というわけでRedHatさんで行われたAnsibleもくもく会(ネットワーク編)にブログ枠で
参加してきましたので、やったことを記載します。
↓こちらは公式のレポです。
環境
環境はRedHatさんがAWS上にこんな構成を用意してくれました。
今回Ciscoの仮想マシンルーターを使いましてCSR1000Vっていうものでした。
rtr1のshow versionの結果です。
$ ansible -i ../lab_inventory/hosts rtr1 -m ios_command -a 'commands="show version"
' -c network_cli
rtr1 | SUCCESS => {
"changed": false,
"stdout": [
"Cisco IOS XE Software, Version 16.08.01a\nCisco IOS Software [Fuji], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.8.1a, RELEASE SOFTWARE (fc1)\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2018 by Cisco Systems, Inc.\nCompiled Tue 03-Apr-18 18:43 by mcpre\n\n\nCisco IOS-XE software, Copyright (c) 2005-2018 by cisco Systems, Inc.\nAll rights reserved. Certain components of Cisco IOS-XE software are\nlicensed under the GNU General Public License (\"GPL\") Version 2.0. The\nsoftware code licensed under GPL Version 2.0 is free software that comes\nwith ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such\nGPL code under the terms of GPL Version 2.0. For more details, see the\ndocumentation or \"License Notice\" file accompanying the IOS-XE software,\nor the applicable URL provided on the flyer accompanying the IOS-XE\nsoftware.\n\n\nROM: IOS-XE ROMMON\n\nip-172-16-157-7 uptime is 6 hours, 37 minutes\nUptime for this control processor is 6 hours, 39 minutes\nSystem returned to ROM by reload\nSystem image file is \"boot:packages.conf\"\nLast reload reason: Unknown reason\n\n\n\nThis product contains cryptographic features and is subject to United\nStates and local country laws governing import, export, transfer and\nuse. Delivery of Cisco cryptographic products does not imply\nthird-party authority to import, export, distribute or use encryption.\nImporters, exporters, distributors and users are responsible for\ncompliance with U.S. and local country laws. By using this product you\nagree to comply with applicable laws and regulations. If you are unable\nto comply with U.S. and local laws, return this product immediately.\n\nA summary of U.S. laws governing Cisco cryptographic products may be found at:\nhttp://www.cisco.com/wwl/export/crypto/tool/stqrg.html\n\nIf you require further assistance please contact us by sending email to\nexport@cisco.com.\n\nLicense Level: ax\nLicense Type: Default. No valid license found.\nNext reload license Level: ax\n\ncisco CSR1000V (VXE) processor (revision VXE) with 2185320K/3075K bytes of memory.\nProcessor board ID 913PK5HTYVW\n1 Gigabit Ethernet interface\n32768K bytes of non-volatile configuration memory.\n3983676K bytes of physical memory.\n7774207K bytes of virtual hard disk at bootflash:.\n0K bytes of WebUI ODM Files at webui:.\n\nConfiguration register is 0x2102"
],
"stdout_lines": [
[
"Cisco IOS XE Software, Version 16.08.01a",
"Cisco IOS Software [Fuji], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.8.1a, RELEASE SOFTWARE (fc1)",
"Technical Support: http://www.cisco.com/techsupport",
"Copyright (c) 1986-2018 by Cisco Systems, Inc.",
"Compiled Tue 03-Apr-18 18:43 by mcpre",
"",
"",
"Cisco IOS-XE software, Copyright (c) 2005-2018 by cisco Systems, Inc.",
"All rights reserved. Certain components of Cisco IOS-XE software are",
"licensed under the GNU General Public License (\"GPL\") Version 2.0. The",
"software code licensed under GPL Version 2.0 is free software that comes",
"with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such",
"GPL code under the terms of GPL Version 2.0. For more details, see the",
"documentation or \"License Notice\" file accompanying the IOS-XE software,",
"or the applicable URL provided on the flyer accompanying the IOS-XE",
"software.",
"",
"",
"ROM: IOS-XE ROMMON",
"",
"ip-172-16-157-7 uptime is 6 hours, 37 minutes",
"Uptime for this control processor is 6 hours, 39 minutes",
"System returned to ROM by reload",
"System image file is \"boot:packages.conf\"",
"Last reload reason: Unknown reason",
"",
"",
"",
"This product contains cryptographic features and is subject to United",
"States and local country laws governing import, export, transfer and",
"use. Delivery of Cisco cryptographic products does not imply",
"third-party authority to import, export, distribute or use encryption.",
"Importers, exporters, distributors and users are responsible for",
"compliance with U.S. and local country laws. By using this product you",
"agree to comply with applicable laws and regulations. If you are unable",
"to comply with U.S. and local laws, return this product immediately.",
"",
"A summary of U.S. laws governing Cisco cryptographic products may be found at:",
"http://www.cisco.com/wwl/export/crypto/tool/stqrg.html",
"",
"If you require further assistance please contact us by sending email to",
"export@cisco.com.",
"",
"License Level: ax",
"License Type: Default. No valid license found.",
"Next reload license Level: ax",
"",
"cisco CSR1000V (VXE) processor (revision VXE) with 2185320K/3075K bytes of memory.",
"Processor board ID 913PK5HTYVW",
"1 Gigabit Ethernet interface",
"32768K bytes of non-volatile configuration memory.",
"3983676K bytes of physical memory.",
"7774207K bytes of virtual hard disk at bootflash:.",
"0K bytes of WebUI ODM Files at webui:.",
"",
"Configuration register is 0x2102"
]
]
}
演習内容
もくもくした内容は↓のものです。
https://github.com/network-automation/linklight
https://github.com/network-automation/linklight/tree/master/exercises/networking
AWS上でそれぞれ別のVPCに配置されたルーターをGREトンネルで結ぶということですね。
Ansibleが入ったサーバ(↑の構成の左下のサーバ)にログインするとファイルが一式用意されて
ましたので、それを使ってポチポチと進めていきました。
演習 1.1 - アドホックコマンドの実行
まずはコマンドでAnsibleを打ってみましょうってことですね。
ステップ 1: ホストへのping実行
$ ansible -i lab_inventory/hosts control -m ping
ansible | SUCCESS => {
"changed": false,
"ping": "pong"
}
「これは所謂 ICMPの ping ではなく、これは所謂 ICMPの ping ではなく、同ホスト上での python スクリプト実行である点を認識してください」
→ふむふむ、別にPing打つわけじゃないっての最近ソース見て知りました。
あとソースにWindowsにはwin_ping,Network機器にはnet_ping使えって書いてますね。
ステップ 2: Command
$ ansible -i lab_inventory/hosts control -m command -a "uptime" -o
ansible | CHANGED | rc=0 | (stdout) 11:06:40 up 5:29, 2 users, load average: 0.00, 0.01, 0.05
ステップ 3: ios_facts
$ ansible -i lab_inventory/hosts routers -m ios_facts -c network_cli
rtr1 | SUCCESS => {
"ansible_facts": {
"ansible_net_all_ipv4_addresses": [
"172.16.157.7",
"192.168.35.101"
],
"ansible_net_all_ipv6_addresses": [],
"ansible_net_filesystems": [
"bootflash:"
],
"ansible_net_gather_subset": [
"hardware",
"default",
"interfaces"
],
"ansible_net_hostname": "ip-172-16-157-7",
"ansible_net_image": "boot:packages.conf",
"ansible_net_interfaces": {
"GigabitEthernet1": {
"bandwidth": 1000000,
"description": null,
"duplex": "Full",
"ipv4": [
{
"address": "172.16.157.7",
"subnet": "16"
}
],
"lineprotocol": "up ",
"macaddress": "06dc.d7da.6e72",
"mediatype": "Virtual",
"mtu": 1500,
"operstatus": "up",
"type": "CSR vNIC"
},
"VirtualPortGroup0": {
"bandwidth": 750000,
"description": null,
"duplex": null,
"ipv4": [
{
"address": "192.168.35.101",
"subnet": "24"
}
],
"lineprotocol": "up ",
"macaddress": "001e.1479.a3bd",
"mediatype": null,
"mtu": 1500,
"operstatus": "up",
"type": "Virtual Port Group"
}
},
"ansible_net_memfree_mb": 1849307,
"ansible_net_memtotal_mb": 2185184,
"ansible_net_model": "CSR1000V",
"ansible_net_serialnum": "913PK5HTYVW",
"ansible_net_version": "16.08.01a"
},
"changed": false
}
rtr2 | SUCCESS => {
"ansible_facts": {
"ansible_net_all_ipv4_addresses": [
"172.17.211.195",
"192.168.35.101"
],
"ansible_net_all_ipv6_addresses": [],
"ansible_net_filesystems": [
"bootflash:"
],
"ansible_net_gather_subset": [
"hardware",
"default",
"interfaces"
],
"ansible_net_hostname": "ip-172-17-211-195",
"ansible_net_image": "boot:packages.conf",
"ansible_net_interfaces": {
"GigabitEthernet1": {
"bandwidth": 1000000,
"description": null,
"duplex": "Full",
"ipv4": [
{
"address": "172.17.211.195",
"subnet": "16"
}
],
"lineprotocol": "up ",
"macaddress": "0646.c75e.e7fa",
"mediatype": "Virtual",
"mtu": 1500,
"operstatus": "up",
"type": "CSR vNIC"
},
"VirtualPortGroup0": {
"bandwidth": 750000,
"description": null,
"duplex": null,
"ipv4": [
{
"address": "192.168.35.101",
"subnet": "24"
}
],
"lineprotocol": "up ",
"macaddress": "001e.e51b.5fbd",
"mediatype": null,
"mtu": 1500,
"operstatus": "up",
"type": "Virtual Port Group"
}
},
"ansible_net_memfree_mb": 1849325,
"ansible_net_memtotal_mb": 2185184,
"ansible_net_model": "CSR1000V",
"ansible_net_serialnum": "96K1OHFAI3H",
"ansible_net_version": "16.08.01a"
},
"changed": false
}
$
ステップ 4: ios_command
$ ansible -i lab_inventory/hosts routers -m ios_command -a 'commands="show ip int br"' -c network_cli
rtr1 | SUCCESS => {
"changed": false,
"stdout": [
"Interface IP-Address OK? Method Status Protocol\nGigabitEthernet1 172.16.157.7 YES DHCP up up \nVirtualPortGroup0 192.168.35.101 YES TFTP up up"
],
"stdout_lines": [
[
"Interface IP-Address OK? Method Status Protocol",
"GigabitEthernet1 172.16.157.7 YES DHCP up up ",
"VirtualPortGroup0 192.168.35.101 YES TFTP up up"
]
]
}
rtr2 | SUCCESS => {
"changed": false,
"stdout": [
"Interface IP-Address OK? Method Status Protocol\nGigabitEthernet1 172.17.211.195 YES DHCP up up \nVirtualPortGroup0 192.168.35.101 YES TFTP up up"
],
"stdout_lines": [
[
"Interface IP-Address OK? Method Status Protocol",
"GigabitEthernet1 172.17.211.195 YES DHCP up up ",
"VirtualPortGroup0 192.168.35.101 YES TFTP up up"
]
]
}
ステップ 5: ios_banner
変更する前にルーターのバナーをチェックします。
$ ansible -i lab_inventory/hosts routers -m ios_command -a 'commands="show banner motd"' -c network_cli
rtr1 | SUCCESS => {
"changed": false,
"stdout": [
""
],
"stdout_lines": [
[
""
]
]
}
rtr2 | SUCCESS => {
"changed": false,
"stdout": [
""
],
"stdout_lines": [
[
""
]
]
}
motd バナーを追加しましょう
$ ansible -i lab_inventory/hosts routers -m ios_banner -a 'banner=motd text="Ansible is awesome!" state=present' -c network_cli
rtr2 | SUCCESS => {
"changed": true,
"commands": [
"banner motd @\nAnsible is awesome!\n@"
]
}
rtr1 | SUCCESS => {
"changed": true,
"commands": [
"banner motd @\nAnsible is awesome!\n@"
]
}
違いを見てみましょう。
$ ansible -i lab_inventory/hosts routers -m ios_command -a 'commands="show banner motd"' -c network_cli
rtr1 | SUCCESS => {
"changed": false,
"stdout": [
"Ansible is awesome!"
],
"stdout_lines": [
[
"Ansible is awesome!"
]
]
}
rtr2 | SUCCESS => {
"changed": false,
"stdout": [
"Ansible is awesome!"
],
"stdout_lines": [
[
"Ansible is awesome!"
]
]
}
ステップ 6: ios_banner の削除
$ ansible -i lab_inventory/hosts routers -m ios_banner -a 'banner=motd state=absent' -c network_cli
rtr2 | SUCCESS => {
"changed": true,
"commands": [
"no banner motd"
]
}
rtr1 | SUCCESS => {
"changed": true,
"commands": [
"no banner motd"
]
}
ってかバナーって何ですかねw?モナーみたいな?→メッセージですかね。
演習 1.1 はこれで終わりでした。
演習 1.2 - コンフィグのバックアップ
ここから実際にPlaybookを書いてみましょうってなりました。
で作成したPlaybookはこちら。(用意されてたので実際書いてないすけどw)
ios_factsの結果をdebugで出力するっていうのと、ios_configでrtr1とrtr2のconfigを
ばっくうpするってことですね。
「Yaml はインデントやスペースの形式が少し特殊かもしれません。スペースやアラインメントをご確認いただくことをお勧めいたします」
→ふむふむ、僕は実行前に --syntax-check で確認してますね。
backup.yml
---
- name: backup router configurations
hosts: routers
connection: network_cli
gather_facts: no
tasks:
- name: gather ios_facts
ios_facts:
register: version
- debug:
msg: "{{version}}"
- name: Backup configuration
ios_config:
backup: yes
じゃ実行します。
$ ansible-playbook -i ../lab_inventory/hosts backup.yml
PLAY [backup router configurations] *************************************************************************************
TASK [gather ios_facts] *************************************************************************************************
ok: [rtr1]
ok: [rtr2]
TASK [debug] ************************************************************************************************************
ok: [rtr1] => {
"msg": {
"ansible_facts": {
"ansible_net_all_ipv4_addresses": [
"172.16.157.7",
"192.168.35.101"
],
"ansible_net_all_ipv6_addresses": [],
"ansible_net_filesystems": [
"bootflash:"
],
"ansible_net_gather_subset": [
"hardware",
"default",
"interfaces"
],
"ansible_net_hostname": "ip-172-16-157-7",
"ansible_net_image": "boot:packages.conf",
"ansible_net_interfaces": {
"GigabitEthernet1": {
"bandwidth": 1000000,
"description": null,
"duplex": "Full",
"ipv4": [
{
"address": "172.16.157.7",
"subnet": "16"
}
],
"lineprotocol": "up ",
"macaddress": "06dc.d7da.6e72",
"mediatype": "Virtual",
"mtu": 1500,
"operstatus": "up",
"type": "CSR vNIC"
},
"VirtualPortGroup0": {
"bandwidth": 750000,
"description": null,
"duplex": null,
"ipv4": [
{
"address": "192.168.35.101",
"subnet": "24"
}
],
"lineprotocol": "up ",
"macaddress": "001e.1479.a3bd",
"mediatype": null,
"mtu": 1500,
"operstatus": "up",
"type": "Virtual Port Group"
}
},
"ansible_net_memfree_mb": 1849307,
"ansible_net_memtotal_mb": 2185184,
"ansible_net_model": "CSR1000V",
"ansible_net_serialnum": "913PK5HTYVW",
"ansible_net_version": "16.08.01a"
},
"changed": false,
"failed": false
}
}
ok: [rtr2] => {
"msg": {
"ansible_facts": {
"ansible_net_all_ipv4_addresses": [
"172.17.211.195",
"192.168.35.101"
],
"ansible_net_all_ipv6_addresses": [],
"ansible_net_filesystems": [
"bootflash:"
],
"ansible_net_gather_subset": [
"hardware",
"default",
"interfaces"
],
"ansible_net_hostname": "ip-172-17-211-195",
"ansible_net_image": "boot:packages.conf",
"ansible_net_interfaces": {
"GigabitEthernet1": {
"bandwidth": 1000000,
"description": null,
"duplex": "Full",
"ipv4": [
{
"address": "172.17.211.195",
"subnet": "16"
}
],
"lineprotocol": "up ",
"macaddress": "0646.c75e.e7fa",
"mediatype": "Virtual",
"mtu": 1500,
"operstatus": "up",
"type": "CSR vNIC"
},
"VirtualPortGroup0": {
"bandwidth": 750000,
"description": null,
"duplex": null,
"ipv4": [
{
"address": "192.168.35.101",
"subnet": "24"
}
],
"lineprotocol": "up ",
"macaddress": "001e.e51b.5fbd",
"mediatype": null,
"mtu": 1500,
"operstatus": "up",
"type": "Virtual Port Group"
}
},
"ansible_net_memfree_mb": 1849325,
"ansible_net_memtotal_mb": 2185184,
"ansible_net_model": "CSR1000V",
"ansible_net_serialnum": "96K1OHFAI3H",
"ansible_net_version": "16.08.01a"
},
"changed": false,
"failed": false
}
}
TASK [Backup configuration] *********************************************************************************************
ok: [rtr2]
ok: [rtr1]
PLAY RECAP **************************************************************************************************************
rtr1 : ok=3 changed=0 unreachable=0 failed=0
rtr2 : ok=3 changed=0 unreachable=0 failed=0
configがbackupフォルダにバックアップされました。
$ ls backup
rtr1_config.2018-08-28@11:17:34 rtr2_config.2018-08-28@11:17:34
ここまでが1.2でした。
演習 1.3 - GREトンネルの作成
rtr1 と rtr2 間のGREトンネルをPlaybookを書いて設定してみようってわけですかね。
学ぶこと:
ios_config モジュール
parents キーワード
条件分 (when clause)
で出来上がったPlaybookがこちら。
gre.yml
---
- name: Configure GRE Tunnel between rtr1 and rtr2
hosts: routers
gather_facts: no
connection: network_cli
vars:
#Variables can be manually set like this:
#rtr1_public_ip: "34.236.147.137"
#rtr2_public_ip: "54.209.50.0"
#or reference dynamically variables tied to the host directly
#in this case, its grabbing this from the inventory under lab_inventory
rtr1_public_ip: "{{hostvars['rtr1']['ansible_host']}}"
rtr2_public_ip: "{{hostvars['rtr2']['ansible_host']}}"
tasks:
- name: create tunnel interface to R2
ios_config:
lines:
- 'ip address 10.0.0.1 255.255.255.0'
- 'tunnel source GigabitEthernet1'
- 'tunnel destination {{rtr2_public_ip}}'
parents: interface Tunnel0
when:
- '"rtr1" in inventory_hostname'
- name: create tunnel interface to R1
ios_config:
lines:
- 'ip address 10.0.0.2 255.255.255.0'
- 'tunnel source GigabitEthernet1'
- 'tunnel destination {{rtr1_public_ip}}'
parents: interface Tunnel0
when:
- '"rtr2" in inventory_hostname'
parentsって何だってなりましたが、↓ポートの階層番号の指定なんですね。なるほど、さすよこ。(※さすがよこちさんの略)
じゃ実行。
$ ansible-playbook -i ../lab_inventory/hosts gre.yml
PLAY [Configure GRE Tunnel between rtr1 and rtr2] ***********************************************************************
TASK [create tunnel interface to R2] ************************************************************************************
skipping: [rtr2]
changed: [rtr1]
TASK [create tunnel interface to R1] ************************************************************************************
skipping: [rtr1]
changed: [rtr2]
PLAY RECAP **************************************************************************************************************
rtr1 : ok=1 changed=1 unreachable=0 failed=0
rtr2 : ok=1 changed=1 unreachable=0 failed=0
1.3はここまででした。
演習 1.4 - ルータの追加設定
ios_interface,ios_config,ios_static_route,ios_systemと4つのモジュールで
追加設定を投入します。
router_configs.yml
---
- name: Router Configurations
hosts: routers
gather_facts: no
connection: network_cli
vars:
ansible_network_os: ios
dns_servers:
- 8.8.8.8
- 8.8.4.4
#Variables can be manually set like this:
#host1_private_ip: "172.18.2.8"
#control_private_ip: "172.17.1.157"
#or reference dynamically variables tied to the host directly
#in this case, its grabbing this from the inventory under lab_inventory:
host1_private_ip: "{{hostvars['host1']['private_ip']}}"
control_private_ip: "{{hostvars['ansible']['private_ip']}}"
tasks:
##Configuration for R1
- block:
- name: Static route from R1 to R2
ios_static_route:
prefix: "{{host1_private_ip}}"
mask: 255.255.255.255
next_hop: 10.0.0.2
- name: configure name servers
ios_system:
name_servers: "{{item}}"
with_items: "{{dns_servers}}"
when:
- '"rtr1" in inventory_hostname'
##Configuration for R2
- block:
- name: enable GigabitEthernet1 interface
ios_interface:
name: GigabitEthernet1
description: interface to host1
state: present
- name: dhcp configuration for GigabitEthernet1
ios_config:
lines:
- ip address dhcp
parents: interface GigabitEthernet1
- name: Static route from R2 to R1
ios_static_route:
prefix: "{{control_private_ip}}"
mask: 255.255.255.255
next_hop: 10.0.0.1
- name: configure name servers
ios_system:
name_servers: "{{item}}"
with_items: "{{dns_servers}}"
when:
- '"rtr2" in inventory_hostname'
では実行します。
$ ansible-playbook -i ../lab_inventory/hosts router_configs.yml
PLAY [Router Configurations] ********************************************************************************************
TASK [Static route from R1 to R2] ***************************************************************************************
skipping: [rtr2]
changed: [rtr1]
TASK [configure name servers] *******************************************************************************************
skipping: [rtr2] => (item=8.8.8.8)
skipping: [rtr2] => (item=8.8.4.4)
changed: [rtr1] => (item=8.8.8.8)
changed: [rtr1] => (item=8.8.4.4)
TASK [enable GigabitEthernet1 interface] ********************************************************************************
skipping: [rtr1]
changed: [rtr2]
TASK [dhcp configuration for GigabitEthernet1] **************************************************************************
skipping: [rtr1]
ok: [rtr2]
TASK [Static route from R2 to R1] ***************************************************************************************
skipping: [rtr1]
changed: [rtr2]
TASK [configure name servers] *******************************************************************************************
skipping: [rtr1] => (item=8.8.8.8)
skipping: [rtr1] => (item=8.8.4.4)
changed: [rtr2] => (item=8.8.8.8)
changed: [rtr2] => (item=8.8.4.4)
PLAY RECAP **************************************************************************************************************
rtr1 : ok=2 changed=2 unreachable=0 failed=0
rtr2 : ok=4 changed=3 unreachable=0 failed=0
セクション 6: テスト!
「異なるVPCにあるホストにPingができるはずです。2つのVPCをGREトンネルで繋ぎ、2つのサブネット間でルーティングできるようにスタティックルートを追加しました。」
おぉ! 別VPC、172.17のhostsにPingが飛びました。
$ ping 172.17.236.181
PING 172.17.236.181 (172.17.236.181) 56(84) bytes of data.
64 bytes from 172.17.236.181: icmp_seq=2 ttl=62 time=2.00 ms
64 bytes from 172.17.236.181: icmp_seq=3 ttl=62 time=1.97 ms
64 bytes from 172.17.236.181: icmp_seq=4 ttl=62 time=1.85 ms
64 bytes from 172.17.236.181: icmp_seq=5 ttl=62 time=1.83 ms
^C
--- 172.17.236.181 ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 4003ms
rtt min/avg/max/mdev = 1.834/1.917/2.004/0.081 ms
ここらへんで僕は時間となりました。
最後に今回使ったインベントリファイルを乗せときます。
hosts
[all:vars]
ansible_ssh_user=student25
ansible_ssh_pass=red123hat
ansible_port=22
[routers:children]
cisco
[cisco]
rtr1 ansible_host=52.197.137.88 ansible_ssh_user=ec2-user private_ip=172.16.157.7 ansible_network_os=ios
rtr2 ansible_host=13.113.35.207 ansible_ssh_user=ec2-user private_ip=172.17.211.195 ansible_network_os=ios
[cisco:vars]
ansible_ssh_user=ec2-user
ansible_network_os=ios
[dc1]
rtr1
[dc2]
rtr2
[hosts]
host1 ansible_host=13.230.215.167 ansible_ssh_user=ec2-user
private_ip=172.17.236.181
[control]
ansible ansible_host=54.238.226.25 ansible_ssh_user=ec2-user
private_ip=172.16.82.42
その他
iosモジュールってどのVersionまで通るのかなーって前から気になってたので聞いてみたら以下の
ページを教えてもらいました。
https://access.redhat.com/articles/3185021
「What networking platforms and versions are tested as part of the Ansible Engine Networking Add-on? 」
あと成果共有枠で参加されてた方がPlaybook実行したら環境壊しちゃって本番でやったら危ないということを話されてまして、
サーバであれば検証環境を作るのは割と仮想マシン立てるなりで割と簡単なんですけど、
なかなかNWの検証環境を用意するのはやっぱ大変なのかなと。
ios_config みたいなPlaybookをいきなり打ち込んでみるではなく、ios_factsとかios_commandでポートの情報取ってとか
参照系のPlaybookから始めてみるのがいいのかなと思いました。(作文?)
おしまい。