(on my third article, first i wanna to say sorry to you about my english grammar that so worst, i still learning my friend, but if i used Bahasa (im indonesian) some people out there will not understand)
On this article, i will explore one of famous open source Automation engine called Ansible, yes this tools is fenomenal enough on DevOps division, this tools can automate
on this article i wanna sharing to you how to install and basic configuration ansible to remoteand give basic instruction on one of network device example “vSRX Firewall” from juniper network. lets begin…
- Install the Ansible
- we i will install ansible engine on my linux ubuntu 14.04, as information most of my article, i will do on my Virtual Machine Workstation. below is step to install ansible on linux ubuntu 14.04
a. first do update your linux ubuntu with command
$ sudo apt-get update
b. install your ubuntu software repository common with command
c. add repository ansible to your system with command
d. do update again after you add ansible repository to ubuntu
$ sudo apt-get update
e. install ansible engine with command
$ sudo apt-get install ansible
f. the last thing is check your ansible installation with comamnd
$ ansible –version
on this step you have successfull to install ansible on your ubuntu system…yeaayy,
i think that was easy right, oke lets we used this tools…
2.Know the structure
as you know if we have have install some application on ubuntu or other linux or unix system, better we now about their location directory system, ansible directory system is on “/etc/ansible”, so we will to that directory and see structure directory that application
a. go to that directory
$cd /etc/ansible
b. see directory folder and structure withcomamnd
$ls -l (or $ll)
as we can see ansible have file “ansible.cfg” as default configuration ansible system, file “hosts” as configuration file to fill host/group list will managed by ansible system, and the last is folder “roles” as roles pupose in ansible
3. Configuration Ansible
a. first i will edit ansible file configuration “ansible.cfg” to add log file when ansible do some execution or work through their system, so when something wrong i will check the error from that log to get information what is wrong, open file ansible config with comamnd
$cd /etc/ansible
$vim ansible.cfg
and i will change value like on this picture below
remove the # to enable log path
b. Next i will disable host SSH checking when ansible remote SSH to that host with uncomment this line on the picture below
for information ansible used “Paramiko” is that phyton programming tools used by ansible managed remote host used protocol SSHv2, and the most structure program ansible is used phyton programming, so for some cases we need library phyton if some execution playbook not working well, tell about paramiko, i have experience when i work as system administrator my boss is challenge us to create automation system used tools like ansible, puppet, or chef, but when i read about structure ansible and how they work used paramiko to remote system, i planned to create my own automation application used my little capability phyton programming and knowledge about network configuration and bash programming in linux, but im too newbie and 😛 deployment is growing so fast, and i forget that task and not continue about my plan, but i have create some code on phyton programming used paramiko, and i will shared on next section in my article.
b. to execute job on ansible to the remote system we must have playbook folder, that folder will be used to create configuratio job file used YAML language to do many thing through ansible, like iam on this article to remote network device and do some basic action, so i will created folder playbook on directory ansible used user administrator with command
$sudo su
#mkdir playbooks
so on ansible folder i will have “ansible.cfg”, “hosts”, “roles”, and “plabooks”
4. create a Job on ansible
a. on this step we will add list host will managed by ansible with edit file “hosts” on directory ansible. i will add address SRX IP address to that file as host will be managed by ansible
$sudo su
#vim /etc/ansible/hosts
on that picture i created list group host will be managed by ansible, the group si name [remote] and the host SRX i created alias name “host-1” to SRX IP address 192.168.98.49
save the file hosts
b. go to folder playbooks and create configuration file job to remote SRX juniper and do some action to that SRX
#cd playbooks
#vim juniper3.yaml
i create configuration job to remote network device SRX and i will show version JunOS through my ansible, so this picture is example of file configuration
i will explain line by line meaning of that configuration job used YAML language
name : name of job
hosts : it will caled list host from file “hosts” in this example i called specific “host-1” is that alias name SRX with IP 192.168.98.49 on the group [remote] like i was explain above
so when i write alias name on the config job “hosts” it will caled specific host that match alias name from configuration file “hosts” if i write group name on hosts : remote it will caled all list host on that group.
gather_facts : yes this line to define we are will collecting information
connection: local this defines the connection will be made from this host
task: we start to define the actual task that will run
name : name of task
junos_command : this is ansible module result integration ansible and juniper can we used to run command in Juniper OS
another module in juniper is
junos_get_config
junos_get_facts
junos_install_config
junos_zeroize
junos_install_os
junos_cli
junos_rollback
and many more
another integration module we can show on the picture below
Commands : command will execute on JunOS
host: is variable reffered to hosts function value on the top line (host-1)
Username : username login will be used to SRX
Password : password login will be used to SRX
in the above for function username and password its not recommended in environment production, its not secure, theres another way to secure or masking this username or password but i dont do it on this case, u can find it by yourself. 😛
on juniper we will do some setting to allow ansible remote the JunOS, like a example picture below
set system services netconf ssh
this command will enable you to establish connections between a configuration management server and a device running Junos OS. A configuration management server, as the name implies, is used to configure the device running Junos OS remotely.
5. Execute that job
in this step we will execute job we have created on playbook folder to juniper SRX host with command
#cd /etc/ansible/playbooks
#ansible-playbook juniper3.yaml
at the first run i got much error, from YAML job i have been created like a used TAB on line, structure space, unknown function, or dependency not installed, but all error can you see on log execution ansible on directory path /var/log/ansible.log, this is reason you must enable on the file config ansible ansible.cfg that i was explain above. and one of crutial error i got is, one dependency ansible needed to create session netconf to juniper OS, log error i show on picture below
Ansible error : ncclient is not installed
that a module on phyton library can be used to create netconf session to juniper OS so when execution ansible shown message error “unnable to open shell” …T_T, so i will fix this error with installed that module to my phyton library, and in my opinion this is happend only to network device used netconf as connection, so i search how to install that module on ubuntu and i get from some github library open source developer to get ncclient installer, so i copy that file from github used git command and installed to the ubuntu system
downlaod ncclient
#git clone https://github.com/ncclient/ncclient.git”
login to ncclient directory and install file to the system
#cd ncclient/
#python setup.py install
and i got error egain because missing some dependency, :D, okay then im search forum why iam failed to install that ncclient and get comamnd how to fix it, il show on the picture below
i run that comamnd and installed ncclient is success!
on this section i wanna tell you little story, i feel that something weird when i used my brain to much, my face will be change to black, i dont know but my partner at work see what i see, my face is changed to black,..are some people get that experience too? please comment.
after success install that module to my system i try to execute my playbook again and gotcha, that playbook success execute to JunOS system,
success job will be show like on the picture above,
so just like that?? where the result of execution??
haha….im sorry i will do simple thing to show to you result of execution ansible playbook file juniper3.yaml to log file with command
#cd /etc/ansible/playbook
#ansible-playbook -vvv juniper3.yaml > /etc/ansible/playbook/version.log
and the result can you see on the log file like the picture below
actualy you can make result the execution to local file from playbook YAML, how? thats
you must explore later, and create another playbook to execute cisco device, or Arista, or F5, or linux system. thanks for visit and read my article, i hope this article is helpfull…see you at next article
konquerouter 