Ansible is often described as an agentless automation framework. However, it relies on Python, which must be installed along with certain modules on the hosts where playbooks are executed. In this sense, Python acts as the necessary “agent” on the remote system.

Originally designed to automate Linux hosts, Ansible has expanded to support various systems, including Windows, networking devices, and security appliances.

In this series, we’ll focus on using Ansible for automating network devices. For these purposes, Ansible truly functions in an agentless manner.

Declarative vs. Procedural

There are two main approaches to automation: declarative and procedural.

• Declarative Approach: You define the desired state of a system. The automation system figures out the steps to transition the current state to the desired state. Terraform  is a popular example of this approach.
• Procedural Approach: You specify the exact steps the automation system must take to achieve the desired state. This method is generally more intuitive as it follows the human thought process of breaking tasks into smaller sub-tasks. Troubleshooting is also simpler due to the absence of underlying “magic.” Ansible is a prime example of this approach.

Ansible is often considered a hybrid system because some modules allow for declaring a desired state, which Ansible then translates into multiple sub-tasks. For instance, the community.vmware.vmware_guest  module can create a virtual machine in a single task (declarative), but the VM depends on a pre-existing vSwitch (procedural).

There’s also a third concept to consider: immutability. An immutable approach involves defining instances that cannot be modified. Any change requires redefining the instance from scratch. This approach is common in container management and can be applied to network automation through golden configurations.

Continue reading the post on Patreon .