Tagged: python
40 posts · browse all tags
-
Ansible Deep Dive Part 1: What Ansible Is, and Why Agentless Still Wins
Kicking off a thirteen-part Ansible series. Part 1 covers what Ansible actually is, the push-based agentless model and why it still matters against Chef/Puppet/Salt, the control node/managed node mental model, installing Ansible, and your first ad-hoc command against a real inventory.
-
Ansible Deep Dive Part 10 Lab: Automating a Cisco and FortiGate Fleet With Ansible
Part 10, the second lab: network-specific Ansible modules against a mixed Cisco IOS and FortiGate fleet — cisco.ios facts and config, fortinet.fortios firewall policy objects, connection: network_cli vs httpapi, and a config-drift check playbook.
-
Ansible Deep Dive Part 11: Error Handling in Anger — Blocks, Rescue, and Partial Failures
Part 11: block/rescue/always for structured error handling, ignore_errors vs failed_when vs ignore_unreachable, max_fail_percentage and any_errors_fatal, and retries/until for polling a service until it's actually ready.
-
Ansible Deep Dive Part 12: Best Practices — the Style Guide I Actually Follow
Part 12: the Ansible conventions worth treating as non-negotiable — naming, idempotency discipline, directory layout, secrets, tagging restraint, testing gates, and the failure modes that show up once a project outlives its author's memory of writing it.
-
Ansible Deep Dive Part 13: Does Ansible Still Matter in an MCP/AI World?
Part 13, the closing piece: if an AI agent can SSH in and fix things itself, do playbooks, idempotency, and config management still matter? A case for yes — argued through the same MCP server that writes this very site.
-
Ansible Deep Dive Part 2: Inventory — Static, Dynamic, and Everything In Between
Part 2 of the Ansible series: INI vs YAML inventory, groups and nested groups, host_vars/group_vars, patterns and limits, and moving to dynamic inventory plugins (AWS, and a network-specific example) once static files stop scaling.
-
Ansible Deep Dive Part 3: Playbooks, Tasks, and the Idempotency Contract
Part 3: plays and tasks, modules vs shell/command, the idempotency contract that makes Ansible safe to re-run, handlers and notify, check mode and diff mode, and tags for selectively running part of a playbook.
-
Ansible Deep Dive Part 4: Variables, Facts, and Jinja2 Templating
Part 4: where variables come from, gathering and using facts, the Jinja2 syntax underneath when/template/filters, common filters worth knowing, and building real config templates for both servers and network devices.
-
Ansible Deep Dive Part 5: Roles and Ansible Galaxy — Structuring Projects That Scale
Part 5: the standard role directory layout, defaults vs vars, role dependencies, ansible-galaxy for installing community roles and collections, and requirements.yml for pinning what a project depends on.
-
Ansible Deep Dive Part 6: Variable Precedence and Ansible Vault — Secrets Done Right
Part 6: the full variable precedence ladder from role defaults to extra-vars, then Ansible Vault end to end — encrypting whole files and single strings, vault IDs for multiple secret tiers, and keeping vault passwords out of the repo entirely.
-
Ansible Deep Dive Part 7: ansible.cfg, Performance, and Scaling to Hundreds of Hosts
Part 7: the ansible.cfg precedence and the settings that actually matter, forks and the linear/free strategies, SSH pipelining and ControlPersist, fact caching, and Mitogen as the option to know about even if you don't reach for it.
-
Ansible Deep Dive Part 8: Testing Ansible — Molecule, ansible-lint, and CI Pipelines
Part 8: ansible-lint and its rule categories, Molecule for spinning up disposable Docker/VM targets and asserting real state with Testinfra, idempotency testing (running a role twice and asserting nothing changed the second time), and wiring it all into GitHub Actions.
-
Ansible Deep Dive Part 9 Lab: Zero to Production — a Three-Tier Web App From Bare Metal
Part 9, the first lab: a role-based playbook standing up a load balancer, two app servers, and PostgreSQL from bare Ubuntu boxes — vault-protected credentials, templated HAProxy/env config, notify chains, and a rolling deploy with serial.
-
AI Part 8: Kali 2026.2's Nine New Tools, and the MCP Server With 150 More Behind It
Kali 2026.2 shipped nine new tools, one an AI CLI by default. I installed and ran every one I could in a rootless sandbox, then looked behind the curtain at a 17,000-line MCP server wrapping 150+ tools, and Kali's own local-LLM stack. No fabricated output.
-
AI Part 7: When an LLM Gets Nmap and Metasploit as Tools
I wired an LLM into nmap and Metasploit against a deliberately vulnerable lab. The exploit worked — a real, server-verified root shell — but the sharper finding was the models themselves: a 7B fabricated its tool output wholesale, an 8B mangled its arguments, and only a 32B drove the tools honestly. No fabricated transcripts — the model's included.
-
Python for Network Engineers — Part 1: Why Python in 2026, Environment Setup, and Your AI Pair Programmer
-
Python for Network Engineers — Part 10: NAPALM — Vendor-Agnostic Network Automation
-
Python for Network Engineers — Part 11: Nornir — Parallel Automation at Scale
-
Python for Network Engineers — Part 12: AI-Assisted Network Automation
-
Python for Network Engineers — Part 2: Strings, Numbers, Files, Lists, and Tuples
-
Python for Network Engineers — Part 3: Dictionaries, Sets, Comprehensions, and Exceptions
-
Python for Network Engineers — Part 4: Functions, Regular Expressions, and Modules
-
Python for Network Engineers — Part 5: Netmiko — SSH Automation Across Vendors
-
Python for Network Engineers — Part 6: Parsing CLI Output — From Regex to AI
-
Python for Network Engineers — Part 7: YAML, JSON, and Validating Your Inventory with Pydantic
-
Python for Network Engineers — Part 8: Jinja2 — Generating Configs at Scale
-
Python for Network Engineers — Part 9: REST APIs — The Modern Control Plane
-
Pairing a FortiGate and FortiSwitch the Right Way, Part 1: Get the Firmware Right First
Before a FortiGate and FortiSwitch will even talk to each other over FortiLink, both need to be on compatible, fully-patched firmware — and NTP/DNS need to be solid. Part 1 covers the upgrade plan we should have run before touching FortiLink at all.
-
Pairing a FortiGate and FortiSwitch the Right Way, Part 2: FortiLink, and Where We Actually Went Wrong
The FortiLink handshake looks trivial in the docs: cable it in, authorize, done. Ours didn't go that way. Part 2 walks the correct pairing process, then dissects exactly where — and why — our first attempt stalled, with the redo plan for when we factory-reset both boxes.
-
Finding the Hop That's Eating Your Packets: pmtud-sweeper
A per-hop Path-MTU sweeper that binary-searches the largest DF-set packet each hop will pass, then names the router that's clamping your tunnel. ICMP, UDP, TCP-SYN, end-to-end TCP MSS — pick the probe your network actually lets through.
-
Who Sent That RST? Forensic Classification of TCP Resets with rst-forensics
A pure-Python classifier that takes a TCP RST and tells you whether the server, a mid-path firewall, or the client actually sent it. Six independent scorers — TTL, IP-ID, window, options, sequence, and timing — vote on the origin so the verdict is reproducible instead of tribal.
-
Diffing FortiGate configs the way an admin reads them — fgt-config-diff
A small Python tool that parses FortiGate configs into a tree, aligns nodes by section path and edit key, and reports what was added, removed, or modified — in the language of policies and objects, not unified-diff line numbers. CLI plus a Flask web UI.
-
Generating a Constant Stream of Web Traffic with Python
A small, polite Python script that round-robins through ten popular public sites at a configurable rate — useful for homelab traffic, exercising a proxy, or learning the requests library. Walks through the full code, the safety rails, and how to run it under tmux.
-
Adding Vendor Route-Table Parsers to route-compare, and Why the Work Lives on a Branch
A follow-up on the route-compare tool: I taught it to read raw show ip route, get router info routing-table all, show route, and show routing route output directly — no Excel cleanup step. The work lives on a branch rather than on main, and this is why.
-
Comparing Route Tables Between Two Sources: A Small Python Tool for Audits and Migrations
A self-contained Python utility that takes two Excel route lists, normalises every prefix through ipaddress, finds exact matches and overlaps, preserves invalid entries for audit, and writes a colour-coded Excel report plus CSVs. Includes install guide and full source.
-
Building a Polished CLI Tool with Click and Rich: Packaging Network Automation for Other Humans
Turn a working network-automation script into a tool your colleagues will use — moving from argparse to Click, formatted output with Rich, environment-loaded secrets, and pip-installable packaging.
-
NAPALM vs Netmiko: Vendor-Agnostic Config vs Raw CLI, and When You Want Both
A practical comparison of NAPALM and Netmiko for network automation — where Netmiko's raw CLI access is the right answer, where NAPALM's compare/replace/rollback abstraction earns its keep, and the hybrid pattern that most production tooling actually settles on.
-
Netmiko in Practice: From a Show-Command Script to a Repeatable Audit Tool
A working network engineer's guide to Netmiko — starting from a small repo of mine that runs show commands across a JSON inventory, and extending it into something you can use as a real audit tool with structured output, concurrency, secure credentials, and a sane dry-run for config changes.
-
Nornir for Network Engineers: Running Automation Across an Inventory at Scale
A practical introduction to Nornir for engineers whose Netmiko script has grown too big — inventory plugins, structured tasks, parallelism, filtering by site or role, and integrating Netmiko, NAPALM, and pyATS as connection plugins. The framework you reach for once one box has become a hundred.
-
Parsing show Command Output: TextFSM, Genie, and TTP for Structured Data
A practical comparison of the three main ways to turn Cisco show output into structured Python data — TextFSM with NTC Templates, Genie/pyATS, and TTP — with worked examples and rules of thumb for picking the right one.