Using Ansible Playbooks with Cisco VIRL

From Building Network Automation Solutions

Building Network Automation Solutions
6 week advanced interactive online course Button-click-here.png
Course starting in
September 2017

At a Glance

  • High-intensity interactive online course;
  • Jump-start your network automation career;
  • Hands-on experience working on a solution to your own problem;
  • 6 week course spread across ~2 months;
  • Live discussion and guest speaker sessions;
  • Design and coding assignments and group work;
  • Final course completion certificate.

Cisco VIRL is one of the easiest environments to set up if you wish to test your Ansible playbooks with Cisco IOS, NX-OS or IOS-XR devices. This document describes how you can control devices within VIRL with Ansible running either on the host computer or in a separate VM.

Revision history

  • Added troubleshooting guidelines (January 23rd 2017)
  • More detailed management network instructions (January 23rd 2017)
  • Enable VM NIC promiscuous mode on Linux (January 23rd 2017)
  • Enable VM NIC promiscuous mode on VMware Fusion Pro (January 18th 2017)

Accessing virtual devices within VIRL

To make devices running within VIRL accessible to an external client (for example, Ansible running on your host or in another VM) you have to:

  • Connect the virtual devices to a VIRL network connected to one of the VIRL VM NICs. We'll use the flat network connected to the second virtual Ethernet interface and vmnet1 or vmnet2 VMware network (assuming you followed VIRL installation instructions).
As of January 2017 VIRL via VMware Workstation installation instructions use vmnet1 for the flat external network with subnet 172.16.1.0/24 and VIRL via VMware Fusion instructions use vmnet2 for the same network/VM NIC
  • Assign static IP addresses to virtual devices. This step is optional but highly recommended.

You can use at least two methods to connect virtual devices running within VIRL with the flat network:

  • Create a flat network elements in your topology (one per device) and connect your devices to them:

VIRL Explicit Flat.png

  • Use the flat network as VIRL management network.

The rest of this document describes the second approach.

Use the flat network as VIRL management network

This procedure works with VIRL version 1.2. If you’re using an older version of VIRL, connect every managed device to an external flat network element.

VIRL uses a dedicated management interface on every device run within VIRL to access them from within VIRL OpenStack environment. The management interface is used to upload initial configuration to the device and to access device via SSH from the VM Maestro GUI.

The management subnet is usually available only within the VIRL VM. To link it to an external virtual Ethernet interface, edit project properties (click on empty part of the canvas in design view) and select Shared Flat Network as management network in the project properties.

Shared flat management network

If you’ve followed Cisco VIRL installation instructions to set up the hypervisor virtual networking environment and VIRL VM interfaces, the flat network is tied to vmnet1 (in VMware Workstation) or vmnet2 (in VMware Fusion) interface and has IP subnet 172.16.1.0/24.

Assign static management IP addresses to virtual devices

Management IP addresses of devices running with VIRL are usually assigned by VIRL at the simulation start time. To specify static IP addresses for VIRL devices use the management interface static IP address property at the bottom of Node properties (click on a node within the design view to access them).

Set a static management IP address for a device

After starting the VIRL simulation you can access VIRL devices directly from outside the VIRL VM by connecting to management IP addresses specified in VIRL topology via Telnet or SSH.

Depending on your virtualization environment you might have to allow the VIRL VM to set the vmnet interfaces into promiscuous mode, or disable the promiscuous mode authentication. See Installing VIRL in VMware Fusion Pro if you're running VIRL on OSX or Using Virtual Ethernet Adapters in Promiscuous Mode on a Linux Host if you're running VMware Workstation on Linux. Also note that you might have to modify /etc/init.d/vmware script on Linux to make changes persistent across reboots.

Build initial configurations

New devices added to a VIRL topology have no initial configuration. If you start such a topology you won't be able to connect to the virtual devices - even though each of them has a static management IP address assigned by VIRL the management interface is not configured within the device.

While it's possible to open a console session to individual devices that lack configuration and configure them manually I'd strongly recommend using Build Initial Configurations VIRL function.

Unless you want VIRL to build a fully-functional network running IGP and/or BGP disable most AutoNetKit elements in the project and node properties

Using VIRL with Ansible Playbooks

To test your Ansible playbooks with devices running with VIRL follow these steps:

  • Install Ansible on the machine hosting the VIRL VM or in a separate VM connected to the same vmnet interface as the VIRL flat network (or corresponding port group if you’re using ESX environment);
  • Create Ansible inventory file using IP addresses specified in the VIRL topology. You might want to set the ansible_host variable for each host in the inventory file as the VIRL device names might not be resolvable via your /etc/hosts file or DNS. A sample inventory file is shown below:
E1         ansible_host=172.16.1.110
E2         ansible_host=172.16.1.111
PE1        ansible_host=172.16.1.112
E3         ansible_host=172.16.1.120
E4         ansible_host=172.16.1.121
PE2        ansible_host=172.16.1.122

Troubleshooting

This section provides the basic troubleshooting steps you could take; it's not meant to be an exhaustive External Connectivity with Cisco VIRL troubleshooting guide.

Are you using the external flat network as your management network?

Check the IP address of the VIRL simulation jumphost (displayed in the Simulations tab of Simulation view). If the External Address IP address is not in the 172.16.1.0/24 subnet you probably haven't configured the flat network as the simulation management network.

Simulation jumphost IP address

Can you ping the jumphost from you workstation?

If you followed Cisco VIRL installation instructions then the VIRL flat external network is connected to the VIRL VM network adapter #2 which is connected to vmnet2 virtual network which has IP subnet 172.16.1.0/24. Under these conditions you should be able to ping the jumphost IP address from your virtualization host (the workstation running VMware Workstation or Fusion).

If that doesn't work re-check your VIRL installation process (also note that you might have problems with promiscuous mode settings on VM NIC).

Can you ping the jumphost from your Ansible VM?

If you can ping the jumphost from your workstation but not from the Ansible VM check how your Ansible VM reaches the 172.16.1.0/24 subnet. Ideally it would have an interface in that subnet (a VM NIC connected to vmnet1 or vmnet2). If you're using Vagrant to start the Ansible VM:

  • Use this file as your initial Vagrantfile;
  • Make sure you start the Ansible VM using Vagrant provider plugin matching the environment in which you run VIRL (you cannot start Ansible VM with VirtualBox if you're using VMware Workstation or Fusion to run VIRL).

Can you ping individual devices from your Ansible VM?

If you can ping the jumphost but not individual virtual devices it's highly likely that you forgot to build the initial configurations for the virtual devices leaving them unconfigured. Log into the devices via a console session and check their configurations.

You can also check VIRL external connectivity using the Connectivity tab in VIRL User Workspace Management - you should see all your virtual devices (and their management IP and MAC addresses) connected to flat network:

VIRL outside connections