Ansible Setup And Preparation

Ansible , a great tool for Net-Ops

Sarah Williams

Ansible is a simple , agent less tool to help you automate your daily tasks. Ansible is very popular for Linux and dev-ops administrators and they use it to make their life easier. 

From simple tasks such as installation and configuration of Apache, MySQL, PostGreSQL, Tomcat , etc to complex service based configuration.

How Ansible can help us?

Ansible can help network engineers to automate the tasks. simplify the mass configurations and ensure that the configuration is done right.

How to Setup Ansible 

Installing Ansible from scratch

Keeping it simple ,to setup Ansible we need a Linux host to install Ansible. once the ansible installed, we will using ssh to the host and use ansible to communicate with our bare metal switches running Cumulus Linux.

How to install Ansible  

For Demo , we have used a Ubuntu 14.04 Server (Trusty). 

below commands will install Ansible on the host : 

$ sudo apt-get install software-properties-common 

$ sudo apt-add-repository ppa:ansible/ansible 

$ sudo apt-get update 

$ sudo apt-get install ansible

To verify that ansible is installed properly , you can use below commands

$ ansible --version

$ ansible-galaxy --help


List of all switches

We use an Inventory file to tell ansible what are the targets (servers, switches, routers, etc).

Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of systems listed in Ansible’s inventory file, which defaults to being saved in the location /etc/ansible/hosts.

You can create other host files and use -i paramater while calling ansible to point ansible to your inventory file.

Remember Ansible uses SSH to connect to hosts. it is very important to enable key authentication on Cumulus instead of password authentication. with key authentication we will load the key files on ansible host . with password authentication you have to specify the username and password in Ansible host file which is not recommended.

However in our demo we use the password authentication to show you how to do the basic configurations, then we will generate a key and upload it to all switches using Ansible.

to check the current available hosts use the below command

$ ansible --list-hosts all

Here we have created a inventory file for 6 bare metal switches which are all running Cumulus Linux.


[leaf-switches] ansible_user=cumulus ansible_ssh_pass=CumulusLinux! ansible_user=cumulus ansible_ssh_pass=CumulusLinux! ansible_user=cumulus ansible_ssh_pass=CumulusLinux! ansible_user=cumulus ansible_ssh_pass=CumulusLinux!

[spine-switches] ansible_user=cumulus ansible_ssh_pass=CumulusLinux! ansible_user=cumulus ansible_ssh_pass=CumulusLinux!

And we can verify that by entering the below command 

$ ansible --list-hosts all

Now we have added our switches to the inventory list. ansible knows what are the leaf and spine switches.

We can use Ansible ping to verify reachability to the switches.  Remember the Ansible Ping is not ICMP echo ping, instead it uses SSH to check reachability and logging in to the hosts.

You will receive some warning about the ssh key fingerprint as this is the first time the ansible host is connecting to Cumulus switches.

You need to type yes for each host.


You define the tasks, Ansible will do all

Now Ansible has access to bare metal switches running Cumulus Linux. we can continue to execute tasks on switches.

starting by simple tasks , getting the host name of the switches:

$ ansible -m command -a "hostname" all


Inventory + Multiple Tasks 

Playbooks performs multiple tasks on a group of hosts specified in playbook file.

our goal is to create a ansible playbook which can upload the public key file to all the switches. once it is uploaded we can remove the clear text credentials from inventory file and ansible will be able to use public key to authenticate against switches.

To start we need to generate ssh key pair on ansible host. use the below command on ansible host to generate :

$ ssh-keygen

Above command will generate public and private keys and place them in user folder.

in below example, we have created a playbook file which will upload the ssh public key to all the switches.

the file format is in Yaml.



- hosts: all


- authorized_key: user=cumulus key="{{lookup('file','/home/cumulus/.ssh/')}}"

To execute the playbook use the below command :

$ ansible-playbook manage_ssh_keys.yml

Now we can delete the passwords from host file, however we will keep the user parameter as we are connecting to the switches as cumulus.


[leaf-switches] ansible_user=cumulus ansible_user=cumulus ansible_user=cumulus ansible_user=cumulus

[spine-switches] ansible_user=cumulus ansible_user=cumulus  

For verification we will use the ansible ping

$ ansible -m ping all

As seen we are able to access all the switches and authentication has happened based on ssh keys.



It could be a little difficult in the beginning to setup and get used to these tools, but once you built couple of playbooks you will discover the power of Net-Ops.

This post was only the basic setup environment for Ansible Cumulus. we will cover more networking features in next posts.