- Table of Contents
- 11-NMM Configuration Guide
- 01-System maintenance and debugging configuration
- 02-NQA configuration
- 03-NTP configuration
- 04-PTP configuration
- 05-SNMP configuration
- 06-RMON configuration
- 07-Event MIB configuration
- 08-NETCONF configuration
- 09-Ansible configuration
- 10-Puppet configuration
- 11-Chef configuration
- 12-CWMP configuration
- 13-EAA configuration
- 14-Process monitoring and maintenance configuration
- 15-Sampler configuration
- 16-Mirroring configuration
- 17-NetStream configuration
- 18-IPv6 NetStream configuration
- 19-sFlow configuration
- 20-Information center configuration
- 21-Packet capture configuration
- 22-VCF fabric configuration
- Related Documents
|09-Ansible configuration||71.99 KB|
Ansible is a configuration tool programmed in Python. It uses SSH to connect to devices.
· Manager—A host installed with the Ansible environment. For more information about the Ansible environment, see Ansible documentation.
· Managed devices—Devices to be managed. These devices do not need to install any agent software. They only need to be able to act as an SSH server. The manager communicates with managed devices through SSH to deploy configuration files.
H3C devices can act as managed devices.
Figure 1 Ansible network architecture
The following the steps describe how Ansible works:
1. On the manager, create a configuration file and specify the destination device.
2. The manager (SSH client) initiates an SSH connection to the device (SSH server).
3. The manager deploys the configuration file to the device.
4. After receiving a configuration file from the manager, the device loads the configuration file.
Not all services modules are configurable through Ansible. To identify the service modules that you can configure by using Ansible, access the Comware 7 Python library.
Before you use Ansible to configure the device, complete the following tasks:
· Configure a time protocol (NTP or PTP) or manually configure the system time on the Ansible server and the device to synchronize their system time. For more information about NTP and PTP configuration, see Network Management and Monitoring Configuration Guide.
· Configure the device as an SSH server. For more information about SSH configuration, see Security Configuration Guide.
As shown in Figure 2, enable SSH server on the device and use the Ansible manager to manage the device over SSH.
Assign IP addresses to the device and manager so you can access the device from the manager. (Details not shown.)
1. Configure a time protocol (NTP or PTP) or manually configure the system time on both the device and manager so they use the same system time. (Details not shown.)
2. Configure the device as an SSH server:
# Create local key pairs. (Details not shown.)
# Create a local user named abc and set the password to 123456 in plain text.
[Device-luser-manage-abc] password simple 123456
# Assign the network-admin user role to the user and authorize the user to use SSH, HTTP, and HTTPS services.
[Device-luser-manage-abc] authorization-attribute user-role network-admin
[Device-luser-manage-abc] service-type ssh http https
# Enable NETCONF over SSH.
[Device] netconf ssh server enable
# Enable scheme authentication for SSH login and assign the network-admin user role to the login users.
[Device] line vty 0 63
[Device-line-vty0-63] authentication-mode scheme
[Device-line-vty0-63] user-role network-admin
# Enable the SSH server.
[Device] ssh server enable
# Authorize SSH user abc to use all service types, including SCP, SFTP, Stelnet, and NETCONF. Set the authentication method to password.
[Device] ssh user abc service-type all authentication-type password
# Enable the SFTP server or SCP server.
¡ If the device supports SFTP, enable the SFTP server.
[Device] sftp server enable
¡ If the device does not support SFTP, enable the SCP server.
[Device] scp server enable
Install Ansible on the manager. Create a configuration script and deploy the script. For more information, see the relevant documents.