Link Search Menu Expand Document
calendar_month 11-Jun-24

Ansible Two-Tier Inventory

An Ansible inventory file serves two primary functions for AOS-CX automation: it defines the set of switches to apply automated configuration, and it defines a set of variables that provide configuration values for those switches.

Table of contents

YAML Inventory File

Ansible inventory files are formatted using YAML data structures. The Two-Tier data center inventory file provides a reference for formatting host, group, and variable data in an Ansible automation.

Red Hat’s How to build your inventory guide provides a general reference on creating inventory files.

The example inventory variable values must be modified to align with the organization’s environment. This includes customizing the host IP addresses, DNS servers, port assignments, etc. This chapter provides background information and the variable names needed to modify the example inventory file successfully for individual needs.

Inventory Hosts

Hosts are the targets for an Ansible playbook automation. They are defined in one or more hosts sections in the inventory file.

An ansible_host variable is assigned to each switch with a fully-qualified DNS name (FQDN), IPv4 address, or IPv6 address value. The playbook uses this value for SSH and API communication with switch management interfaces.

Additional variables are associated with each host that represent the desired configuration state of the target switch. Variable values can be assigned directly to an individual host or inherited through the group structure described in this chapter.

Inventory Variables

Variables defined in the Ansible inventory file serve two general purposes: they specify switch configuration and Ansible playbook behavior. Most variables in the Ansible inventory file represent values assigned to switch configuration statements when the playbook builds a switch configuration file.

All the variables in the example inventory file are necessary for the Two-Tier data center playbook to run properly.

Single Value Assignments

Simple variables assign a single value to the right of the variable name with a colon separator.

mtu: 9198
vsx_role: primary
vsx_system_mac: 02:00:00:00:10:01

List and Dictionary Assignments

It can be advantageous to assign multiple values to a single variable for automating switch configuration.

Lists can be defined using two methods in the inventory file. The first method assigns a set of comma delimited values in square brackets to a variable name. The second method assigns each list member on a new line preceded by a dash.

The second method provides an easily understandable visual structure for creating dictionaries (multidimensional arrays), where each dictionary member contains its own set of nested variables. A dictionary is analogous to an employee record, where each employee is assigned a set of values such as name, address, and phone number.

Array Definition MethodArray Syntax
Method 1: comma delimited simple list in square bracketsvariable_name: [value1, value2, value3]
Method 2: simple list with dash-delimited linesvariable_name:
  - value1
  - value2
  - value3
Method 2: dictionary entries containing
a subset list of variable assignments
dictionary_variable_name:
  - dict1_var1: dict1_var1_value
    dict1_var2: dict1_var2_value
    dict1_var3: dict1_var3_value
  - dict2_var1: dict2_var1_value
    dict2_var2: dict2_var2_value
    dict2_var3: dict2_var3_value
  - dict3_var1: dict3_var1_value
    dict3_var2: dict3_var2_value
    dict3_var3: dict3_var3_value

Example lists from the inventory file are shown below:

ntp_servers: [10.2.120.98, 10.2.120.99]
dns_servers: [10.2.120.98, 10.2.120.99]
vsx_isl_ports: ['1/1/49', '1/1/50']

The following example illustrates how to assign sets of variables in dictionary form to the host_vlans variable. Grouping sets of values in this manner facilitates AOS-CX config automation in the template file.

host_vlans:
- id: 101
  name: PROD-WEB
  ip_address: 10.12.101.2
  active_gateway_mac: 02:00:0a:01:65:01
  active_gateway_ip: 10.12.101.1
- id: 102
  name: PROD-DB
  ip_address: 10.12.102.2
  active_gateway_mac: 02:00:0a:01:65:01
  active_gateway_ip: 10.12.102.1

AOS-CX Ansible Collection Variables

AOS-CX Ansible Collection variables are reserved names that modify playbook behavior and connectivity to automated hosts.

Some AOS-CX Ansible Collection variables require a specific value, such as the following connection variables.

ansible_connection: arubanetworks.aoscx.aoscx   # DO NOT CHANGE
ansible_network_os: arubanetworks.aoscx.aoscx   # DO NOT CHANGE
ansible_httpapi_use_ssl: True   # DO NOT CHANGE

Inventory Groups

Groups provide a hierarchical structure for the inventory file. Ansible hosts and variables can be defined at any group level in the hierarchy.

In the example deployment, six groups are defined to organize the inventory file into a four-level hierarchy.

Groups enable efficient organization of common configuration elements, similar to Aruba Central. Each host inherits the variables assigned to groups in its path hierarchy. This enables assigning common configuration elements on multiple affinities, such as data center location, functional role, or rack.

Core switch hosts are defined in the core group. Server access switches are defined in their respective rack group to accommodate configuration common to each VSX pair. For example, server access switches in rack 1 are defined in the rack1 group.

AOS-CX Ansible Collection variables that apply to all switches are defined once in the aoscx_switches group. Configuration values common to all data center switches are defined once in the DC-RSV group. The core and access groups assign configuration common to switches in those respective roles. Configuration values common to access switches in the same rack are defined at the rack level. The rack groups are defined primarily to apply VSX and MC-LAG configuration to redundant top-of-rack switches. Variables that have unique values at each host are defined at the host level for both core and access switches.

The following diagram illustrates a sample variable at each group level inherited by a host and a unique host variable assignment:

When the same variable exists in multiple contexts, the assignment nearest the host in the hierarchy is used by the Ansible playbook. A host variable assignment takes precedence over all group assignments.

The example Ansible group organization is just one approach for categorizing switches with common configuration elements. Organizations should use a grouping methodology that best meets their needs.

Specify a Template File

The playbook uses inventory variables in conjunction with a configuration template to build AOS-CX configuration statements.

When automating more than one switch model or role, some configuration elements may be unique to the model or role. Two examples include:

  • Assigning switch profiles to optimize hardware resources with a switch’s network functions. Switch profile names are not consistent across all switch models.
  • In the Two-Tier data center, OSPF routing is configured on core switches, but not on server access switches.

A separate template file for core and access switches is used in our example deployment. Standardizing a consistent switch platform for each role can simplify template creation, although additional scripting logic can be applied in a template file to accommodate model differences.

It is best practice to use different configuration templates for each switch role for efficient template file administration.

The configuration templates are assigned to a host with the config_template inventory variable. In this project, the config_template variable is assigned in the core and access group contexts.

config_template: templates/2TierV2/access.j2

Configuration templates are described further in the Ansible Template chapter.

Planning Inventory File Values

This section provides sample values and rationale for naming and numbering schemes. Adjust values and formats as needed to accommodate specific requirements. Use a consistent approach in the physical and logical configurations to improve network management and troubleshooting.

Naming Conventions

Establish a switch naming convention that indicates the switch type, role, and location to simplify identification and increase operating efficiency.

Example values used in this guide:

Switch NameRoleDescription
RSVDC-CORE1-1CoreRoseville Data Center Core Switch, VSX Pair Member 1 (primary)
RSVDC-CORE1-2CoreRoseville Data Center Core Switch, VSX Pair Member 2 (secondary)
RSVDC-ACCESS1-1AccessTop-of-Rack Access Switch in Rack 1, VSX Pair Member #1 (primary)
RSVDC-ACCESS1-2AccessTop-of-Rack Access Switch in Rack #1, VSX Pair Member 2 (secondary)

In the Ansible inventory file, the switch name is defined as an Ansible inventory name in the hosts stanza. For example, the inventory name RSVDC-ACCESS-1-1 is created in the hosts stanza in the DC-RSV > access > rack1 group context. Each link in the table above references the location in the inventory file for a specific switch’s inventory name.

When executing the playbook, the hostname in the configuration file is set based on the current iterated switch inventory name.

IP Address Planning

Plan a consistent IP numbering scheme with values that can accommodate the current deployment size and leave room for growth. Define a range that can represent loopback addresses, IP addresses used in supporting protocols, and a range for data center hosts. It is beneficial to assign data center host subnets from a larger range of maskable IP addresses that summarizes all host subnets in the data center.

Example IP address ranges used in this guide:

SubnetFunctional Description
10.255.12.0/24Routed interface IP addresses
10.250.12.0/24Loopback IP addresses
10.12.0.0/16Summary range of all data center host subnets
10.12.101.0/24Example of a specific data center host subnet

The Ansible inventory statically defines all the IP addresses needed, including loopback addresses and routed interfaces. Each link in the table above references the location in the inventory file of an example IP address assigned from the pool. Some values and variables are repeated for devices. Be sure to review all entries in the inventory file before execution.

MAC Address Planning

A Locally Administered Address (LAA) should be used when defining virtual MAC addresses for VSX and active gateway functions. This is required when configuring an Active Gateway for an SVI on a VSX pair and when configuring the system MAC address of VSX. An LAA is a MAC in one of the four formats shown below:

x2-xx-xx-xx-xx-xx 
x6-xx-xx-xx-xx-xx 
xA-xx-xx-xx-xx-xx 
xE-xx-xx-xx-xx-xx

The x positions can contain any valid hex value. It is helpful to create a hexadecimal representation of the associated IP address or VLAN ID using the hex positions. For more details on the LAA format, see the IEEE tutorial guide.

In this guide, VSX system MAC addresses are set to 02:00:00:00:10:xx, where xx is replaced with the rack number of the VSX pair and the core switches use a value of 00.

Active Gateway MAC addresses are set in the format 02:00:0a:xx:xx:xx.

The host_vlans variable defined in the RSV-DC group is redefined for each core switch at the host level. Be mindful to use consistent vlan_id and name values in the inventory file at both levels.

Note: A variable’s value may be reassigned at a different level in the inventory file’s hierarchy for several reasons. In our example, the dictionary values assigned to the host_vlans variable in the DC-RSV group are inherited by all access switches. The core switches require additional variables in the dictionary for their roles in the network, where some values are unique to the host. Redefining the host_vlans variable at each core switch’s host level overwrites the dictionary values defined in the higher group, so it is necessary to include the previously defined vlan_id and name variables in the new dictionary list assignment at the host level.

Inventory Variable Reference

This section describes inventory variables included in this example Ansible AOS-CX playbook automation. The example inventory file provides a complete reference for the Two-Tier data center automation.

The top level aoscx_switches group assigns variables associated to all switch hosts focused on script execution.

Variable NameValueNotes
ansible_user[switch username]Login user for switch. This value can be changed. It is best practice to define an automation user account.
ansible_password[switch password]Password for the ansible_user account on the switch.
ansible_connectionarubanetworks.aoscx.aoscxThis value is used by the AOS-CX Ansible Collection and must not be changed.
ansible_network_osarubanetworks.aoscx.aoscxThis value is used by the AOS-CX Ansible Collection and must not be changed.
ansible_httpapi_use_sslTrueThis value enables HTTPS communication and should not be changed.
ansible_httpapi_validate_certsFalseChange this value to True to perform certificate validation using the host’s certificate store.
ansible_acx_no_proxyTrue 
ansible_aoscx_validate_certsFalse 
ansible_aoscx_use_proxyFalse 

The DC-RSV group assigns AOS-CX configuration variables common to all data center switches.

Variable NameSample ValueNotes
hostname“{{inventory_name}}”The playbook iterates over each host entry in the inventory file, and the inventory name is the name of the host entry currently being iterated.
groupRSVDCThis value is referenced by another variable to assign the MST instance name.
config_path“configs/”The directory that playbook generated configurations will be stored.
timezone“america/los_angeles”Value used to assign the time zone for all switches at this data center location.
mtu9198Value used to assign the Layer 2 interface MTU. AOS-CX defines the Layer 2 MTU value as the acceptable Layer 3 payload size, not the Ethernet frame size directly.
stp_config_name“{{group}}”Value used to assign the MST instance name to the value of the group variable.
ntp_servers[10.2.120.98, 10.2.120.99]List of NTP servers used to assign multiple NTP servers.
ntp_vrfmgmtValue used to assign source VRF for NTP queries.
dns_servers[10.2.120.98, 10.2.120.99]List of DNS servers used to assign multiple DNS servers.
dns_domainexample.localValue used to assign DNS domain.
system_locationDC01, Roseville, CAValue used to assign SNMP server system location
system_contactnetadmin@orangetme.localValue used to assign SNMP server system contact
opsf_area0.0.0.0Value used to assign the OSPF area on core switches. The server access switches do not participate in OSPF. Although the ospf_area inventory variable is associated with access switches by its inclusion in the DC-RSV group, it is not applied to server access switch configurations, because it is not referenced by the access switch configuration template when building configuration files.
tacacs_servers This defines the start of a dictionary containing multiple variables for each TACACS server entry.
tacacs_servers.host10.2.120.94Value used to assign the IP address of an individual TACACS server. Each tacacs_server dictionary entry has its own unique IP assignment.
tacacs_server.ciphertext[shared secret]Value used to assign the encrypted shared key for an individual TACACs server.
host_vlans This defines the start of a dictionary containing multiple variables for each server VLAN. The host_vlans dictionary defined at the DC-RSV level is inherited by server access switches, but it is overwritten by host-level variables for each core switch.
host_vlans.id101Value used to assign VLAN ID for each VLAN in the data center. A unique value is assigned to each dictionary entry.
host_vlans.namePROD-WEBValue used to assign VLAN name. A unique value is assigned to each dictionary entry.
vsx_isl_lagid256Value used to assign the LAG ID used as the ISL in a VSX pair.
vsx_keepalive_vrfmgmtValue used to assign the VRF used for VSX keepalive messages.

The core group assigns AOS-CX configuration variables common to data center core switches.

Variable NameSample ValueNotes
config_templatetemplates/2TierV2/core.j2Assigns the core switch configuration template to both core switches. The playbook uses the configuration template and inventory variables in combination to generate switch configuration files.
vsx_system_mac02:00:00:00:10:00Value used to assign VSX system MAC address to both VSX core switches.
vsx_keepalive_ip_primary172.16.117.101Value used to identify the VSX primary switch IP address for VSX keepalive configuration, but not assignment to an interface. The switches used in this deployment example use DHCP to obtain a mgmt interface IP assignment. The IP address assignments for the VSX primary and secondary switches are identified through the use of DHCP reservations.
vsx_keepalive_ip_secondary172.16.117.102Value used to identify the VSX secondary switch IP address for VSX keepalive configuration.
vsx_isl_ports[1/1/31, ‘1/1/32’]Value used to identify the physical interfaces assigned to the VSX ISL. The same interfaces are used on both switches.
mclags This defines the start of a dictionary containing multiple variables for each switch VSX/MC-LAG.
mclags.id1Value used to assign MC-LAG interface IDs. A unique value is assigned to each dictionary entry.
mclags.interfaces[‘1/1/1’, ‘1/1/2’]Value used to assign physical interfaces for a specific MC-LAG ID. Unique values are assigned to each dictionary entry.
mclags.allowed_vlans[‘all’]Value used to assign VLAN IDs for a specific MC-LAG ID. This example is a simple list containing only one element. The all keyword allows all VLANs between core and access switches.
mclags.mtu9198Value used to assign the Layer 2 MTU for MC-LAG member interfaces. It is best practice to set the Layer 2 MTU to its highest value.
mclags.descriptionRACK-1Value used to assign the description for a specific MC-LAG ID. Unique values are assigned to each dictionary entry.

Each core switch is assigned a set of variables at the host level. The variables and lists assigned at the host level contain unique values not shared by other switches. The following table shows sample values for the RSVDC-CORE1-1 switch.

Variable NameSample ValuesNotes
ansible_host172.16.117.101Value used by the AOS-CX Ansible playbook to connect to this specific switch host.
vsx_roleprimaryValue used to assign the VSX role. The template file uses this variable in a conditional statement to generate proper VSX keepalive IP configuration.
loopback0_ip10.250.12.1Value used to assign an IP address to the loopback0 interface.
routing_vlans This defines the start of a dictionary for VLANs used to route to external networks. In this example deployment, only a single external routing VLAN is defined with a single dictionary entry. This dictionary is assigned at the host level for each core switch, because unique IP address assignments exist per host that cannot be inherited from a higher level group.
routing_vlans.id4000Value used to assign VLAN ID for the VLAN used to connect to external networks.
routing_vlans.nameCORE-ROUTING-SVIValue used to assign VLAN name.
routing_vlans.ip_address10.255.12.1Value used to assign a unique VLAN SVI for this specific switch.
host_vlans This defines the start of a dictionary containing multiple variables for each server VLAN. This dictionary is assigned at the host level for each core switch, because unique IP address assignments exist per host that cannot be inherited from a higher level group.
host_vlans.id101Value used to assign VLAN ID for each VLAN in the data center. A unique value is assigned to each dictionary entry.
host_vlans.namePROD-WEBValue used to assign VLAN name. A unique value is assigned to each dictionary entry.
host_vlans.ip_address10.12.101.2Value used to assign unique VLAN SVI for this specific switch.
host_vlans.active_gateway_mac02:00:0a:01:65:01Value used to assign the Active Gateway MAC address shared by the VLAN on both VSX members.
host_vlans.active_gateway_ip10.12.101.1Value used to assign the Active Gateway IP address shared by the VLAN on both VSX members.

The access group assigns AOS-CX configuration variables common to data center access switches.

Variable NameSample ValuesNotes
config_templatetemplates/2TierV2/access.j2Assigns the access switch configuration template to all server access switches. The playbook uses the configuration template and inventory variables in combination to generate switch configuration files. It may be necessary to assign the config_template variable at the host level, when differences between hardware models do not support the same features.
speed_interface_group_10g[1]A list of switch interface groups to set to 10 Gbps operation. The example list contains only a single element.
vsx_isl_ports[‘1/1/49’, ‘1/1/50’]Value used to identify the physical interfaces assigned to the VSX ISL. The same interfaces are used on both switches. The same VSX interfaces can be assigned to all server access switches, because the same switch model and port layout are used for all access switches.

A rack group assigns AOS-CX configuration variables common to a VSX redundant pair of rack switches. In this example deployment, MC-LAGS are defined at the rack level to accommodate unique description and VLAN assignments per LAG. It is possible to define MC-LAGs for all host-facing ports just once in the access group, when assigning all VLANs to the MC-LAGs without unique descriptions.

Variable NameSample ValuesNotes
vsx_system_mac02:00:00:00:10:01Value used to assign VSX system MAC address to both VSX core switches.
vsx_keepalive_ip_primary172.16.117.103Value used to identify the VSX primary switch IP address for VSX keepalive configuration, but not assignment to an interface. The switches used in this deployment example use DHCP to obtain a mgmt interface IP assignment. The IP address assignments for the VSX primary and secondary switches in all redundant top-of-rack server access pairs are identified through the use of DHCP reservations.
vsx_keepalive_ip_secondary172.16.117.104Value used to identify the VSX secondary switch IP address for VSX keepalive configuration.
mclags This defines the start of a dictionary containing multiple variables for each server access switch VSX/MC-LAG to physical servers.
mclags.id1Value used to assign MC-LAG interface IDs. A unique value is assigned to each dictionary entry.
mclags.interfaces[1/1/1]Value used to assign physical interfaces for a specific MC-LAG ID. Unique values are assigned to each dictionary entry.
mclags.allowed_vlans[101, 102]Value used to assign VLAN IDs for a specific MC-LAG ID. This example is a simple list containing two allowed VLANs.
mclags.mtu9198Value used to assign the Layer 2 MTU for MC-LAG member interfaces. It is best practice to set the Layer 2 MTU to its highest value.
mclags.descriptionESXi-01Value used to assign the description for a specific MC-LAG ID. Unique values are assigned to each dictionary entry.

Each access switch is assigned a set of variables at the host level. The variables and lists assigned at the host level contain unique values that are not shared by other switches. The following table shows sample values for the RSVDC-ACCESS1-1 switch.

Variable NameSample ValuesNotes
ansible_host172.16.117.103Value used by the AOS-CX Ansible playbook to connect to this specific switch host.
vsx_roleprimaryValue used to assign VSX role. The template file uses this variable in a conditional statement to generate proper VSX keepalive IP configuration.

Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.