Network Configuration Templating with Ansible – Part 3

Justin Drew

September 27, 2022

In the first and second parts of this series we discussed extracting variables from your device configurations, building your host and group data structures with those variables, and then using that data along with Jinja2 templates to generate configurations programmatically. In the third part of this series, we will dive deeper into the more advanced methods of manipulating the data output during generation by using two key features of Jinaj2, filters and macros.

Filters

When using Jinja2 to generate configurations you might find yourself at times wanting to convert a variable value to another format. This is useful in cases where you don’t necessarily want to document every possible variable for your configuration. One example of this would be using a CIDR notation for an IP address variable. By using CIDR notation, you’re able to document not only the host address but also determine the network address, broadcast address, and associated netmask. Extracting that information from the CIDR address variable is where Jinja2 filters come into play. By using the ipaddr filter that’s based on top of the netaddr Python library, you’re able to pass the CIDR address to a specific variable to get the desired piece of data.

In order to utilize a filter such as ansible.utils.ipaddr, you pipe (using the | character) a value to your desired filter. You can chain together as many filters as you like as shown below:

# router1.yml
network: "192.168.1.0/24"

# template.j2
ip route 0.0.0.0 0.0.0.0 {{ network | ansible.utils.ipaddr("1") | ansible.utils.ipv4("address") }}

By using the CIDR address notation defined by the network variable and passing it through the ipaddr and ipv4 filters, we are able to obtain the gateway address and render the default route as shown:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

This works due to a Jinja2 filter simply being a Python function that accepts arguments and returns some value. With the first ansible.utils.ipaddr("1") step, it’s taking the value of the network variable and finding the first IP address in the network, 192.168.100.1/24. Then the ansible.utils.ipv4("address") filter takes that value and finds just the address, which strips the /24 and returns 192.168.100.1.

Now, you might be asking yourself what would be the use for something like this? Using templates like the above allows for you to make changes across your fleet while still taking into account variations in configurations. For example, you could write a playbook like below to set a new default gateway on devices:

# update_gateways.yaml
- name: Default Route Update Playbook
  hosts: all
  gather_facts: false

  tasks:
    - name: Update default gateway on inventory hosts
      cisco.ios.ios_config:
        backup: "yes"
        src: "./template.j2"
        save_when: "modified"

(base) {} ansible-playbook -i inventory update_gateways.yaml

PLAY [Default Route Update Playbook] ***********************************************************************************************************************

TASK [Update default gateway on inventory hosts] ***********************************************************************************************************************
changed: [router1]
changed: [router2]
changed: [router3]

PLAY RECAP ***********************************************************************************************************************
router1                    : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
router2                    : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
router3                    : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

To obtain the currently available filters included with Ansible, you’ll need to install them from the ansible.utils collection. This can be done by issuing ansible-galaxy collection install ansible.utils at the command line. In addition, as filters are simply Python functions, you are able to write your own for utilizing within your templates. This is extremely helpful when you have some complex piece of data that you wish to manipulate before inserting into a configuration. Using the example from above, we can write a function to perform the same and simplify the template:

#custom_filters.py
import netaddr

class FilterModule(object):
    def filters(self):
        return {
            "get_gateway_address": self.get_gateway_address
        }

    def get_gateway_address(self, network: str):
        network = netaddr.IPNetwork(network)
        return str(network.ip + 1)

As custom filters are just simple Python functions, adding them into the Jinja environment for Ansible requires some specific code. As you can see in the example above, there is a FilterModule class that Ansible looks for when adding custom filters. In this class there must be a filters method that returns a dictionary where the key is the name you want to use for your filter and the value being the function itself. There isn’t a requirement for the called method to reside in the FilterModule class, but putting it there helps prevent potential namespace conflicts.

In order to test this filter within Ansible, you can place the Python file containing the filter definition inside a folder called filter_plugins alongside your playbooks, utilizing it as shown in the diagram below:

(base) {} tree
.
├── filter_plugins
│   ├── custom_filters.py
├── group_vars
├── inventory
├── update_gateways.yaml
├── template.j2

You would then simply update the template line to use the filter like so:

ip route 0.0.0.0 0.0.0.0 {{ network | get_gateway_address }}

Once you’re confident it’s working as intended, you can bundle it alongside others in a collection for easy installation in other environments. If you’re curious about the included filters in Ansible, the source for them is available in their GitHub repo. The Jinja2 framework also includes a number of filters that can be found in their reference documentation.

Macros

Macros are the equivalent of functions in Jinja2. They can be used to store a single word or phrase, or even do some processing and manipulation of your data using Jinja2 syntax as opposed to Python syntax. These are handy when you might not be comfortable with Python but still want to process your data in some manner. Continuing with the example from above, we could write a macro to note the combination of filters like below:

{% macro get_gateway_ip(network) -%}
{% network | ansible.utils.ipaddr("1") | ansible.utils.ipv4("address") -%}
{%- endmacro -%}

We would then need to update the template to call the macro by passing the variable value to the macro as an argument much like Python takes arguments:

ip route 0.0.0.0 0.0.0.0 {{ get_gateway_ip(network) }}

Notice how we pass in the network variable, which in the template file is equivalent to the CIDR notation 192.168.1.0/24. This value is what is then passed to the macro, and acted upon by the filters. The macro then returns the ip address as 192.168.1.1. The rendered result would be:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Another example would be to define the default interface configuration and expand that macro for your other port roles. Using the configuration information below, we can create a macro that covers the basics of an interface like so:

interfaces:
    - name: "GigabitEthernet0/1"
      duplex: "full"
      speed: 1000
      port_security: false
    - name: "GigabitEthernet0/2"
      duplex: "full"
      speed: 1000
      port_security: true

{% macro base_intf(intf) -%}
interface {{ intf["name"] }}
  duplex {{ intf["duplex"] }}
  speed {{ intf["speed"] }}
{%- endmacro -%}

We can then create another macro that extends the base_intf macro to add in the appropriate port security configuration like so:

{% macro secure_port(intf) -%}
{{ base_intf(intf) }}
  access-session port-control auto
  dot1x pae authenticator
{%- endmacro -%}

Now, when we want to generate the configuration we simply need to call the appropriate macro, like so:

# interfaces.j2
{% for intf in interfaces %}
{% if intf["port_security"] %}
{{ secure_port(intf) }}
{% else %}
{{ base_intf(intf) }}
{% endif %}
{% endfor %}

The above template would then render the following configuration using the interface information above:

interface GigabitEthernet0/1
  duplex full
  speed 1000
interface GigabitEthernet0/2
  duplex full
  speed 1000
  access-session port-control auto
  dot1x pae authenticator

As above, we can then utilize this template in a playbook to update the interfaces on our Devices like so:

# update_interfaces.yaml
- name: Update Interfaces Playbook
  hosts: all
  gather_facts: false

  tasks:
    - name: Update interfaces on inventory hosts
      cisco.ios.ios_config:
        backup: "yes"
        src: "./interfaces.j2"
        save_when: "modified"

(base) {} ansible-playbook -i inventory update_interfaces.yaml

PLAY [Update Interfaces Playbook] ***********************************************************************************************************************

TASK [Update interfaces on inventory hosts] ***********************************************************************************************************************
changed: [router1]
changed: [router3]
changed: [router2]

PLAY RECAP ***********************************************************************************************************************
router1                    : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
router2                    : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
router3                    : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

As you can see, using macros enables you to minimize duplicated code, which simplifies things in addition to building compartmentalized logic into your templates. In addition, as with Python functions, you can place these macros in a central repository and reference them in your templates using Jinja imports. However, that’s outside the scope of this post, but more information can be found in the Jinja2 documentation.

Conclusion

In this post we went over the basics of Jinja2 filters and macros and how they can be utilized to aid you in manipulating your data being inserted into your templates. In Part 4 of this series, we’ll go into how Ansible handles variable inheritance and how that can enable more advanced templates.

-Justin

Tags :

ansible automation-concepts automation-journey golden-config jinja structured-data

Does this all sound amazing? Want to know more about how Network to Code can help you do this, reach out to our sales team. If you want to help make this a reality for our clients, check out our careers page.

Contact Us to Learn More

Share details about yourself & someone from our team will reach out to you ASAP!

Author

Chiara Geronzi

View all posts

Cookie	Duration	Description
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
__hstc	5 months 27 days	Hubspot set this main cookie for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Network Configuration Templating with Ansible – Part 3

Filters

Macros

Conclusion

Tags :

Share :

Contents

Recent Posts

December 11, 2024

December 5, 2024

November 25, 2024

November 15, 2024

October 4, 2024

Contact Us to Learn More

Author

Nautobot

What we do

How we do it

Company

Community

Resources

Contact us