:

• Understand Your Network Thoroughly: Before automating any tasks, ensure you have a clear understanding of your network topology, device configurations, and the specific tasks that are suitable for automation.
• Utilize Standard Naming Conventions: Implement consistent naming conventions for your inventory groups, hosts, playbooks, and variables. This improves organization and makes your automation workflows easier to understand and maintain.
• Implement Version Control (e.g., Git): Store your Ansible playbooks, inventory files, and variable files in a version control system like Git. This enables you to track changes, collaborate effectively with team members, and easily roll back to previous versions if necessary.
• Develop Modular Playbooks: Break down your automation tasks into smaller, reusable playbooks. This promotes code reusability, simplifies troubleshooting, and makes your automation more manageable.
• Leverage Variables and Roles: Use Ansible variables to parameterize your playbooks, allowing you to apply the same logic across different environments or devices with varying configurations. Ansible Roles provide a structured way to organize and share playbooks, tasks, handlers, variables, and templates.
• Thoroughly Test Before Deployment: Always test your Ansible playbooks in a non-production (e.g., lab) environment before applying changes to your live network. This helps identify and resolve any potential issues before they impact your production infrastructure.
• Maintain Comprehensive Documentation: Document your playbooks, the variables they use, and any specific considerations or dependencies. Clear documentation is crucial for maintainability and knowledge sharing within your team.
• Conduct Regular Reviews and Updates: Networks evolve, and your automation scripts should too. Regularly review your Ansible playbooks to ensure they align with your current network environment and automation goals. Update them as needed to reflect changes in your infrastructure or operational procedures.

For managing larger network environments such as large enterprise, data centre or service provider networks and enhancing collaboration, consider exploring Ansible Tower (or its open-source upstream project, AWX). These platforms provide a web-based interface for managing Ansible projects, scheduling playbook runs, role-based access control, and real-time monitoring of automation tasks.