This book provides a comprehensive learning journey aimed at helping you master Ansible and efficiently automate a range of enterprise network devices, such as routers, switches, firewalls, Wireless LAN Controller (WLC), and Linux servers. Introduction to Ansible Network Automation combines the fundamentals of three books into one, covering basics of Linux administration, Ansible concepts, and Ansible network automation.
Authors Brendan Choi and Erwin Medina have created a structured learning path that starts with the fundamentals and allows you to progressively enhance your skill sets with each chapter. Part I serves as an Ansible primer, guiding you through Linux basics using WSL on Windows 11 and assisting in the setup of your learning environment. Part II covers essential Ansible concepts through practical lab activities involving four Linux servers. In Part III, you will learn how to apply your Linux skills from Part I and the concepts from Part II to real-world scenarios by creating Ansible automation YAML scripts.
What sets this book apart is its unique focus on Ansible and Network Automation, combined with a strong emphasis on understanding Linux. It is specifically designed for novice network automation engineers and students, assuming no prior Linux expertise, and provides first-hand experience starting from scratch. It also offers practical insights by sharing real-life examples of Ansible playbooks derived from production enterprise infrastructure, allowing you to gain an understanding of how Ansible can be effectively applied in real-world enterprise network environments.
Upon completion of this book, you will have developed foundational skills in Ansible network automation and general Linux administration, and will understand how to apply this newly acquired knowledge to real-life scenarios.
You will
Develop a comprehensive understanding of Ansible and its essential concepts for automating enterprise network devices and applying them to real-world scenarios
Master the basics of Ansible operations within Linux automation and progress to applying Ansible concepts specifically to network device automation
Execute Ansible ad-hoc commands and playbooks for a range of network operational tasks, including configuration management, software and system updates, and upgrades
Work with real-life examples of Ansible playbooks derived from actual enterprise infrastructure, gaining practical experience in writing Ansible YAML scripts
Acquire the skills to automate network operations using Ansible, streamline network management processes, and replace manual-driven tasks with directives in Ansible playbooks
Author(s): Brendan Choi; Erwin Medina
Publisher: Apress
Year: 2023
Language: English
Pages: 939
Table of Contents
About the Authors
About the Technical Reviewer
Acknowledgments
Introduction
Chapter 1: Is Ansible Good for Network Automation?
1.1 Laying the Foundation
1.2 What Is Ansible?
1.3 What Is Ansible Not?
1.4 Why Ansible?
1.4.1 1000-Foot View of How Ansible Works
1.5 Why Does Ansible Matter to You?
1.6 Starting on the Right Foot, Learning Ansible Effectively
1.6.1 Part 1: Ansible Primer
1.6.2 Part 2: Ansible Concepts
1.6.3 Part 3: Ansible Practical
1.7 Hardware Requirements
1.8 Software Requirements
1.9 Downloading Source Codes
1.10 Summary
Chapter 2: Shall We Linux? (Part 1: The Linux Command Line)
2.1 A Good Reason to Learn Linux
2.2 Linux for Ansible and Network Automation
2.3 What Is Linux?
2.4 Install WSL on Windows 11 to Learn Linux
2.5 vi: The Default Text Editor
2.6 Practice Linux Commands
2.6.1 The Top Ten Essential Linux Commands
2.6.2 cat and tac
2.6.3 touch
2.6.4 mkdir and rmdir
2.6.5 cp and rm
2.6.6 rename and mv
2.6.7 head, tail, and shuf
2.6.8 less and more
2.6.9 ls and dir
2.6.10 sort
2.6.11 tee and nl
2.6.12 grep
2.7 Summary
Chapter 3: Shall We Linux? (Part 2)
3.1 Linux Directory
3.2 Getting to Know Your Linux Better
3.3 Getting Familiar with Linux Processes
3.4 Getting to Know Disk Space in Linux
3.5 Getting Started with Linux User Management
3.6 Controlling Access to Files and Directories in Linux
3.7 Working with Zip Files in Linux
3.8 Downloading Files from the Internet in Linux
3.9 Linux Network Utilities for Troubleshooting
3.10 Keeping Your Linux System Up to Date
3.11 Jack, the Jack Russell: A Regular Expression Quiz
3.12 Summary
Chapter 4: Setting Up an Ansible Learning Environment
4.1 Planning the Ansible Lab Topology
4.2 Installing VMware Workstation on Your PC
4.3 Creating Fedora Virtual Machines
4.4 Creating Ubuntu Virtual Machines
4.5 Customizing and Updating Virtual Machines
4.6 Changing Hostname on Fedora VMs
4.7 Assigning Static IP on Fedora VMs
4.8 Updating Fedora Virtual Machines
4.9 Assigning Static IP on the First Ubuntu VM
4.10 Changing Hostname and Static IP on the Second Ubuntu VM
4.11 Updating Ubuntu Virtual Machines
4.12 Installing Ansible on Control Node
4.12.1 Option 1: Installing Ansible Directly on the Host OS
4.12.2 Option 2: Installing Ansible on Python virtualenv
4.13 Setting Up a New Ansible Testing Account with Sudo Access
4.13.1 Creating a Sudo Test Account on Fedora VMs
4.13.2 Creating a Sudo Test Account on Ubuntu VMs
4.14 Summary
Part II: The Concepts
Chapter 5: Understanding Data Types and File Formats for Ansible
5.1 What Are Data and Data Types?
5.2 Ansible Dependency on Python Data Types
5.2.1 Integer and Float
5.2.2 Strings
5.2.3 Booleans
5.2.4 Lists
5.2.5 Tuples
5.2.6 Dictionaries
5.2.7 set
5.2.8 None
5.3 Ansible Configuration Files
5.3.1 INI Format
5.3.2 Ansible Inventory in INI, JSON, and YAML Formats
5.3.3 Ansible Inventory Priority
5.3.4 ansible.cfg File
5.3.5 YAML
5.4 Ansible Data Interchange
5.4.1 JSON (Why Not YANG?)
5.4.2 Jinja2
5.4.2.1 Rendering JSON File Using Jinja2
5.4.2.2 Rendering YAML File Using Jinja2
5.5 Summary
Chapter 6: Learning Ansible Basic Concepts I: SSH and Ad Hoc Commands
6.1 SSH Overview and Setup in Ansible
6.1.1 Configuring SSH for Ansible: General Steps
6.1.2 Understanding the Ansible SSH Concept
6.1.3 Practical Usage of SSH in Ansible
6.2 Running Ad Hoc Commands on Linux Devices with Ansible
6.3 Running Ad Hoc Commands on Routers and Switches with Ansible
6.4 Running Elevated Ad Hoc Commands with Ansible
6.5 Summary
Chapter 7: Learning Ansible Basic Concepts II: Ad Hoc Commands – A Beginner’s Guide
7.1 Summary
Chapter 8: Learning Ansible Basic Concepts II: Using when, Improving Playbook, and Targeting Nodes
8.1 Considerations Before Writing Your Ansible Playbook
8.2 Creating and Running a New Playbook in Ansible
8.3 Idempotency Is a Key Feature of Ansible Tasks
8.4 Getting Familiar with Ansible Error Messages
8.5 Getting More Information About Ansible Operation Using the Verbose Mode
8.6 Disabling gather_facts to Speed Up the Playbook
8.7 Adding More Tasks to Your Existing Playbook
8.8 Keeping Packages Always Up to Date Using “state: latest”
8.9 Creating an Uninstall Playbook Using the Existing Playbook
8.10 Add Another OS Type and Use the “when” Conditional in Your Playbook
8.11 Targeting a Specific Host or Group of Hosts
8.12 Writing a Working Playbook for Both Ubuntu and Fedora
8.13 Refactoring a Playbook
8.14 Ansible, Targeting Specific Nodes
8.15 Check Services from the Control Node
8.16 Printing Output Using Ansible Debug Module
8.17 Using “ignore_errors: yes” to Allow Playbook Completion Despite Errors
8.18 Install Samba and Create a Samba User on the Fedora Client Using a Playbook
8.19 Summary
Chapter 9: Learning Ansible Basic Concepts III: Git, Tags, Managing Files, and Services
Getting Started with GitHub
9.1 Creating and Uploading Playbooks to GitHub, Featuring cowsay
9.2 Ansible Tags Explained
9.3 Managing Files
9.4 Managing Services
9.5 Copying and Updating Text Files with Ansible Playbook
9.6 Use GitHub to Back Up Your Files
9.7 Summary
Chapter 10: Learning Ansible Basic Concepts IV: Users, Roles, Host Variables, Templates, and Password Vault
10.1 Users
10.2 Roles
10.3 Variable Options in Ansible
10.4 host_vars and handler
10.4.1 Concept of the Handler in Ansible
10.5 Templates
10.6 Managing Password on Ansible
10.6.1 Password Vault
10.6.1.1 Encrypting ansible_become_pass Only Using ansible-vault
10.6.1.2 Encrypting vars.yml with Ansible Vault
10.7 Summary
Chapter 11: Building an Ansible Learning Environment for Network Automation
11.1 Cisco CML (Cisco Modeling Labs) Router and Switch Installation on GNS3
11.2 Palo Alto and Fortinet Firewall Installation on GNS3
11.2.1 Palo Alto PA-VM Initial Configuration and Connection Test
11.2.2 Fortinet FortiGate Initial Configuration and Connection Test
11.3 Cisco c8000v Edge Router VM Creation on VMware Workstation
11.4 Cisco Wireless LAN Controller (WLC) VM Creation on VMware ESXi 7
11.5 Summary
Part III: The Practical
Chapter 12: Cisco Router and Switch Configuration with Ansible
12.1 Configuring EIGRP Using Ansible
Lab 1: EIGRP Lab Topology
Lab 1: GNS3 Device Connections
12.2 Configuring OSPF Using Ansible
Lab 2: OSPF Lab Topology
Lab 2: GNS3 Device Connections
12.3 Switch VLAN Configuration Lab
Lab 3: VLAN Lab Topology
Lab 3: GNS3 Device Connections
12.4 Lab 4 Challenge: Configure New Routers and Access Control List (ACL)
Lab 4: ACL Network Topology
Lab 4: GNS3 Device Connections
12.5 Summary
Chapter 13: Network Device Backup Ansible Playbook
13.1 Setting Up Network Device Configuration Backup Lab
13.1.1 Network Device Configuration Backup Lab Topology and Connections
13.2 Cisco Router and Switch Configuration Backup to File Server (SCP)
13.3 Summary
Chapter 14: Ansible Playbook Scheduling with Cron
14.1 Ansible Playbook Cron Lab Network Topology
14.2 Learning About Cron with a Simple Ansible Playbook
14.3 Ansible Playbook Scheduling Using Cron
14.4 Ansible Playbook Scheduling Using Cron with a Vaulted Password
14.4.1 Shell Script Method
14.4.2 Python Method
14.5 Summary
Chapter 15: Cisco Router Upgrading Playbook
15.1 Router Upgrade Lab Network Topology
15.2 Cisco IOS-XE Router Upgrade Workflow in Bundle Mode
15.3 Cisco IOS-XE Router Upgrade Lab
15.3.1 Lab Setup
15.3.2 Writing the Main Playbook for Router Upgrade
15.4 Summary
Chapter 16: Cisco Wireless LAN Controller Upgrading Playbook
16.1 WLC Lab Network Topology
16.2 Preparing the Lab by Creating ansible.cfg and Inventory Files
16.3 Writing an Ansible Playbook for Cisco WLC Upgrading Ansible Playbook
16.4 Ansible Inventory Configuration for Cisco WLC Enterprise Network
16.5 Summary
Chapter 17: Creating User Accounts on Palo Alto and Fortinet Firewalls
17.1 Use Ansible Vault to Encrypt Sensitive Information
17.2 Administrator Account Creation on Palo Alto Firewalls: From Manual to Automation
17.3 Writing a YAML Playbook to Create an Administrator Account on a Palo Alto Firewall
17.4 Running the YAML Playbook to Create an Administrator Account on a Palo Alto Network Firewall
17.5 Administrator Account Creation on Fortinet Firewalls: From Manual to Automation
17.6 Writing a YAML Playbook to Create an Administrator Account on a Fortinet Firewall
17.7 Running the YAML Playbook to Create an Administrator Account on a Fortinet Firewall
17.8 Summary
Chapter 18: Creating Security Policy Rules on Palo Alto and Fortinet Firewalls
18.1 Protecting the Network with Security Policies
18.2 Security Policy Rule Creation on Palo Alto Network Firewalls: From Manual to Automation
18.3 Writing a YAML Application to Create a Security Policy Rule on a Palo Alto Network Firewall
18.4 Running the YAML Playbook to Create Security Policy Rules on a Palo Alto Network Firewall
18.5 Firewall Policy Rule Creation on Fortinet Firewalls: From Manual to Automation
18.6 Writing a YAML Application to Create a Firewall Policy Rule on a Fortinet Firewall
18.7 Running the YAML Application to Create a Firewall Policy Rule on a Fortinet Firewall
18.8 Summary
Chapter 19: Creating IPSec Tunnels on Palo Alto Firewalls
19.1 Enhancing Network Security with IPSec Tunnels
19.2 IPSec Tunnel Configuration on Palo Alto Firewalls
19.3 Palo Alto IPSec Tunnel Creation Lab Topology
19.4 Writing Palo Alto IPSec Tunnel Creation Playbook
19.5 Running IPSec Tunnel Creation Playbook
19.6 Summary
Chapter 20: Object Addresses and Object Address Groups Creation Playbook for Palo Alto Firewall
20.1 Enhancing Firewall Policies with the Use of Object Addresses and Object Address Groups
20.2 Object Addresses and Object Address Groups Creation on a Palo Alto Firewall
20.3 Writing a Playbook to Create Object Addresses on a Palo Alto Firewall
20.4 Running the Playbook to Create Object Addresses on a Palo Alto Firewall
20.5 Writing a Playbook to Create Object Address Groups on a Palo Alto Firewall
20.6 Running the Playbook to Create Object Address Groups on a Palo Alto Firewall
20.7 Summary
Chapter 21: Upgrading Palo Alto Firewalls
21.1 Maintaining Palo Alto Network Firewall PAN-OS to the Latest Preferred Version
21.2 Palo Alto Firewall PAN-OS Upgrade to Major Version: Manual Method
21.3 Writing a Palo Alto Firewall Upgrade Playbook: Automated Method
21.4 Writing a Playbook to Back Up the Running Configuration of a Palo Alto Firewall
21.5 Writing a Playbook Task to Update the Content (Applications and Threats) of a Palo Alto Firewall
21.6 Writing a Playbook Task to Upgrade the PAN-OS of a Palo Alto Firewall
21.7 Running the Playbook to Back Up the Running Configuration on a Palo Alto Firewall
21.8 Running the Playbook to Update the Application and Threats Content of a Palo Alto Firewall
21.9 Running the Playbook to Update the PAN-OS Version of a Palo Alto Firewall
21.10 Summary
Index
df-Capture.PNG
