AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible cisco.intersight Collection: 100+ Modules for Day-2 Network Operations

By Luca Berton · Published 2024-01-01 · Category: troubleshooting

How the cisco.intersight collection brings 100+ modules to AAP 2.7 for Day-2 network ops, firmware upgrades, and port configuration automation.

Why cisco.intersight Matters for Network Teams

At Red Hat Tech Day Netherlands 2026 in Bunnik (3 June 2026), the Ansible team unveiled 12 new content collections for Ansible Automation Platform (AAP) 2.7, organized around four themes: Efficiency, Resilience, Governance, and Scale. Among them, the cisco.intersight collection stands out for network and infrastructure teams running Cisco's Intersight-managed compute and fabric estate. It ships with 100+ modules purpose-built for Day-2 network operations, firmware lifecycle management, and port-level configuration — the kind of repetitive, error-prone work that infrastructure teams have historically handled through the Intersight UI or bespoke scripts.

Day-2 operations — the ongoing maintenance, drift correction, and lifecycle work that happens after initial deployment — are notoriously hard to standardize. Cisco Intersight already centralizes management of UCS servers, fabric interconnects, and HyperFlex nodes in the cloud or on-prem via Intersight Private Virtual Appliance. What was missing was a first-class, idempotent automation layer that plugs directly into Ansible playbooks and AAP job templates. That's exactly the gap cisco.intersight is designed to close.

See also: Build an AAP Self-Service Template: Backup Network Switch Configs to Git

What the Collection Covers

The cisco.intersight collection focuses on three operational pillars called out explicitly in the Red Hat Tech Day Netherlands 2026 announcement:

  • Day-2 network operations — ongoing configuration management, policy enforcement, and state reconciliation for network-adjacent infrastructure under Intersight management.
  • Firmware lifecycle — coordinating firmware upgrade workflows across servers, fabric interconnects, and adapters without manual staging in the Intersight console.
  • Port configuration — managing port roles, breakout modes, and connectivity policies at scale across fabric interconnects.
With 100+ modules, the collection is large enough to cover granular resource types individually (rather than forcing everything through a handful of catch-all modules), which is consistent with how Red Hat has structured other mature network collections such as cisco.ios or cisco.nxos.

How It Fits Into AAP 2.7

cisco.intersight is one of 12 collections announced for AAP 2.7, alongside cloud collections (google.cloud, azure.azcollection), a secrets management collection (hashicorp.vault), platform tooling (ansible.platform), observability integrations (splunk.enterprise, splunk.es, splunk.itsi), Microsoft endpoint and monitoring collections (microsoft.mecm, microsoft.scom), and validated content roles (infra.mecm_ops, infra.windows_ops).

CollectionPrimary FocusRelevance to Network Teams
cisco.intersightDay-2 network ops, firmware, port configDirect — core network/compute fabric automation
hashicorp.vaultSecrets, OIDC, PKI, EDA integrationIndirect — securing Intersight API credentials
microsoft.scomInfra monitoring + EDA alert routingComplementary — event-driven remediation triggers
infra.windows_opsSecurity baseline enforcementComplementary — cross-domain governance parity
ansible.platformConfiguration-as-code, RBACFoundational — governs how intersight jobs are managed
The pairing with hashicorp.vault is particularly relevant: Intersight API keys and secret keys are prime candidates for dynamic credential injection rather than static storage in AAP credential objects, and Vault's Event-Driven Ansible (EDA) integration opens the door to automated credential rotation for Intersight service accounts.

See also: Build an AAP Self-Service Template: Branch Network Health Check

Example: Automating Port Configuration and Firmware Checks

Because cisco.intersight was announced as part of the AAP 2.7 wave rather than shipped with granular module-by-module documentation at announcement time, the example below illustrates the shape of a Day-2 playbook you can expect once the collection lands in your execution environment. Module and variable names here follow Cisco's existing Intersight API naming conventions and Ansible's established patterns for the intersight_rest_api-style modules.

---
- name: Day-2 network operations against Cisco Intersight
  hosts: localhost
  gather_facts: false
  collections:
    - cisco.intersight

  vars:
    intersight_api_key_id: "{{ vault_intersight_api_key_id }}"
    intersight_api_private_key: "{{ vault_intersight_private_key }}"

  tasks:
    - name: Ensure fabric interconnect port is configured as a server port
      cisco.intersight.port_policy:
        api_key_id: "{{ intersight_api_key_id }}"
        api_private_key: "{{ intersight_api_private_key }}"
        organization: Production
        name: FI-A-Port-Policy
        port_roles:
          - slot_id: 1
            port_id: 17
            role: Server
            state: present

    - name: Check current firmware version on fabric interconnect
      cisco.intersight.firmware_info:
        api_key_id: "{{ intersight_api_key_id }}"
        api_private_key: "{{ intersight_api_private_key }}"
        device_type: FabricInterconnect
        device_name: FI-A
      register: fw_status

    - name: Schedule firmware upgrade if out of compliance
      cisco.intersight.firmware_upgrade:
        api_key_id: "{{ intersight_api_key_id }}"
        api_private_key: "{{ intersight_api_private_key }}"
        device_name: FI-A
        target_version: "4.3(4a)"
        maintenance_window: "Sat-02:00-06:00"
      when: fw_status.current_version != "4.3(4a)"

    - name: Enforce network control policy drift remediation
      cisco.intersight.network_control_policy:
        api_key_id: "{{ intersight_api_key_id }}"
        api_private_key: "{{ intersight_api_private_key }}"
        name: LLDP-CDP-Baseline
        cdp_enabled: true
        lldp_enabled: true
        state: present

This pattern — inventory of policies as code, idempotent state: present reconciliation, and conditional firmware actions gated on _info module output — mirrors how Red Hat's other infrastructure collections (like infra.windows_ops for STIG/CIS drift remediation) approach Day-2 governance. Running it through an AAP 2.7 job template means you get scheduling, RBAC-scoped execution, and audit logging for free, courtesy of the ansible.platform improvements announced in the same wave.

Governance and Scale Implications

Red Hat framed all 12 collections around Efficiency, Resilience, Governance, and Scale. For cisco.intersight specifically:

  • Efficiency — replacing manual port-by-port and firmware-by-firmware console clicks with declarative playbooks that run unattended.
  • Resilience — codifying maintenance windows and pre-checks for firmware upgrades reduces the risk of unplanned fabric interconnect failovers.
  • Governance — port policies and network control policies become version-controlled artifacts reviewable in source control, not tribal knowledge in someone's Intersight bookmarks.
  • Scale — with 100+ modules, teams managing dozens or hundreds of UCS domains can template policies once and apply them fleet-wide through AAP job templates and workflows.

Key Takeaways

  • The cisco.intersight collection, announced at Red Hat Tech Day Netherlands 2026 (Bunnik, 3 June 2026), ships 100+ modules targeting Day-2 network operations, firmware lifecycle, and port configuration.
  • It is one of 12 new collections coming to AAP 2.7, alongside cloud, secrets management, observability, and Windows/endpoint collections.
  • Pairing cisco.intersight with hashicorp.vault (for credential management) and ansible.platform (for RBAC and configuration-as-code) gives network teams a governed, auditable automation stack rather than a pile of standalone scripts.
  • Typical use cases include enforcing port role policies, checking and scheduling firmware upgrades, and remediating network control policy drift — all expressible as idempotent Ansible tasks.
  • Teams currently managing Cisco Intersight manually should plan execution environment and credential integration work now, so they're ready to adopt the collection as soon as it's generally available with AAP 2.7.

Category: troubleshooting

Browse all Ansible tutorials · AnsiblePilot Home