Ansible NETCONF

Over the next several sections of the lab it will walk you through using different tools and libraries to work with YANG. These tools and libraries include Ansible, Python ncclient, and Python requests. For these sections, you will be using your existing fabric to onboard a new L2 VNI in your existing Tenant-1 overlay.

In this module, you are going to use Ansible to perform NETCONF YANG interactions with your Leaf switches to configure a VLAN to VNI mapping. Ansible has a few NETCONF based modules, netconf_config, netconf_get, and netconf_rpc along with a netconf plugin to interact with NETCONF enabled devices. For this module, you will leverage the netconf_config module to make configuration changes and the netconf_get module to verify the configuration changes.

Step 1 - Revisit NX-API Sandbox

Return to your NX-API Sandbox on your Leaf1 using the IP address below or if you still have the session open from earlier in the lab:

https://10.15.1.12

Login using your username and password:

• Username: admin
• Password: cisco.123

In the Sandbox, set the Method to RESTCONF (Yang) and the Message format to xml. Copy and paste the VLAN and VNI mapping below into the text field. Then, click Convert.

    
        vlan 16
        vn-segment 10016
    

It is important to notice that the Sandbox is a great way to learn and work in to convert the cli you know today into YANG XML configuration templates. As you will see in the subsequent steps below, you will be taking the converted output and using it within Ansible.

Step 2 - Verify Python ncclient Package

Return to your Terminal window and issue pip freeze | ncclient:

  
        cd /home/cisco/Documents/nxapilab/
        pip freeze | grep ncclient 
  

pip freeze | grep ncclient output:

    ncclient==0.6.15

ncclient is a Python library that can be leveraged for client-side scripting and application development for the NETCONF protocol. The ncclient package was automatically installed when pyats was installed earlier in the lab.

Step 3 - Create a New Ansible Role for NETCONF

Within your existing ansible-nxos directory, create a new role for the NETCONF tasks. First change to the 'roles' subdirectory and then create a new role.

  
    cd /home/cisco/Documents/nxapilab/ansible-nxos/roles
  

  
    ansible-galaxy init nc_vlan_vni
  

Step 4 - Create NETCONF YANG Configuration Template

Using the output from the Sandbox, create an XML configuration template file. You may notice the outer <config> elements and the <System> element. The <config> element is required by NETCONF for a configuration to be made. The <System> element includes the YANG model being used and was derived from the Sandbox as well, from the POST field.

Copy the data structure below into an XML file.

    
            touch /home/cisco/Documents/nxapilab/ansible-nxos/roles/nc_vlan_vni/files/vlan_vni.xml
            cat <<EOF >> /home/cisco/Documents/nxapilab/ansible-nxos/roles/nc_vlan_vni/files/vlan_vni.xml
            <config>
            <System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
                <bd-items>
                <bd-items>
                    <BD-list>
                    <fabEncap>vlan-16</fabEncap>
                    <accEncap>vxlan-10016</accEncap>
                    </BD-list>
                </bd-items>
                </bd-items>
            </System>
            </config>
            EOF
            

    

Step 5 - Create NETCONF YANG Filter Template

Ansible's netconf_config module also performs a get-config operation as part of a configuration comparison to make the module idempontent. Copy the data structure below into an XML file.

Note: The config element is absent from the filter as this is not used for a config operation.

    
            touch /home/cisco/Documents/nxapilab/ansible-nxos/roles/nc_vlan_vni/files/vlan_vni_filter.xml
            cat <<EOF >> /home/cisco/Documents/nxapilab/ansible-nxos/roles/nc_vlan_vni/files/vlan_vni_filter.xml
            <System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
                <bd-items>
                    <bd-items>
                    <BD-list>
                        <fabEncap>vlan-16</fabEncap>
                        <accEncap>vxlan-10016</accEncap>
                    </BD-list>
                    </bd-items>
                </bd-items>
            </System>
            EOF
            

    

Step 6 - Create Ansible NETCONF Tasks

Create the Ansible tasks using the netconf_config and netconf_get modules. The netconf_config module will be used to send the rpc from the XML template created in the step above and apply it to the running config. The netconf_get module will be used to display that the configuration was applied correctly using a filter to just return the VLANs and associated VNI mappings.

Copy the playbook YAML file.

    
            cat <<EOF >> /home/cisco/Documents/nxapilab/ansible-nxos/roles/nc_vlan_vni/tasks/main.yml
            
            - name: CONFIGURE NX VLAN VNI MAPPING USING NETCONF
              ansible.netcommon.netconf_config:
                datastore: running
                content: "{{ lookup('file', '/home/cisco/Documents/nxapilab/ansible-nxos/roles/nc_vlan_vni/files/vlan_vni.xml') }}"
                get_filter: "{{ lookup('file', '/home/cisco/Documents/nxapilab/ansible-nxos/roles/nc_vlan_vni/files/vlan_vni_filter.xml') }}"

            - name: SAVE CONFIGURATION
              ansible.netcommon.netconf_rpc:
                rpc: copy_running_config_src
                xmlns: "http://cisco.com/ns/yang/cisco-nx-os-device"
                content: |
                 <startup-config/>

            #- name: GET NX VLAN VNI MAPPING USING NETCONF
            #  netconf_get:
            #    display: xml
            #    source: running
            #    filter: <System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device"><bd-items><bd-items><BD-list><fabEncap></fabEncap><accEncap></accEncap></BD-list></bd-items></bd-items></System>
            #  register: output

            #- debug:
            #    msg: "{{ output.stdout_lines }}"

            EOF
            
            

    

Step 7 - Create a New Hosts File

Create a new host file with a group heading called nc_leafs (nc stands for netconf) that includes your leaf switches IP addresses. This group heading will be used with a new group_vars Ansible NETCONF connection file in the next step.

Copy the nc_host file.

    
            cat <<EOF >> /home/cisco/Documents/nxapilab/ansible-nxos/nc_hosts
            # hosts file for NETCONF Ansible playbook

            [nc_leafs]
            10.15.1.12
            10.15.1.13

            EOF
            

    

Step 8 - Create a NETCONF Connection Provider

Create a new Ansible connection file for NETCONF-based connections. This will use the Ansible netconf plugin.

Copy the connection YAML file.

    
        cat <<EOF >> /home/cisco/Documents/nxapilab/ansible-nxos/group_vars/nc_leafs.yml
        ---
        ansible_connection: ansible.netcommon.netconf
        ansible_network_os: cisco.nxos.nxos
        ansible_user: admin
        ansible_password: cisco.123

        EOF
        

    

Step 9 - Create a Main NETCONF Playbook

Create a new main playbook that associates the nc_leafs host grouping and the nc_vlan_vni role.

Copy the main playbook YAML file.

    
        cat <<EOF >> /home/cisco/Documents/nxapilab/ansible-nxos/nc_site.yml

        ---
        # main playbook

        - hosts: nc_leafs
          gather_facts: False
          roles:
          - role: nc_vlan_vni

        EOF
        

    

Step 10 - Execute the Ansible Playbook

Execute the Ansible playbook:

    
        cd /home/cisco/Documents/nxapilab/ansible-nxos
        ansible-playbook -i nc_hosts nc_site.yml
    

Alternatively, you can add -vvv for verbose debugging output for each task that is executed.

Upon successful execution of this playbook, a new VLAN and VNI mapping will be applied to your leaf switches. You can confirm this two ways:

1. The Ansible output will include the netconf_get showing the VLAN/VNI mappings or
2. you can login to the leaf switches and check the existing VLAN/VNI mappings.

    PLAY [nc_leafs] *************************************************************************************************************************************************************************

    TASK [nc_vlan_vni : CONFIGURE NX VLAN VNI MAPPING USING NETCONF] ****************************************************************************************************************************************
    changed: [10.15.1.12]
    changed: [10.15.1.13]
    
    TASK [nc_vlan_vni : SAVE CONFIGURATION] ****************************************************************************************************************************************
    ok: [10.15.1.12]
    ok: [10.15.1.13]

    PLAY RECAP **************************************************************************************************************************************************************************************
    10.15.1.12                 : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
    10.15.1.13                 : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

RESTCONF
ncclient