Sunday, November 25, 2018

Automating Cisco IOS and ASA backups using Ansible and Cron - Part 1



This how-to assumes a certain level of linux knowledge as well as a passing familiarity of Ansible. Before diving in its probably best to review some of the resources linked here and here to brush up on the ins and outs of Ansible.

Using the topology below in GNS3.

Full configuration of ASA can be found here Link to ASA config
Full configuration of IOS device can be found here Link to IOS config

Initial setup
Configure ssh pubkey auth on Cisco ASA

Configure ssh pubkey auth on Cisco IOS Setup ssh-agent to store your keys Create Ansible Inventory
In this example my ASA management interface is 192.168.101.5 and the IOS switch is 192.168.102.6

This lives in /etc/ansible/.  More info on using Ansible inventory can be found here
'rm hosts' to remove the example file and create a new one with 'nano hosts' or 'vim hosts' depending on your preference.



Test your progress so far  with the Ansible 'ping' command
If succesful, you should see a result similar to the image below

Building our Playbooks
Our first playbook will create the directories we will be copying our backups to. Create a file with the contents below and run the playbook by entering 'ansible-playbook create-backup-file.yml

Create a file asa-backup-playbook.yml in the /etc/ansible directory.
This playbook makes use of the asa_command module. Documentation on this module can be found here
Copy the contents below into the asa-backup-playbook.yml file. Run the playbook with the command 'ansible-playbook asa-backup-playbook.yml'


Navigate into the Backups folder and you should find a text file containing a backup up of your device config.


Our IOS backup is relatively simulair to our ASA playbook. The difference being we are now using the ios_command module linked here and the targeted hosts has been changed from our ASA group to our IOS group

Using the same workflow as with our ASA example, create a yaml file ios-backup-playbook.yml and paste in the contents below

Run the playbook, then navigate to the backup directory to view the text file containing our backup.



Scheduling with Cron
edit your crontab with crontab -e and enter the following

The first line kicks off our first playbook we used to create our backup directories. We run this again in the event we add additional hosts to our ASA or IOS group. 

Fifteen minutes later our asa backup playbook is started, with the ios backup playbook starting another 15 minutes after that. 




at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Using Powershell to prep for a DHCP cutover

 Alright, here is the background.  Recently I was working on migrating a few locations off of bog standard Microsoft Windows DHCP server to ...