Automatically backup net device configuration using Ansible

Here we are again, hope you are ready to learn about how to backup an Ubiquiti Edge Router automatically with Ansible. First off you might be thinking why are we backing up an Ubiquiti Edge Router instead of a Cisco or an Arista router. Well I own this type of router and run it in my home network. These little routers are great for home environments by the way and I wanted to share this with you all.

Now the goal here is to backup the configuration of the router to the localhost that Ansible is ran from. We don't actually back up the config file to the router itself, that would defeat the purpose of a true backup. To get started we first need to install Ansible. Ansible is a Python package and we can install it in a virtualenv like so.

pip install ansible

Since it is now installed we can move on to creating our files needed to run the backup. We first need to create a new director in our home directory. Create a new directory called ansible-backup. Then navigate to that directory. Once in that directory create a new file named ansible.cfg. This is you local Ansible config file. In here we want to add a setting that prevents the host key check when you ssh to the network device. When this option is set to false it will not perform the host key fingerprint check that would prevent us from logging in otherwise. Here is the contents of the file:

[defaults]
host_key_checking = False

Now we need to create a another file that contains our hosts to backup. We are going to use a yaml file for this as that is the preferred way to setup these Ansible files. Call this file hosts.yml.

---
datacenter:
  children:
    routers:
      hosts:
        <ip-address>
  vars:
    ansible_connection: network_cli
    ansible_network_os: community.network.edgeos
    ansible_user: <username>
    ansible_ssh_pass: <password>

This file contains the portions that determine what hosts to connect to and the connection parameters.

First off replace the ip-address, username and password with your device details. The Ansible connection will stay the same if you are connection to a different type of network device. The network os option will change based on what type of device you are connecting to.

Next we need to create our last file and we are going to call it edgeos.yml.

---
- hosts: routers

  tasks:
    - name: Backup Configuration
      community.network.edgeos_config:
        src: edgeos.cfg
        backup: true

Here we reference the routers section of the hosts file to connect to. Then we define our tasks, and we only have one task, which is to backup the configuration of the network device. The task always has a name, which can be anything you want it to be. Then we have to call the correct Ansible module that allows us to perform the backup. In our case it is community.network.edgeos_config. In that config section we define the dictionary key value pairs to determine the src of the backup file, and we set the backup option to true to actually backup the config to localhost. You can specify the backup_options, however you must specify a filename and directory path. This does not allow for a new backup to occur, unless you delete the original backup file on localhost host. Not specifying the backup options as we have done here, defaults the name of the backup file to include the date and time. So when you run the Ansible playbook it will always create a new backup file.

Now that we have all that setup we can actually perform the backing up of the configuration on our network device. To do that we need to run the following command:

ansible-playbook edgeos.yml -i hosts.yml

This command calls the playbook, which in our case is the edgeos.yml file and then we specify the -i flag for the inventory file of hosts.yml. All this combined gives us the output of:

PLAY [routers] *********************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************
ok: [ip-address]

TASK [Backup Configuration] ***************************************************************************************
changed: [ip-address]

PLAY RECAP *************************************************************************************************************
ip-address                : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

As you can see it ran two tasks, even though we only specified on task. This is because, it has to discover the details of the device first before trying to run the remaining tasks. You can see that both of these two tasks have a status of ok and one task has a status of changed. This means they both ran successfully and there was one change, which was the saving of the configuration to localhost.

Hopefully this is helpful in understanding how Ansible works on backing up the configuration of a network device. Please tune in for more posts coming shortly.