Operation and Maintenance Junior Series-ansible and cisco(1)
Sao Nian Operation and Maintenance Youth
ansible and cisco
1. A series of article descriptions
2. Prerequisites
3. Introduction to ansible
4. Installing ansible
5. Using ansible to manage a single switch
1) Topology diagram
2) Configuration
3) Ad hoc commands
6. Using ansible to manage multiple switches
1. Description of the series of articles
This series of articles mainly talk about how to use ansible to manage and configure cisco switch routers in batches. Of course, this series of articles will also be divided into 2-3 articles, ranging from a single device to multiple devices, from no playbook to a playbook.
2. Prerequisites
- CCNA knowledge
- Understanding YAML
- Understand the use of Linux
Three, ansible introduction
Ansible is a python-based automated operation and maintenance tool. The main python modules used are paramiko, which we talked about before, and jinja2, which we haven’t talked about. Ansible provides a simpler way to manage large quantities of equipment. If readers need more specific explanations, please Baidu by yourself.
Fourth, install ansible
Centos uses yum to install ansible
1[root@yunwei ~]# yum install ansible -y
2Dependencies Resolved
3
4=============================================================================================================================================================================================
5 Package Arch Version Repository Size
6=============================================================================================================================================================================================
7Installing:
8 ansible noarch 2.4.2.0-2.el7 extras 7.6 M
9Installing for dependencies:
10 PyYAML x86_64 3.10-11.el7 base 153 k
11 libyaml x86_64 0.1.4-11.el7_0 base 55 k
12 python-babel noarch 0.9.6-8.el7 base 1.4 M
13 python-cffi x86_64 1.6.0-5.el7 base 218 k
14 python-enum34 noarch 1.0.4-1.el7 base 52 k
15 python-httplib2 noarch 0.9.2-1.el7 extras 115 k
16 python-idna noarch 2.4-1.el7 base 94 k
17 python-jinja2 noarch 2.7.2-3.el7_6 updates 518 k
18 python-paramiko noarch 2.1.1-9.el7 updates 269 k
19 python-passlib noarch 1.6.5-2.el7 extras 488 k
20 python-ply noarch 3.4-11.el7 base 123 k
21 python-pycparser noarch 2.14-1.el7 base 104 k
22 python-six noarch 1.9.0-2.el7 base 29 k
23 python2-cryptography x86_64 1.7.2-2.el7 base 502 k
24 python2-jmespath noarch 0.9.0-3.el7 extras 39 k
25 python2-pyasn1 noarch 0.1.9-7.el7 base 100 k
26 sshpass x86_64 1.06-2.el7 extras 21 k
27
28Transaction Summary
29=============================================================================================================================================================================================
30Install 1 Package (+17 Dependent packages)
You can see that many python modules are installed, such as paramiko and jinja2
- After the installation is complete, the /etc/ansible/ directory will be automatically generated
1[root@yunwei ~]# ls /etc/ansible/
2ansible.cfg hosts roles
3[root@yunwei ~]#
-
ansible.cfg
ansible.cfg is the configuration file of ansible. The default configuration of ansible is in it and can be modified.
- The hosts
file is the hostname/IP file, this file specifies the scope of ansible.
Five, use ansible to manage a single switch
1) Topological diagram
2) Configuration
- Modify the ansible configuration file
Modify the ansible configuration file, remove the following line comment, this line means that when logging in ssh, it is to check whether there is a key for the IP in the known_hosts file. The default is to check. If it does not exist, then the login fails. At this time, you can manually ssh once, and ssh will automatically add the key to the known_hosts file, or uncomment it to prevent it from checking the file.
1host_key_checking = False
- Clear and configure the hosts file.
Only if the host exists in the hosts file, we can operate on this host.
1[root@yunwei ansible]# echo > hosts
2[root@yunwei ansible]# cat hosts
3[cisco] # 组名
4192.168.108.251 # 组成员
5192.168.108.252
6192.168.108.253
7[centos]
8192.168.100.225
9[root@yunwei ansible]#
- Use the ansible command to check whether the host is reachable (note: the IOS on my GNS does not support the ping module)
1[root@yunwei ansible]# ansible 192.168.100.225 -m ping -u root -k
2SSH password:
3192.168.100.225 | SUCCESS => {
4 "changed": false,
5 "ping": "pong"
6}
- Parameter explanation
- m: Specify the module to be used, all network modules can be viewed here
- u: Specify the login user name
- k: Enter password interactively
3) ad hoc command
The ad hoc command generally only executes one command and has a single function.
- Use ansible to query the vlan information of the switch
1[root@yunwei ansible]# ansible 192.168.108.251 -m raw -a "show vlan" -u cisco -k
2SSH password:
3192.168.108.251 | SUCCESS | rc=0 >>
4
5
6VLAN Name Status Ports
7---- -------------------------------- --------- -------------------------------
81 default active Et0/0, Et0/2, Et0/3, Et1/0
9 Et1/1, Et1/2, Et1/3, Et2/0
10 Et2/1, Et2/2, Et2/3, Et3/0
11 Et3/1, Et3/2, Et3/3
1210 V10 active
1320 V20 active
1430 V30 active
1540 V40 active
1650 V50 active
1760 V60 active
1870 V70 active
1980 V80 active
2090 V90 active
21100 V100 active
221002 fddi-default act/unsup
231003 token-ring-default act/unsup
241004 fddinet-default act/unsup
251005 trnet-default act/unsup
26
27VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
28---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
291 enet 100001 1500 - - - - - 0 0
3010 enet 100010 1500 - - - - - 0 0
3120 enet 100020 1500 - - - - - 0 0
3230 enet 100030 1500 - - - - - 0 0
3340 enet 100040 1500 - - - - - 0 0
3450 enet 100050 1500 - - - - - 0 0
3560 enet 100060 1500 - - - - - 0 0
3670 enet 100070 1500 - - - - - 0 0
3780 enet 100080 1500 - - - - - 0 0
3890 enet 100090 1500 - - - - - 0 0
39100 enet 100100 1500 - - - - - 0 0
401002 fddi 101002 1500 - - - - - 0 0
411003 tr 101003 1500 - - - - - 0 0
421004 fdnet 101004 1500 - - - ieee - 0 0
431005 trnet 101005 1500 - - - ibm - 0 0
44
45Remote SPAN VLANs
46------------------------------------------------------------------------------
47
48
49Primary Secondary Type Ports
50------- --------- ----------------- ------------------------------------------
51Shared connection to 192.168.108.251 closed.
52
53
54[root@yunwei ansible]#
GIF
- Parameter explanation:
- m: Specify the parameters, the official raw explanation is as follows: Another is speaking to any devices such as routers that do not have any Python installed. In any other case, using the shell or command module is much more appropriate. A device with python installed to communicate.
- a: Enter the command
Six, use ansible to manage multiple switches
Remember our hosts file? We wrote the IPs we need in it and divided them into groups. In fact, we can directly operate on the groups.
- hosts file
1[root@yunwei ansible]# cat hosts
2[cisco-1]
3192.168.108.251
4[cisco-2]
5192.168.108.252
6192.168.108.253
7[centos]
8192.168.100.225
- Operate
on the group To operate on the group, just add the group name after ansible!
1[root@yunwei ansible]# ansible cisco-2 -m raw -a 'show clock' -u cisco -k
2SSH password:
3192.168.108.252 | SUCCESS | rc=0 >>
4
5*05:45:41.908 UTC Wed Jun 12 2019Shared connection to 192.168.108.252 closed.
6
7
8192.168.108.253 | SUCCESS | rc=0 >>
9
10*05:45:42.139 UTC Wed Jun 12 2019Warning: Permanently added '192.168.108.253' (RSA) to the list of known hosts.
11Shared connection to 192.168.108.253 closed.
12
13[root@yunwei ansible]#
It can be seen that the two IP addresses under the cisco-2 group of the detachment operated, and the rest did not execute commands.