第一次的Ansible自我悠闲小聚
我参加了Ansible社群的工作坊。
今年一月份在 Network Automation with Ansible 的活动中,以及其他研讨会期间,听说了座谈会并不是那么困难,于是决定参加座谈会。
如果有人感到自己处境困难,我希望这篇文章能够稍微减轻一些障碍。
“由工程师驱动”,酷毙了!
Ansibleもくもく会是什么?
以自己的节奏来接触Ansible的地方。
在悄然思考之前,我試著自問了一下。
▶ 本次悄悄会希望得到的内容
・想要掌握技能,以便实现想要的事情,包括Ansible的环境搭建。
・想在本公司的业务环境中使用Ansible,看看能不能进行改进。(更确切地说,我要做到。)
・如果能够咨询上述环境搭建,我会很想这样做。
开始前的通告
– 只需要一种选项,用中文表达以下内容的释义:
▶︎ 更新
最近,Ansible用户组的人数增加了大约1,000人,比一年前多了约1,000人左右。
用户组还提供了一个可以分享经验等的交流平台。
我们也在Trello上发起了关于Ansible的引进计划的征集。
▶︎ 最近的活动 de
・5/31大阪的Ansible之夜
・6/13红帽子上的Ansible默默相会
我试着专注地做某事。
你可以使用上传到Git的教材,或者如果有其他想做的事情,也可以去做。
▶︎ 信息组成
▶︎ 教材 –
由于是第一次参加动手会,我像在做演习一样,粗略地浏览了教材。下面是我实际做过的一部分内容的粘贴。由于教材和内容有所重复,请查看教材以获取详细说明。
第01節 – 使用Ansible从网络设备中收集数据
▶︎ 练习 1.0 – 确认 Anisble 实验环境
确认一下Ansible.cfg文件的内容
[student24@ansible networking-workshop]$ cat ~/.ansible.cfg
[defaults]
stdout_callback = yaml
connection = smart
timeout = 60
deprecation_warnings = False
host_key_checking = False
retry_files_enabled = False
inventory = /home/student24/networking-workshop/lab_inventory/hosts
[persistent_connection]
connect_timeout = 60
command_timeout = 60
[student24@ansible networking-workshop]$
确认 Inventory 文件的内容
– 确认用于 Ansible 的定义
[student24@ansible networking-workshop]$ cat ~/networking-workshop/lab_inventory/hosts
[all:vars]
ansible_ssh_private_key_file=/home/student24/.ssh/aws-private.pem
[routers:children]
cisco
[cisco]
rtr1 ansible_host=35.172.190.244 private_ip=172.16.172.61
rtr2 ansible_host=54.175.227.150 private_ip=172.17.175.108
rtr3 ansible_host=3.90.179.255 private_ip=172.16.184.46
rtr4 ansible_host=54.82.90.77 private_ip=172.17.55.218
[cisco:vars]
ansible_user=ec2-user
ansible_network_os=ios
ansible_connection=network_cli
[dc1]
rtr1
rtr3
[dc2]
rtr2
rtr4
[hosts]
host1 ansible_host=54.163.12.44 ansible_user=ec2-user private_ip=172.17.153.76
[control]
ansible ansible_host=3.83.231.68 ansible_user=student24 private_ip=172.16.33.116
[student24@ansible networking-workshop]$
练习1.1 – 尝试写第一个playbook
创建gather_ios_data.yml文件
– 使用ios_facts模块
[student24@ansible networking-workshop]$ vim gather_ios_data.yml
---
- name: GATHER INFORMATION FROM ROUTERS
hosts: cisco
connection: network_cli
gather_facts: no
tasks:
- name: GATHER ROUTER FACTS
ios_facts:
执行所创建的Playbook “gather_ios_data.yml”
[student24@ansible networking-workshop]$ ansible-playbook -i lab_inventory/hosts gather_ios_data.yml
PLAY [GATHER INFORMATION FROM ROUTERS] *****************************************
TASK [GATHER ROUTER FACTS] *****************************************************
ok: [rtr4]
ok: [rtr3]
ok: [rtr1]
ok: [rtr2]
PLAY RECAP *********************************************************************
rtr1 : ok=1 changed=0 unreachable=0 failed=0
rtr2 : ok=1 changed=0 unreachable=0 failed=0
rtr3 : ok=1 changed=0 unreachable=0 failed=0
rtr4 : ok=1 changed=0 unreachable=0 failed=0
[student24@ansible networking-workshop]$
在TASK中确认所有路由器上已经生效的事项。
通过在Playbook中加上-v,可以执行并确认实际的执行结果。
这次只显示rtr1的执行结果,其他路由器被省略。
[student24@ansible networking-workshop]$ ansible-playbook -i lab_inventory/hosts gather_ios_data.yml -v
Using /home/student24/.ansible.cfg as config file
PLAY [GATHER INFORMATION FROM ROUTERS] *****************************************
TASK [GATHER ROUTER FACTS] *****************************************************
ok: [rtr3] => changed=false
ansible_facts:
ansible_net_all_ipv4_addresses:
- 10.100.100.3
・
・
・
ok: [rtr1] => changed=false
ansible_facts:
ansible_net_all_ipv4_addresses:
- 192.168.35.101
- 172.16.172.61
- 192.168.1.101
- 10.1.1.101
- 10.200.200.1
- 10.100.100.1
- 10.255.0.254
ansible_net_all_ipv6_addresses: []
ansible_net_filesystems:
- 'bootflash:'
ansible_net_filesystems_info:
'bootflash:':
spacefree_kb: 6881148
spacetotal_kb: 7712284
ansible_net_gather_subset:
- hardware
- default
- interfaces
ansible_net_hostname: rtr1
ansible_net_image: boot:packages.conf
ansible_net_interfaces:
GigabitEthernet1:
bandwidth: 1000000
description: null
duplex: Full
ipv4:
- address: 172.16.172.61
subnet: '16'
lineprotocol: 'up '
macaddress: 0ae8.0c21.1954
mediatype: Virtual
mtu: 1500
operstatus: up
type: CSR vNIC
Loopback0:
bandwidth: 8000000
description: null
duplex: null
ipv4:
- address: 192.168.1.101
subnet: '24'
lineprotocol: 'up '
macaddress: null
mediatype: null
mtu: 1514
operstatus: up
type: null
Loopback1:
bandwidth: 8000000
description: null
duplex: null
ipv4:
- address: 10.1.1.101
subnet: '24'
lineprotocol: 'up '
macaddress: null
mediatype: null
mtu: 1514
operstatus: up
type: null
Tunnel0:
bandwidth: 100
description: null
duplex: null
ipv4:
- address: 10.100.100.1
subnet: '24'
lineprotocol: 'up '
macaddress: null
mediatype: null
mtu: 9976
operstatus: up
type: null
Tunnel1:
bandwidth: 100
description: null
duplex: null
ipv4:
- address: 10.200.200.1
subnet: '24'
lineprotocol: 'up '
macaddress: null
mediatype: null
mtu: 9976
operstatus: up
type: null
Tunnel2:
bandwidth: 100
description: null
duplex: null
ipv4:
- address: 10.255.0.254
subnet: '24'
lineprotocol: 'up '
macaddress: null
mediatype: null
mtu: 9972
operstatus: up
type: null
VirtualPortGroup0:
bandwidth: 750000
description: null
duplex: null
ipv4:
- address: 192.168.35.101
subnet: '24'
lineprotocol: 'up '
macaddress: 001e.e6ae.75bd
mediatype: null
mtu: 1500
operstatus: up
type: Virtual Port Group
ansible_net_memfree_mb: 1873821
ansible_net_memtotal_mb: 2169814
ansible_net_model: CSR1000V
ansible_net_serialnum: 9IJ6CG5FV5L
ansible_net_version: 16.10.01b
ok: [rtr2] => changed=false
ansible_facts:
ansible_net_all_ipv4_addresses:
- 192.168.35.101
・
・
・
ok: [rtr4] => changed=false
ansible_facts:
ansible_net_all_ipv4_addresses:
- 10.101.101.4
・
・
・
ansible_net_model: CSR1000V
ansible_net_serialnum: 9VCVJK8PRGW
ansible_net_version: 16.10.01b
PLAY RECAP *********************************************************************
rtr1 : ok=1 changed=0 unreachable=0 failed=0
rtr2 : ok=1 changed=0 unreachable=0 failed=0
rtr3 : ok=1 changed=0 unreachable=0 failed=0
rtr4 : ok=1 changed=0 unreachable=0 failed=0
[student24@ansible networking-workshop]$
在“gather_ios_data.yml”中添加了两个任务(iOS版本确认和序列号确认)以及调试模块。
[student24@ansible networking-workshop]$ vim gather_ios_data.yml
---
- name: GATHER INFORMATION FROM ROUTERS
hosts: cisco
connection: network_cli
gather_facts: no
tasks:
- name: GATHER ROUTER FACTS
ios_facts:
- name: DISPLAY VERSION
debug:
msg: "The IOS version is: {{ ansible_net_version }}"
- name: DISPLAY SERIAL NUMBER
debug:
msg: "The serial number is:{{ ansible_net_serialnum }}"
执行Playbook“gather_ios_data.yml”
– 不使用选项“-v”,收集网络设备的版本和序列号,并返回结果
确认所有三个任务都已完成。
[student24@ansible networking-workshop]$ ansible-playbook -i lab_inventory/hosts gather_ios_data.yml
PLAY [GATHER INFORMATION FROM ROUTERS] *****************************************
TASK [GATHER ROUTER FACTS] *****************************************************
ok: [rtr1]
ok: [rtr3]
ok: [rtr2]
ok: [rtr4]
TASK [DISPLAY VERSION] *********************************************************
ok: [rtr2] =>
msg: 'The IOS version is: 16.10.01b'
ok: [rtr1] =>
msg: 'The IOS version is: 16.10.01b'
ok: [rtr4] =>
msg: 'The IOS version is: 16.10.01b'
ok: [rtr3] =>
msg: 'The IOS version is: 16.10.01b'
TASK [DISPLAY SERIAL NUMBER] ***************************************************
ok: [rtr3] =>
msg: The serial number is:9S0KV8XIOT8
ok: [rtr1] =>
msg: The serial number is:9IJ6CG5FV5L
ok: [rtr4] =>
msg: The serial number is:9VCVJK8PRGW
ok: [rtr2] =>
msg: The serial number is:9VVVYS8CAML
PLAY RECAP *********************************************************************
rtr1 : ok=3 changed=0 unreachable=0 failed=0
rtr2 : ok=3 changed=0 unreachable=0 failed=0
rtr3 : ok=3 changed=0 unreachable=0 failed=0
rtr4 : ok=3 changed=0 unreachable=0 failed=0
[student24@ansible networking-workshop]$
练习 1.2 – 模块文档的确认方法、输出结果的注册方法、标签的使用:
使用 ios_command 模块:
– 可以像手动操作一样获取 show 命令的执行结果。
– 从 show run 中获取主机名。
– 获取接口的简要信息。
[student24@ansible networking-workshop]$ vim gather_ios_data.yml
---
- name: GATHER INFORMATION FROM ROUTERS
hosts: cisco
connection: network_cli
gather_facts: no
tasks:
- name: GATHER ROUTER FACTS
ios_facts:
- name: DISPLAY VERSION
debug:
msg: "The IOS version is: {{ ansible_net_version }}"
- name: DISPLAY SERIAL NUMBER
debug:
msg: "The serial number is:{{ ansible_net_serialnum }}"
- name: COLLECT OUTPUT OF SHOW COMMANDS
ios_command:
commands:
- show run | i hostname
- show ip interface brief
tags: show
再次执行Playbook“gather_ios_data.yml”。
– 也可以使用标签有选择地获取信息。
[student24@ansible networking-workshop]$ ansible-playbook -i lab_inventory/hosts gather_ios_data.yml --tags=show -v
Using /home/student24/.ansible.cfg as config file
PLAY [GATHER INFORMATION FROM ROUTERS] *****************************************
TASK [COLLECT OUTPUT OF SHOW COMMANDS] *****************************************
ok: [rtr2] => changed=false
stdout:
- hostname rtr2
- |-
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 172.17.175.108 YES DHCP up up
Loopback0 192.168.2.102 YES manual up up
Loopback1 10.2.2.102 YES manual up up
Tunnel0 10.101.101.2 YES manual up up
Tunnel1 10.200.200.2 YES manual up up
VirtualPortGroup0 192.168.35.101 YES TFTP up up
stdout_lines: <omitted>
ok: [rtr1] => changed=false
stdout:
- hostname rtr1
- |-
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 172.16.172.61 YES DHCP up up
Loopback0 192.168.1.101 YES manual up up
Loopback1 10.1.1.101 YES manual up up
Tunnel0 10.100.100.1 YES manual up up
Tunnel1 10.200.200.1 YES manual up up
Tunnel2 10.255.0.254 YES manual up up
VirtualPortGroup0 192.168.35.101 YES TFTP up up
stdout_lines: <omitted>
ok: [rtr4] => changed=false
stdout:
- hostname rtr4
- |-
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 172.17.55.218 YES DHCP up up
Loopback0 192.168.4.104 YES manual up up
Loopback1 10.4.4.104 YES manual up up
Tunnel0 10.101.101.4 YES manual up up
VirtualPortGroup0 192.168.35.101 YES TFTP up up
stdout_lines: <omitted>
ok: [rtr3] => changed=false
stdout:
- hostname rtr3
- |-
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 172.16.184.46 YES DHCP up up
Loopback0 192.168.3.103 YES manual up up
Loopback1 10.3.3.103 YES manual up up
Tunnel0 10.100.100.3 YES manual up up
VirtualPortGroup0 192.168.35.101 YES TFTP up up
stdout_lines: <omitted>
PLAY RECAP *********************************************************************
rtr1 : ok=1 changed=0 unreachable=0 failed=0
rtr2 : ok=1 changed=0 unreachable=0 failed=0
rtr3 : ok=1 changed=0 unreachable=0 failed=0
rtr4 : ok=1 changed=0 unreachable=0 failed=0
[student24@ansible networking-workshop]$
第02節 – 实践使用Ansible进行配置备份和恢复
进行者动作2.0 – 尝试更新路由器的配置
这次创建Playbook “router_config.yml”。
使用ios_config模块,添加以下配置:
– snmp-server community ansible-public RO
– snmp-server community ansible-private RW
[student24@ansible networking-workshop]$ vim router_configs.yml
---
- name: SNMP RO/RW STRING CONFIGURATION
hosts: cisco
gather_facts: no
connection: network_cli
tasks:
- name: ENSURE THAT THE DESIRED SNMP STRINGS ARE PRESENT
ios_config:
commands:
- snmp-server community ansible-public RO
- snmp-server community ansible-private RW
执行Playbook“router_configs.yml”。
[student24@ansible networking-workshop]$ ansible-playbook -i lab_inventory/hosts router_configs.yml
确保在Router rtr1的配置中实际上添加了设置
rtr1#show running-config | include snmp
snmp-server community ansible-public RO
snmp-server community ansible-private RW
rtr1#
创建 secure_router.cfg
[student24@ansible networking-workshop]$ vim secure_router.cfg
line con 0
exec-timeout 5 0
line vty 0 4
exec-timeout 5 0
transport input ssh
ip ssh time-out 60
ip ssh authentication-retries 5
service password-encryption
service tcp-keepalives-in
service tcp-keepalives-out
在剧本“router_configs.yml”中添加“HARDEN IOS ROUTERS”。
[student24@ansible networking-workshop]$ vim router_configs.yml
---
- name: UPDATE THE SNMP RO/RW STRINGS
hosts: cisco
gather_facts: no
connection: network_cli
tasks:
- name: ENSURE THAT THE DESIRED SNMP STRINGS ARE PRESENT
ios_config:
commands:
- snmp-server community ansible-public RO
- snmp-server community ansible-private RW
- snmp-server community ansible-test RO
- name: HARDEN IOS ROUTERS
hosts: cisco
gather_facts: no
connection: network_cli
tasks:
- name: ENSURE THAT ROUTERS ARE SECURE
ios_config:
src: secure_router.cfg
在执行Playbook“router_config.yml”之前,Router rtr1的配置。
rtr1#show running-config | include line
line con 0
line vty 0 4
rtr1#
rtr1#show running-config | include ssh
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip ssh pubkey-chain
key-hash ssh-rsa 2998C6AEB4C6351B5E0D2A894F084D99 ec2-user
transport input ssh
rtr1#
rtr1#show running-config | include service
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
rtr1#
执行“Playbok”路由器_config.yml”
[student24@ansible networking-workshop]$ ansible-playbook -i lab_inventory/hosts router_configs.yml
PLAY [SNMP RO/RW STRING CONFIGURATION] *****************************************
TASK [ENSURE THAT THE DESIRED SNMP STRINGS ARE PRESENT] ************************
ok: [rtr1]
ok: [rtr3]
ok: [rtr2]
ok: [rtr4]
PLAY [HARDEN IOS ROUTERS] ******************************************************
TASK [ENSURE THAT ROUTERS ARE SECURE] ******************************************
changed: [rtr1]
changed: [rtr3]
changed: [rtr4]
changed: [rtr2]
PLAY RECAP *********************************************************************
rtr1 : ok=2 changed=1 unreachable=0 failed=0
rtr2 : ok=2 changed=1 unreachable=0 failed=0
rtr3 : ok=2 changed=1 unreachable=0 failed=0
rtr4 : ok=2 changed=1 unreachable=0 failed=0
[student24@ansible networking-workshop]$
请在Router rtr1上确认执行结果。
rtr1#
rtr1#show running-config | include line
line con 0
line vty 0 4
rtr1#show running-config | include service
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
rtr1#
rtr1#
rtr1#show running-config | include ssh
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip ssh pubkey-chain
key-hash ssh-rsa 2998C6AEB4C6351B5E0D2A894F084D99 ec2-user
transport input ssh
rtr1#
练习2.1 – 试备份路由器配置
创建playbook“backup.yml”
– 创建用于备份Cisco路由器配置的playbook。使用ios_config模块。
[student24@ansible networking-workshop]$ vim backup.yml
---
- name: BACKUP ROUTER CONFIGURATIONS
hosts: cisco
connection: network_cli
gather_facts: no
tasks:
- name: BACKUP THE CONFIG
ios_config:
backup: yes
register: config_output
执行备份.yml 的playbook
[student24@ansible networking-workshop]$ ansible-playbook -i lab_inventory/hosts backup.yml
PLAY [BACKUP ROUTER CONFIGURATIONS] ********************************************
TASK [BACKUP THE CONFIG] *******************************************************
ok: [rtr2]
ok: [rtr1]
ok: [rtr3]
ok: [rtr4]
PLAY RECAP *********************************************************************
rtr1 : ok=1 changed=0 unreachable=0 failed=0
rtr2 : ok=1 changed=0 unreachable=0 failed=0
rtr3 : ok=1 changed=0 unreachable=0 failed=0
rtr4 : ok=1 changed=0 unreachable=0 failed=0
[student24@ansible networking-workshop]$
确认已成功创建了名为“备份”的目录。
[student24@ansible networking-workshop]$ ls -l backup
合計 36
-rw-rw-r--. 1 student24 student24 8801 5月 14 11:35 rtr1_config.2019-05-14@11:35:53
-rw-rw-r--. 1 student24 student24 8083 5月 14 11:35 rtr2_config.2019-05-14@11:35:53
-rw-rw-r--. 1 student24 student24 7536 5月 14 11:35 rtr3_config.2019-05-14@11:35:53
-rw-rw-r--. 1 student24 student24 7544 5月 14 11:35 rtr4_config.2019-05-14@11:35:53
[student24@ansible networking-workshop]$
[student24@ansible networking-workshop]$ ls
README.ja.md backup.yml lab_inventory secure_router.cfg
README.md exercises parsers templates
backup gather_ios_data.yml router_configs.yml
[student24@ansible networking-workshop]$
在 “Playbook” 的 “backup.yml” 文件中添加 “copy” 模块。
[student24@ansible networking-workshop]$ vim backup.yml
---
- name: BACKUP ROUTER CONFIGURATIONS
hosts: cisco
connection: network_cli
gather_facts: no
tasks:
- name: BACKUP THE CONFIG
ios_config:
backup: yes
register: config_output
- name: RENAME BACKUP
copy:
src: "{{config_output.backup_path}}"
dest: "./backup/{{inventory_hostname}}.config"
再次运行”backup.yml”的Playbook
student24@ansible networking-workshop]$ ansible-playbook -i lab_inventory/hosts backup.yml
PLAY [BACKUP ROUTER CONFIGURATIONS] ********************************************
TASK [BACKUP THE CONFIG] *******************************************************
ok: [rtr1]
ok: [rtr2]
ok: [rtr3]
ok: [rtr4]
TASK [RENAME BACKUP] ***********************************************************
changed: [rtr3]
changed: [rtr4]
changed: [rtr1]
changed: [rtr2]
PLAY RECAP *********************************************************************
rtr1 : ok=2 changed=1 unreachable=0 failed=0
rtr2 : ok=2 changed=1 unreachable=0 failed=0
rtr3 : ok=2 changed=1 unreachable=0 failed=0
rtr4 : ok=2 changed=1 unreachable=0 failed=0
[student24@ansible networking-workshop]$
确认已保存另一个备份的配置文件。
[student24@ansible networking-workshop]$ ls -l backup
合計 72
-rw-rw-r--. 1 student24 student24 8801 5月 14 11:41 rtr1.config
-rw-rw-r--. 1 student24 student24 8801 5月 14 11:41 rtr1_config.2019-05-14@11:41:22
-rw-rw-r--. 1 student24 student24 8083 5月 14 11:41 rtr2.config
-rw-rw-r--. 1 student24 student24 8083 5月 14 11:41 rtr2_config.2019-05-14@11:41:22
-rw-rw-r--. 1 student24 student24 7536 5月 14 11:41 rtr3.config
-rw-rw-r--. 1 student24 student24 7536 5月 14 11:41 rtr3_config.2019-05-14@11:41:22
-rw-rw-r--. 1 student24 student24 7544 5月 14 11:41 rtr4.config
-rw-rw-r--. 1 student24 student24 7544 5月 14 11:41 rtr4_config.2019-05-14@11:41:23
[student24@ansible networking-workshop]$
练习2.2 – 尝试使用备份的配置文件来恢复路由器
确保备份文件被存储在备份目录中。
[student24@ansible networking-workshop]$ tree backup
backup
├── rtr1.config
├── rtr1_config.2019-05-14@11:45:08
├── rtr2.config
├── rtr2_config.2019-05-14@11:45:08
├── rtr3.config
├── rtr3_config.2019-05-14@11:45:09
├── rtr4.config
└── rtr4_config.2019-05-14@11:45:09
0 directories, 8 files
[student24@ansible networking-workshop]$
在路由器rtr1上创建回环接口101。
rtr1#show running-config interface loopback 101
Building configuration...
Current configuration : 67 bytes
!
interface Loopback101
ip address 169.1.1.1 255.255.255.255
end
rtr1#
执行“resore_config.yml”Playbook。(部分失败)
student24@ansible networking-workshop]$ ansible-playbook -i lab_inventory/hosts resore_config.yml
PLAY [RESTORE CONFIGURATION] ***************************************************
TASK [COPY RUNNING CONFIG TO ROUTER] *******************************************
changed: [rtr1]
・
・
・
PLAY RECAP *********************************************************************
rtr1 : ok=1 changed=1 unreachable=0 failed=0
rtr2 : ok=0 changed=0 unreachable=0 failed=1
rtr3 : ok=0 changed=0 unreachable=0 failed=1
rtr4 : ok=0 changed=0 unreachable=0 failed=1
[student24@ansible networking-workshop]$
在路由器rtr1上确认文件已被复制
rtr1#dir
Directory of bootflash:/
11 drwx 16384 Jan 31 2019 20:11:12 +00:00 lost+found
12 -rw- 407131164 Jan 31 2019 20:12:39 +00:00 csr1000v-mono-universalk9.16.10.01b.SPA.pkg
13 -rw- 41893330 Jan 31 2019 20:12:40 +00:00 csr1000v-rpboot.16.10.01b.SPA.pkg
14 -rw- 1967 Jan 31 2019 20:12:40 +00:00 packages.conf
105665 drwx 4096 May 13 2019 08:54:12 +00:00 .installer
48769 drwx 4096 May 13 2019 08:54:11 +00:00 core
15 -rw- 128 May 13 2019 08:54:04 +00:00 iid_check.log
203201 drwx 4096 May 13 2019 08:54:05 +00:00 .prst_sync
32513 drwx 4096 May 13 2019 08:54:11 +00:00 .rollback_timer
40641 drwx 8192 May 14 2019 11:54:32 +00:00 tracelogs
65025 drwx 4096 May 13 2019 08:55:34 +00:00 .dbpersist
138177 drwx 4096 May 13 2019 08:54:20 +00:00 virtual-instance
16 -rw- 30 May 13 2019 08:55:11 +00:00 throughput_monitor_params
17 -rw- 6078 May 13 2019 08:55:32 +00:00 cvac.log
18 -rw- 1 May 13 2019 08:55:21 +00:00 .cvac_version
19 -rw- 16 May 13 2019 08:55:21 +00:00 ovf-env.xml.md5
20 -rw- 209 May 13 2019 08:55:21 +00:00 csrlxc-cfg.log
170689 drwx 4096 May 13 2019 08:55:21 +00:00 onep
398273 drwx 4096 May 14 2019 10:58:45 +00:00 syslog
414529 drwx 4096 May 13 2019 08:55:48 +00:00 iox
21 -rw- 8740 May 14 2019 11:53:53 +00:00 rtr1.config
7897378816 bytes total (7046279168 bytes free)
rtr1#
rtr1#
rtr1#show clo
*11:57:52.110 UTC Tue May 14 2019
rtr1#
在Playbook的“resore_config.yml”中添加一个新的任务。
[student24@ansible networking-workshop]$ vim resore_config.yml
---
- name: RESTORE CONFIGURATION
hosts: cisco
connection: network_cli
gather_facts: no
tasks:
- name: COPY RUNNING CONFIG TO ROUTER
command: scp ./backup/{{inventory_hostname}}.config {{inventory_hostname}}:/{{inventory_hostname}}.config
- name: CONFIG REPLACE
ios_command:
commands:
- config replace flash:{{inventory_hostname}}.config force
执行Playbook“resore_config.yml”(部分执行失败)。
[student24@ansible networking-workshop]$ ansible-playbook -i lab_inventory/hosts resore_config.yml
PLAY [RESTORE CONFIGURATION] ***************************************************
TASK [COPY RUNNING CONFIG TO ROUTER] *******************************************
changed: [rtr2]
changed: [rtr1]
・
・
・
TASK [CONFIG REPLACE] **********************************************************
ok: [rtr1]
ok: [rtr2]
PLAY RECAP *********************************************************************
rtr1 : ok=2 changed=1 unreachable=0 failed=0
rtr2 : ok=2 changed=1 unreachable=0 failed=0
rtr3 : ok=0 changed=0 unreachable=0 failed=1
rtr4 : ok=0 changed=0 unreachable=0 failed=1
[student24@ansible networking-workshop]$
使用备份文件,确认刚才在Router rtr1上创建的回环101已被删除。
rtr1#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 172.16.172.61 YES DHCP up up
Loopback0 192.168.1.101 YES manual up up
Loopback1 10.1.1.101 YES manual up up
Tunnel0 10.100.100.1 YES manual up up
Tunnel1 10.200.200.1 YES manual up up
Tunnel2 10.255.0.254 YES manual up up
VirtualPortGroup0 192.168.35.101 YES TFTP up up
rtr1#
rtr1#
rtr1#
rtr1#show running-config interface loopback 101
^
% Invalid input detected at '^' marker.
rtr1#
所有人共享。
第一个人获得共享的成果。
我已经完成了1.0到3.1的部分。
最近,Ansible也开始在我的工作中使用。
最后由于有额外的时间,我还在QA的方向上提了一些问题。
由于SCP的支持不好,最后不得不进行了网络故障排除。
第二个人的成果是共有的。
在公司开始使用Ansible已经有4个月了。
虽然平时很少碰网络设备,但还是可以像操作中间件一样轻松地进行操作。
总结
・感谢您创建了一个方便接触Ansible的环境和机会,真的非常感激。
・虽然没有什么高效的方法,但是按照指示或者按照所写的方式使用Ansible,一遍又一遍地尝试,老实说无法将理解细节纳入其中。回到家后会再次尝试使用Ansible。
此外,虽然有机会在现场提问,但是无法参加QA支持,下次会更加从容地应对。
