Ansible Aws & Cisco: Difference between revisions
(Created page with "== Ansible Guide: AWS VPC Deployment & Cisco Configuration Backup == This guide outlines the step-by-step process for using **Ansible** to: 1. **Provision a VPC in AWS** while securing credentials with **Ansible Vault**. 2. **Log into Cisco switches and download configurations** using best practices. ---- = Part 1: AWS VPC Deployment with Ansible = == Step 1: Install Required Packages == Ensure you have Ansible and necessary dependencies installed. ```bash sudo apt...") |
No edit summary |
||
| Line 3: | Line 3: | ||
This guide outlines the step-by-step process for using **Ansible** to: | This guide outlines the step-by-step process for using **Ansible** to: | ||
# Provision a VPC in AWS while securing credentials with **Ansible Vault**. | |||
# Log into Cisco switches and download configurations using best practices. | |||
---- | ---- | ||
| Line 13: | Line 13: | ||
Ensure you have Ansible and necessary dependencies installed. | Ensure you have Ansible and necessary dependencies installed. | ||
'''For Ubuntu/Linux:''' | |||
sudo apt update && sudo apt install -y ansible python3-boto3 | sudo apt update && sudo apt install -y ansible python3-boto3 | ||
'''For MacOS:''' | |||
brew install ansible | |||
pip3 install boto3 | |||
== Step 2: Configure Ansible Vault for Credential Security == | == Step 2: Configure Ansible Vault for Credential Security == | ||
Ansible Vault allows secure storage of AWS credentials. | Ansible Vault allows secure storage of AWS credentials. | ||
# Create a vault file: | |||
ansible-vault create aws_credentials.yml | |||
ansible-vault create aws_credentials.yml | |||
# Add the following content: | |||
aws_access_key: "YOUR_AWS_ACCESS_KEY" | |||
aws_secret_key: "YOUR_AWS_SECRET_KEY" | |||
aws_region: "us-east-1" | |||
# Save and exit. | |||
# Edit the vault file later if needed: | |||
ansible-vault | ansible-vault edit aws_credentials.yml | ||
# Decrypt if necessary: | |||
ansible-vault decrypt aws_credentials.yml | |||
ansible-vault | |||
# Encrypt again: | |||
ansible-vault encrypt aws_credentials.yml | |||
== Step 3: Configure the Ansible Inventory File == | == Step 3: Configure the Ansible Inventory File == | ||
Create an inventory file ( | Create an inventory file ('''inventory.ini''') and define the target group. | ||
[aws] | |||
localhost ansible_connection=local | |||
== Step 4: Create the Ansible Playbook for AWS VPC == | == Step 4: Create the Ansible Playbook for AWS VPC == | ||
Create | Create '''aws_vpc.yml''': | ||
--- | |||
- name: Create AWS VPC | |||
hosts: aws | |||
gather_facts: no | |||
vars_files: | |||
- aws_credentials.yml | |||
tasks: | |||
- name: Create VPC | |||
amazon.aws.ec2_vpc_net: | |||
name: my-vpc | |||
cidr_block: 10.0.0.0/16 | |||
region: "{{ aws_region }}" | |||
aws_access_key: "{{ aws_access_key }}" | |||
aws_secret_key: "{{ aws_secret_key }}" | |||
register: vpc_output | |||
- debug: | |||
var: vpc_output | |||
== Step 5: Run the Ansible Playbook == | == Step 5: Run the Ansible Playbook == | ||
ansible-playbook aws_vpc.yml --ask-vault-pass | |||
ansible-playbook aws_vpc.yml --ask-vault-pass | |||
This will prompt for the Vault password and execute the playbook to create a VPC in AWS. | This will prompt for the Vault password and execute the playbook to create a VPC in AWS. | ||
| Line 102: | Line 80: | ||
== Step 1: Install Required Packages == | == Step 1: Install Required Packages == | ||
Ensure Ansible and the necessary networking modules are installed: | Ensure Ansible and the necessary networking modules are installed: | ||
pip3 install paramiko netmiko ansible | |||
pip3 install paramiko netmiko ansible | |||
== Step 2: Create Ansible Inventory File == | == Step 2: Create Ansible Inventory File == | ||
Create | Create '''inventory.ini''': | ||
[cisco] | |||
switch1 ansible_host=192.168.1.1 ansible_user=admin ansible_network_os=ios | |||
switch2 ansible_host=192.168.1.2 ansible_user=admin ansible_network_os=ios | |||
== Step 3: Secure Cisco Credentials with Ansible Vault == | == Step 3: Secure Cisco Credentials with Ansible Vault == | ||
# Create Vault File: | |||
ansible-vault create cisco_credentials.yml | |||
ansible-vault create cisco_credentials.yml | |||
# Add the following content: | |||
ansible_password: "YOUR_CISCO_PASSWORD" | |||
# Save & exit. | |||
== Step 4: Create the Cisco Backup Playbook == | == Step 4: Create the Cisco Backup Playbook == | ||
Create | Create '''cisco_backup.yml''': | ||
--- | |||
- name: Backup Cisco Configuration | |||
hosts: cisco | |||
gather_facts: no | |||
vars_files: | |||
- cisco_credentials.yml | |||
tasks: | |||
- name: Run show running-config | |||
cisco.ios.ios_command: | |||
commands: | |||
- show running-config | |||
register: config_output | |||
- name: Save to local file | |||
copy: | |||
content: "{{ config_output.stdout[0] }}" | |||
dest: "backups/{{ inventory_hostname }}.cfg" | |||
== Step 5: Run the Cisco Backup Playbook == | == Step 5: Run the Cisco Backup Playbook == | ||
ansible-playbook cisco_backup.yml --ask-vault-pass | |||
ansible-playbook cisco_backup.yml --ask-vault-pass | |||
This will log into the Cisco devices and save their configurations locally. | This will log into the Cisco devices and save their configurations locally. | ||
| Line 162: | Line 127: | ||
= Best Practices = | = Best Practices = | ||
* Use Ansible Vault for sensitive data. | |||
* Follow Role-Based Ansible Structures for modularity. | |||
* Test in a Lab Environment before production execution. | |||
* Use Version Control (e.g., Git) for playbooks. | |||
This guide ensures **secure**, **scalable**, and **efficient** automation for AWS and Cisco environments using **Ansible**. | This guide ensures **secure**, **scalable**, and **efficient** automation for AWS and Cisco environments using **Ansible**. | ||
Latest revision as of 14:21, 8 February 2025
Ansible Guide: AWS VPC Deployment & Cisco Configuration Backup
This guide outlines the step-by-step process for using **Ansible** to:
- Provision a VPC in AWS while securing credentials with **Ansible Vault**.
- Log into Cisco switches and download configurations using best practices.
Part 1: AWS VPC Deployment with Ansible
Step 1: Install Required Packages
Ensure you have Ansible and necessary dependencies installed.
For Ubuntu/Linux:
sudo apt update && sudo apt install -y ansible python3-boto3
For MacOS:
brew install ansible pip3 install boto3
Step 2: Configure Ansible Vault for Credential Security
Ansible Vault allows secure storage of AWS credentials.
- Create a vault file:
ansible-vault create aws_credentials.yml
- Add the following content:
aws_access_key: "YOUR_AWS_ACCESS_KEY" aws_secret_key: "YOUR_AWS_SECRET_KEY" aws_region: "us-east-1"
- Save and exit.
- Edit the vault file later if needed:
ansible-vault edit aws_credentials.yml
- Decrypt if necessary:
ansible-vault decrypt aws_credentials.yml
- Encrypt again:
ansible-vault encrypt aws_credentials.yml
Step 3: Configure the Ansible Inventory File
Create an inventory file (inventory.ini) and define the target group.
[aws] localhost ansible_connection=local
Step 4: Create the Ansible Playbook for AWS VPC
Create aws_vpc.yml:
---
- name: Create AWS VPC
hosts: aws
gather_facts: no
vars_files:
- aws_credentials.yml
tasks:
- name: Create VPC
amazon.aws.ec2_vpc_net:
name: my-vpc
cidr_block: 10.0.0.0/16
region: "Template:Aws region"
aws_access_key: "Template:Aws access key"
aws_secret_key: "Template:Aws secret key"
register: vpc_output
- debug:
var: vpc_output
Step 5: Run the Ansible Playbook
ansible-playbook aws_vpc.yml --ask-vault-pass
This will prompt for the Vault password and execute the playbook to create a VPC in AWS.
Part 2: Cisco Configuration Backup Using Ansible
Step 1: Install Required Packages
Ensure Ansible and the necessary networking modules are installed:
pip3 install paramiko netmiko ansible
Step 2: Create Ansible Inventory File
Create inventory.ini:
[cisco] switch1 ansible_host=192.168.1.1 ansible_user=admin ansible_network_os=ios switch2 ansible_host=192.168.1.2 ansible_user=admin ansible_network_os=ios
Step 3: Secure Cisco Credentials with Ansible Vault
- Create Vault File:
ansible-vault create cisco_credentials.yml
- Add the following content:
ansible_password: "YOUR_CISCO_PASSWORD"
- Save & exit.
Step 4: Create the Cisco Backup Playbook
Create cisco_backup.yml:
---
- name: Backup Cisco Configuration
hosts: cisco
gather_facts: no
vars_files:
- cisco_credentials.yml
tasks:
- name: Run show running-config
cisco.ios.ios_command:
commands:
- show running-config
register: config_output
- name: Save to local file
copy:
content: "{{ config_output.stdout[0] }}"
dest: "backups/Template:Inventory hostname.cfg"
Step 5: Run the Cisco Backup Playbook
ansible-playbook cisco_backup.yml --ask-vault-pass
This will log into the Cisco devices and save their configurations locally.
Best Practices
- Use Ansible Vault for sensitive data.
- Follow Role-Based Ansible Structures for modularity.
- Test in a Lab Environment before production execution.
- Use Version Control (e.g., Git) for playbooks.
This guide ensures **secure**, **scalable**, and **efficient** automation for AWS and Cisco environments using **Ansible**.