1. Ansible Inventory 文件 (inventory.yml)
这个 inventory.yml 文件定义了你的所有网络设备,并按厂商分类:
all:
children:
arista_eos:
hosts:
arista-switch1:
ansible_host: 192.168.10.1
ansible_network_os: arista.eos.eos
ansible_user: admin
ansible_password: password
cisco_aci:
hosts:
cisco-apic1:
ansible_host: 192.168.20.1
ansible_network_os: cisco.aci.aci
ansible_user: admin
ansible_password: password
cisco_asa:
hosts:
cisco-firewall1:
ansible_host: 192.168.30.1
ansible_network_os: cisco.asa.asa
ansible_user: admin
ansible_password: password
cisco_dnac:
hosts:
cisco-dnac1:
ansible_host: 192.168.40.1
ansible_network_os: cisco.dnac.dnac
ansible_user: admin
ansible_password: password
cisco_intersight:
hosts:
cisco-intersight1:
ansible_host: 192.168.50.1
ansible_network_os: cisco.intersight.intersight
ansible_user: admin
ansible_password: password
cisco_ios:
hosts:
cisco-router1:
ansible_host: 192.168.60.1
ansible_network_os: cisco.ios.ios
ansible_user: admin
ansible_password: password
cisco_iosxr:
hosts:
cisco-xr1:
ansible_host: 192.168.70.1
ansible_network_os: cisco.iosxr.iosxr
ansible_user: admin
ansible_password: password
cisco_ise:
hosts:
cisco-ise1:
ansible_host: 192.168.80.1
ansible_network_os: cisco.ise.ise
ansible_user: admin
ansible_password: password
cisco_meraki:
hosts:
cisco-meraki1:
ansible_host: 192.168.90.1
ansible_network_os: cisco.meraki.meraki
ansible_user: admin
ansible_password: password
cisco_mso:
hosts:
cisco-mso1:
ansible_host: 192.168.100.1
ansible_network_os: cisco.mso.mso
ansible_user: admin
ansible_password: password
cisco_nxos:
hosts:
cisco-nexus1:
ansible_host: 192.168.110.1
ansible_network_os: cisco.nxos.nxos
ansible_user: admin
ansible_password: password
cisco_ucs:
hosts:
cisco-ucs1:
ansible_host: 192.168.120.1
ansible_network_os: cisco.ucs.ucs
ansible_user: admin
ansible_password: password
community_network:
hosts:
generic-network1:
ansible_host: 192.168.130.1
ansible_network_os: community.network.generic
ansible_user: admin
ansible_password: password
f5_networks:
hosts:
f5-lb1:
ansible_host: 192.168.140.1
ansible_network_os: f5networks.f5_modules.bigip
ansible_user: admin
ansible_password: password
fortinet_fortimanager:
hosts:
fortimanager1:
ansible_host: 192.168.150.1
ansible_network_os: fortinet.fortimanager.fortimanager
ansible_user: admin
ansible_password: password
fortinet_fortios:
hosts:
fortigate1:
ansible_host: 192.168.160.1
ansible_network_os: fortinet.fortios.fortios
ansible_user: admin
ansible_password: password
vyos:
hosts:
vyos-router1:
ansible_host: 192.168.170.1
ansible_network_os: vyos.vyos.vyos
ansible_user: admin
ansible_password: password
mikrotik:
hosts:
mikrotik1:
ansible_host: 192.168.180.1
ansible_network_os: community.routeros.routeros
ansible_user: admin
ansible_password: password
2. Ansible Playbook (backup-config.yml)
—
– name: Backup Network Devices Configuration
hosts: all
gather_facts: no
tasks:
# ========================= Arista EOS =========================
– name: Backup Arista EOS
arista.eos.eos_config:
backup: yes
when: ansible_network_os == “arista.eos.eos”
register: eos_backup
# ========================= Cisco ACI =========================
– name: Backup Cisco ACI
cisco.aci.aci_config_snapshot:
state: present
validate_certs: no
output_path: “/backup/network/{{ inventory_hostname }}_backup.json”
when: ansible_network_os == “cisco.aci.aci”
# ========================= Cisco ASA =========================
– name: Backup Cisco ASA
cisco.asa.asa_config:
backup: yes
when: ansible_network_os == “cisco.asa.asa”
register: asa_backup
# ========================= Cisco DNA Center =========================
– name: Backup Cisco DNAC
cisco.dnac.configuration_archive:
state: present
when: ansible_network_os == “cisco.dnac.dnac”
# ========================= Cisco Intersight =========================
– name: Backup Cisco Intersight
cisco.intersight.intersight_backup:
state: present
when: ansible_network_os == “cisco.intersight.intersight”
# ========================= Cisco IOS =========================
– name: Backup Cisco IOS
cisco.ios.ios_config:
backup: yes
when: ansible_network_os == “cisco.ios.ios”
register: ios_backup
# ========================= Cisco IOS-XR =========================
– name: Backup Cisco IOS-XR
cisco.iosxr.iosxr_config:
backup: yes
when: ansible_network_os == “cisco.iosxr.iosxr”
register: iosxr_backup
# ========================= Cisco ISE =========================
– name: Backup Cisco ISE
cisco.ise.ise_backup:
state: present
when: ansible_network_os == “cisco.ise.ise”
# ========================= Cisco Meraki =========================
– name: Backup Cisco Meraki
cisco.meraki.meraki_config_backup:
state: present
when: ansible_network_os == “cisco.meraki.meraki”
# ========================= Cisco MSO =========================
– name: Backup Cisco MSO
cisco.mso.mso_backup:
state: present
when: ansible_network_os == “cisco.mso.mso”
# ========================= Cisco NX-OS =========================
– name: Backup Cisco NX-OS
cisco.nxos.nxos_config:
backup: yes
when: ansible_network_os == “cisco.nxos.nxos”
register: nxos_backup
# ========================= Cisco UCS =========================
– name: Backup Cisco UCS
cisco.ucs.ucs_backup:
state: present
when: ansible_network_os == “cisco.ucs.ucs”
# ========================= Community Network =========================
– name: Backup Community Network Devices
community.network.generic_command:
command: “show running-config”
when: ansible_network_os == “community.network.generic”
register: generic_backup
# ========================= F5 Networks =========================
– name: Backup F5 Load Balancer
f5networks.f5_modules.bigip_config:
backup: yes
when: ansible_network_os == “f5networks.f5_modules.bigip”
register: f5_backup
# ========================= Fortinet FortiManager =========================
– name: Backup Fortinet FortiManager
fortinet.fortimanager.fmgr_config_backup:
state: present
when: ansible_network_os == “fortinet.fortimanager.fortimanager”
# ========================= Fortinet FortiOS =========================
– name: Backup Fortinet FortiOS
fortinet.fortios.fortios_config:
backup: yes
when: ansible_network_os == “fortinet.fortios.fortios”
register: fortios_backup
# ========================= VyOS =========================
– name: Backup VyOS Router
vyos.vyos.vyos_config:
backup: yes
when: ansible_network_os == “vyos.vyos.vyos”
register: vyos_backup
# ========================= MikroTik RouterOS =========================
– name: Backup MikroTik RouterOS
community.routeros.routeros_command:
commands: “/export”
when: ansible_network_os == “community.routeros.routeros”
register: mikrotik_backup
# ========================= 统一存储备份文件 =========================
– name: Save Backups Locally
copy:
content: “{{
ios_backup.backup_path |
default(nxos_backup.backup_path) |
default(eos_backup.backup_path) |
default(asa_backup.backup_path) |
default(iosxr_backup.backup_path) |
default(fortios_backup.backup_path) |
default(mikrotik_backup.stdout[0]) |
default(generic_backup.stdout[0]) |
default(vyos_backup.backup_path) |
default(f5_backup.backup_path) |
default(”)
}}”
dest: “/backup/network/{{ inventory_hostname }}_backup_{{ ansible_date_time.iso8601 }}.txt”
3. 执行备份
运行:
ansible-playbook -i inventory.yml backup-config.yml
4. 技术文档
4.1 目标
本方案使用 Ansible 备份多个厂商的网络设备配置,涵盖 Cisco、Arista、Fortinet、VyOS、MikroTik 等设备。
4.2 目录结构
/etc/ansible/network-backup/ ├── inventory.yml # 设备清单 ├── backup-config.yml # 备份 Playbook ├── /backup/network/ # 存储备份文件
4.3 定时备份
使用 cron 任务:
crontab -e
添加:
0 3 * * * ansible-playbook -i /etc/ansible/network-backup/inventory.yml /etc/ansible/network-backup/backup-config.yml
每天凌晨 3:00 备份所有设备。
使用 systemd 计划任务
创建 ansible-network-backup.service:
添加以下内容:
[Unit]
Description=Ansible Network Backup Service
After=network.target
[Service]
ExecStart=/usr/bin/ansible-playbook -i /home/ansible/network-backup/inventory.yml /home/ansible/network-backup/backup-config.yml
User=ansible
[Install]
WantedBy=multi-user.target
sudo systemctl start ansible-network-backup