Now you should have the Linux hosts set up and working (1 x Ansible node and 4 x Site endpoints), connected to the VM Network port group. So we are ready to provision the first router. For that I am going to use Cisco CSR1000v, as it can be spun up directly into VMWare esxi. The ova is avialable from Cisco, but in order to download it you need Cisco partner cco login privileges. The gotcha with the CSR router is that it requires 4Gb RAM, but so far these have been very stable in my virtualised lab.
Natively ansible connects to a host on ssh and then utilises the python interpreter to compile and run the plays. However this is not possible on a Cisco router so on the one hand it is less elegent and has a more limited set of modules, on the other I think it makes for more streamlined and easier playbooks. But it does mean a more hands-on approach to the intial router setup…before we can get to work using Ansible with the routers.
Provisioning the CSR1000v in esxiLink to Cisco CSR1000v Install Guide for esxi Environment
In order to set up the router with the minimum configuraiton to allow ssh communicaiton from the Ansible Host machine, the configuration below must be applied to each CSR1000v router.
My appraoch to provisioning the routers is to do them on a site by site basis as follows:
So for this lab I will be provisioning and testing CSR10 and CSR11.
console - configure hostname
router(config)# hostname "csr10"
- configure domain
csr10(config)# ip domain-name "test.com"
- configure username and password
csr10(config)#username "cisco" privilege 15 secret "p4ssw0rd!"
- configure the enable secret password
csr10(config)#enable secret "p4ssw0rd!!!"
- configure the ethernet interface
csr10(config)#interface gigabitethernet1
csr10(config-if)#ip address "x.x.x.x 255.x.x.x"
csr10(config-if)# no shut
- configre rsa crypto key
csr10(config)#crypto key generate rsa
- configure ssh access to vty
csr10(config)#line vty 0 4
csr10(config-line)#transport input ssh
csr10(config-line)#login local
- ssh
csr10(config)#ip ssh version 2
csr10(config)#ip ssh authentication-retries 2
csr10(config)#ip ssh time-out 60
change italic values between "" to your own settings
The final desing has the RHEL7 ansible host in the VLAN10 port group together with CSR10 & 11. So lets move the RHEL7 machine into the VLAN10 port Group. So now lets test connectivity.
1. First ping to ip address to confirm connectivity
2. Then ssh to the routers
Once ssh access works, then the router is ready.
We will start with Site 1 and build out, using ansible as much as possible as we go. Sometimes there will be a need to log into the router instance via VMWare console, but I will minimise this as much as possible.