Blog/Blog

Getting Started with Network Automation: NetBox + Ansible

|
5 min
Authors
Eric Goebelbecker
Getting Started with Network Automation: NetBox + Ansible
Key links
Share

When you combine NetBox and Ansible, your network management is more efficient, reliable, and scalable. These tools work together to provide you with a cohesive solution for inventory management and network automation.

Here are some key reasons why you will benefit from using NetBox and Ansible together:

As the centralized platform for documenting and organizing your network infrastructure, NetBox is your single source of truth. Integrating it with Ansible means no more transposing data; it’s part of your automation. This streamlines your automation and improves your scalability by integrating a dynamic inventory into your tools while helping keep your configuration stay up to date and consistent.

With this integration, your network engineers can automate repetitive tasks, such as deploying standard configurations, updating firmware, or running compliance checks, by simply writing Ansible playbooks.

In this blog post, you’ll see how easy it is to integrate NetBox with Ansible. We’ll set up a NetBox instance as a dynamic inventory for Ansible, add a host, and then demonstrate a playbook to take advantage of the integrated inventory.

Image3

Integrating NetBox and Ansible

For this tutorial I’ll be providing examples and screenshots from Linux. The configuration and commands will also work with macOS and WSL on Windows.

Starting NetBox

Running NetBox as a docker container is a great way to spin up an instance quickly, especially for testing purposes. NetBox requires several programs to work together, each needing its own Docker container. So, the easiest way to run it is with Docker Compose. The NetBox community provides a working configuration in a GitHub repository. Clone this repo and follow the README to get a local NetBox instance running.

The basic steps look like this:

Then, add the admin user from the command line.

NetBox Configuration

Point a browser at your server and login with the Superuser you added. You’ll see an empty inventory screen:

Image4

Before you integrate Ansible with NetBox, you’ll want to add at least one system in your inventory. But first, devices must be added to sites, and require a device role and device type. So, let’s start by adding these entities to NetBox.

First, navigate to Organization and add a site:

Next, under Devices, add a manufacturer.

Now that you have a manufacturer, you can use it to create a Device Type:

Next, you need a Device Role. You’re going to use this role later, so make it easy to type, with underscores (_) instead of dashes in the Slug field.

Add a Platform

Finally, you’ll need a Platform to pass extra information to Ansible. Create one named Cisco with a slug that contains ios.

Add a Device to NetBox

Now, with the scaffolding created, you can add a device from the Devices menu. Be sure to add a device that you’ll be able to manage via Ansible. In this case, its a router named sandbox-iosxr-1.cisco.com. This router is part of Cisco DevNet Sandbox. Be sure to add the Platform you created above.

Install Ansible and NetBox Libraries

Next, create a new directory, create a Python virtual environment, and activate it:

Upgrade pip, and install the Python library for NetBox.

Now install ansible, netaddr, ansible-pylibssh, and pytz.

Install the Ansible Galaxy collection for NetBox.

You’ll also need the ansible collection to manage your device.

NetBox API Key

Ansible needs a token to use the NetBox API. Select API Tokens from the user menu.

Select Add a Token from the API Tokens screen.

Fill out the form, leaving the Key and Allowed IPs blank. In a production environment, you would want to limit the addresses that can use this token.

Click Create, and you have a token.

You will use the key in the next step.

Add NetBox to Ansible Inventory

Now it’s time to get Ansible and NetBox working together. Set environment variables for your API token and the URL for your NetBox instance.

Now, it’s finally time to add NetBox to your Ansible inventory. Create a file named netbox_inventory.yml.

This tells Ansible to use the NetBox API to retrieve your inventory. Try it with ansible-inventory -i netbox_inventory.yml –list

Ansible and NetBox are integrated. If you don’t want to pass the inventory file in for each command, you can create a config file and make it the default. Create an empty config file in your working directory. Ansible will use it for the command you run from here.

Then, open it in an editor and find the inventory setting:

Override it with the complete path to your netbox_inventory.yml and uncomment the line:

Now, when you run ansible-inventory –list you see your NetBox inventory.

Automating Network Operations

Add Custom Variables to Inventory

Before you can use Ansible to manage the router, you need to tell it that it’s running Cisco ios. You’ll use the Platform. Update netbox_inventory.yml with two new lines at the end.

The compose field will map each hosts Platform slug to a variable named ansible_network_os. Ansible will pick this up and use it.

Ansible Playbook

Let’s finish with a simple playbook to backup the configuration on sandbox-iosxr-1.cisco.com.

Here’s the playbook:

It will create a backups directory if needed, and save the running configuration there.

Since we don’t want to install keys on a public router, run this playbook with the -u and -k options for ssh authentication.

Take a look in the backups directory:

You were able to manage a host based on its name and platform in NetBox.

Wrap Up

In this post, you built a NetBox server using Docker Compose. Then you added a host to it and integrated Ansible for automated management. From there, you were able to manage that host using its group entries in a dynamic inventory sourced from NetBox.

This is only the beginning of what you can do with NetBox and Ansible. Ansible has access to all your device information in NetBox, and can use it to generate configurations, validate host information, build reports, and more.

Want to see more?

Eric Goebelbecker has worked in the financial markets in New York City for 25 years, developing infrastructure for market data and financial information exchange (FIX) protocol networks. He loves to talk about what makes teams effective (or not so effective!).