By Glenn McCallum

Ansible Cisco IOS Commands

This is a simple introduction of the power of Ansible and how quickly you can be up and running configuring multiple hosts at once. We will install Ansible on Ubuntu, ping two cisco devnet routers and configure a Loopback Interface on both routers.

  • Cisco Devnet Lab Routers.
  • Ubuntu 20 running on Virtual Box

Install Ansible and Vim on Ubuntu

sudo apt update
sudo apt install vim
sudo apt install ansible

Remove host key check in Ansible

Open and edit with vi /etc/ansible/ansible.cfg
Remove comment(#) for Host Key Checking for ease of use as lab
#host_key_checking = False

sudo su - 
cd /etc/ansible
vi ansible.cfg

Sign up to devnet to access Routers

Sign up for developer.cisco.com as a great resource and then navigate to https://devnetsandbox.cisco.com/RM/Topology and find both IOS XE Always on Routers. At the time of writing this they are located at

  • Link: Devnet-Router1
  • CSR1000v Host: sandbox-iosxe-latest-1.cisco.com
    • SSH Port: 22
    • NETCONF Port: 830
    • gRPC Telemetry Port: 57500
    • RESTCONF Port: 443 (HTTPS)
  • Username: developer
  • Password: C1sco12345

  • Link: Devnet-Router2
  • CSR1000V Host: sandbox-iosxe-recomm-1.cisco.com
    • SSH Port: 22
    • NETCONF Port: 830
    • RESTCONF Ports: 443 (HTTPS)
  • Username: developer
  • Password: C1sco12345

Configure Ansible hosts file

Open to edit /etc/ansible/hosts with vi

root@macka-VirtualBox:/etc/ansible# vi hosts

Scroll down to bottom of file and add the below

[routers]

sandbox-iosxe-latest-1.cisco.com
sandbox-iosxe-recomm-1.cisco.com

[routers:vars]

ansible_user=developer
ansible_password=C1sco12345
ansible_connection=network_cli
ansible_network_os=ios
ansible_port=22

Test Ping to Routers

Using the ping module (-m ping) we are looking for a pong response

root@macka-VirtualBox:/etc/ansible# ansible routers -m ping
sandbox-iosxe-recomm-1.cisco.com | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
sandbox-iosxe-latest-1.cisco.com | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
root@macka-VirtualBox:/etc/ansible# 

Ansible IOS command

Lets get “show ip interface brief” from each of the routers with one command!!!

ansible routers -m ios_command -a "commands='show ip int brief'"
root@macka-VirtualBox:/etc/ansible# ansible routers -m ios_command -a "commands='show ip int brief'"
sandbox-iosxe-recomm-1.cisco.com | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "stdout": [
        "Interface              IP-Address      OK? Method Status                Protocol\nGigabitEthernet1       10.10.20.48     YES NVRAM  up                    up      \nGigabitEthernet2       10.255.255.1    YES NVRAM  down                  down    \nGigabitEthernet3       10.10.10.10     YES NVRAM  down                  down    \nVirtualPortGroup0      192.168.1.1     YES NVRAM  up                    up"
    ],
    "stdout_lines": [
        [
            "Interface              IP-Address      OK? Method Status                Protocol",
            "GigabitEthernet1       10.10.20.48     YES NVRAM  up                    up      ",
            "GigabitEthernet2       10.255.255.1    YES NVRAM  down                  down    ",
            "GigabitEthernet3       10.10.10.10     YES NVRAM  down                  down    ",
            "VirtualPortGroup0      192.168.1.1     YES NVRAM  up                    up"
        ]
    ]
}
sandbox-iosxe-latest-1.cisco.com | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "stdout": [
        "Interface              IP-Address      OK? Method Status                Protocol\nGigabitEthernet1       10.10.20.48     YES NVRAM  up                    up      \nGigabitEthernet1.23    unassigned      YES unset  deleted               down    \nGigabitEthernet2       unassigned      YES TFTP   administratively down down    \nGigabitEthernet2.1     unassigned      YES unset  administratively down down    \nGigabitEthernet2.2     unassigned      YES unset  deleted               down    \nGigabitEthernet2.3     unassigned      YES unset  administratively down down    \nGigabitEthernet3       unassigned      YES NVRAM  administratively down down"
    ],
    "stdout_lines": [
        [
            "Interface              IP-Address      OK? Method Status                Protocol",
            "GigabitEthernet1       10.10.20.48     YES NVRAM  up                    up      ",
            "GigabitEthernet1.23    unassigned      YES unset  deleted               down    ",
            "GigabitEthernet2       unassigned      YES TFTP   administratively down down    ",
            "GigabitEthernet2.1     unassigned      YES unset  administratively down down    ",
            "GigabitEthernet2.2     unassigned      YES unset  deleted               down    ",
            "GigabitEthernet2.3     unassigned      YES unset  administratively down down    ",
            "GigabitEthernet3       unassigned      YES NVRAM  administratively down down"
        ]
    ]
}
root@macka-VirtualBox:/etc/ansible# 

Configure an interface using an Ansible playbook

Ansible playbooks are lists of tasks that automatically execute against hosts.
Lets configure a Loopback Interface on each of the routers.

Create loopback.yml file with vi and add in the below

---

- name: General Config

  hosts: routers

  tasks:

  - name: Add loopback

    ios_interface:
      name: Loopback30
      state: present

Run playbook to configure Loopback30 on both routers

root@macka-VirtualBox:/etc/ansible# ansible-playbook loopback.yml 
[DEPRECATION WARNING]: ios_interface is kept for backwards compatibility but usage is discouraged. The module 
documentation details page may explain more about this rationale.. This feature will be removed in a future release. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [General Config] *****************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************
[WARNING]: Ignoring timeout(10) for ios_facts
[WARNING]: Ignoring timeout(10) for ios_facts
[WARNING]: default value for `gather_subset` will be changed to `min` from `!config` v2.11 onwards
ok: [sandbox-iosxe-latest-1.cisco.com]
ok: [sandbox-iosxe-recomm-1.cisco.com]

TASK [Add loopback] *******************************************************************************************************
changed: [sandbox-iosxe-latest-1.cisco.com]
changed: [sandbox-iosxe-recomm-1.cisco.com]

PLAY RECAP ****************************************************************************************************************
sandbox-iosxe-latest-1.cisco.com : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
sandbox-iosxe-recomm-1.cisco.com : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

root@macka-VirtualBox:/etc/ansible# 

If we check the show ip int brief now on the devices we will have Loopback30 configured!!

ios-xe-mgmt#show ip int brief
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1       10.10.20.48     YES NVRAM  up                    up      
GigabitEthernet2       10.255.255.1    YES NVRAM  down                  down    
GigabitEthernet3       10.10.10.10     YES NVRAM  down                  down    
Loopback30             unassigned      YES unset  up                    up      
VirtualPortGroup0      192.168.1.1     YES NVRAM  up                    up      
ios-xe-mgmt#
csr1000v-1#show ip int brief
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1       10.10.20.48     YES NVRAM  up                    up      
GigabitEthernet1.23    unassigned      YES unset  deleted               down    
GigabitEthernet2       unassigned      YES TFTP   administratively down down    
GigabitEthernet2.1     unassigned      YES unset  administratively down down    
GigabitEthernet2.2     unassigned      YES unset  deleted               down    
GigabitEthernet2.3     unassigned      YES unset  administratively down down    
GigabitEthernet3       unassigned      YES NVRAM  administratively down down    
Loopback30             unassigned      YES unset  up                    up      
csr1000v-1#

You can view other playbooks at my github as I add them there
https://github.com/glennmccallum/Ansible

Share this:
Ansible, Cisco, Scripting 0

Leave a Reply

Your email address will not be published. Required fields are marked *