How to automate configuration management for free using Ansible, Ubuntu, VirtualBox

This how-to shows how to use free Ansible software to automate configuration of Cisco routers and links to other Ansible modules that apply to other vendors' gear and support other functionality

diagnostics / monitoring / manual configuration
Da-Kuk / Getty Images

Configuration management (CM) utilities can automate the configuration of network devices, saving time and eliminating many of the human errors introduced during manual configuration.

While this functionality is rolled up in software-defined networking and intent-based networking products, it can also be tapped for free using open-source software.

This article shows how to use the free Ansible CM utility from RedHat running on a free Ubuntu Linux operating system within a virtual server created with free VirtualBox software. For the purposes of this cookbook, Ansible is used to automate CM for Cisco IOS-based routers, but Ansible modules are available for other vendors gear and other utilities, including A10, Aruba, Citrix Netscaler, F5, Fortinet, Juniper, Palo Alto Networks and others.

Step 1: Launch the Ansible server

First, go to this site, download and install VirtualBox software to create a virtual machine on your computer where you can install Ubuntu and then run Ansible.

Go to this site and download the Ubuntu 18.04.1 LTS desktop edition to your local hard drive.

Now using VirtualBox, create an Ubuntu virtual machine on which to run Ansible.

In VirtualBox, click the blue “New” icon.

Type in the name of our virtual server: Ansible Server.

Select the Type: Linux.

Select the Version: Ubuntu (64-bit), click Next.

Give this system 4 GB of RAM (4096 MB), click Next.

Use the defaults of using 10GB of hard disk storage, leave “Create a virtual disk now” checked, click Create.

Leave the default VDI selected, click Next.

Leave the default “Dynamically allocated” selected, click Next.

Leave the file location and size default settings, click Create.

You see that one virtual server has been created.

Now you need to make some configuration settings before booting it up.

Select the Ubuntu virtual server from the list of virtual servers in VirtualBox and click on the “Settings” cog button.

Select Storage on the left pane of the Setting options.

Next to Controller: IDE, click the button to “Adds Optical Drive” > Choose Disk > Select the Ubuntu 18.04.1 ISO file downloaded previously.

Select Network, on the left pane of Setting options.

Select Bridged Adapter, under Adapter 1 tab, make sure “Enable Network Adapter” is checked.

Select Attached to: “Bridged Adapter” and under Name select the Ethernet interface of your computer, then click OK.

Now you are ready to start the virtual machine.

Click the “Start” green right-arrow icon. (Now the Ubuntu operating system will start to boot up.)

Select your language: English, Install Ubuntu

English, English, click Continue

Choose Normal Installation, Download updates while installing, click Continue.

Select Erase disk, click Install Now, click Continue.

Select your timezone, click Continue.

Enter a name, enter the virtual computer name, username and password, click Continue.

Let it install the software. This takes a few minutes.

Click “Restart Now” when prompted.

When it prompts “Remove the installation media”, press Enter.

Now the system is running, and you can logon to the VirtualBox console as the user you just created.

Go through the introductory screens > Next > Next > Next > Done.

The default resolution can be pretty small for many computers, so you can increase it if you like.  You might be able to simply scale the window to be larger by clicking and dragging the lower-right corner of the window.  You can also change the display size with the Displays app.  Click on the top-left “Activities”, type Displays, click on the Displays app. Under Resolution, select the resolution, Apply, Keep changes.

When prompted, install updates because you want to be working with the latest software. Enter your password and if prompted, restart the system.

Step 2: Configure the Ansible server

Now you want to further update and patch, and install some basic tools, python and Ansible on this system.

Log into the Ansible Server console in VirtualBox and launch a terminal window.

Click Activities, then type the word “Terminal” and the Terminal app will be listed. Click on that icon.

Run the following commands from the Terminal “$” prompt.  When you run the first sudo command you will be prompted for your password.

sudo apt update

sudo apt upgrade -y

sudo apt install openssh-server -y

sudo apt install net-tools -y

sudo apt install sshpass -y

sudo apt install tree -y

sudo apt install python python-pip python-setuptools -y

sudo apt install ansible -y

At this point you can use SSH to connect to the Ansible Server.

Run the ifconfig command to determine the IPv4 address of the virtual server, and use your favorite SSH utility to connect to that IP address using your username and password.

This should log you into the system and you should be in the /home/username directory.

Now create an ansible directory and place your configuration inside.


mkdir ansible

Change into that directory

cd ansible

Create the ansible configuration file with the name ansible.cfg using the nano editor

nano ansible.cfg

The contents of the file should look like this:


hostfile = ./myrouters


timeout = 5

Now create a manual inventory file of your routers.

Create a subdirectory called myrouters

mkdir myrouters

Change into that directory

cd myrouters

Create a file called routers with the nano editor

nano routers

The contents of the file should look like this:







          ansible_user: cisco



          ansible_user: cisco

Note: This file uses YAML syntax so the blank spaces at the beginning of each line in the nested hierarchy of settings are very important.

Substitute the IP addresses of your test routers into this configuration file.  In this example, the username/password of the routers is cisco/cisco.  Obviously, that’s not the most secure choice, but you can customize it for your username.

Note: You won’t want to test this technique on your production devices. Select a router in your lab first to gain familiarity with how Ansible works before deploying any configuration commands into production.  Also, change windows help prevent a “resume generating event”.

Now create a file to hold the passwords for each router.

Move up one working directory

cd ..

Create a directory to hold the passwords

mkdir host_vars

Change into that directory

cd host_vars

Create a file for the IP address and password for router1

nano router1

The contents of the file should look like this:



ansible_ssh_pass: cisco

Create a file for the IP address and password for router2

nano router2

The contents of the file should look like this:



ansible_ssh_pass: cisco

Configure the ~/ansible/myrouters/routers file and the ~/ansible/host_vars/ files based on the routers, IP addresses, usernames and passwords of the routers you are testing with.

You can use the tree command to see the files you have created and which directory they are in.



├── ansible.cfg

├── host_vars

│   ├── router1

│   └── router2

└── myrouters

    └── routers

2 directories, 4 files

Return to the base ansible directory, move up one working directory

cd ..

Now you are ready to test using ansible to run a command on router1.

ansible router1 -u cisco -m raw -a "ping"

You should have observed the ansible program running and the “Router1 | SUCCESS | rc=0 >>” output along with the results of the ping command.

Test out using ansible to run a command on router2.

ansible router2 -u cisco -m raw -a "ping"

You should see the same successful output on the second router.

Now test if you can use ansible to communicate to both routers together using the group name “myrouters”.

ansible myrouters -u cisco -m raw -a "ping"

This should have succeeded, and you can observe the output from both routers.

You can use this same ansible method to run another command on router1.

ansible router1 -m raw -a "show clock" -c ssh

Use ansible to run another command on router2.

ansible router2 -m raw -a "show clock" -c ssh

Now run the “show running-configuration” command on both routers “myrouters”.

ansible myrouters -m raw -a "show run" -c ssh

Step 3: Create an Ansible playbook

The next step is creating an Ansible playbook to configure network time protocol (NTP)to use a time server located at NIST in Boulder Colorado.  This playbook uses the built-in ios_config module to make a configuration change to an IOS router.

Now create a playbook YAML file in the /home/username/ansible/ directory using the nano editor

nano ntp_playbook.yml

The contents of the file should look like this:


- name: NTP Playbook

  hosts: myrouters

  connection: local

  gather_facts: false

  remote_user: cisco



    - name: Configure NTP



         - ntp server

      register: ntp_result

Note: Again, this is a YAML formatted file so pay attention to the blank spaces before each line.  You should be able to just copy/paste this file from here into your SSH session.

Now run this playbook:

ansible-playbook ntp_playbook.yml

and it will make this NTP configuration change to both routers. You should observe output showing that the configuration change was successfully made to both routers.

You can run another ansible command on both routers to verify that NTP was successfully configured:

ansible myrouters -m raw -a "show ntp associations" -c ssh

You should observe that the NTP configuration worked, and NTP associations are formed from your routers to the NIST time server.

You now have a simple Ansible virtual server that is capable of automated configuration management on Cisco IOS routers.

Next Steps:

Obviously, this just scratches the surface of what could be done with Ansible and network devices.  To evolve this Ansible virtual server into a fully functional CM system:

  • Continually run this playbook to make sure that the NTP server settings on our routers are the way we want them per the script
  • Improve the storage of the passwords by using SSH private keys
  • Expand this deployment to additional routers
  • Build out more complicated configuration commands using Jinja2 templates.
  • Utilize other Ansible Cisco IOS modules such as ios_command, ios_interface or ios_system.
  • Expand to use Ansible with other network vendors. There are Ansible modules for many different network vendors.
  • Integrate network playbooks into the other Ansible playbooks that the DevOps, server administrators and security administrators might be using when they deploy new applications.
  • Utilize the same Ansible framework to provision application infrastructure from networking, system, operating system, to application layers. This is a critical capability to build a PaaS or SaaS offering on a multi-tenant infrastructure.

Useful Resources

Here are some links to resources that could assist you on your network programmability journey.  You can take what you have just learned and deepen your knowledge of network programmability and Ansible configuration management through these other sources.

(Scott Hogg is a co-founder of, an IPv6 consulting and training firm, and has over 25 years of cloud, networking and security experience.)

Copyright © 2019 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022