Ansible - Bootstrap EOS

Introduction

The following recipes will help you bootstrap Arista EOS switches for use with Ansible. Please review the Ansible-EOS documentation to determine your preferred connection type: SSH or eAPI.

Note

Please contact us if you are interested in dynamically adding your nodes to Ansible Tower. We have various examples that utilize the Tower API to add your node to a specific Tower inventory and/or group.

Bootstrap EOS for Ansible using SSH

Objective

I want to bootstrap an EOS node so that I can use Ansible to SSH to the node.

Solution

Note

Prior to EOS 4.14.5, eAPI must be configured with HTTPS or HTTP and a flash:eapi.conf must be created for pyeapi or the eAPI credentials must be passed in the Ansible task using meta arguments. Starting with EOS 4.14.5, pyeapi can use unix-sockets to communicate with eAPI, locally.

Step 1 Gather Ansible Control Host SSH Key

First, store the Ansible Control Host SSH key on the ZTPServer (or make it available via URL). When the configure_ansible_client action runs it will create a bash user on the switch and put this key in ~/.ssh/authorized_keys.

In [DATA_ROOT]/files/ssh/key.pub

ssh-rsa AAAAB3NzaC1yc....rest of public key......

Step 2 Create a management IP resource pool

Reference this recipe for an example.

Step 3 Create eAPI configuration

In [DATA_ROOT]/files/templates/eapi.template

Option A Using Unix Sockets (4.14.5+)

!
management api http-commands
   no protocol https
   protocol unix-socket
   no shutdown
!

Option B Using HTTPS

!
management api http-commands
   no shutdown
!

Option C Using HTTP

!
management api http-commands
   no shutdown
   no protocol https
   protocol http
!

Step 4 Create a definition

Let’s use the configure_ansible_client action to create the desired SSH user.

---
actions:
-
  action: configure_ansible_client
  attributes:
    key: files/ssh/key.pub
    user: ansible
    passwd: password
    group: eosadmin
    root: "/persist/local/"
  name: "Configure Ansible"
-
  action: add_config
  attributes:
    url: files/templates/ma1.template
    variables:
      ipaddress: allocate('mgmt_subnet')
  name: "configure ma1"
-
  action: add_config
  attributes:
    url: files/templates/eapi.template
  name: "Enable eAPI"

Explanation

Here we use the add_config action to load the switch with a standard eAPI configuration as well as assign Management1 interface an IP address allocated from the mgmt_subnet pool. Note that ZTPServer supports custom allocate scripts that could dynamically assign an IP address from your own IPAM. Also, the configure_ansible_client action is called. This client-side action will create a bash user, with the specified name, and install any SSH keys provided to ~/.ssh/authorized_keys. This is helpful because it takes care of authentication between the Ansible Control host and the switch. The action also writes to rc.eos to create this user on every boot (since it would normally be blown away).

Bootstrap EOS for Ansible using eAPI

Objective

I want to bootstrap an EOS node so that I can use Ansible in connection:local mode and connect to my switch via eAPI.

Solution

Step 1 Create a management IP resource pool

Reference this recipe for an example.

Step 2 Create eAPI configuration

In [DATA_ROOT]/files/templates/eapi.template

Option A Using HTTPS

!
management api http-commands
   no shutdown
!

Option B Using HTTP

!
management api http-commands
   no shutdown
   no protocol https
   protocol http
!

Step 3 Create a definition

---
actions:
-
  action: add_config
  attributes:
    url: files/templates/ma1.template
    variables:
      ipaddress: allocate('mgmt_subnet')
  name: "configure ma1"
-
  action: add_config
  attributes:
    url: files/templates/eapi.template
  name: "Enable eAPI"

Explanation

Here we use the add_config action to load the switch with a standard eAPI configuration as well as assign Management1 interface an IP address allocated from the mgmt_subnet pool. Note that ZTPServer supports custom allocate scripts that could dynamically assign an IP address from your own IPAM.

Note

For more Action recipes see the Actions section.