Getting Started with Ansible Management of Spectrum Switches Installed with Cumulus Linux

Version 5

    Ansible provides simple automation framework for network automation which has modern dev-ops feature functionalities ready. Mellanox Spectrum based switches installed with Cumulus Linux supports Ansible automation. This post will cover basic Ansible setup with an ad-hoc script example (non a playbook). Fore more information about Ansible, see Ansible is Simple IT Automation.

     

    References

     

    Setup

    We will start with a simple setup to bring up the Ansible infrastructure, and then make a specific example (playbook) for a simple test case.

     

     

    1. Ensure there is IP connectivity between Ansible Server and the out-of-band management port of Mellanox switch running Cumulus Linux.

    In this example:

    • Server IP = 10.20.3.58
    • Switch IP = 10.20.4.86

     

    2. Make sure your ansible is up to date (2.0 and later versions), for more info see http://docs.ansible.com/ansible/intro_installation.html

     

    3. Upgrade Debian

    root@c-csi-0123s:/etc/apt# pwd

    /etc/apt

    root@c-csi-0123s:/etc/apt# ls

    apt.conf.d     listchanges.conf  sources.list       sources.list.d  trusted.gpg~

    apt-file.conf  preferences.d     sources.list.back  trusted.gpg     trusted.gpg.d

    root@c-csi-0123s:/etc/apt#

     

    4.Updating content of sources.list

    # deb http://ftp.us.debian.org/debian/ jessie main

     

    deb http://ftp.us.debian.org/debian/ jessie main non-free contrib

    deb-src http://ftp.us.debian.org/debian/ jessie main non-free contrib

     

    deb http://security.debian.org/ jessie/updates main contrib non-free

    deb-src http://security.debian.org/ jessie/updates main contrib non-free

     

    # jessie-updates, previously known as 'volatile'

    deb http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free

    deb-src http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free

     

    #get ansible updates

    deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main

    ~

     

    5. Receive Keys from Key Server

    root@c-csi-0123s:/etc/apt# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367

    Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.rs4NXIYj3i --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367

    gpg: requesting key 7BB9C367 from hkp server keyserver.ubuntu.com

    gpg: key 7BB9C367: "Launchpad PPA for Ansible, Inc." not changed

    gpg: Total number processed: 1

    gpg:              unchanged: 1

    root@c-csi-0123s:/etc/apt#

     

    6. Update Ansible with apt-get update

    root@c-csi-0123s:/etc/apt# apt-get update

    Ign http://ftp.us.debian.org jessie InRelease

    Hit http://ppa.launchpad.net trusty InRelease

    Get:1 http://ftp.us.debian.org jessie-updates InRelease [145 kB]

    Get:2 http://security.debian.org jessie/updates InRelease [63.1 kB]

    Hit http://ppa.launchpad.net trusty/main amd64 Packages

    Hit http://ftp.us.debian.org jessie Release.gpg

    Get:3 http://security.debian.org jessie/updates/main Sources [191 kB]

    Hit http://ppa.launchpad.net trusty/main Translation-en

    Get:4 http://ftp.us.debian.org jessie-updates/main Sources [15.4 kB]

    Get:5 http://ftp.us.debian.org jessie-updates/contrib Sources [32 B]

    Get:6 http://ftp.us.debian.org jessie-updates/non-free Sources [920 B]

    Get:7 http://security.debian.org jessie/updates/contrib Sources [1,439 B]

    Get:8 http://ftp.us.debian.org jessie-updates/main amd64 Packages/DiffIndex [6,916 B]

    Get:9 http://security.debian.org jessie/updates/non-free Sources [14 B]

    Get:10 http://ftp.us.debian.org jessie-updates/contrib amd64 Packages [32 B]

    Get:11 http://security.debian.org jessie/updates/main amd64 Packages [355 kB]

    Get:12 http://ftp.us.debian.org jessie-updates/non-free amd64 Packages/DiffIndex [736 B]

    Get:13 http://ftp.us.debian.org jessie-updates/contrib Translation-en [14 B]

    Get:14 http://security.debian.org jessie/updates/contrib amd64 Packages [2,506 B]

    Get:15 http://ftp.us.debian.org jessie-updates/main Translation-en/DiffIndex [2,704 B]

    Get:16 http://security.debian.org jessie/updates/non-free amd64 Packages [14 B]

    Get:17 http://ftp.us.debian.org jessie-updates/non-free Translation-en/DiffIndex [736 B]

    Get:18 http://security.debian.org jessie/updates/contrib Translation-en [1,211 B]

    Hit http://ftp.us.debian.org jessie Release

    Get:19 http://security.debian.org jessie/updates/main Translation-en [194 kB]

    Hit http://ftp.us.debian.org jessie/main Sources

    Get:20 http://security.debian.org jessie/updates/non-free Translation-en [14 B]

    Hit http://ftp.us.debian.org jessie/non-free Sources

    Hit http://ftp.us.debian.org jessie/contrib Sources

    Hit http://ftp.us.debian.org jessie/main amd64 Packages

    Hit http://ftp.us.debian.org jessie/non-free amd64 Packages

    Hit http://ftp.us.debian.org jessie/contrib amd64 Packages

    Hit http://ftp.us.debian.org jessie/contrib Translation-en

    Hit http://ftp.us.debian.org jessie/main Translation-en

    Hit http://ftp.us.debian.org jessie/non-free Translation-en

    Fetched 981 kB in 3s (323 kB/s)

    Reading package lists... Done

    root@c-csi-0123s:/etc/apt#

     

    7. Install update Ansible with apt-get install ansible

    root@c-csi-0123s:/etc/apt# apt-get install ansible

    Reading package lists... Done

    Building dependency tree

    Reading state information... Done

    ansible is already the newest version.

    The following package was automatically installed and is no longer required:

      python-selinux

    Use 'apt-get autoremove' to remove it.

    0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.

    root@c-csi-0123s:/etc/apt#

     

    8. Check version to confirm

    root@c-csi-0123s:/etc/apt# ansible --version

    ansible 2.2.1.0

      config file = /etc/ansible/ansible.cfg

      configured module search path = Default w/o overrides

    root@c-csi-0123s:/etc/apt#

     

    Basic Verification

    Ping Test for reachability

    root@c-csi-0123s:/etc/ansible/save/cumulus# ifconfig

    eth0      Link encap:Ethernet  HWaddr 0c:c4:7a:a8:e2:ee

              inet addr:10.20.3.58  Bcast:10.20.255.255  Mask:255.255.0.0

              inet6 addr: fe80::ec4:7aff:fea8:e2ee/64 Scope:Link

              UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1

              RX packets:336333 errors:0 dropped:0 overruns:0 frame:0

              TX packets:88180 errors:0 dropped:0 overruns:0 carrier:0

              collisions:0 txqueuelen:1000

              RX bytes:136404698 (130.0 MiB)  TX bytes:12417256 (11.8 MiB)

              Memory:c7320000-c733ffff

     

    lo        Link encap:Local Loopback

              inet addr:127.0.0.1  Mask:255.0.0.0

              inet6 addr: ::1/128 Scope:Host

              UP LOOPBACK RUNNING  MTU:65536 Metric:1

              RX packets:42 errors:0 dropped:0 overruns:0 frame:0

              TX packets:42 errors:0 dropped:0 overruns:0 carrier:0

              collisions:0 txqueuelen:0

              RX bytes:2948 (2.8 KiB)  TX bytes:2948 (2.8 KiB)

     

    root@c-csi-0123s:/etc/ansible/save/cumulus# ping 10.20.4.86

    PING 10.20.4.86 (10.20.4.86) 56(84) bytes of data.

    64 bytes from 10.20.4.86: icmp_seq=1 ttl=64 time=0.139 ms

    64 bytes from 10.20.4.86: icmp_seq=2 ttl=64 time=0.157 ms

    ^C

    --- 10.20.4.86 ping statistics ---

    2 packets transmitted, 2 received, 0% packet loss, time 1000ms

    rtt min/avg/max/mdev = 0.139/0.148/0.157/0.009 ms

    root@c-csi-0123s:/etc/ansible/save/cumulus#

     

    Ansible directory

    Check for Ansible directory structure in  /etc/ansible

     

    1. Inventory file at - /etc/ansible/hosts

    2. Config file at - /etc/ansible/ansible.cfg

    root@c-csi-0123s:/etc/ansible# ls -lrt

    total 28

    -rw-r--r-- 1 root root 14387 Mar 10 12:21 ansible.cfg

    -rw-r--r-- 1 root root  1169 Mar 10 14:39 hosts

    root@c-csi-0123s:/etc/ansible#

     

    Now we have the Ansible infrastructure working, we can start with an example of ad-hoc test to check the connectivity and end to end working between Ansible server and switch.

    root@c-csi-0123s:/etc/ansible/roles# echo "whoami" > ~/whoami

    >> Making a file with a basic command

    root@c-csi-0123s:/etc/ansible/roles#

    root@c-csi-0123s:/etc/ansible/roles# echo "10.20.4.86" > ~/ansible.hosts

    >> The IP address of the host

    root@c-csi-0123s:/etc/ansible/roles#

    root@c-csi-0123s:/etc/ansible/roles# ansible -k -K -u cumulus -i ~/ansible.hosts -m 'copy' -a 'src=~/whoami dest=~/log' 10.20.4.86

    >> ad-hoc command for running Ansible

    SSH password: >> Input password

    SUDO password[defaults to SSH password]: >> Input password

    /usr/local/lib/python2.7/dist-packages/cffi/model.py:532: UserWarning: 'point_conversion_form_t' has no values explicitly defined; guessing that it is equivalent to 'unsigned int'

      % self._get_c_name())

    10.20.4.86 | SUCCESS => {

        "changed": false,

        "checksum": "45fbd6efd34a678343db7ab4ca61063b9e13b689",

        "dest": "/home/cumulus/log",

        "gid": 1000,

        "group": "cumulus",

        "mode": "0644",

        "owner": "cumulus",

        "path": "/home/cumulus/log",

        "size": 23,

        "state": "file",

        "uid": 1000

    }

    root@c-csi-0123s:/etc/ansible/roles#

     

    >> The script connects to switch and runs a basic whoami command.