Fumbling Through Networking

October 6, 2017 by Chris Meyers

Ansible Fumbling Through Networking Blog

This blog post is written by a systems person who has always dodged networking ... until now. I gave Ansible networking modules a try with a vyos Vagrant image. This blog describes how I fumbled through the process of writing my first Ansible playbook to successfully gather facts from a running vyos virtual machine.

First things first, I need a network thingy to run commands on. I don’t have a physical networking thingy so let’s go searching for a virtual one. After some googling for a Cisco IOS virtual machine I found and started to download an ISO. While that was going on I pinged my co-worker Ben on Slack. Ben’s a networking guy within Ansible. I asked him what virtual device he uses. He pointed me at a vyos Vagrant image. So I canceled the Cisco IOS ISO download and ran the needed vagrant commands.

vagrant init higebu/vyos
vagrant up

Ok, that did something but what did it do? Let me try the old vagrant ssh. Nope, that didn’t work. Oh, I got another message from Ben on slack. He mentions I’m going to need a plugin to make this work smoothly with Vagrant and to run:

vagrant plugin install vagrant-vyos

Ok. Now let me try vagrant ssh again. Yes, got the command line prompt, I’m in.

Alrighty, I know I can ssh to some kind of machine. Now let me try Ansible + vyos fact gathering module against this machine. To do this I need to build an inventory file with a host that points at the Vagrant box.

# inventory file
localhost ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_ssh_private_key_file=~/vyos/.vagrant/machines/default/virtualbox/private_key

# main.yml playbook
- hosts: localhost
  tasks:
    - vyos_facts:
        gather_subset: all
      register: result

    - debug:
        msg: "{{ result }}"

Now run the classic ansible-playbook -i inventory main.yml

Uh oh, failure.

TASK [vyos_facts] **********************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell"}

Hmm, seems to be related to a connection issue. After trying a few things I figured a “reset” of my vm would be best.

vagrant destroy
vagrant init higebu/vyos
vagrant up
ansible-playbook -i inventory main.yml

Still didn’t work. What’s going on?

I found out that the networking modules use ansible local connection plugin and have their own credential support system via the provider parameter to whatever networking module you are using. So delete the inventory file and the playbook changes to the below:

- hosts: localhost
  vars:
    auth:
      username: "vagrant"
      ssh_keyfile: "/Users/meyers/ansible/vagrant/vyos/.vagrant/machines/default/virtualbox/private_key"
      port: 2222
  tasks:
    - vyos_facts:
        gather_subset: all
        provider: "{{ auth }}"
      register: result

    - debug:
        msg: "{{ result }}"

The Vagrant directory needed to be reinstantiated after installing the vyos plugin (see above) and the playbook needs to use provider (see above). Below is the output from a successful run.

PLAY [localhost] ***********************************************************************

TASK [Gathering Facts] *****************************************************************
ok: [localhost]

TASK [vyos_facts] **********************************************************************
ok: [localhost]

TASK [debug] ***************************************************************************
ok: [localhost] => {
    "msg": {
        "ansible_facts": {
            "ansible_net_commits": [
                {
                    "by": "vagrant",
                    "comment": null,
                    "datetime": "2017-09-06 23:58:53 ",
                    "revision": "0",
                    "via": "cli"
                },
                {
                    "by": "root",
                    "comment": null,
                    "datetime": "2017-09-06 23:58:48 ",
                    "revision": "1",
                    "via": "boot-config-loader"
                },
                {
                    "by": "vagrant",
                    "comment": null,
                    "datetime": "2016-10-03 11:39:03 ",
                    "revision": "2",
                    "via": "cli"
                },
                {
                    "by": "vagrant",
                    "comment": null,
                    "datetime": "2016-10-03 11:39:02 ",
                    "revision": "3",
                    "via": "cli"
                },
                {
                    "by": "vagrant",
                    "comment": null,
                    "datetime": "2016-10-03 11:38:15 ",
                    "revision": "4",
                    "via": "cli"
                },
                {
                    "by": "vagrant",
                    "comment": null,
                    "datetime": "2016-10-03 11:38:14 ",
                    "revision": "5",
                    "via": "cli"
                },
                {
                    "by": "vagrant",
                    "comment": null,
                    "datetime": "2016-10-03 11:29:22 ",
                    "revision": "6",
                    "via": "cli"
                },
                {
                    "by": "vagrant",
                    "comment": null,
                    "datetime": "2016-10-03 11:29:21 ",
                    "revision": "7",
                    "via": "cli"
                },
                {
                    "by": "vyos",
                    "comment": null,
                    "datetime": "2016-10-03 20:28:23 ",
                    "revision": "8",
                    "via": "cli"
                },
                {
                    "by": "root",
                    "comment": null,
                    "datetime": "2016-10-03 20:27:39 ",
                    "revision": "9",
                    "via": "boot-config-loader"
                }
            ],
            "ansible_net_config": [
                "set interfaces ethernet eth0 address 'dhcp'\nset interfaces ethernet eth0 duplex 'auto'\nset interfaces ethernet eth0 hw-id '08:00:27:0f:ec:bf'\nset interfaces ethernet eth0 smp_affinity 'auto'\nset interfaces ethernet eth0 speed 'auto'\nset interfaces loopback 'lo'\nset service ssh 'disable-host-validation'\nset service ssh port '22'\nset system config-management commit-revisions '20'\nset system host-name 'vyos'\nset system login user vagrant authentication encrypted-password '$6$L3hDqBMY8SiTjfL$vtdr2U1ACqdD/bIa.Crp2Yg0sLaMYXJcdrE7O1VjTXt3VEhyRJf.6tb9u7e/QcdbJhFld7Uss3EbGni1S2RM80'\nset system login user vagrant authentication plaintext-password ''\nset system login user vagrant authentication public-keys vagrant key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDXz1W6YZ+FfM62bbZlqQaoyROyfOPcTkybRrGFnJHEy/IeuvuJqkLQLSq5C3afgHNSlp+Wx/9e5jsG1WA6Fku/wkWn2pfSVrtvIU8bh


ruUTW3ni6wB28Am0AMwuvMa57GlRKjMnUbZ0VUxwct7WA5Au1LRyQDYtw7n8y7HXGwZN7ot5BEEb4ljsceWk/Hba8QccCsNrw2rKCY062Y5e+AJ6P0sX8BNGKkE9l5CL7bPNDNIdrQW5xXDPqr7BPUvuhUwi+iZ1E7+To6HrKgpmhog9iCEFvKCsPoKeOoi40km7Ei4F5EJs2EiWpBJIZK0iDmbJi0SdZdujC3BHVqVO2Kd'\nset system login user vagrant authentication public-keys vagrant type 'ssh-rsa'\nset system login user vagrant level 'admin'\nset system login user vyos authentication encrypted-password '$1$.5.rLRL8$UGfNo6OogWe9RTDG//YXy/'\nset system login user vyos authentication plaintext-password ''\nset system login user vyos level 'admin'\nset system ntp server '0.pool.ntp.org'\nset system ntp server '1.pool.ntp.org'\nset system ntp server '2.pool.ntp.org'\nset system package auto-sync '1'\nset system package repository community components 'main'\nset system package repository community distribution 'helium'\nset system package repository community password ''\nset system package repository community url 'http://packages.vyos.net/vyos'\nset system package repository community username ''\nset system syslog global facility all level 'notice'\nset system syslog global facility protocols level 'debug'\nset system time-zone 'UTC'",
                "0   2017-09-06 23:58:53 by vagrant via cli\n1   2017-09-06 23:58:48 by root via boot-config-loader\n2   2016-10-03 11:39:03 by vagrant via cli\n3   2016-10-03 11:39:02 by vagrant via cli\n4   2016-10-03 11:38:15 by vagrant via cli\n5   2016-10-03 11:38:14 by vagrant via cli\n6   2016-10-03 11:29:22 by vagrant via cli\n7   2016-10-03 11:29:21 by vagrant via cli\n8   2016-10-03 20:28:23 by vyos via cli\n9   2016-10-03 20:27:39 by root via boot-config-loader\n10  2016-10-03 20:27:39 by root via init"
            ],
            "ansible_net_gather_subset": [
                "neighbors",
                "default",
                "config"
            ],
            "ansible_net_hostname": "vyos",
            "ansible_net_model": "VirtualBox",
            "ansible_net_serialnum": "0",
            "ansible_net_version": "VyOS"
        },
        "changed": false,
        "failed": false
    }
}

PLAY RECAP *****************************************************************************
localhost                  : ok=3    changed=0    unreachable=0    failed=0

Next thing to try is modifying the device configure to do something useful. A network device by itself isn't very useful, so I'll need to bring up multiple devices. I'll save that exercise for a future blog post.

Let’s recap. After reading this you can now collect facts from your networking device (virtual or physical). You can safely explore interacting with Ansible and Ansible networking modules without the worry of breaking your infrastructure because collecting facts is a read-only operation. With this knowledge you can begin to automate the gathering of your current network devices, mapping out your topology, and begin to plan the next step (modifying the configuration). Fact collection is the first step in the path to automating your network configuration.

Share:

Topics:
Networks


 

Chris Meyers

Chris is a Senior Software Engineer, Ansible, contributing Red Hat Ansible Tower backend APIs. Before Ansible, Chris worked on projects like a mobile food ordering system for stadium concessions and a remote control cat video laser device. To learn more about those you can follow him on Twitter at @oldmanmeyers85.


rss-icon  RSS Feed

Ansible Tower by Red Hat
Learn About Ansible Tower