{"id":454,"date":"2021-06-24T13:15:07","date_gmt":"2021-06-24T11:15:07","guid":{"rendered":"http:\/\/www.digiliv.de\/?p=454"},"modified":"2021-06-24T13:29:48","modified_gmt":"2021-06-24T11:29:48","slug":"ansible-interaktionen-mit-cisco-ios-geraten","status":"publish","type":"post","link":"http:\/\/www.digiliv.de\/index.php\/2021\/06\/24\/ansible-interaktionen-mit-cisco-ios-geraten\/","title":{"rendered":"Ansible: Interaktionen mit Cisco IOS-Ger\u00e4ten"},"content":{"rendered":"

\"\"<\/a>Ansible kann auf Mehrere Arten mit Cisco-Devices zusammen arbeiten. Dieser Artikel beschreibt eine einfache und direkte Interaktion.
\nNat\u00fcrlich muss Ansible sich auf dem Router oder Switch anmelden k\u00f6nnen.. Dazu wird der User auf dem Ger\u00e4t (hier ist es ein Cisco 1921 Router) als privilegiertes Login angelegt.<\/p>\n

username ansible privilege 15 password ansiblepwd<\/pre>\n
Der User ansible kann nat\u00fcrlich auch als ‘normaler’, also nicht-privilegierter User angelegt werden, jedoch m\u00fcssen dann zus\u00e4tzlich die Variablen<\/p>\n
ansible_become=yes\r\nansible_become_method=enable\r\nansible_become_password=ena-PW_des_Routers<\/pre>\n
in der Variable-Sektion des Hosts-Files angelegt werden, damit Ansible in den enable-Modus wechseln kann.<\/p>\n
Ausserdem wird in der entsprechenden Sektion angegeben welches Betriebssystem die Router verwenden, in diesem Fall ios.<\/p>\n
Es bietet sich an, hier zwischen Router(n), Core-, Distributions und Access-Switches zu unterteilen, da diese Gruppen zwar untereinander \u00e4hnlich bis gleich konfiguriert werden, zwischen den Gruppen aber gro\u00dfe Unterschiede vorhanden sind… Speziell Router und Firewalls sollte man sehr genau betracheten, da diese (neben Core-Switches) IP-Netze halten und entstrechend individuell konfiguriert werden m\u00fcssen.<\/p>\n
In diesem Beispiel hat die Gruppe Routers nur ein Mitglied,<\/p>\n
[Router] \r\n172.16.199.2 \r\n\r\n[Router:vars] \r\nansible_user=ansible \r\nansible_password=ansiblepwd\r\nansible_network_os=ios<\/pre>\n
Damit kann schon grunds\u00e4tzlich auf den Router zugegriffen werden. Dazu folgt nun ein\u00a0 einfaches Playbook:<\/p>\n
--- \r\n- name: CiscoTest \r\n\u00a0hosts: 172.16.199.2 \r\n\u00a0gather_facts: false \r\n\u00a0connection: network_cli \r\n\r\n\u00a0tasks: \r\n\u00a0\u00a0- name: Set Interfaces \r\n\u00a0\u00a0\u00a0\u00a0ios_command: \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0commands: \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- conf t \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- interface GigabitEthernet0\/1.254 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- description ClientB VLAN254 Ansible Test \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- encapsulation dot1Q 254 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- ip address 172.16.254.1 255.255.255.0 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- ip helper-address 172.16.199.11 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- ip helper-address 172.16.199.12 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- end \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- wr \r\n\r\n\u00a0\u00a0- name: Show Interfaces \r\n\u00a0\u00a0\u00a0\u00a0ios_command: \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0commands: \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- sh ip int br \r\n\u00a0\u00a0\u00a0\u00a0register: output \r\n\r\n\u00a0\u00a0- name: Print Output \r\n\u00a0\u00a0\u00a0\u00a0debug: \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0var: output.stdout_lines<\/pre>\n
Das Playbook hei\u00dft CiscoTest und wird direkt auf den Host 172.16.199.2 angewandt. Ein Sammeln von Informationen wird nicht gestartet (gather_facts ist false) und die Verbindung soll direkt auf das CLI des Routers gehen (connection=network_cli). Das Playbook enth\u00e4lt drei aufeinander folgende Aufgaben\/Tasks. Der erste (Set Interfaces) baut auf dem Router das VLAN-Interface GigabitEthernet 0\/1.254 auf und trunkt es per 802.1Q, IP-Adresse und IP-Helper weden zugewiesen, damit im Subnetz Clients auf die verf\u00fcgbaren DHCP-Server geleitet werden k\u00f6nnen. Nun wird noch die Konfiguration auf dem Router gespeichert und der Task ist beendet.
\nDie Ausgaben auf dem CLI sind in diesem Fall irrelevant, da der Router nach den einzelnen Kommandeos nichts ausgibt.<\/p>\n
Der zweite Task, Show Interfaces fasst alle Interfaces zusammen und es ist gleich zu sehen, ob die Konfiguration erfolgreich durchgef\u00fchrt werden konnte. In diesem Fall ist die Ausgabe wichtig, daher wird sie \u00fcber register in die Variable output gespeichert und im dritten Task, Print Output, angezeigt.<\/p>\n
Die Ausf\u00fchrung des Playbooks zeigt dann Folgendes:<\/p>\n
[user1@ansible playbooks]$ ansible-playbook ciscotest.yml \u00a0\r\n\r\nPLAY [CiscoTest] ************************************************************************************************************************************************ \r\n\r\nTASK [Set Interfaces] ******************************************************************************************************************************************* \r\nok: [172.16.199.2] \r\n\r\nTASK [Show Interfaces] ****************************************************************************************************************************************** \r\nok: [172.16.199.2] \r\n\r\nTASK [Print Output] ********************************************************************************************************************************************* \r\nok: [172.16.199.2] => { \r\n\u00a0\u00a0\u00a0\"output.stdout_lines\": [ \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0[ \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Interface \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0IP-Address \u00a0\u00a0\u00a0\u00a0\u00a0OK? Method Status \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Protocol\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"Embedded-Service-Engine0\/0 unassigned \u00a0\u00a0\u00a0\u00a0\u00a0YES NVRAM \u00a0administratively down down \u00a0\u00a0\u00a0\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"GigabitEthernet0\/0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0172.16.199.2 \u00a0\u00a0\u00a0YES NVRAM \u00a0up \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0up \u00a0\u00a0\u00a0\u00a0\u00a0\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"GigabitEthernet0\/1 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0172.16.200.1 \u00a0\u00a0\u00a0YES NVRAM \u00a0down \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0down \u00a0\u00a0\u00a0\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"GigabitEthernet0\/1.1 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a010.10.1.1 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0YES NVRAM \u00a0down \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0down \u00a0\u00a0\u00a0\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"GigabitEthernet0\/1.10 \u00a0\u00a0\u00a0\u00a0\u00a0172.16.210.1 \u00a0\u00a0\u00a0YES NVRAM \u00a0down \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0down \u00a0\u00a0\u00a0\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"GigabitEthernet0\/1.11 \u00a0\u00a0\u00a0\u00a0\u00a0172.16.211.1 \u00a0\u00a0\u00a0YES NVRAM \u00a0down \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0down \u00a0\u00a0\u00a0\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"GigabitEthernet0\/1.20 \u00a0\u00a0\u00a0\u00a0\u00a0172.16.220.1 \u00a0\u00a0\u00a0YES NVRAM \u00a0down \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0down \u00a0\u00a0\u00a0\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"GigabitEthernet0\/1.21 \u00a0\u00a0\u00a0\u00a0\u00a0172.16.21.1 \u00a0\u00a0\u00a0\u00a0YES manual down \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0down \u00a0\u00a0\u00a0\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"GigabitEthernet0\/1.100 \u00a0\u00a0\u00a0\u00a010.10.100.1 \u00a0\u00a0\u00a0\u00a0YES NVRAM \u00a0down \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0down \u00a0\u00a0\u00a0\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"GigabitEthernet0\/1.200 \u00a0\u00a0\u00a0\u00a010.10.200.1 \u00a0\u00a0\u00a0\u00a0YES NVRAM \u00a0down \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0down \u00a0\u00a0\u00a0\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"GigabitEthernet0\/1.254 \u00a0\u00a0\u00a0\u00a0172.16.254.1 \u00a0\u00a0\u00a0YES manual down \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0down \u00a0\u00a0\u00a0\", \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\"GigabitEthernet0\/1.300 \u00a0\u00a0\u00a0\u00a010.10.30.1 \u00a0\u00a0\u00a0\u00a0\u00a0YES NVRAM \u00a0down \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0down\" \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0] \r\n\u00a0\u00a0\u00a0] \r\n} \r\n\r\nPLAY RECAP ****************************************************************************************************************************************************** \r\n172.16.199.2 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0: ok=3 \u00a0\u00a0\u00a0changed=0 \u00a0\u00a0\u00a0unreachable=0 \u00a0\u00a0\u00a0failed=0 \u00a0\u00a0\u00a0skipped=0 \u00a0\u00a0\u00a0rescued=0 \u00a0\u00a0\u00a0ignored=0 \u00a0\u00a0\u00a0\r\n\r\n[user1@ansible playbooks]$<\/pre>\n
Das Recap zeigt, dass 3 Tasks erfolgreich auf dem Router durchgef\u00fchrt wurden, was der router in seiner Konfigurationsdatei auch best\u00e4tigt.<\/p>\n
r-test#sh run int gi0\/1.254 \r\nBuilding configuration... \r\n\r\nCurrent configuration : 212 bytes \r\n! \r\ninterface GigabitEthernet0\/1.254 \r\ndescription ClientB VLAN254 Ansible Test \r\nencapsulation dot1Q 254 \r\nip address 172.16.254.1 255.255.255.0 \r\nip helper-address 172.16.199.11 \r\nip helper-address 172.16.199.12 \r\nend \r\n\r\n<\/pre>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Ansible kann auf Mehrere Arten mit Cisco-Devices zusammen arbeiten. Dieser Artikel beschreibt eine einfache und direkte Interaktion. Nat\u00fcrlich muss Ansible sich auf dem Router oder Switch anmelden k\u00f6nnen.. Dazu wird der User auf dem Ger\u00e4t (hier ist es ein Cisco 1921 Router) als privilegiertes Login angelegt. username ansible privilege 15 password ansiblepwd Der User ansible […]<\/p>\n","protected":false},"author":1,"featured_media":443,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[75,32,4],"tags":[76,77,54,79],"class_list":["post-454","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-automation","category-linux","category-netzwerk","tag-ansible","tag-automation","tag-cisco","tag-playbook"],"_links":{"self":[{"href":"http:\/\/www.digiliv.de\/index.php\/wp-json\/wp\/v2\/posts\/454","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.digiliv.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.digiliv.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.digiliv.de\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.digiliv.de\/index.php\/wp-json\/wp\/v2\/comments?post=454"}],"version-history":[{"count":6,"href":"http:\/\/www.digiliv.de\/index.php\/wp-json\/wp\/v2\/posts\/454\/revisions"}],"predecessor-version":[{"id":460,"href":"http:\/\/www.digiliv.de\/index.php\/wp-json\/wp\/v2\/posts\/454\/revisions\/460"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.digiliv.de\/index.php\/wp-json\/wp\/v2\/media\/443"}],"wp:attachment":[{"href":"http:\/\/www.digiliv.de\/index.php\/wp-json\/wp\/v2\/media?parent=454"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.digiliv.de\/index.php\/wp-json\/wp\/v2\/categories?post=454"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.digiliv.de\/index.php\/wp-json\/wp\/v2\/tags?post=454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}