Network Automation – Ansible Learnings Week 5 – Expanding my foundational Ansible knowledge

Week ending 15/12/19

Well this past week has sure lived up to the normal hectic Christmas from the personal perspective, with all my kids having something and also other family over here visiting for the festive season.

After where I got last week, I realised that I need to hit the books, documentation articles, and other resources to learn and grow in knowledge of jinja2 and ansible roles.

Jinja2

I have found the following two great articles which I encourage you to read.

https://skyenet.tech/ansible-and-jinja2-templating/

From here I have started to read the following book – “Network Programmability and Automation, 1st Edition” by Jason Edelman, Scott Lowe, and Matt Oswalt. I have only read the first few pages this week but am going to be investing into it more next week. It seems to be initially already a very helpful and insightful book as to how to take my network automation to the next level.

More to come in coming weeks regarding Jinja2 and my usage of it, for this week, my work has been on implementing a very basic playbook based a very basic task – NTP configuration on my Ubuntu hosts.

I have in my environment two NTP servers, which I point all my internal resources to. These two NTP servers are syncing with AU ntp pool servers. To save me time every time I spin up a Ubuntu host I want to automate the deployment of NTP configuration and keep it simple by using a role.

I also realised every time I spin up a host I need to copy my public ssh cert and add the user to the sudoers list. These basic things were becoming quite tedious and obviously this was a great case to take what I have learned thus far and automate these tasks, because I mean that’s the whole point of automation right! Whilst this is not network automation, I am using this as a very simple way to leverage and use a role downloaded from Ansible Galaxy.

Preface: Hosts file is not included, you will need to build your own unique hosts file, and group vars file. Also all hosts for this example are Ubuntu server and it is not applying to network devices. I could have made this playbook more modular and include multiple different operating systems, but I have chosen not to with this example.

Ubuntu Build – Baseline – SSH & Sudoers Ansible Playbook

In building this playbook, pretty much all the credit has to go to Ansible documentation for the first one and the second to a reddit post, links below.

Ansible: authorized_key doco – https://docs.ansible.com/ansible/latest/modules/authorized_key_module.html

Reddit post regarding adding users to sudoers: https://www.reddit.com/r/ansible/comments/5are8w/playbook_for_adding_users_and_sudoers_file/

Ubuntu_baseline_ssh-sudoers.yml (apologies, my plugin for inserting code – CodeMiror1.1, is not showing this following YML file, so the base WordPress code block group will have to suffice to show you the Ansible YML playbook)

---

## Playbook: Ubuntu_baseline_ssh-sudoers.yml
## Version: 0.1
## Purpose: To copy SSH public key from my computer to host and to add specified user(s) to sudoers


- name: Ubuntu Baseline SSH & Sudoers
  become: yes
  gather_facts: no
  hosts: nvlan_linux_hosts
  vars:
    sudoers:
      - nvadmin

  tasks:
    - name: Set authorized key taken from file
      authorized_key:
         user: nvadmin
         state: present
         key: "{{ lookup('file', '/Users/daniel/.ssh/id_rsa.pub') }}"

    - name: Make sure we have a 'wheel' group
      group:
        name: wheel
        state: present

    - name: Allow 'wheel' group to have passwordless sudo
      lineinfile:
        dest: /etc/sudoers
        state: present
        regexp: '^%wheel'
        line: '%wheel ALL=(ALL) NOPASSWD: ALL'
        validate: visudo -cf %s

    - name: Add sudoers users to wheel group
      user:
        name: "{{ item }}"
        groups: wheel
        append: yes
      with_items: "{{ sudoers }}"

Review Notes

I love this playbook because whenever I was working on a playbook and then making a linux host to test a network I created and connectivity using different applications across networks I was constantly doing all this manually. This is a playbook I can run across multiple hosts that I have just built and thus save me time, which I guess is the point of ansible and automation…

Future stage of this playbook will to be put it into a jinja2 template and give back better post completion messages to confirm that work was all done correctly and present it to me for the sake of completion.

NTP Configuration Role Playbook

Another thing that I also regularly configure is NTP to point to my internal NTP servers. I knew that this would be a perfect opportunity to look at using an ansible galaxy role to do this and sure enough the fantastic Jeff Geerling has created an NTP role for doing this configuration.

Roles: geerlingguy-ntp

Ansible Galaxy: https://galaxy.ansible.com/geerlingguy/ntp

GitHub: https://github.com/geerlingguy/ansible-role-ntp

Refer to Galaxy and GIT for documentation

configure_ntp.yml

---
- name: Configure NTP Servers
  hosts: nvlan_web_hosts

  roles:
    - NTP

Results

 
 
 
 
PLAY [Configure NTP Servers] *****************************************************************************************************************************************************************************************************************************************************************************************
  
 TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************************************************************************************
 ok: [NVWEB3]
 ok: [NVWEB1]
 ok: [NVWEB2]
  
 TASK [NTP : Include OS-specific variables.] **************************************************************************************************************************************************************************************************************************************************************************
 ok: [NVWEB1]
 ok: [NVWEB2]
 ok: [NVWEB3]
  
 TASK [NTP : Ensure NTP-related packages are installed.] **************************************************************************************************************************************************************************************************************************************************************
 ok: [NVWEB1]
 ok: [NVWEB3]
 ok: [NVWEB2]
  
 TASK [NTP : Ensure tzdata package is installed (Linux).] *************************************************************************************************************************************************************************************************************************************************************
 ok: [NVWEB1]
 ok: [NVWEB2]
 ok: [NVWEB3]
  
 TASK [NTP : include_tasks] *******************************************************************************************************************************************************************************************************************************************************************************************
 skipping: [NVWEB1]
 skipping: [NVWEB2]
 skipping: [NVWEB3]
  
 TASK [NTP : Set timezone] ********************************************************************************************************************************************************************************************************************************************************************************************
 ok: [NVWEB2]
 ok: [NVWEB1]
 ok: [NVWEB3]
  
 TASK [NTP : Ensure NTP is running and enabled as configured.] ********************************************************************************************************************************************************************************************************************************************************
 ok: [NVWEB3]
 ok: [NVWEB1]
 ok: [NVWEB2]
  
 TASK [NTP : Ensure NTP is stopped and disabled as configured.] *******************************************************************************************************************************************************************************************************************************************************
 skipping: [NVWEB1]
 skipping: [NVWEB2]
 skipping: [NVWEB3]
  
 TASK [NTP : Generate ntp.conf file] **********************************************************************************************************************************************************************************************************************************************************************************
 changed: [NVWEB2]
 changed: [NVWEB1]
 changed: [NVWEB3]
  
 RUNNING HANDLER [NTP : restart ntp] **********************************************************************************************************************************************************************************************************************************************************************************
 changed: [NVWEB1]
 changed: [NVWEB2]
 changed: [NVWEB3]
  
 PLAY RECAP ***********************************************************************************************************************************************************************************************************************************************************************************************************
NVWEB1                     : ok=8    changed=2    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   
NVWEB2                     : ok=8    changed=2    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   
NVWEB3                     : ok=8    changed=2    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0 

Review Notes:

As you can see very easy, all it requires is you configure the default values as per the documentation and then just point it to your hosts. I think the best way to progress with this would be to work on my first playbook above and integrate it into that and make a more complete initial build tasks playbook.

Automating the very repetitive and easy functions of Networking and Linux hosts are getting easier and easier each week. I am looking forward to this new week coming up as I delve more into the riches of the book – “Network Programmability and Automation”, and learn how to automate even more tasks!

Have a great new week guys and don’t stop learning!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.