Tagged: automation
20 posts · browse all tags
-
Ansible Deep Dive Part 1: What Ansible Is, and Why Agentless Still Wins
Kicking off a thirteen-part Ansible series. Part 1 covers what Ansible actually is, the push-based agentless model and why it still matters against Chef/Puppet/Salt, the control node/managed node mental model, installing Ansible, and your first ad-hoc command against a real inventory.
-
Ansible Deep Dive Part 10 Lab: Automating a Cisco and FortiGate Fleet With Ansible
Part 10, the second lab: network-specific Ansible modules against a mixed Cisco IOS and FortiGate fleet — cisco.ios facts and config, fortinet.fortios firewall policy objects, connection: network_cli vs httpapi, and a config-drift check playbook.
-
Ansible Deep Dive Part 11: Error Handling in Anger — Blocks, Rescue, and Partial Failures
Part 11: block/rescue/always for structured error handling, ignore_errors vs failed_when vs ignore_unreachable, max_fail_percentage and any_errors_fatal, and retries/until for polling a service until it's actually ready.
-
Ansible Deep Dive Part 12: Best Practices — the Style Guide I Actually Follow
Part 12: the Ansible conventions worth treating as non-negotiable — naming, idempotency discipline, directory layout, secrets, tagging restraint, testing gates, and the failure modes that show up once a project outlives its author's memory of writing it.
-
Ansible Deep Dive Part 13: Does Ansible Still Matter in an MCP/AI World?
Part 13, the closing piece: if an AI agent can SSH in and fix things itself, do playbooks, idempotency, and config management still matter? A case for yes — argued through the same MCP server that writes this very site.
-
Ansible Deep Dive Part 2: Inventory — Static, Dynamic, and Everything In Between
Part 2 of the Ansible series: INI vs YAML inventory, groups and nested groups, host_vars/group_vars, patterns and limits, and moving to dynamic inventory plugins (AWS, and a network-specific example) once static files stop scaling.
-
Ansible Deep Dive Part 3: Playbooks, Tasks, and the Idempotency Contract
Part 3: plays and tasks, modules vs shell/command, the idempotency contract that makes Ansible safe to re-run, handlers and notify, check mode and diff mode, and tags for selectively running part of a playbook.
-
Ansible Deep Dive Part 4: Variables, Facts, and Jinja2 Templating
Part 4: where variables come from, gathering and using facts, the Jinja2 syntax underneath when/template/filters, common filters worth knowing, and building real config templates for both servers and network devices.
-
Ansible Deep Dive Part 5: Roles and Ansible Galaxy — Structuring Projects That Scale
Part 5: the standard role directory layout, defaults vs vars, role dependencies, ansible-galaxy for installing community roles and collections, and requirements.yml for pinning what a project depends on.
-
Ansible Deep Dive Part 6: Variable Precedence and Ansible Vault — Secrets Done Right
Part 6: the full variable precedence ladder from role defaults to extra-vars, then Ansible Vault end to end — encrypting whole files and single strings, vault IDs for multiple secret tiers, and keeping vault passwords out of the repo entirely.
-
Ansible Deep Dive Part 7: ansible.cfg, Performance, and Scaling to Hundreds of Hosts
Part 7: the ansible.cfg precedence and the settings that actually matter, forks and the linear/free strategies, SSH pipelining and ControlPersist, fact caching, and Mitogen as the option to know about even if you don't reach for it.
-
Ansible Deep Dive Part 8: Testing Ansible — Molecule, ansible-lint, and CI Pipelines
Part 8: ansible-lint and its rule categories, Molecule for spinning up disposable Docker/VM targets and asserting real state with Testinfra, idempotency testing (running a role twice and asserting nothing changed the second time), and wiring it all into GitHub Actions.
-
Ansible Deep Dive Part 9 Lab: Zero to Production — a Three-Tier Web App From Bare Metal
Part 9, the first lab: a role-based playbook standing up a load balancer, two app servers, and PostgreSQL from bare Ubuntu boxes — vault-protected credentials, templated HAProxy/env config, notify chains, and a rolling deploy with serial.
-
Adding Vendor Route-Table Parsers to route-compare, and Why the Work Lives on a Branch
A follow-up on the route-compare tool: I taught it to read raw show ip route, get router info routing-table all, show route, and show routing route output directly — no Excel cleanup step. The work lives on a branch rather than on main, and this is why.
-
Comparing Route Tables Between Two Sources: A Small Python Tool for Audits and Migrations
A self-contained Python utility that takes two Excel route lists, normalises every prefix through ipaddress, finds exact matches and overlaps, preserves invalid entries for audit, and writes a colour-coded Excel report plus CSVs. Includes install guide and full source.
-
Building a Polished CLI Tool with Click and Rich: Packaging Network Automation for Other Humans
Turn a working network-automation script into a tool your colleagues will use — moving from argparse to Click, formatted output with Rich, environment-loaded secrets, and pip-installable packaging.
-
NAPALM vs Netmiko: Vendor-Agnostic Config vs Raw CLI, and When You Want Both
A practical comparison of NAPALM and Netmiko for network automation — where Netmiko's raw CLI access is the right answer, where NAPALM's compare/replace/rollback abstraction earns its keep, and the hybrid pattern that most production tooling actually settles on.
-
Netmiko in Practice: From a Show-Command Script to a Repeatable Audit Tool
A working network engineer's guide to Netmiko — starting from a small repo of mine that runs show commands across a JSON inventory, and extending it into something you can use as a real audit tool with structured output, concurrency, secure credentials, and a sane dry-run for config changes.
-
Nornir for Network Engineers: Running Automation Across an Inventory at Scale
A practical introduction to Nornir for engineers whose Netmiko script has grown too big — inventory plugins, structured tasks, parallelism, filtering by site or role, and integrating Netmiko, NAPALM, and pyATS as connection plugins. The framework you reach for once one box has become a hundred.
-
Parsing show Command Output: TextFSM, Genie, and TTP for Structured Data
A practical comparison of the three main ways to turn Cisco show output into structured Python data — TextFSM with NTC Templates, Genie/pyATS, and TTP — with worked examples and rules of thumb for picking the right one.