Search⌘ K
AI Features
Home
Courses
Automate Your Network

Gathering Information

Explore how to gather network device information and logical topology using Ansible’s ios_facts and ios_command modules. Understand secure credential handling practices and repository management to build a foundation for network automation and documentation.

We'll cover the following...

Start gathering information

Gathering information about network devices and logical topology are the next steps to network automation. The Ansible/Cisco ios_facts module is used to gather platform information, while the ios_command module is used to run commands and gather output. These are foundational steps to build upon.

Sample enterprise network topology

The illustration below shows sample network topology typically used by enterprises:

This illustration shows the layers of the sample network:

Start automating the network

Before we start making changes to the repo, make sure to create a new branch.

  1. Create a new branch called campus_ios_facts.

  2. Perform a git pull to refresh the local repository.

  3. Change to the campus_ios_facts branch just created using git checkout.

Warning

Embedding passwords in plain text is never a good idea and is always a security concern. Therefore, it’s considered a bad practice and There are ways, specifically vaulting, to protect system account passwords that provide access to the network device CLI. For the sake of educating and being able to proceed without vaulting in this course, use this method for now. Vaulting also prompts for a password at run time, which may interfere with full automation.

The best option is to “hard-code” it into a fresh repository after vaulting passwords and secrets. Migrate all folders and files, without the git history, into a fresh repository without passwords being visible. To get started, either hard-code or prompt for credentials.

An alternative method is to prompt the user for credentials at run time. Hard-code the service account username and prompt for the password when the Ansible playbook is executed. This approach is secure, although it offers less flexibility for full automation, as a password is required at runtime. Ansible vars_prompt can be used to create interactive playbooks that prompt the user for username and password.

Be aware that as soon as Git commits the local changes, the password becomes visible in the clear as part of the branch. After a pull request is merged, the password becomes available in clear text as part of the master branch. This history cannot be deleted. It is part of the Git version control.

  1. Navigate to /group_vars/. A file called all.yml will hold the username and password with credentials that will allow Ansible to log into the devices.
YAML
---
ioscli:
  username: "ServiceAccount"
  password: "{{ Service Account Password}}"
  host: "{{ inventory_hostname }}"
  port: 22

  1. Save, commit, annotate, and push the change to the remote branch.

  2. Navigate to /playbooks/campus/tactical/. This will contain an Ansible playbook named ios_facts.yml. We can look at the repository structure in the next lesson.

Note: For page space and readability, the output path is simply going to be ./results for all output in the examples to follow. Replace this with the longer path pointing to the Documentation folder structure created earlier. For example, ../documentation/ios/recon_playbooks/ios_facts/.