Modernize your IT infrastructure and simplify deployment with Lumos.

Demystifying Ansible for ACI: Part 2

May 19, 2020 in Training Tips

So, let’s say you’ve read Part 1 of our series and said to yourself, “signature-based authentication is too much. I don’t want to use that for ____.” Whatever your project is, it’s no problem. Using password-based authentication is fine.

We’re not going to discuss the differences in security. That’s not why we’re here. Instead, we’re focusing on operability. For small Cisco ACI ansible playbooks with just a couple of tasks, sending a user/pass auth might be perfectly acceptable.

After you’ve set up your hosts/inventory/vars but before you set up your tasks: module, you’ll want to invoke the vars prompt: module. The name attribute of each prompt is the variable name that you can reference in other tasks. The user inputted data will be its value. By entering a valid APIC username for “user,” and password for “pass,” we can leverage our credentials in memory as a variable.

By using the private: yes option, these variables won’t be logged or shown in verbose output. That means our username and password should be relatively safe. Under the tasks: section, I have a task that uses the ansible ACI rest module to push some json data. You’ll see how I call up our username and password for use within this task.

Practical Ansible ACI Examples

The best way to figure this stuff out is to check out some practical examples that you can incorporate into your Cisco ACI ansible playbook. Let’s dive right in, shall we?

  • #Basic play setup
    
    - hosts: apic
    
      any_errors_fatal: true
    
    
    
    #Start of vars_prompt
    
      vars_prompt:</span>
    
    
    
    #The data entered from this prompt will become the username and referenced as "{{ user }}"
    
    #Prompt is what will be displayed to the user
    
    - name: "user"
    
    prompt: "Enter your APIC Username"
    
    private: yes
    
    
    
    #The data entered from this prompt will become the password and referenced as "{{ pass }}"
    
    #Prompt is what will be displayed to the user
    
    - name: "pass"
    
    prompt: "Enter your APIC Password"
    
    private: yes
    
    
    
    #Start of tasks
    
      tasks:
    
    
    
    
    
    #First tasks is an aci_rest module task.  The options username and password for this task have their values supplied from the variables "{{ user }}", and "{{ pass }}", as defined from vars_prompt.
    
      - name: Add Interface Selector
    
    aci_rest:
    
    host: "{{ inventory_hostname }}"
    
    username: "{{ user }}"
    
    password: "{{ pass }}"
    
    use_ssl: yes
    
    validate_certs: false
    
    path: /api/mo/uni.json
    
    method: post
    
    content: {
    
                    "infraAccPortP": {
    
                      "attributes": {
    
                    BLAHBLAHBLAH,
    
                        MORE JSON,
    
                        MORE JSON,
    
                        BLAHBLAHBLAH
    
                  }
    
                 }
    
                }
    

Learn More

Hopefully, these ansible aci examples will have helped you understand Ansible’s open-source software a little bit better. However, if you still have questions about Ansible for ACI or how you can improve your cisco aci ansible playbook, feel free to reach out. We’ll be happy to help you in any way that we can. Check back soon for similar posts on this topic!