A little more Ansible


There is a way to run playbook locally on the PC (generating some files, scripts or configs) using templates.

Let’s say there is a template file (switch_template.j2):

hostname {{ item.hostname }}
interface loopback 0
ip address {{ item.loopback }}
router eigrp 100

As a result of this playbook, 2 files will be generated: R1.txt and R2.txt


Using when to run a task or show results with a condition:

when could be added also into the ios_config or ios_command section, so it will be applied for only specific devices.

Use case: if you have a function of the device in the hostname (like DSW – distribution switches, ASW – access switches or SPINE and LEAF) you can you use when: “‘ASW” in output.stdout[0]” and run commands or change something on all ASW IOS switches without creating a new group for ASW.

Ansible Vault

Host files, variables and playbooks could have sensitive information stored in clear text. We can use ansible-vault to encrypt files: playbooks, hosts etc.

ansible-vault decrypt <filename>

We have a clear text playbook file: “vault_playbook.yml

Check how to encrypt it and work with encrypted file ===========>>>>>

Use ansible-vault encrypt <filename> and enter the password to encrypt the file:

To edit/view encrypted file: ansible-vault edit/view <encrypted file>

There are 2 ways to execute encrypted playbook

1. Using prompt and enter the password: ansible-playbook –vault-id @prompt <filename>

2. Using the password from the file vault-id

To decrypt the file: ansible-vault decrypt <filename>