The Ansible inventory file can be specified or a default location can be configured in the /etc/ansible/ansible.cfg file by adding the following lines.
The group variables are a way of assigning groups inside the inventory file variables. The inventory can be either a single group of all devices, or split into whatever groups you like. In the inventory file below I have three groups; all device group, router group and a switch group in that order.
The group name and group_vars file need to match as show in the diagram below.
Inside the group_vars file can be device type usernames/passwords among other variables. The in the file below there are credentials for the Cisco devices along with the device type of ios.
When the vault file is created the credentials will be able to be changed for the vault variable name so they are not in plain text. More on this below.
Ansible Valut
Ansible vault is a way or storing passwords safely of the devices that Ansible will connect to. Each time a playbook is run the there will be a request for the vault password.
Create Vault
The vault file needs to be in the same directory as the group_vars file.
In the example the wrong password has been entered. A new one must be entered. Now there are two options. To either remove the vault file and start again, or to edit it. To edit the file the command “ansible-vault edit vault” is used. The correct password can then be entered.
Now the vault is created for the password it can be tested. The password from the group_vars file has been removed and replaced with the vault variable.
The playbook to be run will configure OSPF of the router and create VLANs on the switches. I have made one change the the playbook in Git which is to remove the device 172.16.1.103. There issues getting this switch running.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
---
-name:Play1-Manage GNS3 devices
hosts:172.16.1.104
gather_facts:false
connection:network_cli
tasks:
-name:enable ospf
ios_config:
parents:router ospf1
lines:
-network0.0.0.0255.255.255.255area0
become:yes
become_method:enable
register:print_output
-debug:var=print_output
-name:Play2-Switchspecific config
hosts:172.16.1.124
gather_facts:false
connection:network_cli
tasks:
-name:Create VLANs
ios_config:
lines:
-vlan200
-vlan201
-vlan202
-vlan203
become:yes
become_method:enable
register:print_output
-debug:var=print_output
The command to run the playbook needs to have an additional argument so it will ask for the vault password. This is the password set when creating the vault.
"To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device"
]
}
}
PLAY RECAP ***********************************************************************************************************************************
The playbook works in exactly the same way as with the plain text variables. So no more variables can be added they are working. I have added the enable password and the username.