Starting off Cisco Devices with GCP using Ansible

So, today in this tutorial, i will be automating the process of a case study as I came through it recently.
Consider that I have cisco devices in my network, and I want to start them off, with firewall, so I won’t go in manually configure each and every device, then check for Looping or errors or something, I will simply use Ansible playbooks. So, Lets start it off and spin it in one go.

To automate the configuration of Cisco devices with a firewall enabled using Ansible in Google Cloud Platform (GCP) we will firstly:-

Step 1: Setting up Ansible in GCP

• Provision a virtual machine (VM) or use an existing instance in GCP where you’ll install Ansible.
• Make sure Python is installed on this machine as Ansible requires it.

Don’t worry if you don’t understand this, Kindly Follow this Article , written by Tejas here, Article ;

Step 2: Install Ansible

SSH into the VM and install Ansible. You can do this by running the following commands:-

sudo apt update
sudo apt install software-properties-common
sudo apt-add-repository --yes --update ppa:ansible/ansible
sudo apt install ansible

Step 3: Create Ansible Playbooks for Cisco Device Configuration:

Write Ansible playbooks that define the configuration tasks you want to perform on the Cisco devices. Create an Ansible playbook, let’s call it configure_cisco_devices.yml, that configures your Cisco devices. This playbook will use Ansible roles for better organization. Create a directory structure as follows:

ansible/
├── configure_cisco_devices.yml
├── roles/
│   ├── configure_device/
│   │   └── tasks/
│   │       └── main.yml

Here’s the content for each file:

configure_cisco_devices.yml:

---
- name: Configure Cisco Devices
  hosts: cisco
  gather_facts: no
  roles:
    - configure_device

roles/configure_device/tasks/main.yml:

---
- name: Configure Cisco Devices
  ios_config:
    lines:
      - access-list 100 permit ip any any
      - interface GigabitEthernet0/0
      - ip access-group 100 in
  register: config_result
  when: "'firewall_enabled' not in config_result.stdout_lines | join(' ')"

This playbook and role will configure the firewall on your Cisco devices. Replace GigabitEthernet0/0 with the appropriate interface, and make sure your Ansible inventory is set up correctly.

check_cisco_configuration.yml, to check whether the Cisco devices are correctly configured. This playbook will verify the presence of the firewall configuration:

---
- name: Check Cisco Configuration
  hosts: cisco
  gather_facts: no

  tasks:
    - name: Gather Cisco Configuration
      ios_command:
        commands:
          - show running-config
      register: config_result

    - name: Verify Firewall Configuration
      debug:
        msg: "Firewall is configured"
      when: "'ip access-group 100 in' in config_result.stdout

This playbook will check if the firewall configuration is present in the running configuration of the Cisco devices.

Step 4: Ansible Inventory file

Create an Ansible inventory file that lists the Cisco devices you want to configure. For example, you can create a file named inventory.ini with the following content:

[cisco]
cisco-device-1 ansible_host=192.168.1.1 ansible_user=username ansible_password=password
cisco-device-2 ansible_host=192.168.1.2 ansible_user=username ansible_password=password

Step 5: Lets Enable firewall using Ansible Playbook only, more alluring concepts
This playbook assumes that you have SSH access to your Cisco devices and the necessary privileges to make configuration changes. Make sure to replace the placeholders with your actual device information.

To configure Cisco devices more comprehensively, you would need to expand the playbook to include other configuration tasks relevant to your network, such as setting up interfaces, routing, VLANs, and more. You can extend the playbook by adding additional tasks using the ios_config module for each specific configuration you need to apply.

---
- name: Configure Cisco Devices
  hosts: cisco
  gather_facts: no

  tasks:
    - name: Configure Firewall
      ios_config:
        lines:
          - access-list 100 permit ip any any
          - interface GigabitEthernet0/0
          - ip access-group 100 in
      register: config_result
      when: "'firewall_enabled' not in config_result.stdout_lines | join(' ')"

    - name: Configure VLANs
      ios_config:
        lines:
          - vlan 10
          - name Server_VLAN
          - interface Vlan10
          - ip address 192.168.10.1 255.255.255.0
      when: "'Server_VLAN' not in config_result.stdout_lines | join(' ')"

    # Add more tasks for other configurations like routing, interfaces, etc.

  vars:
    ansible_user: your_ssh_username
    ansible_password: your_ssh_password
    ansible_become: yes
    ansible_become_method: enable
    ansible_become_password: your_enable_password

Now Lets do some GCP stuff, till now we have done our Ansible and Cisco stuff, now time for some GCP.

To run your Ansible playbooks on GCP (Google Cloud Platform) using the GCP Console, we can use a combination of GCE (Google Compute Engine) instances and Cloud Shell. Here’s a step-by-step guide on how to do this:

Step 6: Set Up Google Compute Engine Instances

1. Launch two Google Compute Engine (GCE) instances. These instances will represent your Cisco devices.
2. Make sure you have SSH access to the GCE instances and Ansible installed on these instances. You can install Ansible by following the instructions for your Linux distribution.

Step 7 : Create Ansible Playbooks and Roles

Make sure you have your Ansible playbooks and roles, as mentioned in the previous responses, ready on your local machine.

Step 8 : Upload Ansible Playbooks to GCE Instances

We need to upload your Ansible playbooks and roles to your GCE instances. We can use gcloud compute scp to copy files to the GCE instances. For example:

gcloud compute scp configure_cisco_devices.yml your-inventory.ini your-username@instance-name:~/

Replace configure_cisco_devices.yml, your-inventory.ini, your-username, instance-name, and the other playbook files accordingly.

Step 9 : Access the GCE Instances

Go to the GCP Console and navigate to the “Compute Engine” section. Find the instances you created in Step 6 and click on them.

Step 10 : Run Ansible Playbooks on GCE Instances

On each GCE instance, you can SSH into the instance using the Cloud Shell directly from the GCP Console. Use the following command to SSH into the instance:

gcloud compute ssh your-username@instance-name

Once you are inside the instance, you can run your Ansible playbooks using the ansible-playbook command. For example:

ansible-playbook configure_cisco_devices.yml -i your-inventory.ini
ansible-playbook check_cisco_configuration.yml -i your-inventory.ini
ansible-playbook enable_firewall.yml -i your-inventory.ini

This will execute your Ansible playbooks on the GCE instances. Make sure to replace your-username, instance-name, and other placeholders with your specific information.

And we are done.
So, I hope by following this Tutorial you will be able to enhance the power of GCP and use it well in Networking technologies.