Ansible for Network automation – Part 1

This blog is part of my series on Devops for Networking. Ansible is a very popular Devops tool and serves similar purposes as Puppet, Chef etc. Ansible has the unique feature that there is no need to install agent on the device side and this makes it very popular for Network device configuration since Network devices are still predominantly a closed system which does not allow agent installation in the device. In this blog, I will cover how to get started with Ansible and in the next blog, I will cover a sample application that I have written.

Ansible basics:

Ansible modules can be run locally or remotely. With the local approach, the module runs locally using apis to talk to remote devices. In remote scenario ,modules are pushed to remote devices, executed as python script and results are returned. Even though there is no need to install remote agent, remote device should allow execution of Python script. Ansible can either be run in command-line for simple tasks or can be executed using a playbook.

Basic modules can be executed from command-line. Following example shows usage of Ansible ping module.

# ansible -m ping | success >> {
    "changed": false, 
    "ping": "pong"

The above result shows ping was successful.

Following example shows an example of Ansible shell module. “remote” is an Ansible variable that contains host list and will be explained later.

ansible -m shell -a 'df -k' remote | success | rc=0 >>
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/sda1        6192704 4564984   1313148  78% /
udev             2011508       4   2011504   1% /dev
tmpfs             404924     880    404044   1% /run
none                5120       0      5120   0% /run/lock
none             2024616     124   2024492   1% /run/shm
cgroup           2024616       0   2024616   0% /sys/fs/cgroup
/dev/sr0           63132   63132         0 100% /media/VBOXADDITIONS_4.3.10_93012

In the above example, we get disk usage in the remote system using Ansible shell module.

Following are some terminologies used:


  • Used both in commandline and in playbooks
  • Used to specify inventory(group vars, host vars)
  • Variables can also be discovered like environment variables in remote system.

Following are some important variables:

# cat /etc/ansible/hosts:

Above, remote has 1 host defined. Multiple hosts can be part of remote group.

# cat /etc/ansible/group_vars/remote 
ansible_ssh_user: root

Above, remote group is defined to use username “root”.


  • Contains plays which is a list of tasks
  • Tasks call modules
  • Modules are Ansible libraries for performing common tasks.
  • Plays contain handlers that execute at the end
  • Playbook use YAML syntax.

Following is a simple playbook:

- hosts: remote
  user: root
  sudo: no
    - name: enables apache module
      apache2_module: state=present name=wsgi
    - name: installs latest version of perl
      apt: name=perl state=latest
    - name: installs apache2
      apt: name=apache2 state=present
    - name: removes wireshark if present
      apt: name=wireshark state=absent

Above playbook is defined to run on “remote” hosts group with user “root”. The first task is to enable apache module. The module used is “apache2_module”. The last task is to remove wireshark package if installed. Ansible executes playbooks in an idempotent manner. No operation is done if the task is already executed before.


Modules are pre-defined Ansible libraries. Most of the common tasks already have libraries and the library list keeps growing. For a complete list of Ansible modules, refer here.

Important Ansible directories:

/usr/share/ansible - Modules location
/etc/ansible/group_vars - Group variables
/etc/ansible/hosts - Host details

Getting started:

Ansible needs to be installed first. I used the instructions in this link to install Ansible in my Ubuntu 12.04 system. Password less access needs to be enabled to access remote hosts using ssh. I used this link to setup passwordless ssh access. (I had to run ‘ssh-add’ in localagent, otherwise, I was getting this error “Agent admitted failure to sign using the key”)

I used the following steps to install ansible on Ubuntu 14.04.

$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible



2 thoughts on “Ansible for Network automation – Part 1

  1. Thanks for providing the samples. Now got an idea about how can we use Ansible to control network devices and servers.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s