Python Guides

Practical Python for network engineers. Each guide is code-heavy, written for people who already automate with shell scripts and want to take the next step, and grounded in tools and libraries you would actually ship to production.

Python for Network Engineers

A twelve-part series from environment setup to AI-augmented fleet automation — Python fundamentals, Netmiko, TextFSM, YAML/Pydantic, Jinja2, REST APIs, NAPALM, Nornir, and AI tooling, all against a real Containerlab topology. No prior programming knowledge assumed. View all 12 parts →

  1. Python for Network Engineers — Part 1: Why Python in 2026, Environment Setup, and Your AI Pair Programmer

    The first post in a 12-part series covering Python for network engineers from first principles to production automation. We cover why Python is still the right choice in 2026, how to set up a modern development environment, and how to use AI tools as a genuine pair programmer throughout your learning journey.

  2. Python for Network Engineers — Part 2: Strings, Numbers, Files, Lists, and Tuples

    Part 2 of the Python for Network Engineers series. We cover Python's core data types — strings, numbers, booleans, files, lists, and tuples — with every example drawn from real network engineering scenarios.

  3. Python for Network Engineers — Part 3: Dictionaries, Sets, Comprehensions, and Exceptions

    Part 3 of the Python for Network Engineers series. Dictionaries model device state. Sets expose VLAN drift between switches in one line. Comprehensions replace verbose loops. Exception handling keeps automation running when devices misbehave.

  4. Python for Network Engineers — Part 4: Functions, Regular Expressions, and Modules

    Part 4 of the Python for Network Engineers series. Functions make your automation reusable and testable. Regular expressions parse the CLI output that structured tools can't reach. Modules turn a script into a project.

  5. Python for Network Engineers — Part 5: Netmiko — SSH Automation Across Vendors

    Part 5 of the Python for Network Engineers series. We connect to real network devices over SSH using Netmiko, run show commands, push configuration, and build a multi-device inventory collector — with a Containerlab lab you can run at home.

  6. Python for Network Engineers — Part 6: Parsing CLI Output — From Regex to AI

    Part 6 of the Python for Network Engineers series. Raw CLI output is a string — not data. We cover TextFSM templates, the NTC-templates library, Genie parsers, and AI-assisted parsing for commands where no community template exists.

  7. Python for Network Engineers — Part 7: YAML, JSON, and Validating Your Inventory with Pydantic

    Part 7 of the Python for Network Engineers series. YAML for human-maintained inventory and config files. JSON for API responses and storing collected data. Pydantic to validate that what you read actually matches what you expect before it reaches your automation logic.

  8. Python for Network Engineers — Part 8: Jinja2 — Generating Configs at Scale

    Part 8 of the Python for Network Engineers series. Jinja2 turns structured data into device configuration. Variables, loops, conditionals, filters, macros, and template inheritance — with Arista, Cisco, and Fortinet examples throughout.

  9. Python for Network Engineers — Part 9: REST APIs — The Modern Control Plane

    Part 9 of the Python for Network Engineers series. Every modern network platform exposes a REST API. We cover the requests library, authentication patterns, pagination, error handling, and two real-world examples: Arista eAPI against our existing lab, and the FortiManager JSON-RPC API.

  10. Python for Network Engineers — Part 10: NAPALM — Vendor-Agnostic Network Automation

    Part 10 of the Python for Network Engineers series. NAPALM provides a vendor-agnostic Python interface to network devices — the same code collects state or replaces configuration on Arista, Cisco, Juniper, or Fortinet without modification. We cover getters, config replace, dry-run validation, and the config diff workflow.

  11. Python for Network Engineers — Part 11: Nornir — Parallel Automation at Scale

    Part 11 of the Python for Network Engineers series. Nornir is a pure-Python automation framework that runs tasks across an inventory in parallel. We cover YAML inventory, task functions, result handling, host/group filtering, and the Netmiko and NAPALM plugins — bringing together everything from the series into one coherent framework.

  12. Python for Network Engineers — Part 12: AI-Assisted Network Automation

    The final post in the Python for Network Engineers series. We look at how to put AI tools to work inside the automation workflows we've built — config review, fleet-wide AI-assisted parsing, a minimal MCP server that lets an AI agent call your automation scripts, and the discipline that keeps AI-assisted automation safe.

Ansible Deep Dive

A thirteen-part series from fundamentals to production — inventory, playbooks and idempotency, Jinja2 templating, roles, Vault, performance, and testing with Molecule, followed by two full labs (a three-tier web app and a mixed Cisco/FortiGate fleet), error handling, a best-practice style guide, and a closing look at whether Ansible still has a job to do in an MCP/AI world.

  1. Ansible Deep Dive Part 1: What Ansible Is, and Why Agentless Still Wins

    Kicking off a thirteen-part Ansible series. Part 1 covers what Ansible actually is, the push-based agentless model and why it still matters against Chef/Puppet/Salt, the control node/managed node mental model, installing Ansible, and your first ad-hoc command against a real inventory.

  2. Ansible Deep Dive Part 2: Inventory — Static, Dynamic, and Everything In Between

    Part 2 of the Ansible series: INI vs YAML inventory, groups and nested groups, host_vars/group_vars, patterns and limits, and moving to dynamic inventory plugins (AWS, and a network-specific example) once static files stop scaling.

  3. Ansible Deep Dive Part 3: Playbooks, Tasks, and the Idempotency Contract

    Part 3: plays and tasks, modules vs shell/command, the idempotency contract that makes Ansible safe to re-run, handlers and notify, check mode and diff mode, and tags for selectively running part of a playbook.

  4. Ansible Deep Dive Part 4: Variables, Facts, and Jinja2 Templating

    Part 4: where variables come from, gathering and using facts, the Jinja2 syntax underneath when/template/filters, common filters worth knowing, and building real config templates for both servers and network devices.

  5. Ansible Deep Dive Part 5: Roles and Ansible Galaxy — Structuring Projects That Scale

    Part 5: the standard role directory layout, defaults vs vars, role dependencies, ansible-galaxy for installing community roles and collections, and requirements.yml for pinning what a project depends on.

  6. Ansible Deep Dive Part 6: Variable Precedence and Ansible Vault — Secrets Done Right

    Part 6: the full variable precedence ladder from role defaults to extra-vars, then Ansible Vault end to end — encrypting whole files and single strings, vault IDs for multiple secret tiers, and keeping vault passwords out of the repo entirely.

  7. Ansible Deep Dive Part 7: ansible.cfg, Performance, and Scaling to Hundreds of Hosts

    Part 7: the ansible.cfg precedence and the settings that actually matter, forks and the linear/free strategies, SSH pipelining and ControlPersist, fact caching, and Mitogen as the option to know about even if you don't reach for it.

  8. Ansible Deep Dive Part 8: Testing Ansible — Molecule, ansible-lint, and CI Pipelines

    Part 8: ansible-lint and its rule categories, Molecule for spinning up disposable Docker/VM targets and asserting real state with Testinfra, idempotency testing (running a role twice and asserting nothing changed the second time), and wiring it all into GitHub Actions.

  9. Ansible Deep Dive Part 9 Lab: Zero to Production — a Three-Tier Web App From Bare Metal

    Part 9, the first lab: a role-based playbook standing up a load balancer, two app servers, and PostgreSQL from bare Ubuntu boxes — vault-protected credentials, templated HAProxy/env config, notify chains, and a rolling deploy with serial.

  10. Ansible Deep Dive Part 10 Lab: Automating a Cisco and FortiGate Fleet With Ansible

    Part 10, the second lab: network-specific Ansible modules against a mixed Cisco IOS and FortiGate fleet — cisco.ios facts and config, fortinet.fortios firewall policy objects, connection: network_cli vs httpapi, and a config-drift check playbook.

  11. Ansible Deep Dive Part 11: Error Handling in Anger — Blocks, Rescue, and Partial Failures

    Part 11: block/rescue/always for structured error handling, ignore_errors vs failed_when vs ignore_unreachable, max_fail_percentage and any_errors_fatal, and retries/until for polling a service until it's actually ready.

  12. Ansible Deep Dive Part 12: Best Practices — the Style Guide I Actually Follow

    Part 12: the Ansible conventions worth treating as non-negotiable — naming, idempotency discipline, directory layout, secrets, tagging restraint, testing gates, and the failure modes that show up once a project outlives its author's memory of writing it.

  13. Ansible Deep Dive Part 13: Does Ansible Still Matter in an MCP/AI World?

    Part 13, the closing piece: if an AI agent can SSH in and fix things itself, do playbooks, idempotency, and config management still matter? A case for yes — argued through the same MCP server that writes this very site.

From Netmiko to CLI Tool

A five-part sequence from a single Netmiko script to a polished, pip-installable CLI tool — capture, parse, abstract, scale, ship. Anchored on the ciscocmd1 repo; each post layers on the previous without throwing away what you already have.

  1. Netmiko in Practice: From a Show-Command Script to a Repeatable Audit Tool

    A working network engineer's guide to Netmiko — starting from a small repo of mine that runs show commands across a JSON inventory, and extending it into something you can use as a real audit tool with structured output, concurrency, secure credentials, and a sane dry-run for config changes.

  2. Parsing show Command Output: TextFSM, Genie, and TTP for Structured Data

    A practical comparison of the three main ways to turn Cisco show output into structured Python data — TextFSM with NTC Templates, Genie/pyATS, and TTP — with worked examples and rules of thumb for picking the right one.

  3. NAPALM vs Netmiko: Vendor-Agnostic Config vs Raw CLI, and When You Want Both

    A practical comparison of NAPALM and Netmiko for network automation — where Netmiko's raw CLI access is the right answer, where NAPALM's compare/replace/rollback abstraction earns its keep, and the hybrid pattern that most production tooling actually settles on.

  4. Nornir for Network Engineers: Running Automation Across an Inventory at Scale

    A practical introduction to Nornir for engineers whose Netmiko script has grown too big — inventory plugins, structured tasks, parallelism, filtering by site or role, and integrating Netmiko, NAPALM, and pyATS as connection plugins. The framework you reach for once one box has become a hundred.

  5. Building a Polished CLI Tool with Click and Rich: Packaging Network Automation for Other Humans

    Turn a working network-automation script into a tool your colleagues will use — moving from argparse to Click, formatted output with Rich, environment-loaded secrets, and pip-installable packaging.

Other Python Posts