AutomationIT NetworkingNetwork AutomationProfessional Development

Network Automation – Ansible Learnings Week 3 – Obtaining NTP and Updating NTP

So onward ever I progress to Mount Doom to destroy the ring of power, but will I be able to do it when I get there? Will I be like Frodo and succumb to the power and temptation that is the power of the ring of automation? Well most probably…

The power of the ring grows…

The power of Ansible is growing with me and the ideas I have for how I can use it are also growing. But much there is to learn…

First of all this week I have being focussed on learning super basic ansible network playbooks. The goal here is to get me up and going with basic playbooks that are almost independent, later posts I will work on making them more portable. I will focus on a very basic and simple playbooks around NTP on my two lab routers. My next post will contain the next stage I took and that was to configure a loopback interface.

  1. Obtain NTP info on my 2 routers
  2. Update NTP information

Obtain NTP Info

This script is well versed on the internet and I gained it from multiple sources and then refined it to my liking.

FYI: If you are not aware ansible_password can reference an encrypted string (see further: https://docs.ansible.com/ansible/latest/cli/ansible-vault.html#encrypt-string ) also for the sake of security and formatting, I removed the encrypted data portion.

---

- name: Network Getting Started First Playbook
  connection: network_cli
  gather_facts: false
  hosts: nvnetlab1_routers
  vars:
    ansible_password: !vault |
      $ANSIBLE_VAULT;1.1;AES256

  tasks:
    - name: run show ntp configuration
      cli_command:
         command: show run | section ntp
      register: ntp_conf

    - name: display the ntp servers configured
      debug:
        msg: "{{ ntp_conf.stdout }}"

This playbook produces the following information to me in my given lab environment.

getntp_02 – Results

Well, well we see there is a slight misconfiguration here. However this data provided back to me in the way I have done it means nothing to Ansible or other playbooks. As in I am yet to acquire the knowledge/skills how to parse this given data into a variable that can then be assessed and change when it does not mean a template standard, sort of like a base config(template) health check.

For now I am moving on manually and will come back and make my process more automated as this is ultimately always the long goal, however short term goal must be completed – get the basics under my belt.

2. Update NTP Configuration

As we can see NV-NET-LAB1-R1 configuration is missing an NTP peer. I will need a playbook to go and edit this and correct it.

This my super simple playbook to correct this and the results it yielded.

---
- name: Change NTP Configuration
  connection: network_cli
  gather_facts: false
  hosts: NV-NET-LAB1-R1
  vars:
    ansible_password: !vault |
      $ANSIBLE_VAULT;1.1;AES256

  tasks:
    - name: Obtain current NTP configuration
      cli_command:
          command: show run | inc ntp
      register: ntp_conf

    - name: display the ntp servers configured
      debug:
        msg: "{{ ntp_conf.stdout }}"

    - name: LOAD NTP CONFIGURATION
      cli_config:
        config: ntp peer 10.0.8.2
      notify:
        - SAVE CONFIGURATION
        - PRINT UPDATED CONFIGURATION

    - name: Obtain updated NTP configuration
      cli_command:
         command: show run | inc ntp
      register: updated_ntp_conf

  handlers:

    - name: SAVE CONFIGURATION
      cli_command:
        command: write memory

    - name: PRINT UPDATED CONFIGURATION
      debug:
        msg: "{{ updated_ntp_conf.stdout }}"

Change NTP Configuration – First run through

The great thing with Ansible with such a simple playbook is to instantly see where the change has been made, so even if I had chosen to simply just run it across 100 devices not even knowing if they were compliant to my required NTP servers, it will make the change and then let me know which ones changed. Also obviously in this playbook because the device list is so short I just printed to screen.

Anyway to confirm all this and what I am saying here is the output of running the playbook again to see the effect of running it again when the NTP servers have been updated.

change_ntp_01 – Second run through

Very simple playbook that has laid down some super basic knowledge and confidence to go to the next stage. Anyway I think this means I have unlocked level 1 as I deployed my first config change on a network device with Ansible – Huzzah!

Next Stage – Configure a loopback interface (or maybe more…)

Leave a Reply

Your email address will not be published. Required fields are marked *