- 06 Apr 2024
-
DarkLight
-
PDF
IAG 2023.1+ Execution Flow by Role Type
- Updated on 06 Apr 2024
-
DarkLight
-
PDF
Below are the different Ansible role templates provided within an IAG release. Users can modify the templates to support a variety of devices within an Ansible inventory.
Role Execution Paths
Depending on the inventory variables present for a device within the IAG Ansible inventory, an Itential role will take one of three different execution paths. The role execution paths are categorized as follows:
- Fully Integrated
- Netmiko Customized Templates
- Ansible Customized Templates
Fully Integrated
The Fully Integrated execution path includes a set of Ansible roles provided by IAG that are utilized for device types found in an internal “integrated device” table. The roles use well known Ansible modules supported by the Ansible community to retrieve operational state data from devices as well as retrieve and set the device configuration. A list of fully integrated devices can be found on this IAP Compatibility page. Users do not need to make any modifications in order to get the functionality provided by the Fully Integrated roles.
Executing a role against a fully integrated device enables users to utilize the full suite of Automation Gateway and Automation Platform features, such as Configuration Manager, Golden Configuration, and Command Templates.
Requirements
The device must be explicitly in the IAG list of integrated devices, and you can successfully connect to the device using Ansible connection parameters.
Important Variables
The ansible_network_os
variable must match a valid Ansible OS type, and it must be in the list of integrated devices, such as "ios" for Cisco IOS.
{
"name": "Example_IOS",
"ansible_host": "ios.example.com",
"ansible_connection": "network_cli",
"ansible_network_os": "ios",
"ansible_user": "username",
"ansible_password": "password",
"ansible_become": true,
"ansible_become_password": "password"
}
Netmiko Customized Templates
IAG provides a set of Ansible role templates that use the Netmiko library to connect and communicate with devices. The templates can be customized by users in order to communicate with devices that do not fall under the Fully Integrated category. This is only an option for devices which have prebuilt support from the Netmiko library. The list of devices supported by Netmiko is very large, however it has its own caveats and levels of support from that library. See Netmiko Platforms for additional information regarding the device_type
variable and options.
Executing a role that has been properly customized to use the Netmiko library enables users to utilize the majority of Automation Gateway and Automation Platform features, such as Configuration Manager, Golden Configuration, and Command Templates.
It is assumed the user will most likely have to make a variety of changes to the files within the template in order to get Netmiko to successfully connect to the device and operate against the device exactly as expected. The templates are provided as a reasonable starting point and with the expectation that if Netmiko has a device_type
for your device, you can easily enable connectivity and test the available functionality, such as sending commands and updating the configuration.
Requirements
The device is not in the IAG list of integrated devices, and you can successfully connect to the device using Netmiko connection parameters.
Directory Path
The templates for the Ansible roles that use the Netmiko library can be found in the IAG release package at the following directory path:
automation_gateway/integrations/extensible_device_roles/ansible_netmiko
The roles should be copied to a new directory on the IAG server before they are modified in order to avoid being overwritten upon the next upgrade of IAG.
# ls
itential_netmiko_cli itential_netmiko_get_config itential_netmiko_get_state itential_netmiko_load_config itential_netmiko_set_config
# cp -R * /new/path/to/custom/ansible_netmiko
The names of the roles (i.e.,itential_netmiko_cli
, itential_netmiko_get_config
, etc.) should not be modified. The main Itential roles (i.e., itential_cli
, itential_get_config
, etc.) are written to search for those explicit names at execution time.
The templates contain the minimum directory structure required for an Ansible role. Users can modify the files in the template, including adding other directories, as they see fit in order to support their devices.
Configuration
In order for the itential_netmiko_*
roles to be found at execution time, the directory path where they were saved to needs to be configured using the Automation Gateway UI. After logging into the IAG, go to the Configuration → Ansible tab, add the full directory path to the Extended Device Role Path parameter, and save the configuration.
Execution
The main Itential roles (i.e., itential_cli
, itential_get_config
, etc.) are used as an entry point to execute the Ansible roles using the Netmiko library (i.e., itential_netmiko_cli
, itential_netmiko_get_config
, etc.). The Itential roles decide which code path to execute based on the presence and contents of different Ansible inventory variables. Below is the criteria that will cause the Netmiko Customized Template roles to be executed along with some example devices with variables that will match the criteria.
Important Variables
-
The
ansible_network_os
variable must not match the name of a fully integrated device and should generally be omitted to avoid confusion and ensure the correct execution path is followed. -
A local connection type is required; therefore
ansible_connection
must be set to local. -
Either
provider.device_type
ornetmiko_device_type
must be a valid netmiko device_type.
Example Host (Explicit Usage)
The following example host shows an explicit set of Netmiko-related variables nested under the provider object so that it is very clear that this host is meant to be used only with the Netmiko roles.
{
"name": "Example_IOS",
"variables": {
"**********REQUIRED VARIABLES**********": "",
"ansible_connection": "local",
"provider": {
"host": "ios.example.com",
"device_type": "cisco_ios",
"username": "username",
"password": "password"
},
"**********END REQUIRED VARIABLES**********": "",
"**********OPTIONAL VARIABLES**********": "",
"end_command": "end",
"save_command": "commit apply",
"get_config_command": "show run",
"get_state_command": "show version",
"**********END OPTIONAL VARIABLES**********": ""
}
}
Example Host (Implicit Usage)
The following example host shows an implicit set of Netmiko-related variables which are declared outside of the provider object. This method allows the user to use mostly Ansible variables, which are converted into the provider object within the role template, along with the addition of netmiko_device_type
so that it is correctly routed to the Netmiko roles.
{
"name": "Example_IOS",
"variables": {
"**********REQUIRED VARIABLES**********": "",
"ansible_connection": "local",
"ansible_host": "ios.example.com",
"ansible_user": "username",
"ansible_password": "password",
"netmiko_device_type": "cisco_ios",
"**********END REQUIRED VARIABLES**********": "",
"**********OPTIONAL VARIABLES**********": "",
"ansible_port": 22,
"end_command": "end",
"save_command": "commit apply",
"get_config_command": "show run",
"get_state_command": "show version",
"**********END OPTIONAL VARIABLES**********": ""
}
}
Ansible Customized Templates
Automation Gateway provides a set of Ansible role templates that can be customized by users to use their Ansible modules of choice to connect and communicate with devices. The templates are available for use with devices that do not fall under the fully integrated list and cannot be configured to work with the Netmiko library.
Executing a role that has been properly customized enables users to utilize the majority of Automation Gateway and Automation Platform features, such as Configuration Manager, Golden Configuration, and Command Templates.
It is assumed the user will have to make a variety of changes to the files within the template in order to successfully connect to the device and operate against the device exactly as expected. The templates are provided as a reasonable starting point and are an example implementation of adding support for a Cisco IOS device.
Requirements
-
The device in question cannot be executed against the Fully Integrated or Netmiko Customized roles.
-
The
ansible_network_os
variable must not be in the list of integrated device types and should instead be a made-up value that matches the custom role you created (see the templates for additional information).
Directory Path
The Ansible Customized Template roles can be found in the IAG release package at the directory path:
automation_gateway/integrations/extensible_device_roles/ansible_custom
.
The roles should be copied to a new directory on the IAG server before they are modified in order to avoid being overwritten upon the next upgrade of IAG.
# ls
iag_cli iag_get_config iag_get_state iag_load_config iag_set_config
# cp -R * /new/path/to/custom/ansible_custom
The names of the roles (i.e., iag_cli
, iag_get_config
, etc.) should not be modified. The main Itential roles (i.e., itential_cli
, itential_get_config
, etc.) are written to search for those explicit names at execution time.
The templates contain the minimum directory structure required for an Ansible role. Users can modify the files in the template, including adding other directories, as they see fit in order to support their devices.
Configuration
In order for the iag_*
roles to be found at execution time, the directory path that they were saved to needs to be configured using the IAG UI. After logging into the UI, traverse to the Configuration → Ansible tab, add the full directory path to the Extended Device Role Path parameter, and save the configuration.
Execution
The main Itential roles (i.e., itential_cli
, itential_get_config
, etc.) are used as an entry point to execute the Ansible customized roles (i.e., iag_cli
, iag_get_config
, etc.). The Itential roles decide which code path to execute based on the presence and contents of different Ansible inventory variables. Below is the criteria that will cause the Ansible Customized Template roles to be executed along with an example device with variables that will match the criteria.
Important Variables
- The
ansible_network_os
variable must not match the name of a fully integrated device and the variablesnetmiko_device_type
andprovider.device_type
must not be present.
Example Host
The following example host shows a set of Ansible Custom variables.
{
"name": "Example_IOS",
"ansible_host": "ios.example.com",
"ansible_connection": "network_cli",
"ansible_network_os": "custom_unsupported_ios",
"...any other custom variables for your custom role...": "..."
}