Backing Up Cisco 'Show' Output via Ansible, Code Commit, and S3

Ah the Cisco 'show' command output. Every answer from the running-configuration, to the routing table, to hardware health and inventory information can be shown via some Cisco command beginning with 'show'. This output is extremely useful in diagnosing operation. It's also extremely useful in restoring operation. However, these commands can only be run in the immediate by the operator when logged into the device, and are not versioned, or logged into the device. So, the 'show command' is only as good as the time it's entered into the device.

But what if we could automatically execute these commands, pull their output into a file, and archive it with a version? We absolutely can with Ansible.

Ansible is s an open-source software provisioning, configuration management, and application-deployment tool. It runs on many Unix-like systems, and can configure both Unix-like systems as well as Microsoft Windows. It includes its own declarative language to describe system configuration. This is expressed in YAML in things called Ansible Playbooks.

Note: This assumes only Ansible basics. We could be here for pages talking inventory, roles, group variables, etc. This is a down and dirty playbook-only operation

Playbooks are Ansible's configuration, deployment, and orchestration language. They can describe a policy you want your remote systems to enforce, or a set of steps in a general IT process. These are the step by step processes, or to-do list, of items a user wants to execute on a remote system.

At a basic level, playbooks can be used to manage configurations of and deployments to remote machines. We're pretty much doing just that in this example. Playbooks are designed to be human-readable and are written in YAML or 'Yet Another Markup Language'. YAML allows Ansible to be easily written and read (even for NetOps CLI guys like me), and is also 'self-documenting' given that near anyone can read a playbook and understand what it is intended to do without referencing outside resources. There are multiple ways to organize playbooks, but for this example, we're just going to make one simple playbook that will excecute the tasks we need.

Speaking of tasks, here are our goals for this playbook:

After the items are in the Code Commit repository from Ansible's operations, we'll utilize Code Pipeline and CloudWatch Events to trigger a job to copy the contents of the repository to an S3 bucket, with versioning, for archiving purposes.

Lets get started

First, the Ansible Playbook. This can also be pulled / cloned from my ansible-examples repository on GitHub (Link here)

- name: Backup Cisco
  hosts: cisco
  connection: network_cli
  become: yes
  become_method: enable
    - name: Show commands being sent for Cisco Devices
          - "show version"
          - "show run"
          - "show hw-module all entity"
      register: show_output

    - name: save collected infromation
        content: "{{ show_output.stdout[item.index] }}"
        dest: "{{ item.filename }}"
        label: "{{ }}"
      - name: show version
        index: 0
        filename: "~/repositories/mcornstu-net-infrastructure-configuration/{{ inventory_hostname }}_version.txt"
      - name: show run
        index: 1
        filename: "~/repositories/mcornstu-net-infrastructure-configuration/{{ inventory_hostname }}_{{ ansible_date_time.iso8601 }}_running-config.txt"
      - name: show hw-module all entity
        index: 2
        filename: "~/repositories/mcornstu-net-infrastructure-configuration/{{ inventory_hostname }}_hw-modules.txt"


© 2019