Infrastructure as Code (IaC) for Network Automation with Ansible

Network Automation Jun 7, 2024

Introduction

Halodoc faces the challenge of manually managing network devices across its various locations, leading to potential configuration inconsistencies and extensive setup time. To address this issue, Halodoc has adopted Infrastructure as Code (IaC) approach, enabling organizations to manage and provision network infrastructure through machine-readable definition files. Halodoc adopts Ansible as part of our Infrastructure as Code strategy. Ansible simplifies system configuration management, providing ease of use and reliability. In this blog, we will explore how Halodoc adopted Infrastructure as Code to automate network infrastructure operational tasks with Ansible.

What is Ansible?

Ansible is an open-source IT automation tool using YAML that is used for configuration management and task automation. It is designed to simplify complex tasks and streamline IT operations by automating repetitive tasks and managing configurations across multiple systems.

How does Ansible work?

Ansible works by executing tasks and commands on remote systems using SSH. It follows where the control node (Ansible server) manages and orchestrates tasks on managed nodes (target systems). Here's how Ansible works in more detail:

  • Inventory Management: Ansible gathers information about managed nodes and categorizes them based on roles or other criteria, facilitating management and task execution on targeted nodes.
  • Playbook Execution: Playbook contains instructions executed by Ansible on managed nodes, enabling users to automate sequential or parallel tasks easily.
  • Modules and Tasks: Ansible uses modules to perform tasks on managed nodes, simplifying automation of various actions such as package installation, file management, and service orchestration.
  • SSH Communication: Ansible communicates with managed nodes via SSH for Unix/Linux systems, enabling secure and remote task execution.
  • Reporting and Logging: Ansible provides detailed reports and logs of playbook executions, allowing users to monitor and analyze operation outcomes efficiently.

Advantages and Challenges of Ansible

Implementation of Infrastructure as Code (IaC) for Network Automation with Ansible brings several its own set of advantages and challenges:

Advantages:

  • Versatile Playbook Language: Ansible playbooks are written in YAML, a human-readable language, making it easy for both system administrators and developers to understand and write automation scripts.
  • Extensibility: Ansible is highly extensible, supporting custom modules and integrations. Users can develop their modules to tailor Ansible to specific needs.
  • Agentless Push Mechanism: Ansible operates on a push-based mechanism, allowing administrators to initiate tasks on remote machines without requiring continuous communication, enhancing scalability.

Challenges:

  • Complexity for Large Environments: Managing large-scale infrastructures with complex dependencies can be challenging. Proper planning and organization are crucial to maintaining readability and scalability.
  • Dependency on SSH: Ansible communicates with managed nodes via SSH for Unix/Linux systems, enabling secure and remote task execution.

Steps of Implementing Network Automation with Ansible

The steps undertaken the Ansible implementation include:

  • Installation and Configuration:

- Add Ansible PPA repository and install Ansible

- Install MariaDB Database server

Install a MySQL server to manage the Ansible Semaphore database.

With MariaDB installed, secure it with the command:

- Install Semaphore

Visit the Semaphore Releases page and copy the download link or set a variable for the version with the command:

use that variable to download the correct version with the command:

Install Semaphore with:

- Configure Semaphore

Run the following command to start Semaphore setup.

- Configure Systemd for Semaphore Ansible UI

Create a systemd file so the Semaphore service can be controlled. Create the file with the command:

Add the following lines to the file.

Reload systemd and start semaphore service.

  • Configuring Semaphore for First Project

In this blog post, we will elaborate how to configure Ansible Semaphore to perform configuration backups for Mikrotik routers in various locations as the use case.
To configure Semaphore, access its UI in your browser and set up the system.

- Accessing the Semaphore Web UI

Open a web browser and navigate to http://SERVER:3000

A page like this will appear:

- Setting Up A New Project

Once logged in for the first time, we will be asked to create the first project for your installation. Input the project name, then click CREATE.

- Add credentials to Key Store

The Key Store is used to store credentials for accessing remote Repositories, accessing remote hosts, sudo credentials, and Ansible vault passwords.

- Set Environment

The Environment section of Semaphore is a place to store additional variables for an inventory and must be stored in JSON format.

- Creating a New Repository

A Repository is a place to store and manage Ansible content like playbooks and roles.

- Creating an Inventory

An Inventory is a file that contains a list of hosts Ansible will run plays against. An Inventory also stores variables that can be used by playbooks.

- Task Templates

Templates define how to run an Ansible Playbook. The template allows you to specify the following parameters such as playbook repository, playbook filename, inventory, environment and much more.

  • Configure Ansible Host in Mikrotik

In this blog post, we will elaborate how to connect MikroTik with Ansible Server and provide use case results for configuration backup and disabling telnet.

- Setup SSH Key

In Mikrotik, set up the Ansbile Host configuration to communicate with your Ansible server.

Go to System → User → SSH Keys.

Set the SSH Key to match the configured in your Ansible Server.

- Results of using Ansible to configuration backup on MikroTik routers

With ansible it only takes 6 minutes to perform a configuration backup of 33 routers in the various locations.

- Results of using Ansible to disable telnet on MikroTik routers

With ansible it only takes a minutes to perform a disable telnet of 33 routers in the various locations.

Error Handling

Error handling in Ansible involves strategies and techniques to identify, handle, and troubleshoot errors that may occur during playbook execution. Here are some key aspects of error handling in Ansible:

  • Error Detection and Logging: Ansible offers comprehensive error detection with detailed error messages and output during playbook execution, simplifying the identification of error sources and nature. Additionally, Ansible's logging capabilities enable capturing error messages and output logs, facilitating further analysis and troubleshooting with configurable logging settings for specific error types or levels.
  • Retry Mechanism: Ansible supports task retries with configurable retry counts and intervals. This can be useful for transient errors or network glitches that may resolve with retry attempts.
  • Error Notifications: Setup error notifications or alerts using Ansible's notification modules (e.g., email, Slack) to notify administrators or stakeholders about critical errors or failures during playbook execution.

By implementing these error handling strategies and best practices, you can enhance the robustness and reliability of Ansible automation workflows, ensuring smoother execution and effective troubleshooting of errors.

Conclusion

The Infrastructure as Code (IaaC) installation process using Ansible as a network automation tool is an important step in harnessing the full potential of automated network management. By leveraging Ansible, organizations can lay the foundation for a more agile and consistent network infrastructure especially for automating the manual tasks of configuration backup on numerous routers so that it reduces repetitive tasks manually and improves network management efficiency.

About Halodoc

Halodoc is the number 1 Healthcare application in Indonesia. Our mission is to simplify and bring quality healthcare across Indonesia, from Sabang to Merauke. We connect 20,000+ doctors with patients in need through our Tele-consultation service. We partner with 3500+ pharmacies in 100+ cities to bring medicine to your doorstep. We've also partnered with Indonesia's largest lab provider to provide lab home services, and to top it off we have recently launched a premium appointment service that partners with 500+ hospitals that allow patients to book a doctor appointment inside our application. We are extremely fortunate to be trusted by our investors, such as the Bill & Melinda Gates Foundation, Singtel, UOB Ventures, Allianz, GoJek, Astra, Temasek, and many more. We recently closed our Series D round and in total have raised around USD$100+ million for our mission. Our team works tirelessly to make sure that we create the best healthcare solution personalized for all of our patient's needs, and are continuously on a path to simplify healthcare for Indonesia.

Taufan Noviana

IT Infrastructure and Support

Recommended for you

No results for your search, try something different.