Using Ansible Playbooks with Cisco VIRL
From Building Network Automation Solutions
At a Glance
- High-intensity interactive online course;
- Jump-start your network automation career;
- Hands-on experience working on a solution to your own problem;
- 6 week course spread across ~2 months;
- Live discussion and guest speaker sessions;
- Design and coding assignments and group work;
- Final course completion certificate.
Cisco VIRL is one of the easiest environments to set up if you wish to test your Ansible playbooks with Cisco IOS, NX-OS or IOS-XR devices. This document describes how you can control devices within VIRL with Ansible running either on the host computer or in a separate VM.
- 1 Revision history
- 2 Accessing virtual devices within VIRL
- 3 Using VIRL with Ansible Playbooks
- 4 Troubleshooting
- Added troubleshooting guidelines (January 23rd 2017)
- More detailed management network instructions (January 23rd 2017)
- Enable VM NIC promiscuous mode on Linux (January 23rd 2017)
- Enable VM NIC promiscuous mode on VMware Fusion Pro (January 18th 2017)
Accessing virtual devices within VIRL
To make devices running within VIRL accessible to an external client (for example, Ansible running on your host or in another VM) you have to:
- Connect the virtual devices to a VIRL network connected to one of the VIRL VM NICs. We'll use the flat network connected to the second virtual Ethernet interface and vmnet1 or vmnet2 VMware network (assuming you followed VIRL installation instructions).
- Assign static IP addresses to virtual devices. This step is optional but highly recommended.
You can use at least two methods to connect virtual devices running within VIRL with the flat network:
- Create a flat network elements in your topology (one per device) and connect your devices to them:
- Use the flat network as VIRL management network.
The rest of this document describes the second approach.
Use the flat network as VIRL management network
VIRL uses a dedicated management interface on every device run within VIRL to access them from within VIRL OpenStack environment. The management interface is used to upload initial configuration to the device and to access device via SSH from the VM Maestro GUI.
The management subnet is usually available only within the VIRL VM. To link it to an external virtual Ethernet interface, edit project properties (click on empty part of the canvas in design view) and select Shared Flat Network as management network in the project properties.
If you’ve followed Cisco VIRL installation instructions to set up the hypervisor virtual networking environment and VIRL VM interfaces, the flat network is tied to vmnet1 (in VMware Workstation) or vmnet2 (in VMware Fusion) interface and has IP subnet 172.16.1.0/24.
Assign static management IP addresses to virtual devices
Management IP addresses of devices running with VIRL are usually assigned by VIRL at the simulation start time. To specify static IP addresses for VIRL devices use the management interface static IP address property at the bottom of Node properties (click on a node within the design view to access them).
After starting the VIRL simulation you can access VIRL devices directly from outside the VIRL VM by connecting to management IP addresses specified in VIRL topology via Telnet or SSH.
Build initial configurations
New devices added to a VIRL topology have no initial configuration. If you start such a topology you won't be able to connect to the virtual devices - even though each of them has a static management IP address assigned by VIRL the management interface is not configured within the device.
While it's possible to open a console session to individual devices that lack configuration and configure them manually I'd strongly recommend using Build Initial Configurations VIRL function.
Using VIRL with Ansible Playbooks
To test your Ansible playbooks with devices running with VIRL follow these steps:
- Install Ansible on the machine hosting the VIRL VM or in a separate VM connected to the same vmnet interface as the VIRL flat network (or corresponding port group if you’re using ESX environment);
- Create Ansible inventory file using IP addresses specified in the VIRL topology. You might want to set the ansible_host variable for each host in the inventory file as the VIRL device names might not be resolvable via your /etc/hosts file or DNS. A sample inventory file is shown below:
E1 ansible_host=172.16.1.110 E2 ansible_host=172.16.1.111 PE1 ansible_host=172.16.1.112 E3 ansible_host=172.16.1.120 E4 ansible_host=172.16.1.121 PE2 ansible_host=172.16.1.122
This section provides the basic troubleshooting steps you could take; it's not meant to be an exhaustive External Connectivity with Cisco VIRL troubleshooting guide.
Are you using the external flat network as your management network?
Check the IP address of the VIRL simulation jumphost (displayed in the Simulations tab of Simulation view). If the External Address IP address is not in the 172.16.1.0/24 subnet you probably haven't configured the flat network as the simulation management network.
Can you ping the jumphost from you workstation?
If you followed Cisco VIRL installation instructions then the VIRL flat external network is connected to the VIRL VM network adapter #2 which is connected to vmnet2 virtual network which has IP subnet 172.16.1.0/24. Under these conditions you should be able to ping the jumphost IP address from your virtualization host (the workstation running VMware Workstation or Fusion).
If that doesn't work re-check your VIRL installation process (also note that you might have problems with promiscuous mode settings on VM NIC).
Can you ping the jumphost from your Ansible VM?
If you can ping the jumphost from your workstation but not from the Ansible VM check how your Ansible VM reaches the 172.16.1.0/24 subnet. Ideally it would have an interface in that subnet (a VM NIC connected to vmnet1 or vmnet2). If you're using Vagrant to start the Ansible VM:
- Use this file as your initial Vagrantfile;
- Make sure you start the Ansible VM using Vagrant provider plugin matching the environment in which you run VIRL (you cannot start Ansible VM with VirtualBox if you're using VMware Workstation or Fusion to run VIRL).
Can you ping individual devices from your Ansible VM?
If you can ping the jumphost but not individual virtual devices it's highly likely that you forgot to build the initial configurations for the virtual devices leaving them unconfigured. Log into the devices via a console session and check their configurations.
You can also check VIRL external connectivity using the Connectivity tab in VIRL User Workspace Management - you should see all your virtual devices (and their management IP and MAC addresses) connected to flat network: