Ansible Tool Configuration Guide

9 min

preface preface this document provides a detailed guide on deploying and configuring the ansible automation tool target audience target audience this manual is primarily intended for the following engineers • solution planners and implementers • network administrators responsible for network configuration and maintenance • test personnel relevant personnel should possess the following competencies • familiarity with asterfusion packetbroker network switch products • understanding of relevant computer networking principles applicable hardware models applicable hardware models standard products standard products https //cloudswit ch/product/16x1g rj45 poe switch enterprise sonic/ 16x1g rj45 poe+\@150w 3 access switch, 2x10gb sfp+ uplinks, enterprise sonic distribution https //cloudswit ch/product/24 port 25g 2x100g core switch sonic nos/ 24 x 25gb sfp28/ 10gb sfp+, 2x 100gb qsfp28 uplinks, l3 core/leaf switch, marvell aldrin3 chip https //cloudswit ch/product/24x10gb 6x100gb switch enterprise sonic/ 24x10g sfp+ l3 leaf & core switch, 6 x 100g qsfp28 /40g qsfp+ uplinks, sonic nos, marvell prestera aldrin2 chip https //cloudswit ch/product/48x10gb sfp 6x100gb qsfp28 l3 leaf core switch enterprise sonic/ 48x 10gb sfp+, 6x 100gb qsfp28/40gb qsfp+ l3 leaf core switch, enterprise sonic, marvell prestera aldrin2 chip https //cloudswit ch/product/48 port 25g switch witch marvell octeon dpus/ 48 port 25gb sfp28 switch with 6x100g uplink, enterprise sonic, marvell falcon + octeon 10 cn103 https //cloudswit ch/product/48 port 25g aggregation switch sonic os/ 48x25gb sfp28, 8x100gb qsfp28 l3 core/spine switch, enterprise sonic ready, marvell falcon https //cloudswit ch/product/32 port 100g qsfp28 aggregation switch sonic/ 32x100gb qsfp28 spine and core switch enterprise sonic ready marvell falcon https //cloudswit ch/product/32x400g aggregation switch enterprise sonic/ 32 port 400 gbe qsfp dd l3 spine/core switch, enterprise sonic ready, marvell falcon environment deployment environment deployment ansible is an automation tool that can configure devices by invoking sonic cli configuration synchronization between the command line, controller, and web ui can be guaranteed when the command line format meets the requirements deploy ansible on the server deploy ansible on the server this section uses rocky linux 9 6 (blue onyx) running on a virtual machine as an example install ansible pip3 install ansible the required files are as follows you may directly edit the files or extract the attachments the relevant file structure is as follows eric\@mypc \\ \\$ tree ├── ansible cfg ├── group vars │ └── sonic yml ├── host vars │ └── sonic1 yml ├── inventory ├── library │ └── sonic klish py └── site yml 3\ ansible cfg specify the device information file as inventory \[defaults] inventory = inventory host key checking = false retry files enabled = false gathering = explicit stdout callback = yaml inventory specify the ip address, username, and password of the remote device \[sonic] sonic1 ansible host=192 168 1 103 ansible user=admin ansible password=asteros 5\ group vars/sonic yml no changes needed \# group vars/sonic yml host "{{ ansible host }}" user "{{ ansible user }}" password "{{ ansible password }}" in host vars/sonic1 yml, two sets of command line configurations to be deployed are as follows config vlan cmd | configure vlan 3003 end exit config acl test cmd | configure access list l3 test1 ingress priority 500000 rule 1 packet action permit redirect action ethernet 11 exit interface ethernet 11 acl test1 end exit library/sonic klish py no changes needed; simply call the cli command \#!/usr/bin/env python3 import tempfile, subprocess, os from ansible module utils basic import ansiblemodule def main() mod = ansiblemodule( argument spec=dict(commands=dict(required=true, type='str'), host=dict(required=true, type='str'), user=dict(required=true, type='str'), password=dict(required=true, type='str', no log=true)), supports check mode=false ) cmds = mod params\['commands'] host = mod params get('host') user = mod params get('user') passwd = mod params get('password') tmpfile = tempfile mktemp() with open(tmpfile, 'w') as f f write(cmds) ssh opts = " o stricthostkeychecking=no o userknownhostsfile=/dev/null" try cp = \["sshpass", " p", passwd, "scp"] + ssh opts split() + \[tmpfile, "{}@{} /tmp/klish cmds" format(user, host)] subprocess check call(cp, stdout=subprocess devnull) exe = \["sshpass", " p", passwd, "ssh"] + ssh opts split() + \\ \["{}@{}" format(user, host), "sonic cli", "<", "/tmp/klish cmds"] out = subprocess check output(exe, stderr=subprocess stdout) except subprocess calledprocesserror as e mod fail json(msg=e output) finally os unlink(tmpfile) mod exit json(changed=true, stdout=out) if name == ' main ' main() set up the test case by adding two new tasks that call config acl test cmd and config vlan cmd respectively \ hosts sonic gather facts no tasks \ name push klish commands sonic klish commands "{{ config acl test cmd }}" host "{{ host }}" user "{{ user }}" password "{{ password }}" delegate to localhost register result \ name push klish commands 1 sonic klish commands "{{ config vlan cmd }}" host "{{ host }}" user "{{ user }}" password "{{ password }}" delegate to localhost register result \ debug var=result stdout use case execution \[root\@localhost ansible]# ansible playbook v site yml using /home/ryan/ansible/ansible cfg as config file play \[sonic] task \[push klish commands] changed \[sonic1 > localhost] => changed=true stdout | warning permanently added '192 168 1 102' (rsa) to the list of known hosts entering cli view, please wait stty 'standard input' inappropriate ioctl for device stty 'standard input' inappropriate ioctl for device sonic# configure sonic(config)# access list l3 test1 ingress priority 500000 sonic(config l3 acl test1)# rule 1 packet action permit redirect action ethernet 13 sonic(config l3 acl test1)# exit\[j sonic(config)# interface ethernet 13 sonic(config if 13)# acl test1\[j sonic(config if 13)# end\[j sonic# exit stdout lines \<omitted> task \[debug] ok \[sonic1] => result stdout | warning permanently added '192 168 1 102' (rsa) to the list of known hosts entering cli view, please wait stty 'standard input' inappropriate ioctl for device stty 'standard input' inappropriate ioctl for device sonic# configure sonic(config)# access list l3 test1 ingress priority 500000 sonic(config l3 acl test1)# rule 1 packet action permit redirect action ethernet 13 sonic(config l3 acl test1)# exit\[j sonic(config)# interface ethernet 13 sonic(config if 13)# acl test1\[j sonic(config if 13)# end\[j sonic# exit task \[push klish commands] changed \[sonic1 > localhost] => changed=true stdout | warning permanently added '192 168 1 102' (rsa) to the list of known hosts entering cli view, please wait stty 'standard input' inappropriate ioctl for device stty 'standard input' inappropriate ioctl for device sonic# configure sonic(config)# vlan 3003 sonic(config vlan 3003)# end\[j sonic# exit stdout lines \<omitted> task \[debug] ok \[sonic1] => result stdout | warning permanently added '192 168 1 102' (rsa) to the list of known hosts entering cli view, please wait stty 'standard input' inappropriate ioctl for device stty 'standard input' inappropriate ioctl for device sonic# configure sonic(config)# vlan 3003 sonic(config vlan 3003)# end\[j sonic# exit play recap sonic1 ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0