The typical way you would perform Network Configuration Backup is by using NCM software such as Solarwinds NCM, Rancid, Oxidized etc. However, you can also utilise Ansible and Git to perform the backups. I know it sounds silly, why would anyone do it? But believe me, it requires very little time and effort to deploy and manage.
In this blog post, I will show you how to perform scheduled configuration backups using Ansible and Git. Ansible will backup the config and Git will perform version control.
I highly recommend you to check out my previous Ansible introduction posts below:
Setting up the environment
I have a very basic set-up with:
1 x ASA
1 x IOS Router
1 x Ansible Control Machine
and GitLab hosted locally.
Ansible copies the running configuration from each device daily and saves it into a directory /home/ubuntu/cisco-backups in the same machine.
Please note that If there are no changes to the running-config then Ansible will not replace the existing file.
Ansible also runs Git commands into that directory so, the changes are committed and pushed to the GitLab repository every day.
Git is a distributed version control system for tracking changes in any set of files. I'm going to use GitLab to manage the repositories in this example. You can also use GitHub or BitBucket.
Please note that in a production environment you shouldn't save the credentials in plain text. Please check out my previous Ansible articles to find out how to use Ansible Vault to encrypt sensitive information.
Few things to consider
command: date - Ansible prints out the current date and time and pass it as the Git commit message. So, we can easily find out when a config change was made.
delegate_to: localhost - We are telling Ansible to run the commands on the localhost
chdir: - Change the directory
Run the playbook
Let's verify the config files
As you can see below Ansible copies the running config files into the Git Directory.
ubuntu@ubuntu:~$ ls -l cisco-backups/
-rw-rw-r-- 1 ubuntu ubuntu 17 Dec 7 15:34 README.md
-rw-rw-r-- 1 ubuntu ubuntu 7715 Dec 7 15:39 show_run_asa.txt
-rw-rw-r-- 1 ubuntu ubuntu 5138 Dec 7 15:39 show_run_router-1.txt
Check the GitLab repository
As you can see below the files are also pushed to GitLab.
Let's make a small config change on both ASA and IOS router and see what happens.
Let's run the Playbook again
As you can see below Git is showing what has been changed since the last commit.
Removing unwanted lines
As you can see above, Git is registering cryptochecksum:as a change. You can actually remove that line from the configuration file by using Ansible lineinfile module. Please make sure to add this task above the GIT SECTION.