916-781-3029

ArubaOS-Switch
Automation with Ansible

Tiffany Chiapuzio-Wong
Technical Marketing Engineer
Wired Intelligent Edge TME Team
Agenda
– Introduction to Ansible
– Ansible and Aruba Modules
– Requirements
– Installation
– Getting Started with Ansible (Demo)
– How to Write and Execute Playbooks
– Ansible AWX (Demo)
– Support Updates
– Q&A

2
Why Invest in Network Automation?
I don’t need automation; we’ve been configuring
devices for years through CLI and it’s been fine…
“Automation takes practice. Mass deploying a
script is rare in live production. Start small and
work your way up depending on necessity and
trust. Always practice on lab environment first!”
There are so many different languages and
frameworks. How do I pick just one?
Automation increases efficiency and delivery.
With network topologies becoming more and
more complex every day, it’s no longer practical
to configure hundreds of devices by hand.
“I can’t jeopardize the state of my network by
running a bad script on 100 devices!”
Finding a successful automation solution is a
process. Start with an investment that’s good for
your process and your people, research, and get
your hands dirty.
3
Automation Tools Used Today

Python Chef Puppet

4
Ansible
Introduction

5
Ansible - Overview

An open-source IT automation tool created by RedHat, used

to automate provisioning, configuration management, and
application deployment.

‒ YAML and Python based

‒ Agentless

‒ Idempotent

“A tool that you could not use for six months, come back to, and still
remember.”
- Michael DeHaan , creator of Ansible

6
Ansible - Overview

Why are people choosing Ansible?

‒ Easy to get started with

‒ Supported by a wide range of vendors

‒ Easy+Secure Inventory (Host) Management

‒ Idempotency!

7
Ansible - Overview

CLI Interface

Modules
Plugins
User
Playbook Control-Machine
(Linux)

SSH-Connection
Inventory

Target System

8
ArubaOS-Switch Modules
Available modules

Apply ACLs to interfaces Restore Configurations Attach VRFs to VLAN interfaces

Manage User Information Configure DNS Server Configure NTP

Manage VLANs Configure Radius Profile Update/Configure PoE Ports

Configure QoS rate on interfaces Configure/Delete QoS Policies Configure SNMP Traps

Configure STP Configure/Manage AAA Configure Syslog

11
Ansible and Aruba Modules
Requirements & Installation

13
Ansible Requirements

‒ Control Machine
‒ Linux-based machine
‒ Windows not supported
‒ Supported Operating Systems: Red Hat Enterprise Linux 6 or
later, CentOS 6 or later, Ubuntu 12.04 LTS or later
‒ Python 2.7 or Python 3 (version 3.5 or later)

14
Installing Ansible

‒ Install Ansible on Control Machine using CLI

‒ Two methods of installation:
1. Through apt-get:
‒ CLI Command: $ [sudo] apt-get install ansible
‒ Version: Latest release
2. Through git:
‒ CLI Command: $ git clone https://github.com/ansible/ansible.git --recursive
‒ Requires setting up Ansible Environment with an environment setup script
‒ Version: Latest developer version
‒ Validate Ansible is installed correctly by executing ansible --version and
verifying the output looks similar to this:
$ ansible --version
ansible 2.7.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/administrator/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.15rc1 (default, Nov 12 2018, 14:31:15) [GCC 7.3.0]

Refer to: https://docs.ansible.com/ansible/latest/installation_guide/

18
Installing ArubaOS-Switch and ArubaOS-CX Modules

‒ Requires Ansible version 2.5 or later

‒ Download modules, installer, and module documentation from repository

in Aruba’s GitHub
‒ CLI Command: $ git clone https://github.com/aruba/aruba-ansible-modules.git
‒ Or download as ZIP if you don't have git

‒ Run module installer:

‒ $ [sudo] python aos_wired_module_installer.py
‒ This tool installs all files and directories required by Ansible for AOS-Switch
and AOS-CX integration

19
Aruba Switching Requirements

‒ ArubaOS-Switch
‒ SWI version 16.06 or later
‒ REST enabled
switch(config)# web-management ssl
switch(config)# rest-interface

‒ Reachable from Control Machine

20
Getting Started with
Ansible

22
Concepts

‒ Variable YAML Example:

Variable Example:
‒ Named object used to store information
‒ Can store different types: integers, strings, - Vlan100
mask = 24
dictionaries, booleans
ip: 10.20.3.4
print(mask) -> 24
‒ Dictionary
‒ A data structure comprised of key-value pairs
mask: 24
‒ YAML - Vlan200
‒ Structured, human-readable data file ip: 10.44.1.2
‒ Uses several data structures such as dictionaries mask: 24
and lists
‒ Case-sensitive, block-formatted using spaces for
indentation
The dictionary Vlan100 has two
‘keys’ ip and mask, with the
corresponding ‘values’
10.20.3.4 and 24 ,
respectively.

23
Playbook Breakdown

playbook_1.yml:

– hosts variable is always

- hosts: switch1 defined
gather_facts: False – Part of Ansible’s Inventory:
Tells Ansible which machines
tasks: to target and configure.
- name: Configure Hostname
arubaoss_system_attributes:
hostname: "AOS-Switch-Ansible-01"

24
Inventory Breakdown

‒ File that contains target machine(s) information Group:

‒ Information stored in variables Hospital_23

‒ Inventory files typically use YAML or INI format

Group: Group:
‒ Allows groups and groups of groups West
Wing
South
Wing
‒ Default: hosts are in the ‘all’ group

WW Servers: WW Switches: SW Servers: SW Switches:

10.112.80.93 10.112.90.44 10.112.80.93 10.112.90.44
10.112.80.63 10.112.90.25 10.112.80.87 10.112.90.25

25
ArubaOS-Switch Inventory File

‒ Hosts can be part of a group or standalone

‒ Inventory file in INI format or YAML format
‒ Requires specific variables to be defined for
each host:
‒ ansible_host : IP address of switch
‒ Ansible will send REST commands to this address
‒ ansible_user : login username
‒ ansible_password : login password
‒ ansible_connection : set to local
‒ tells Ansible to use REST instead of SSH to connect to
the switch
‒ ansible_network_os : set to arubaoss

27
ArubaOS-Switch Inventory File

/etc/ansible/hosts:
all:
hosts:
IP of host device
access_2930_44:
name of host device ansible_host: 10.6.18.44
ansible_user: admin
ansible_password: admin
static values, must always ansible_connection: local
be set ansible_network_os: arubaoss

28
Playbook Breakdown

playbook_1.yml:

- hosts: switch1 Tells Ansible to skip gathering

gather_facts: False information from hosts
tasks:
Play
- name: Configure Hostname Task
arubaoss_system_attributes: Module
hostname: "AOS-Switch-Ansible-01"

31
Task Breakdown

name : describes
what is being - name: Create VLAN 300
done in the arubaoss_vlan: Module
module call vlan_id: 300
Module name: "vlan300"
Arguments command: config_vlan
config: "create"

32
Running a Playbook

linux-bash$ ansible-playbook FILENAME -i HOSTS_FILE

Playbook Hosts
YAML File

33
Running a Playbook

34
Running a Playbook

Scenarios Behavior Ansible Task Status Target System State

Module will apply complete configuration
When device has no configuration Changed Desired State
given in the playbook.

Module will check if configuration is

When device has same configuration Skipped, Ok Desired State
present on device and do nothing.

Module will only apply diff (playbook vs

When device has more configuration,
device) of the configuration for the feature. Changed Original State + our configuration
for particular feature
Rest of the configuration will remain intact.

Ansible will attempt to connect to the

When Ansible cannot connect to the
device via SSH or REST during playbook Unreachable Unknown
device via SSH or REST
setup and receive no response.

Module failed to execute command or build

When configuration fails to be applied
REST URI. By default when failure is seen Failed Unknown
or module fails
Ansible stops executing playbook.

35
Ansible Tower+AWX

36
Ansible Tower

‒ Licensed version of Ansible’s GUI

‒ AWX: Open source version of Tower
‒ Provides all basic functionality of CLI and much more!
‒ Major Benefits:
‒ Stylish and easy-to-use GUI
‒ Fully support from RedHat
‒ Encrypted Inventory
‒ User Roles
‒ Job Scheduling & Detailed History
‒ Integrated Notifications

Refer to: https://docs.ansible.com/ansible-tower/latest/html/quickstart/quick_start.html

37
Differences between Ansible Tower & AWX

‒ AWX is open sourced and not supported by RedHat

‒ Stability is supported through minimal testing
‒ Security is supported through minimal testing
‒ Docker based
‒ Version upgrading is not supported
‒ May have to rebuild/reconfigure each time
‒ Not recommended for production

Refer to: https://www.redhat.com/en/resources/awx-and-ansible-tower-datasheet

38
Areas of Opportunity

‒ Ansible is already in a customer’s environment OR a

customer is familiar with the product Ansible

‒ Customer is interested in automation but has little to no

programming experience

‒ Customer has a multi-vendor environment and wants

automation for multiple systems

‒ Customer wants a clean and secure way to manage

device information with automation

39
Summary

I don’t need automation; we’ve been configuring

My team has been using Ansible for
devices for years through CLI and it’s been fine…
months and I couldn’t imagine life
without it!

There are so many

After tryingdifferent languages
other options, I’mand I’ve learned
“I can’t jeopardize the so much
state of myabout
frameworks. How do
confident I pick
that just one?
Ansible is the networkautomation,
by running aI’m
badconfident
script on in my
right tool for me! abilities!
100 devices!”

40
Support Update Announcements

– Airheads Developer Community

– Link: https://community.arubanetworks.com/t5/Developer-Community/bd-p/DeveloperCommunity
– GitHub update
– Link: https://github.com/aruba/aruba-ansible-modules
– Switching Automation Series on ABC Networking
– Link: https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ
– 1 Day Hands-On Ansible Workshop Available - March 26th/27th
– If interested please reach out to Tiffany Chiapuzio-Wong or Rajani Abraham

42
Thank you!

43