The Ansible Ask an Expert webinar series continues to be one of the most popular series we’ve ever hosted. During these Q&A style webinars, our Ansible experts take questions from the audience about specific topics.
In March, we covered Ansible + Networking. We’ve compiled the questions and answers below for your reference.
Interested in more? Our next Ask an Expert: Networking webinar is scheduled for July 19 at 11AM EDT. Register here.
Q: Persistent connection optimization really applies to devices that do not use a REST API with support for long-lived access tokens (as opposed to cookies)?
A: That's correct. The persistent connection framework is designed to work with SSH based connections, which include CLI and NETCONF connection methods.
Q: Do you know if it's in the roadmap to ship Ansible Tower with jobs out-of-the-box for the most common tasks performed with Red Hat products? For example, deploy a jboss EAP, install OS packages, and stuff like that?
A: Assuming you are talking about "canned" Playbooks here. In most cases, each of the individual products would curate and maintain Playbooks for use and are distributed by the individual products (since there are support implications). The Ansible distribution does not include application-specific Playbooks at this time, but there are most likely plenty of Playbooks available in the community.
Q: Will it be possible to use the modules to push "abstract configurations"?
A: The Ansible 2.4 roadmap will start to infuse declarative configuration modules, which could help address this.
Q: Is there a guide to take advantage of the persistence model on modules we've already built?
A: We are getting this more and more, but we don't have one yet. This is a great idea. It would be great to have a Developing Modules Guide or something similar, which we can put on the roadmap with enough demand or interest.
Q: What version of Ansible Tower will have Ansible 2.3, and what is the ETA?
A: History suggests a “staggered” release of Ansible and Ansible Tower. For example, Ansible Tower 3.0 has Ansible 2.1 included. Ansible Tower 3.1 has Ansible 2.2 included. This is always subject to change, and no ETA is available at this time for the next version of Ansible Tower.
Q: What about support for AireOS for Cisco wireless?
A: There is currently no built-in support for this device per the included list of Ansible network modules. There may be community sponsored modules, or by Cisco directly.
Q: Why would we use native Ansible networking modules instead of something like the napalm Ansible modules?
A: It's not an either/or, and truly depends on the use case and lots of dependencies and needs by the administrator.
Q: Do you have in your roadmap to support the Calico project? (Not only the BGP configuration in the network devices)
A: It’s definitely on our backlog but not currently committed to any particular release cycle. We are also happy to accept any contributions from the community around Calico (or any other network project).
Q: Will the older Playbooks work with Ansible 2.3?
A: Yes! The changes made to Ansible in 2.3 do not require any changes to Playbooks used in Ansible 2.2.
Q: Which language need to know to write an Ansible network module?
A: Any programming language is perfectly fine to use, but the most commonly used language in developing modules is Python.
Q: Are you planning to add Cisco ACI and/or VMware NSX for network modules?
A: Cisco ACI and VMWare NSX modules are available in the community, but Ansible has not received any requests from module maintainers or sponsors to include them in an Ansible distribution.
Q: Would love to see some better file management for network platforms. Uploading scripts to Juniper, adding OS images, etc..
A: That's a great idea! Please file an issue so we can track demand for this feature request. This is the only way we can relay or track requirements in use cases.
Q: Can Ansible be used to deploy firewall deploy changes/updates (and if so, which vendor appliances)?
A: Take a look at the included list of Ansible network modules. There may be community sponsored modules, or by the vendor directly.
Q: Is there any generic non-vendor specific libraries on Ansible?
A: We are looking at building vendor agnostic roles that will leverage the declarative modules coming in Ansible 2.4.
Q: Any news regarding open source-ing Tower?
A: In the works, but no ETA yet.
Q: Is there a module for Cisco Small Business devices like the Sx300 Cisco Switches?
A: Take a look at the included list of Ansible network modules. There may be community sponsored modules, or by Cisco directly.
Q: When is Ansible 2.3 expected to be released?
A: Ansible 2.3 was officially released on April 12, 2017.
Q: I primarily use Ansible for Linux, but I have I tried it for Windows. The win_package module is utterly painful to work with (you must specify the product ID). Surely, Ansible should be able to get this product ID under the hood when installing a windows file. Is the dev team working on this? The only alternative is to install the windows package and check the registry for the product ID (which is extremely tedious), or using an installer file editor (like Orca), which doesn't always show the product ID. This really takes away from the automation power of Ansible for windows packages. Again, I'm a linux admin so I don't personally deal with this everyday, but I'm sure it is a great pain for windows admins.
A: We have several enhancements for win_package in the pipe as part of it being adopted as a "core" module- relaxing the product ID requirement is one of them. "Discoverable" product IDs are only present in MSIs (not .EXEs), and the current module *does* in fact pull it from the package in that case. However, due to the "install from URL" feature that the original author added, it's not possible to discover the product ID from an MSI without downloading it first (which would be bad for a quick "is this installed?" check), and for some reason, the author chose to make it always required (rather than only in that case). You can observe this by specifying the wrong product ID for an MSI- the module will error out! We're planning to relax that requirement and discover the product ID whenever possible, so it'll only be required for EXE and remote-hosted installer packages.
Q: Often Ansible modules don't work well on RHEL 6. So we had to use shell. Can you comment on this?
A: Oh no! Let us know which ones. File support cases, issues, pull requests, etc. We may not know of the issues!
Q: Can I expect Brocade support?
A: There is currently no built-in support for this device per the included list of Ansible network modules. There may be community sponsored modules, or by Brocade directly.
Q: Any plans for BlueCat?
A: There is currently no built-in support for this device per the included list of Ansible network modules. There may be community sponsored modules, or by BlueCat directly.
Q: Do you reach out to vendors? There is a citrix netscaler module that has been around for a while but it is very limited and hasn't been updated...
A: Yes! We realize the success of Ansible is only as good as the modules that are available and maintained. In many cases vendors don't prioritize module development because their customers just don't ask. Ask for it!
Q: Do we have Cisco UCS and FI's Modules coming soon any time?
A: There is currently an effort in the community to develop a set of Cisco UCS modules. Please refer to the Ansible-devel mailing list for more details.
Q: I am new to Ansible, I do understand how well Ansible integrate with host/application automation, but not sure why would I want to use Ansible network to automate my network infra though it's not changing much over time.
A: Automation isn't just for large scale deployments, but it's truly what works for you or what your goals are for managing your network. We feel Ansible has efficiencies over other methods but it's truly what works for you in the end.
Q: Is there a way to use information from roles or tasks applied to a node to build network configuration dynamically?
Q: How about notification like SMS or mail?
A: Assuming you are asking if Ansible can interface for notifications like SMS or Mail or ChatOps, then absolutely! Ansible Tower's true power is with the REST API that can integrate with many applications for notifications.
Q: Is remediation on your roadmap?
A: Yes, it’s on the backlog but is not currently tied to a release.
Q: Is there a way to load the binary image on device with the help of Ansible?
A: Currently you could experiment with using one of the *_command modules to load the image onto the device. We are looking at building platform specific modules to perform this operation in a future release.
Q: Is SDN on the roadmap and if so, how will it integrate with multiple vendors?
A: "SDN" is a loaded term, but if you mean software-based controllers to manage networks, sure thing - these solutions are just another solution with vendors. Take a look at the included list of Ansible network modules or with the specific SDN vendor or community directly.
Q: Any chance we'll see modules for Avaya switches and routers?
A: There is currently no built-in support for this device per the included list of Ansible network modules. There may be community sponsored modules, or by Avaya directly.
Q: Any thought to adding netmiko as a connection type? Alot of work has gone into connection management in that module...
A: We evaluated using netmiko in the past and at the time it did not meet the necessary requirements to be used in Ansible. It is something that could be reconsidered in a community discussion but currently there is no plan to do so.
Q: is it possible to have a module to configure the next available switchport or port channel interface? Or do we have to specify the port as a variable in the module?
A: Currently this would have to be supplied by the module. However, if this is a feature you would like to see, please open a feature request issue at github.com/Ansible/Ansible
Q: What features in Ansible Tower are or of particular relevance for networking?
A: Role-based access controls, Vault for credential storage, using Surveys as part of job templates are just a few of the unique use cases with using networking and Ansible Tower.
Q: Are there audit trails in the non-Tower version?
A: Not easily done out of the box, no, but possible with community plugins and Playbooks.
Q: Is there any easy way to be in a version of Ansible 2.1 and use modules for 2.2 for the network only?
A: Best practice is to use the modules tested on the specific version of Ansible for the most predictable results.
Q: is there any generic module that could support devices that only provide non structured output?
A: Take a look at the raw module. Maybe this will help.
Q: If Ansible notifies you of a failure, can it self-heal with remediation process?
A: Ansible has the ability to execute Playbooks (and plays within Playbooks) based on checks, so yes assuming the hardware supports remediation with Ansible modules.
Q: Is there any indication on when it will be able to use these vendor-indifferent options/configurations (abstract config) (maybe Ansible 2.3 / 2.4?)
A: We will start to phase in vendor agnostic roles starting with Ansible 2.4.
Q: Do we currently have a general parser module that can be tweaked to support the non structured outputs of different networking devices?
A: We are adding a filter plugin to Ansible 2.4 that will perform this activity.
Learn how Ansible’s simple agentless framework can help you build, manage and scale network automation.
Keep an eye on the Ask Ansible page for upcoming sessions.
If you have any comments or ideas for other Ask an Expert sessions, feel free to tweet at @Ansible.