Hi Team,
Which is one is followed as best practice in Ansible?
Using jump server to connect devices ? or having direct access to devices.
thanks
You need to practice somes to familiar with Ansible first. Then set some small targets using ansible to manage. So far I know switch, router devices don’t have python inside which must have to manage by ansible.
I suggest you use model : Ansible control → Jump server → cisco devices. (I use this model to do backup task all devices in my environment labs)
Ansible control: ansible installed, use playbook variable to manage quantity/type of devices, use templates to send scripts to Jump server to execute.
Jum server: Python installed, expect installed. Only use for executing scripts to manage devices (upgrade, backup, etc…)
playbook.yml sample
This isn’t necessary best practices but, more security policies.
Jonathan Lozada De La Matta on mobile
– You received this message because you are subscribed to the Google Groups “Ansible Project” group. To unsubscribe from this group and stop receiving emails from it, send an email to . To post to this group, send email to . To view this discussion on the web visit . For more options, visit .
Hi Tran,
thanks for your response!
Do you see any connection drops when we ask ansible to go thru jump servers? or else we can provide acess to ansible to connect directly to access all devices?
Hi Jon,
You mean Jump is not necessary ?
thanks,
No, is not. Usually is required by organizations but, is not required with ansible.
Jonathan Lozada De La Matta on mobile
– You received this message because you are subscribed to the Google Groups “Ansible Project” group. To unsubscribe from this group and stop receiving emails from it, send an email to . To post to this group, send email to . To view this discussion on the web visit . For more options, visit .
good policies is needed but using jump server is a better choice. Imagine:
- You can use local network server to build all ansible scripts, playbooks and only allow this server can access jump server.
All ansible playbook, scripts protected by ansible vault.
Playbook send scripts to jump server to execute wanted tasks then make 1 more task to remove all run scripts, clearing logs on jump server after process done.
- Jump server contain nothing after running scripts → more safety
@Raj: why does packet drop? It belong to your network is stable or not.
Hi Tran,
you have suggested a model Ansible control → Jump server → cisco devices to execute playbooks on jumpserver using expect installed on jumpserver.
Can you please explain clearly how hostfile configuration needs to be done. And also iam not familier with the j2 templates used in the above example. can you share sample template file for executing “show version” command on network devices.
Thanks in Advance.