├── README.md ├── add_vlan-oldmethod.yml ├── add_vlan.py ├── add_vlan.yml ├── ansible.cfg ├── backup-oldmethod.yml ├── backup.py ├── backup.yml ├── backup_location.yml ├── change_snmp_password-oldmethod.yml ├── change_snmp_password.py ├── change_snmp_password.yml ├── group_vars └── all ├── hostname.conf ├── hostname.yml ├── hostname_napalm.yml ├── hosts ├── images └── rh-ansible-automation.png ├── ipaddress-oldmethod.yml ├── ipaddress.py ├── ipaddress.yml ├── nxos_base.cfg ├── prompt_example.yml ├── showversion-oldmethod.yml ├── showversion.yml └── showversion_napalm.yml /README.md: -------------------------------------------------------------------------------- 1 | # Ansible and NAPALM Samples 2 | This GitHub Repo focuses on comparing [Ansible](https://www.ansible.com/network-automation) and [NAPALM](https://github.com/napalm-automation/napalm) on Cisco NX-OS and Arista EOS. 3 | 4 | Ansible is powerful automation software that you can learn quickly. Ansible is an open source project, Ansible Engine is the product you can buy enterprise support for. NAPALM is actually a Python library that implements a set of functions to interact with different router vendor devices using a unified API. NAPLAM isn't a product, but rather another open source project with a community behind it. While many networking use-cases can potentially overlap the two tools augment each other rather than compete directly. There are even [NAPALM Ansible modules](https://github.com/napalm-automation/napalm-ansible). 5 | 6 | ## Table of Contents 7 | - [Example 1 - Backing up a Config](#example-1---backing-up-a-config) 8 | - [Example 2 - Adding an IP address to an interface](#example-2---adding-an-ip-address-to-an-interface) 9 | - [Example 3 - Adding a new VLAN](#example-3---adding-a-new-vlan) 10 | - [Example 4 - Change the SNMP password](#example-4---change-the-snmp-password) 11 | 12 | NAPALM also has [Ansible modules](https://github.com/napalm-automation/napalm-ansible) so you can use Ansible to run NAPLAM. Example 5 and 6 shows NAPALM being used in conjunction with Ansible compared to native Ansible modules. 13 | 14 | - [Example 5 - Grabbing a show version](#example-5---grabbing-a-show-version) 15 | - [Example 6 - Changing hostname and domain_name](#example-6---changing-hostname-and-domain_name) 16 | 17 | 18 | ## Example 1 - Backing up a Config 19 | 20 | ### Ansible 21 | 22 | Ansible can use the nxos_config module for easy backups. There is a backup parameter that can just be turned to `yes`. This playbook is stored as [backup.yml](backup.yml) on this git repo. 23 | 24 | ``` 25 | --- 26 | - hosts: cisco 27 | connection: network_cli 28 | tasks: 29 | - nxos_config: 30 | backup: yes 31 | ``` 32 | 33 | Run the playbook with `ansible-playbook backup.yml`. Although not shown here the output will also have color output (yellow=changed, green=OK, red=failed.). 34 | 35 | ``` 36 | [root@localhost ~]# ansible-playbook backup.yml 37 | 38 | PLAY [cisco] ****************************************************************** 39 | 40 | TASK [nxos_config] ************************************************************ 41 | 42 | ok: [n9k] 43 | 44 | PLAY RECAP ******************************************************************** 45 | n9k : ok=1 changed=0 unreachable=0 failed=0 46 | ``` 47 | 48 | After running the playbook there will be a timestamped config stored under the directory backup: 49 | ``` 50 | [root@localhost ~]# ls backup 51 | n9k_config.2017-09-26@10:21:28 52 | ``` 53 | 54 | ### NAPALM 55 | 56 | NAPALM calls a backup file a *checkpoint* file and can be retrieved using the `_get_checkpoint_file()`. The code snippet below is only a portion of the code, the python script is stored in this git repo as [get_config.py](get_config.py). 57 | 58 | ```python 59 | ###config snippet, rest of config removed for brevity 60 | checkpoint = device._get_checkpoint_file() 61 | #print(checkpoint) 62 | 63 | #create the directory if it does not exist 64 | if not os.path.exists("backup"): 65 | os.makedirs("backup") 66 | 67 | f = open("backup/" + nxos_facts['hostname'] + "." + time, 'w') 68 | f.write(checkpoint) 69 | f.close 70 | device.close() 71 | ###config snippet, rest of config removed for brevity 72 | ``` 73 | 74 | Run the python program with `python backup.py`. The python program will create a folder: 75 | ``` 76 | [root@localhost naplam_examples]# ls backup/ 77 | switch.2017-09-26@15-11 78 | ``` 79 | 80 | ## Example 2 - Adding an IP address to an interface 81 | 82 | ### Ansible 83 | 84 | Ansible has a [eos_config](http://docs.ansible.com/ansible/latest/eos_config_module.html) specifically used for making config changes (either entire flat-files) or partials (in this case editing a single interface). This playbook is stored as [ipaddress.yml](ipaddress.yml) on this git repo. 85 | ``` 86 | --- 87 | - hosts: arista 88 | connection: network_cli 89 | tasks: 90 | - eos_config: 91 | lines: 92 | - no switchport 93 | - ip address 172.16.1.1/24 94 | parents: interface Ethernet1 95 | ``` 96 | 97 | To run a playbook use the `ansible-playbook` command. 98 | ``` 99 | [root@localhost ~]# ansible-playbook ipaddress.yml 100 | ``` 101 | 102 | Verify the interface is configured with a `show run int e1` 103 | 104 | ```bash 105 | eos#sh run int e1 106 | interface Ethernet1 107 | no switchport 108 | ip address 172.16.1.1/24 109 | ``` 110 | 111 | ### NAPALM 112 | 113 | This demonstration will show NAPLAM in python only mode (meaning no third party integrations). The code snippet below is only a portion of the code, the python script is stored in this git repo as [ipaddress.py](ipaddress.py). This example is configuring on NX-OS (versus Ansible that was running on Arista EOS). 114 | 115 | ```python 116 | ###config snippet, rest of config removed for brevity 117 | driver = napalm.get_network_driver('nxos') 118 | # Connect: 119 | device = driver(hostname='192.168.2.3', username='admin', 120 | password='Bullf00d') 121 | print 'Opening ...' 122 | device.open() 123 | 124 | config_string = """ interface Ethernet1/20 125 | no switchport 126 | ip address 172.16.1.1/24 """ 127 | 128 | device.load_merge_candidate(config=config_string) 129 | 130 | ###config snippet, rest of config removed for brevity 131 | 132 | device.commit_config() 133 | 134 | device.close() 135 | ``` 136 | 137 | To run the program execute the python program: 138 | ``` 139 | [root@localhost naplam_examples]# python ipaddress.py 140 | ``` 141 | 142 | Verify the interface is configured with a `show run int e1/20` 143 | ``` 144 | switch# sh run int e1/20 145 | 146 | !Command: show running-config interface Ethernet1/20 147 | !Time: Tue Sep 19 22:51:37 2017 148 | 149 | version 7.0(3)I7(1) 150 | 151 | interface Ethernet1/20 152 | no switchport 153 | ip address 172.16.1.1/24 154 | ``` 155 | 156 | ## Example 3 - Adding a new VLAN 157 | 158 | ### Ansible 159 | In addition to the [nxos_config module](http://docs.ansible.com/ansible/latest/nxos_config_module.html) we can use the [nxos_vlan module](http://docs.ansible.com/ansible/latest/nxos_vlan_module.html) to make this really easy. This playbook is stored as [add_vlan.yml](add_vlan.yml) on this git repo. 160 | ``` 161 | --- 162 | - hosts: cisco 163 | connection: network_cli 164 | tasks: 165 | - nxos_vlan: 166 | vlan_id: 10 167 | name: STORAGE 168 | ``` 169 | Run the playbook with `ansible-playbook add_vlan.yml` 170 | 171 | Verify the VLAN is configured with a `show running-config vlan 10` 172 | ``` 173 | switch# show running-config vlan 10 174 | 175 | !Command: show running-config vlan 10 176 | !Time: Tue Sep 19 22:39:40 2017 177 | 178 | version 7.0(3)I7(1) 179 | vlan 10 180 | vlan 10 181 | name STORAGE 182 | ``` 183 | 184 | ### NAPALM 185 | 186 | This demonstration will show NAPLAM in python only mode (meaning no third party integrations). The code snippet below is only a portion of the code, the python script is stored in this git repo as [add_vlan.py](add_vlan.py) 187 | 188 | ```python 189 | ###config snippet, rest of config removed for brevity 190 | driver = napalm.get_network_driver('nxos') 191 | # Connect: 192 | device = driver(hostname='192.168.2.3', username='admin', 193 | password='Bullf00d') 194 | print 'Opening ...' 195 | device.open() 196 | 197 | config_string = """ vlan 20 198 | name HADOOP """ 199 | 200 | device.load_merge_candidate(config=config_string) 201 | 202 | ###config snippet, rest of config removed for brevity 203 | 204 | device.commit_config() 205 | 206 | device.close() 207 | ``` 208 | 209 | To run the program execute the python program: 210 | ``` 211 | [root@localhost naplam_examples]# python add_vlan.py 212 | ``` 213 | 214 | Verify with a `show vlan` or a `show run vlan 20` 215 | ``` 216 | switch# sh run vlan 20 217 | 218 | !Command: show running-config vlan 20 219 | !Time: Tue Sep 19 22:50:11 2017 220 | 221 | version 7.0(3)I7(1) 222 | vlan 20 223 | vlan 20 224 | name HADOOP 225 | ``` 226 | 227 | ## Example 4 - Change the SNMP password 228 | A common maintenance task for network operations teams is to change the SNMP password every so often (e.g. every 90 days). This can also be automated with Ansible and NAPALM. 229 | 230 | 2 NOTES: 231 | - To see available groups on NXOS you can look at `show snmp group`. The network-admin is commonly used for configuration. 232 | - NXOS has some default password complexities. From the NXOS box: `password strength check: Password should contain characters from at least three of the following classes: lower case letters, upper case letters, digits and special characters.` 233 | 234 | ### Ansible 235 | For Ansible there is a [nxos_snmp_user module](http://docs.ansible.com/ansible/latest/nxos_snmp_user_module.html) that is available to use. The Ansible playbook demonstrated is stored as [change_snmp_password.yml](change_snmp_password.yml). 236 | 237 | ``` 238 | --- 239 | - hosts: cisco 240 | connection: network_cli 241 | tasks: 242 | - nxos_snmp_user: 243 | user: exampleuser 244 | group: network-admin 245 | authentication: sha 246 | pwd: testPASS123 247 | ``` 248 | To run the playbook perform a `ansible-playbook change_snmp_password.yml` 249 | 250 | On the NXOS switch we can perform a `show run | i snmp` to see the new config: 251 | ``` 252 | switch# sh run | i snmp 253 | snmp-server user admin network-admin auth md5 0xc1ddb036df145c775510428fe3c6b553 priv 0xc1ddb036df145c775510428fe3c6b553 localizedkey 254 | snmp-server user exampleuser network-admin auth sha 0x7071c014b53743ca568dd2c3fd70005c5e21db5e localizedkey 255 | ``` 256 | 257 | ### NAPALM 258 | 259 | NAPALM treats everything as a config merge or replace so there is no specific module just for SNMP (for configuring, there is a `get_snmp_information()`). This is very similar where we can merge a flat-file or string into the existing config. The code snippet below is only a portion of the code, the python script is stored in this git repo as [change_snmp_password.py](change_snmp_password.py). 260 | 261 | ```python 262 | ###config snippet, rest of config removed for brevity 263 | driver = napalm.get_network_driver('nxos') 264 | # Connect: 265 | device = driver(hostname='192.168.2.3', username='admin', 266 | password='Bullf00d') 267 | print 'Opening ...' 268 | device.open() 269 | 270 | config_string = """ snmp-server user exampleuser network-admin auth sha testPASS123 """ 271 | 272 | device.load_merge_candidate(config=config_string) 273 | 274 | ###config snippet, rest of config removed for brevity 275 | 276 | device.commit_config() 277 | 278 | device.close() 279 | ``` 280 | 281 | To run the program execute the python program: 282 | ``` 283 | [root@localhost naplam_examples]# python change_snmp_password.py 284 | ``` 285 | 286 | On the NXOS switch we can perform a `show run | i snmp` to see the new config: 287 | ``` 288 | switch# sh run | i snmp 289 | snmp-server user admin network-admin auth md5 0xc1ddb036df145c775510428fe3c6b553 priv 0xc1ddb036df145c775510428fe3c6b553 localizedkey 290 | snmp-server user exampleuser network-admin auth sha 0x7071c014b53743ca568dd2c3fd70005c5e21db5e localizedkey 291 | ``` 292 | ## Example 5 - Grabbing a show version 293 | 294 | ### Ansible 295 | For Ansible there is a [nxos_facts module](http://docs.ansible.com/ansible/latest/nxos_facts_module.html) that is available to use for collecting facts about a system. The Ansible playbook demonstrated is stored as [showversion.yml](showversion.yml). 296 | 297 | ``` 298 | --- 299 | - hosts: cisco 300 | connection: network_cli 301 | gather_facts: False 302 | tasks: 303 | - name: run show version 304 | nxos_facts: 305 | - debug: 306 | var: ansible_net_version 307 | ``` 308 | Run with the playbook with: `ansible-playbook showversion.yml` 309 | 310 | ``` 311 | [root@localhost ~]# ansible-playbook showversion.yml 312 | 313 | PLAY [cisco] ****************************************************************** 314 | 315 | TASK [run show version] ******************************************************* 316 | ok: [n9k] 317 | 318 | TASK [debug] ****************************************************************** 319 | ok: [n9k] => { 320 | "result.stdout_lines[0][14]": " NXOS: version 7.0(3)I7(1)" 321 | } 322 | 323 | PLAY RECAP ******************************************************************** 324 | n9k : ok=2 changed=0 unreachable=0 failed=0 325 | ``` 326 | 327 | ### NAPALM 328 | For Ansible with NAPALM there is a [napalm_get_facts](https://github.com/napalm-automation/napalm-ansible) that is available to use. The Ansible playbook demonstrated is stored as [showversion_napalm.yml](showversion_napalm.yml). The connection method network_cli does not work with the NAPALM modules, and must be set to local. 329 | 330 | ``` 331 | --- 332 | - hosts: cisco 333 | connection: local 334 | tasks: 335 | - napalm_get_facts: 336 | hostname: "{{ inventory_hostname }}" 337 | username: "{{ login_info.username }}" 338 | password: "{{ login_info.password }}" 339 | dev_os: "nxos" 340 | register: version 341 | 342 | - debug: 343 | var=version.ansible_facts.napalm_facts.os_version 344 | ``` 345 | Run with the playbook with: `ansible-playbook showversion_napalm.yml` 346 | ``` 347 | [root@localhost ~]# ansible-playbook showversion_napalm.yml 348 | 349 | PLAY [cisco] ****************************************************************** 350 | 351 | TASK [napalm_get_facts] ******************************************************* 352 | ok: [n9k] 353 | 354 | TASK [print data] ************************************************************* 355 | ok: [n9k] => { 356 | "version.ansible_facts.napalm_facts.os_version": "7.0(3)I7(1)" 357 | } 358 | 359 | PLAY RECAP ******************************************************************** 360 | n9k : ok=2 changed=0 unreachable=0 failed=0 361 | ``` 362 | 363 | Both examples show the NXOS switch is running 7.0(3)I7(1). 364 | 365 | ## Example 6 - Changing hostname and domain_name 366 | 367 | ### Ansible 368 | For Ansible there is a [nxos_system module](http://docs.ansible.com/ansible/latest/nxos_system_module.html) that is available to use. The Ansible playbook demonstrated is stored as [hostname.yml](hostname.yml). 369 | 370 | ``` 371 | --- 372 | - hosts: cisco 373 | connection: local 374 | tasks: 375 | - nxos_system: 376 | hostname: n9k 377 | domain_name: durham.nc.com 378 | provider: "{{login_info}}" 379 | ``` 380 | Run with the playbook with: `ansible-playbook hostname.yml` 381 | 382 | ### NAPALM with Ansible 383 | For Ansible with NAPALM there is a [napalm_install_config](https://github.com/napalm-automation/napalm-ansible) that is available to use. The Ansible playbook demonstrated is stored as [hostname_napalm.yml](hostname_napalm.yml). The [hostname.conf](hostname.conf) is also stored in this git repo for demonstration purposes. 384 | ``` 385 | --- 386 | - hosts: cisco 387 | connection: local 388 | tasks: 389 | - napalm_install_config: 390 | hostname: "{{ inventory_hostname }}" 391 | username: "{{ login_info.username }}" 392 | password: "{{ login_info.password }}" 393 | dev_os: "nxos" 394 | config_file: hostname.conf 395 | commit_changes: True 396 | diff_file: initial.diff 397 | ``` 398 | Run with the playbook with: `ansible-playbook hostname_napalm.yml` 399 | 400 | --- 401 | ![Red Hat Ansible Automation](images/rh-ansible-automation.png) 402 | 403 | Red Hat® Ansible® Automation consists of three products: 404 | 405 | - [Red Hat® Ansible® Tower](https://www.ansible.com/tower): Built for operationalizing and scaling automation, managing complex deployments and speeding up productivity. Extend the power of Ansible Tower with Workflows and Surveys to streamline jobs and simple tools to share solutions with your team. 406 | 407 | - [Red Hat® Ansible® Engine](https://www.ansible.com/ansible-engine): a fully supported product built on the foundational capabilities of the Ansible project. Also provides support for select modules including Infoblox. 408 | 409 | - [Red Hat® Ansible® Network Automation](https://www.ansible.com/networking): provides support for select networking modules from Arista (EOS), Cisco (IOS, IOS XR, NX-OS), Juniper (JunOS), Open vSwitch, and VyOS. Includes Ansible Tower, Ansible Engine, and curated content specifically for network use cases. 410 | -------------------------------------------------------------------------------- /add_vlan-oldmethod.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: local 4 | tasks: 5 | - nxos_vlan: 6 | vlan_id: 10 7 | name: STORAGE 8 | provider: "{{login_info}}" 9 | -------------------------------------------------------------------------------- /add_vlan.py: -------------------------------------------------------------------------------- 1 | import napalm 2 | import sys 3 | import os 4 | 5 | def main(): 6 | 7 | 8 | # Use the appropriate network driver to connect to the device: 9 | driver = napalm.get_network_driver('nxos') 10 | 11 | # Connect: 12 | device = driver(hostname='192.168.2.3', username='admin', 13 | password='Bullf00d') 14 | 15 | print 'Opening ...' 16 | device.open() 17 | 18 | config_string = """vlan 20 19 | name HADOOP""" 20 | 21 | device.load_merge_candidate(config=config_string) 22 | 23 | 24 | # Note that the changes have not been applied yet. Before applying 25 | # the configuration you can check the changes: 26 | print '\nDiff:' 27 | print device.compare_config() 28 | 29 | # You can commit or discard the candidate changes. 30 | choice = raw_input("\nWould you like to commit these changes? [yN]: ") 31 | if choice == 'y': 32 | print 'Committing ...' 33 | device.commit_config() 34 | else: 35 | print 'Discarding ...' 36 | device.discard_config() 37 | 38 | # close the session with the device. 39 | device.close() 40 | 41 | print 'Done.' 42 | 43 | if __name__ == '__main__': 44 | main() 45 | -------------------------------------------------------------------------------- /add_vlan.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: network_cli 4 | tasks: 5 | - nxos_vlan: 6 | vlan_id: 10 7 | name: STORAGE 8 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | host_key_checking = False 3 | inventory = hosts 4 | 5 | gathering = false 6 | fact_caching = jsonfile 7 | fact_caching_connection = /tmp/cachedir 8 | fact_caching_timeout = 86400 9 | retry_files_enabled = False 10 | 11 | [paramiko_connection] 12 | host_key_auto_add = True 13 | -------------------------------------------------------------------------------- /backup-oldmethod.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: local 4 | tasks: 5 | - nxos_config: 6 | backup: yes 7 | provider: "{{login_info}}" 8 | -------------------------------------------------------------------------------- /backup.py: -------------------------------------------------------------------------------- 1 | import napalm 2 | import sys 3 | import os 4 | from time import gmtime, strftime 5 | 6 | def main(): 7 | """Grab a config for the device.""" 8 | 9 | time = strftime("%Y-%m-%d@%H-%M", gmtime()) 10 | # Use the appropriate network driver to connect to the device: 11 | driver = napalm.get_network_driver('nxos') 12 | 13 | # Connect: 14 | device = driver(hostname='192.168.2.3', username='admin', 15 | password='Bullf00d') 16 | 17 | print 'Opening ...' 18 | device.open() 19 | nxos_facts = device.get_facts() 20 | 21 | checkpoint = device._get_checkpoint_file() 22 | #print(checkpoint) 23 | 24 | #create the directory if it does not exist 25 | if not os.path.exists("backup"): 26 | os.makedirs("backup") 27 | 28 | f = open("backup/" + nxos_facts['hostname'] + "." + time, 'w') 29 | f.write(checkpoint) 30 | f.close 31 | device.close() 32 | 33 | if __name__ == '__main__': 34 | main() 35 | -------------------------------------------------------------------------------- /backup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: network_cli 4 | tasks: 5 | - nxos_config: 6 | backup: yes 7 | -------------------------------------------------------------------------------- /backup_location.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: network_cli 4 | tasks: 5 | - name: backup device configurations 6 | nxos_config: 7 | backup: yes 8 | register: nxos_config_backup 9 | 10 | - name: copy the backup to the desired location 11 | copy: 12 | src: "{{ nxos_config_backup['backup_path'] }}" 13 | dest: "nxos/{{ inventory_hostname }}" 14 | 15 | - name: delete the original file 16 | file: 17 | path: "{{ nxos_config_backup['backup_path'] }}" 18 | state: absent 19 | -------------------------------------------------------------------------------- /change_snmp_password-oldmethod.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: local 4 | tasks: 5 | - nxos_snmp_user: 6 | user: exampleuser 7 | group: network-admin 8 | authentication: sha 9 | pwd: testPASS123 10 | provider: "{{login_info}}" 11 | -------------------------------------------------------------------------------- /change_snmp_password.py: -------------------------------------------------------------------------------- 1 | import napalm 2 | import sys 3 | import os 4 | 5 | def main(): 6 | 7 | 8 | # Use the appropriate network driver to connect to the device: 9 | driver = napalm.get_network_driver('nxos') 10 | 11 | # Connect: 12 | device = driver(hostname='192.168.2.3', username='admin', 13 | password='Bullf00d') 14 | 15 | print 'Opening ...' 16 | device.open() 17 | 18 | config_string = """ snmp-server user exampleuser network-admin auth sha testPASS123 """ 19 | 20 | device.load_merge_candidate(config=config_string) 21 | 22 | 23 | # Note that the changes have not been applied yet. Before applying 24 | # the configuration you can check the changes: 25 | print '\nDiff:' 26 | print device.compare_config() 27 | 28 | # You can commit or discard the candidate changes. 29 | choice = raw_input("\nWould you like to commit these changes? [yN]: ") 30 | if choice == 'y': 31 | print 'Committing ...' 32 | device.commit_config() 33 | else: 34 | print 'Discarding ...' 35 | device.discard_config() 36 | 37 | # close the session with the device. 38 | device.close() 39 | 40 | print 'Done.' 41 | 42 | if __name__ == '__main__': 43 | main() 44 | -------------------------------------------------------------------------------- /change_snmp_password.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: network_cli 4 | tasks: 5 | - nxos_snmp_user: 6 | user: exampleuser 7 | group: network-admin 8 | authentication: sha 9 | pwd: testPASS123 10 | -------------------------------------------------------------------------------- /group_vars/all: -------------------------------------------------------------------------------- 1 | login_info: 2 | username: admin 3 | password: Bullf00d 4 | 5 | login_info_eos: 6 | username: admin 7 | password: Bullf00d! 8 | authorize: True 9 | auth_pass: DURHAM! 10 | -------------------------------------------------------------------------------- /hostname.conf: -------------------------------------------------------------------------------- 1 | hostname n9k 2 | ip domain-name durham.nc.com 3 | -------------------------------------------------------------------------------- /hostname.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: local 4 | tasks: 5 | - nxos_system: 6 | hostname: n9k 7 | domain_name: durham.nc.com 8 | provider: "{{login_info}}" 9 | -------------------------------------------------------------------------------- /hostname_napalm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: local 4 | tasks: 5 | - napalm_install_config: 6 | hostname: "{{ inventory_hostname }}" 7 | username: "{{ login_info.username }}" 8 | password: "{{ login_info.password }}" 9 | dev_os: "nxos" 10 | config_file: hostname.conf 11 | commit_changes: True 12 | diff_file: initial.diff 13 | -------------------------------------------------------------------------------- /hosts: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | [mac] 4 | 192.168.2.1 5 | 6 | [cisco] 7 | n9k ansible_host=192.168.2.3 ansible_user=admin ansible_password=Bullf00d 8 | 9 | [cisco:vars] 10 | ansible_network_os=nxos 11 | 12 | [arista] 13 | eos ansible_host=192.168.2.10 14 | 15 | [arista:vars] 16 | ansible_network_os=eos 17 | ansible_become=yes 18 | ansible_become_method=enable 19 | ansible_user=admin 20 | ansible_password=Bullf00d! 21 | ansible_become_pass=DURHAM! 22 | 23 | [network:children] 24 | cisco 25 | arista 26 | -------------------------------------------------------------------------------- /images/rh-ansible-automation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/network-automation/ansible-napalm-samples/797ca6d341ae87edbb130c282cad36cccf6cd4a2/images/rh-ansible-automation.png -------------------------------------------------------------------------------- /ipaddress-oldmethod.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: arista 3 | connection: local 4 | tasks: 5 | - eos_config: 6 | lines: 7 | - no switchport 8 | - ip address 172.16.1.1/24 9 | parents: interface Ethernet1 10 | provider: "{{login_info_eos}}" 11 | -------------------------------------------------------------------------------- /ipaddress.py: -------------------------------------------------------------------------------- 1 | import napalm 2 | import sys 3 | import os 4 | 5 | def main(): 6 | # Use the appropriate network driver to connect to the device: 7 | driver = napalm.get_network_driver('nxos') 8 | # Connect: 9 | device = driver(hostname='192.168.2.3', username='admin', 10 | password='Bullf00d') 11 | print 'Opening ...' 12 | device.open() 13 | 14 | config_string = """ interface Ethernet1/20 15 | no switchport 16 | ip address 172.16.1.1/24 """ 17 | 18 | device.load_merge_candidate(config=config_string) 19 | 20 | 21 | # Note that the changes have not been applied yet. Before applying 22 | # the configuration you can check the changes: 23 | print '\nDiff:' 24 | print device.compare_config() 25 | 26 | # You can commit or discard the candidate changes. 27 | choice = raw_input("\nWould you like to commit these changes? [yN]: ") 28 | if choice == 'y': 29 | print 'Committing ...' 30 | device.commit_config() 31 | else: 32 | print 'Discarding ...' 33 | device.discard_config() 34 | 35 | # close the session with the device. 36 | device.close() 37 | 38 | print 'Done.' 39 | 40 | if __name__ == '__main__': 41 | main() 42 | -------------------------------------------------------------------------------- /ipaddress.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: arista 3 | connection: network_cli 4 | tasks: 5 | - eos_config: 6 | lines: 7 | - no switchport 8 | - ip address 172.16.1.1/24 9 | parents: interface Ethernet1 10 | -------------------------------------------------------------------------------- /nxos_base.cfg: -------------------------------------------------------------------------------- 1 | !Command: show running-config 2 | !Time: Wed Sep 20 06:36:26 2017 3 | 4 | version 7.0(3)I7(1) 5 | hostname n9k 6 | vdc n9k id 1 7 | limit-resource vlan minimum 16 maximum 4094 8 | limit-resource vrf minimum 2 maximum 4096 9 | limit-resource port-channel minimum 0 maximum 511 10 | limit-resource u4route-mem minimum 248 maximum 248 11 | limit-resource u6route-mem minimum 96 maximum 96 12 | limit-resource m4route-mem minimum 58 maximum 58 13 | limit-resource m6route-mem minimum 8 maximum 8 14 | 15 | feature nxapi 16 | feature scp-server 17 | 18 | username admin password 5 $5$2RzjXhgx$xZRU9GHh6fdN2koy1r6pJMIXpTIo2tP.ZZ6YI7Z11Y3 role network-admin 19 | username exampleuser password 5 $5$itSlZrxc$gixqzCwyQjO4SBjrMsu2k2qkWD1H7fygx7qYuzhgFp8 role network-admin 20 | 21 | banner motd @ 22 | +-------------------------------------------------------------+ 23 | | !!! Authorized access only !!! | 24 | | You are authorized to use this System for approved | 25 | | business purposes only. Use for any other purpose | 26 | | is prohibited. | 27 | +-------------------------------------------------------------+ 28 | @ 29 | 30 | ip domain-lookup 31 | ip domain-name durham.nc.com 32 | snmp-server user admin network-admin auth md5 0xc1ddb036df145c775510428fe3c6b553 priv 0xc1ddb036df145c775510428fe3c6b553 localizedkey 33 | snmp-server user exampleuser network-admin auth sha 0x7071c014b53743ca568dd2c3fd70005c5e21db5e localizedkey 34 | rmon event 1 description FATAL(1) owner PMON@FATAL 35 | rmon event 2 description CRITICAL(2) owner PMON@CRITICAL 36 | rmon event 3 description ERROR(3) owner PMON@ERROR 37 | rmon event 4 description WARNING(4) owner PMON@WARNING 38 | rmon event 5 description INFORMATION(5) owner PMON@INFO 39 | 40 | vlan 1,10,20 41 | vlan 10 42 | name STORAGE 43 | vlan 20 44 | name HADOOP 45 | 46 | vrf context management 47 | 48 | interface Ethernet1/1 49 | no switchport 50 | ip address 172.16.10.10/24 51 | interface Ethernet1/2 52 | 53 | interface Ethernet1/3 54 | 55 | interface Ethernet1/4 56 | 57 | interface Ethernet1/5 58 | 59 | interface Ethernet1/6 60 | 61 | interface Ethernet1/7 62 | 63 | interface Ethernet1/8 64 | 65 | interface Ethernet1/9 66 | 67 | interface Ethernet1/10 68 | 69 | interface Ethernet1/11 70 | 71 | interface Ethernet1/12 72 | 73 | interface Ethernet1/13 74 | 75 | interface Ethernet1/14 76 | 77 | interface Ethernet1/15 78 | 79 | interface Ethernet1/16 80 | 81 | interface Ethernet1/17 82 | 83 | interface Ethernet1/18 84 | 85 | interface Ethernet1/19 86 | 87 | interface Ethernet1/20 88 | no switchport 89 | ip address 172.16.1.1/24 90 | 91 | interface Ethernet1/21 92 | 93 | interface Ethernet1/22 94 | 95 | interface Ethernet1/23 96 | 97 | interface Ethernet1/24 98 | 99 | interface Ethernet1/25 100 | 101 | interface Ethernet1/26 102 | 103 | interface Ethernet1/27 104 | 105 | interface Ethernet1/28 106 | 107 | interface Ethernet1/29 108 | 109 | interface Ethernet1/30 110 | 111 | interface Ethernet1/31 112 | 113 | interface Ethernet1/32 114 | 115 | interface Ethernet1/33 116 | 117 | interface Ethernet1/34 118 | 119 | interface Ethernet1/35 120 | 121 | interface Ethernet1/36 122 | 123 | interface Ethernet1/37 124 | 125 | interface Ethernet1/38 126 | 127 | interface Ethernet1/39 128 | 129 | interface Ethernet1/40 130 | 131 | interface Ethernet1/41 132 | 133 | interface Ethernet1/42 134 | 135 | interface Ethernet1/43 136 | 137 | interface Ethernet1/44 138 | 139 | interface Ethernet1/45 140 | 141 | interface Ethernet1/46 142 | 143 | interface Ethernet1/47 144 | 145 | interface Ethernet1/48 146 | 147 | interface Ethernet1/49 148 | 149 | interface Ethernet1/50 150 | 151 | interface Ethernet1/51 152 | 153 | interface Ethernet1/52 154 | 155 | interface Ethernet1/53 156 | 157 | interface Ethernet1/54 158 | 159 | interface Ethernet1/55 160 | 161 | interface Ethernet1/56 162 | 163 | interface Ethernet1/57 164 | 165 | interface Ethernet1/58 166 | 167 | interface Ethernet1/59 168 | 169 | interface Ethernet1/60 170 | 171 | interface Ethernet1/61 172 | 173 | interface Ethernet1/62 174 | 175 | interface Ethernet1/63 176 | 177 | interface Ethernet1/64 178 | description this is a port change 179 | 180 | interface mgmt0 181 | description this is the mgmt0 port 182 | vrf member management 183 | ip address 192.168.2.3/24 184 | line console 185 | line vty 186 | boot nxos bootflash:/nxos.7.0.3.I7.1.bin 187 | ip route 0.0.0.0/0 192.168.2.1 188 | -------------------------------------------------------------------------------- /prompt_example.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: local 4 | tasks: 5 | - name: diff the running-config against a provided config 6 | nxos_config: 7 | diff_against: intended 8 | intended_config: "{{ lookup('file', 'nxos_base.cfg') }}" 9 | provider: "{{login_info}}" 10 | 11 | - name: take user input- Commit changes? Yes or No ? 12 | pause: 13 | prompt: Type "y" for yes or "n" for no 14 | register: user_result 15 | 16 | - name: checking string syntax to becareful 17 | debug: 18 | var: user_result 19 | failed_when: user_result["user_input"] != "n" and user_result["user_input"] != "y" 20 | 21 | - name: commit config when user_result == yes 22 | nxos_config: 23 | src: nxos_base.cfg 24 | save_when: modified 25 | provider: "{{login_info}}" 26 | when: user_result["user_input"] == "y" 27 | -------------------------------------------------------------------------------- /showversion-oldmethod.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: local 4 | gather_facts: False 5 | tasks: 6 | - name: run show version 7 | nxos_facts: 8 | provider: "{{login_info}}" 9 | - debug: 10 | var: ansible_net_version 11 | -------------------------------------------------------------------------------- /showversion.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: network_cli 4 | gather_facts: False 5 | tasks: 6 | - name: run show version 7 | nxos_facts: 8 | - debug: 9 | var: ansible_net_version 10 | -------------------------------------------------------------------------------- /showversion_napalm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | connection: local 4 | tasks: 5 | - napalm_get_facts: 6 | hostname: "{{ inventory_hostname }}" 7 | username: "{{ login_info.username }}" 8 | password: "{{ login_info.password }}" 9 | dev_os: "nxos" 10 | register: version 11 | 12 | - debug: 13 | var=version.ansible_facts.napalm_facts.os_version 14 | --------------------------------------------------------------------------------