Getting Started with Ansible Management of Spectrum Switches Installed with Cumulus Linux

Version 5

    Ansible provides simple automation framework for network automation which has modern dev-ops feature functionalities ready. Mellanox Spectrum based switches installed with Cumulus Linux supports Ansible automation. This post will cover basic Ansible setup with an ad-hoc script example (non a playbook). Fore more information about Ansible, see Ansible is Simple IT Automation.





    We will start with a simple setup to bring up the Ansible infrastructure, and then make a specific example (playbook) for a simple test case.



    1. Ensure there is IP connectivity between Ansible Server and the out-of-band management port of Mellanox switch running Cumulus Linux.

    In this example:

    • Server IP =
    • Switch IP =


    2. Make sure your ansible is up to date (2.0 and later versions), for more info see


    3. Upgrade Debian

    root@c-csi-0123s:/etc/apt# pwd


    root@c-csi-0123s:/etc/apt# ls

    apt.conf.d     listchanges.conf  sources.list       sources.list.d  trusted.gpg~

    apt-file.conf  preferences.d     sources.list.back  trusted.gpg     trusted.gpg.d



    4.Updating content of sources.list

    # deb jessie main


    deb jessie main non-free contrib

    deb-src jessie main non-free contrib


    deb jessie/updates main contrib non-free

    deb-src jessie/updates main contrib non-free


    # jessie-updates, previously known as 'volatile'

    deb jessie-updates main contrib non-free

    deb-src jessie-updates main contrib non-free


    #get ansible updates

    deb trusty main



    5. Receive Keys from Key Server

    root@c-csi-0123s:/etc/apt# apt-key adv --keyserver --recv-keys 93C4A3FD7BB9C367

    Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.rs4NXIYj3i --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver --recv-keys 93C4A3FD7BB9C367

    gpg: requesting key 7BB9C367 from hkp server

    gpg: key 7BB9C367: "Launchpad PPA for Ansible, Inc." not changed

    gpg: Total number processed: 1

    gpg:              unchanged: 1



    6. Update Ansible with apt-get update

    root@c-csi-0123s:/etc/apt# apt-get update

    Ign jessie InRelease

    Hit trusty InRelease

    Get:1 jessie-updates InRelease [145 kB]

    Get:2 jessie/updates InRelease [63.1 kB]

    Hit trusty/main amd64 Packages

    Hit jessie Release.gpg

    Get:3 jessie/updates/main Sources [191 kB]

    Hit trusty/main Translation-en

    Get:4 jessie-updates/main Sources [15.4 kB]

    Get:5 jessie-updates/contrib Sources [32 B]

    Get:6 jessie-updates/non-free Sources [920 B]

    Get:7 jessie/updates/contrib Sources [1,439 B]

    Get:8 jessie-updates/main amd64 Packages/DiffIndex [6,916 B]

    Get:9 jessie/updates/non-free Sources [14 B]

    Get:10 jessie-updates/contrib amd64 Packages [32 B]

    Get:11 jessie/updates/main amd64 Packages [355 kB]

    Get:12 jessie-updates/non-free amd64 Packages/DiffIndex [736 B]

    Get:13 jessie-updates/contrib Translation-en [14 B]

    Get:14 jessie/updates/contrib amd64 Packages [2,506 B]

    Get:15 jessie-updates/main Translation-en/DiffIndex [2,704 B]

    Get:16 jessie/updates/non-free amd64 Packages [14 B]

    Get:17 jessie-updates/non-free Translation-en/DiffIndex [736 B]

    Get:18 jessie/updates/contrib Translation-en [1,211 B]

    Hit jessie Release

    Get:19 jessie/updates/main Translation-en [194 kB]

    Hit jessie/main Sources

    Get:20 jessie/updates/non-free Translation-en [14 B]

    Hit jessie/non-free Sources

    Hit jessie/contrib Sources

    Hit jessie/main amd64 Packages

    Hit jessie/non-free amd64 Packages

    Hit jessie/contrib amd64 Packages

    Hit jessie/contrib Translation-en

    Hit jessie/main Translation-en

    Hit jessie/non-free Translation-en

    Fetched 981 kB in 3s (323 kB/s)

    Reading package lists... Done



    7. Install update Ansible with apt-get install ansible

    root@c-csi-0123s:/etc/apt# apt-get install ansible

    Reading package lists... Done

    Building dependency tree

    Reading state information... Done

    ansible is already the newest version.

    The following package was automatically installed and is no longer required:


    Use 'apt-get autoremove' to remove it.

    0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.



    8. Check version to confirm

    root@c-csi-0123s:/etc/apt# ansible --version


      config file = /etc/ansible/ansible.cfg

      configured module search path = Default w/o overrides



    Basic Verification

    Ping Test for reachability

    root@c-csi-0123s:/etc/ansible/save/cumulus# ifconfig

    eth0      Link encap:Ethernet  HWaddr 0c:c4:7a:a8:e2:ee

              inet addr:  Bcast:  Mask:

              inet6 addr: fe80::ec4:7aff:fea8:e2ee/64 Scope:Link

              UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1

              RX packets:336333 errors:0 dropped:0 overruns:0 frame:0

              TX packets:88180 errors:0 dropped:0 overruns:0 carrier:0

              collisions:0 txqueuelen:1000

              RX bytes:136404698 (130.0 MiB)  TX bytes:12417256 (11.8 MiB)



    lo        Link encap:Local Loopback

              inet addr:  Mask:

              inet6 addr: ::1/128 Scope:Host

              UP LOOPBACK RUNNING  MTU:65536 Metric:1

              RX packets:42 errors:0 dropped:0 overruns:0 frame:0

              TX packets:42 errors:0 dropped:0 overruns:0 carrier:0

              collisions:0 txqueuelen:0

              RX bytes:2948 (2.8 KiB)  TX bytes:2948 (2.8 KiB)


    root@c-csi-0123s:/etc/ansible/save/cumulus# ping

    PING ( 56(84) bytes of data.

    64 bytes from icmp_seq=1 ttl=64 time=0.139 ms

    64 bytes from icmp_seq=2 ttl=64 time=0.157 ms


    --- ping statistics ---

    2 packets transmitted, 2 received, 0% packet loss, time 1000ms

    rtt min/avg/max/mdev = 0.139/0.148/0.157/0.009 ms



    Ansible directory

    Check for Ansible directory structure in  /etc/ansible


    1. Inventory file at - /etc/ansible/hosts

    2. Config file at - /etc/ansible/ansible.cfg

    root@c-csi-0123s:/etc/ansible# ls -lrt

    total 28

    -rw-r--r-- 1 root root 14387 Mar 10 12:21 ansible.cfg

    -rw-r--r-- 1 root root  1169 Mar 10 14:39 hosts



    Now we have the Ansible infrastructure working, we can start with an example of ad-hoc test to check the connectivity and end to end working between Ansible server and switch.

    root@c-csi-0123s:/etc/ansible/roles# echo "whoami" > ~/whoami

    >> Making a file with a basic command


    root@c-csi-0123s:/etc/ansible/roles# echo "" > ~/ansible.hosts

    >> The IP address of the host


    root@c-csi-0123s:/etc/ansible/roles# ansible -k -K -u cumulus -i ~/ansible.hosts -m 'copy' -a 'src=~/whoami dest=~/log'

    >> ad-hoc command for running Ansible

    SSH password: >> Input password

    SUDO password[defaults to SSH password]: >> Input password

    /usr/local/lib/python2.7/dist-packages/cffi/ UserWarning: 'point_conversion_form_t' has no values explicitly defined; guessing that it is equivalent to 'unsigned int'

      % self._get_c_name()) | SUCCESS => {

        "changed": false,

        "checksum": "45fbd6efd34a678343db7ab4ca61063b9e13b689",

        "dest": "/home/cumulus/log",

        "gid": 1000,

        "group": "cumulus",

        "mode": "0644",

        "owner": "cumulus",

        "path": "/home/cumulus/log",

        "size": 23,

        "state": "file",

        "uid": 1000




    >> The script connects to switch and runs a basic whoami command.