In this article, I will go over the basics of what is required to get Ansible up and running so that you can create and run your own playbooks. I assume those that are reading this have at least some knowledge of what Ansible is, what languages it uses and the benefits of using Ansible.
As somebody that has always been more focused on networking rather than coding, automation and orchestration, I feel that the IT industry has now reached a point where Network Engineers now need to know how to make tasks easier by using things such as Ansible, Python etc. Almost every day I hear the now common buzzwords ‘automation’ ‘orchestration’ and now I am being faced with projects where tools such as ansible code save me a lot of time. This is all well and good but if you’re like me and have never really done any coding or worked with Linux, it could be a little daunting when first starting out but don’t worry, there are tones of information out on the world wide web and more so the Ansible website to get you started.
What is Ansible?
In short, Ansible is an automation platform that can help with the configuration and management of multiple tasks. For the Engineers out there, it can be used to stage multiple devices, saving you ample amounts of time. To keep things simple, Ansible has three main components;
Ansible modules – Think of these as your tools
Playbooks – Think of this as your instruction manual
Inventory/Hosts – Think of this as your raw materials
Only Secure Shell (SSH) and IP reachability are required in order for Ansible to work!
Don’t get too wrapped up about the components, for now, I just want to give you a foundation in which you can get started and explore more. Don’t forget more information can be found on the Ansible website.
I am still learning about the power of Ansible so I am no expert, however, I wanted to create this article to share my notes on how I got started with Ansible and the foundations required to begin learning. The ways in which I will show you are the ways in which I first started so please feel free to follow them or if you have other ideas, by all means, take what you need from this article.
As a Security Consulting Engineer, it makes more sense for me to use Ansible to automate device configuration tasks so this is what I will focus on first. You will need the following to get started;
Virtual machine ( I used Ubuntu Desktop on VMware Workstation)
GNS3, VIRL, EVE (I used GNS3, it will also help if you have access to device virtual software such as Cisco IOS devices)
(Optional) Coding software (I used Visual Studio with an extension for YAML)
(Optional) Git account (I use this as a centralised repository for my files, something you would do if you work with Ansible regularly)
Create your Virtual Machine
Use Virtual Box or VMware Workstation to create your Ubuntu desktop VM. Once created DON’T add it to your virtual environment straight away, we need to run updates and install some components. Ensuring your new virtual machine has IP connectivity, run the following commands in Terminal;
sudo apt-get update sudo apt-get upgrade sudo apt-get install software-properties-common sudo apt-get-repository ansible sudo apt-get update sudo apt-get install ansible
Verify Ansible has been Installed
ansible –version (the Ansible version should be output)
Install Git and Update Submodules
sudo apt-get install git-core sudo git submodule update –init –recursive
(Optional) Create SSH Key Pair & Checkout Git Repo
ssh-keygen -t rsa -C “email@example.com” (If a key exists, click YES to overwrite) cat ~/.ssh/id_rsa.pub (Your public key should output. Take this key and copy it into your Git account sudo git clone firstname.lastname@example.org:namehere/synack.git (You can get your link from the profile page on your git account)
(Optional) Make sure all Relevant Parameters are Installed
sudo apt-get install python-jinja2 python-paramiko python-yaml sshpass (Python is installed by default on Ubuntu however it is worth checking you have everything that is required)
**NOTE** When you have completed all of the above, if you are using a test machine, it might be worth taking a snapshot of the current machine state and saving an export should you need to revert back for any reason.
Import Machine to Virtual Environment
Now that you have Ansible set up on your virtual machine, we need a test-bed so that we can learn and see how Ansible works and to do this I decided to use GNS3. I assume you are familiar with GNS3 and how to add your machine to it so I won’t be covering that in this article. Once your machine is within GNS3 you need to create a topology of network devices such as IOS devices and ensure you have IP reachability to these from your test machine.
Ensure the devices in which you would like to automate with Ansible have been configured with the following:
Username and Password
Local login on the Console/VTY lines
SSH is enabled
You will need to make sure your virtual environment is routable to the Internet if you would like to push/pull configurations to Git
Once you have all the above-configured and set up, you are ready to start creating playbooks to run automate your environment. As mentioned, I won’t be discussing how to create playbooks within this article, please look out for future articles where I plan to cover this.
I will now discuss the second method that will allow you to create a test environment without the need for additional software such as GNS3. This method is good for those that just want to just straight in and play with Ansible. All the above steps are still relevant minus ‘Import Machine to Virtual Environment’. From the virtual machine, we will create Linux containers (effectively VM’s in a VM), once powered on we can use Ansible to automate tasks to these devices. The setup below describes how to create Ubuntu containers and start the machines and although this isn’t going to allow you to automate IOS configuration, we have an environment that will allow you to use Ansible with Linux related configuration.
Create the Ubuntu Containers
sudo -i sudo apt-get update && apt-get install lxc sudo lxc-create -t ubuntu -n NameofMachine sudo lxc-ls -f (shows the current containers and their status) sudo lxc-start -n NameofMachine -d (starts the machine in deamon mode) sudo lxc-attach -n NameofMachine (attaches to this machine so that you have root access to it) (Optional in each container) sudo apt-get install python-minimal
When I used the second method I created approximately 3 containers so that I could run different tasks against different hosts.
Having followed the instructions above, you should now have a fully functional Ansible test-bed that will allow you to run playbooks and learn Ansible. I hope that you have found this article useful and if you want to learn more about Ansible, I plan on producing some more articles in the future but in the meantime check out the documentation on the Ansible website here.