Due to the complexity and wide variety of technologies, there are no one-size-fits-all tools in the information technology space. This is common for automation software as well but fortunately, Ansible can be used for most of your IT automation use cases because of the large community support and contributions from the vendors who provide these services, such as cloud platforms, network appliances, and software platforms.

When we talk about basic system automation, we know how easy it is to automate Linux machines using Ansible. However, we can do the same for Microsoft Windows machines as well. There are community collections and certified Content Collection for managing Microsoft Windows operations, such as user management, firewall, system management, package management, and registry configurations.

Similarly, we have thousands of modules available via different collections for managing network devices such as Cisco, FortiGate...

The following are the technical requirements for this chapter:

• A Linux machine for the Ansible control node
• One or more Linux machines as managed nodes with Red Hat repositories configured (if you are using non-RHEL machines, then make sure you have the appropriate repositories configured to get packages and updates)
• One or more Microsoft Windows machines (we used a Windows 2019 server)
• One or more network devices/virtual appliances (for practicing this chapter’s network automation use case)
• Basic administrative knowledge of Microsoft Windows machines, including user creation and package management
• Basic administrative knowledge of network devices, including IP configuration and access configuration

All the Ansible code, playbooks, commands, and snippets for this chapter can be found in this book’s GitHub repository at https://github.com/PacktPublishing/Ansible-for-Real-life-Automation/tree/main/Chapter-06.

By default, Ansible communicates with the remote machine using the SSH protocol (native OpenSSH), as you learned previously in this book. For remote nodes, which do not have SSH server options, it is possible to use other connection methods such as WinRM for Microsoft Windows remote machines or httpapi for API-based remote devices (such as Cisco NXAPI and Arista eAPI).

The following diagram shows the different connection methods used by Ansible for automating different devices and platforms:

Figure 6.1 – Connection methods used by Ansible

You can find the available Ansible connection plugins by using the ansible-doc command, as follows:

Figure 6.2 – Ansible connection plugins

Ansible Inventory and Connection Parameters

Refer to https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#connecting-to-hosts-behavioral-inventory-parameters for specific connection parameters...

As I mentioned earlier, Ansible is only available for Linux/Unix platforms, but that doesn’t mean you can’t use Ansible to automate Microsoft Windows machines. It is possible to use Ansible on a Linux/Unix machine (the Ansible control node) and automate your Microsoft Windows machines like so:

Figure 6.6 – Ansible and managed nodes

Multiple Ansible Content Collections can be used for Microsoft Windows automation. Altogether, there are more than 100 Ansible modules available for automating Microsoft Windows tasks:

• Ansible modules for Microsoft Windows from the community (https://galaxy.ansible.com/community/windows) contains 84 modules.
• The Ansible Windows module from Red Hat (https://galaxy.ansible.com/ansible/windows) contains 40 modules.

In the next few sections, you will learn more about Ansible Windows automation, such as the supported Microsoft Windows versions,...

Network automation using Ansible is based on different connection methods. There are some differences between Ansible network automation compared to Linux/Unix and Microsoft Windows automation. Also, note that Ansible can be used to automate the existing network automation tools such as Cisco ACI using the available Cisco ACI modules (https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html).

Task execution on an Ansible control node

Previously, you learned that Ansible is built on top of Python, so a remote node must be installed with Python to execute the automation tasks (Microsoft Windows modules are written in PowerShell and a winrm connection must be set to use PowerShell modules). Unlike Linux/Microsoft Windows nodes, many network devices do not have Python and cannot run Python scripts. Hence, the network automation modules are processed and executed in the Ansible control node; all actual commands will be executed on the...

This is an optional exercise for you to become familiar with network automation using Ansible. We assume that you have the basic knowledge to install and configure the VyOS appliance inside a virtual machine with your choice of virtualization platform.

Download the VyOS image from https://support.vyos.io/en/downloads and install it as a virtual appliance (refer to the VyOS documentation at https://support.vyos.io/en/kb more for details).

VyOS Network Operating System

VyOs is an open source network operating system based on Debian Linux. VyOS provides most networking functionalities, such as routing, Virtual Private Networks (VPNs), firewalls, Network Address Translation (NAT), and so on. Refer to https://vyos.io for more details.

In the following exercise, you will create a simple Ansible playbook to collect the operating system information from a VyOS device (or virtual appliance):

1. Add the VyOS virtual machine details to...

Cisco ASA is a security device with the capabilities of firewall, antivirus, intrusion prevention, and VPN. Refer to https://www.cisco.com/c/en/us/products/security/adaptive-security-appliance-asa-software/index.html to learn more about Cisco ASA.

The Cisco ASA collection (https://galaxy.ansible.com/cisco/asa) provides modules and plugins to automate Cisco ASA operations. In this section, you will learn how to use Cisco ASA modules to create ACL entries in a Cisco ASA device.

The first task is to install the Cisco ASA collection using the ansible-galaxy command, as follows:

$ ansible-galaxy collection install cisco.asa

Like you have configured the VyOS connection variables, you need to configure the Cisco ASA device connection variables, as follows:

Figure 6.23 – Cisco ASA inventory variables

As usual, remember to encrypt the password using Ansible Vault (or a credential in Ansible Automation Controller...

In this chapter, you learned about different remote connection methods and connection variables available in Ansible. After that, you explored Microsoft Windows automation using Ansible. You learned how to connect to a Microsoft Windows machine from Ansible and create a new user account using an Ansible playbook.

You also learned the difference in network automation between Linux and Windows. You explored simple network automation using a VyOS appliance and collected system information using a fact-gathering playbook.

Finally, you learned how to use a Cisco ASA collection and implemented a use case for creating an ACL entry in a Cisco ASA device.

In the next chapter, you will learn how to use Ansible to automate your virtualization and cloud platforms, such as VMware, AWS, and Google Cloud Platform.

To learn more about the topics that were covered in this chapter, take a look at the following resources:

• Cisco ACI Guide: https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html
• Self-paced interactive hands-on labs with Ansible Automation Platform: https://www.redhat.com/en/engage/redhat-ansible-automation-202108061218
• Network Automation with Ansible: https://www.ansible.com/integrations/networks
• Ansible Network Automation Workshop: https://aap2.demoredhat.com/exercises/ansible_network/