Breaking up an ansible playbook with tasks, variables, configuration templates and other supporting files is called a role. A role can be used independently, but have to be used within playbook. It has its own directory structure. Roles in ansible are very robust and you can re-use it once created. In this tutorial I’ll show you how to create a role from scratch. I ll use the below sample topology for this tutorial. (All files used in this lab can be found here)
Some basic ansible knowledge is mandatory for this lab. If you are new to Ansible then its better to check my other article “Ansible for Beginners: Introduction and Installation“, “Ansible for Beginners: Playbook” and “Ansible for Beginners: Manage cisco router with ansible playbook”
Let’s assume our project directory name is “ansible_role_lab”, you can choose any other name you like. Inside that directory, we will create our role.
Create the role skeleton:
Go to our project directory and create a directory called roles. Inside that roles directory type the below command to create our role name router_configuration
ansible-galaxy init router_configuration
Shortly you will see a message like below:
- router_configuration was created successfully
The skeleton of our role is created and it should be like below:
. ├── README.md ├── defaults │ └── main.yml ├── files ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml ├── templates ├── tests │ ├── inventory │ └── test.yml └── vars └── main.yml 8 directories, 8 files
Role skeleton:
The skeleton is ready which is built with some directory and some .yml files. For making this lab simple, we will use only tasks, templates and vars directories and the files inside those directories. Lets see what are those directories and the files used for:
tasks: This directory contains a file name main.yml. The tasks used in playbook will now be placed under this main.yml file.
template: A jinja2 template file with an extension of .j2 will be placed here. Jinja2 is a web template engine for python programming language. This file will be our configuration template. We will see how to create a .j2 file shortly.
vars: This directory contains a file name main.yml. We can declare variables inside this file which will be used by the jinja2 template file.
The vars directory:
We will start from the vars directory. Open vars/main.yml file and type the below text:
router_vars: interface_name: "FastEthernet0/1" descrip: "SOUTH-CUSTOMER" IP4_ADDR: "10.10.20.0/29" IP6_ADDR: "2001:db8:2001::0/64"
Here we declare four variables called interface_name, descrip, IP4_ADDR, IP6_ADDR. We will use these variables in our jinja2 template file.
The templates directory:
Lets create a .j2 file inside the template directory (which is currently empty) name router_interface.j2 and paste the below text.
interface {{ item.interface_name }}
description {{ item.descrip }}
ip address {{ item.IP4_ADDR | ipaddr('2') | ipaddr('address') }} {{ item.IP4_ADDR | ipv4('netmask') }}
ipv6 address {{ item.IP6_ADDR | ipaddr('net') | ipaddr('9') }}
no shutdown
Take a close look at this file and notice how I use those four variables in this file. In jinja2 you can access variables with opening and closing curly braces. ipaddr() is a jinja2 filter designed to calculate ip related things like valid ip address, subnet mask etc. it works with both ipv4 and ipv6 addresses. For more information regarding ipaddr() you can check this link.
The tasks directory:
Open tasks/main.yml file and type the below text:
- name: CONFIGURING ROUTER INTERFACE
ios_config:
src: templates/router_interface.j2
authorize: yes
with_items:
- "{{ router_vars }}"
Check the “src: templates/router_interface.j2” line. Here we are telling ansible to use the template “router_interface.j2” file inside the templates directory. And when ansible start using that template file, it will search for the variables value used inside that template which can be found inside the vars/main.yml file under the list name router_vars.
The playbook
Role setup is done. Let’s create the playbook. Go back to our project directory “ansible_role_lab”. Create a file called playbook.yml. You can choose any other name for your playbook. Type the below text in your playbook.yml file:
--- - name: PLAY START hosts: router_a connection: network_cli gather_facts: no vars: ansible_python_interpreter: /usr/bin/python roles: - router_configuration
Note how roles are mentioned in the playbook. You can call more than one role here one after another. We need an inventory file to run the playbook. Let’s create the inventory now:
The inventory
Create a directory called “inventory” in our project directory. Inside that directory create a file called hosts and type the below text:
[IOS] router_a ansible_host=YOUR_ROUTER_IP_ADDRESS [IOS:vars] ansible_network_os=ios ansible_ssh_user=YOUR_ROUTER_USERNAME ansible_ssh_pass=SSH_PASSWORD ansible_become=yes ansible_become_method=enable ansible_become_password=ROUTER_SECRET_PASS
(For simplicity, i used the plain text password here, but for production environment ansible vault should be used for encrypting the password)
Final run
It’s time to run our ansible playbook with a role. Type the below command in your terminal to run the playbook
ansible-playbook -i inventory playbook.yml
Summary
Now what’s the benefit of using a role where this work can be done with a simple playbook? Roles in ansible organized a playbook in variables, tasks, files, templates that are stored in a standardized file structure. If you want to run the configuration for a new setup just change the variable value inside the vars/main.yml file and run the playbook again. All your files remain unchanged and the chance of misconfiguration will be low. Once you create the role you can share it with others by uploading the role in https://galaxy.ansible.com/. It’s a great place for viewing and understanding roles. You can download roles from here and can also upload your own role.
Enjoy!
Thanks for reading the post. If you enjoyed the post, please share it with your network and let me know your thoughts in the comments.
About the Author: Imtiaz is working in a financial organization in Bangladesh and having experience in system, network and security administration. Feel free to contact with him on LinkedIn or Twitter.