Ansible cisco.intersight Collection: 100+ Modules for Day-2 Network Operations
By Luca Berton · Published 2024-01-01 · Category: troubleshooting
How the cisco.intersight collection brings 100+ modules to AAP 2.7 for Day-2 network ops, firmware upgrades, and port configuration automation.
Why cisco.intersight Matters for Network Teams
At Red Hat Tech Day Netherlands 2026 in Bunnik (3 June 2026), the Ansible team unveiled 12 new content collections for Ansible Automation Platform (AAP) 2.7, organized around four themes: Efficiency, Resilience, Governance, and Scale. Among them, the cisco.intersight collection stands out for network and infrastructure teams running Cisco's Intersight-managed compute and fabric estate. It ships with 100+ modules purpose-built for Day-2 network operations, firmware lifecycle management, and port-level configuration — the kind of repetitive, error-prone work that infrastructure teams have historically handled through the Intersight UI or bespoke scripts.
Day-2 operations — the ongoing maintenance, drift correction, and lifecycle work that happens after initial deployment — are notoriously hard to standardize. Cisco Intersight already centralizes management of UCS servers, fabric interconnects, and HyperFlex nodes in the cloud or on-prem via Intersight Private Virtual Appliance. What was missing was a first-class, idempotent automation layer that plugs directly into Ansible playbooks and AAP job templates. That's exactly the gap cisco.intersight is designed to close.
See also: Build an AAP Self-Service Template: Backup Network Switch Configs to Git
What the Collection Covers
The cisco.intersight collection focuses on three operational pillars called out explicitly in the Red Hat Tech Day Netherlands 2026 announcement:
- Day-2 network operations — ongoing configuration management, policy enforcement, and state reconciliation for network-adjacent infrastructure under Intersight management.
- Firmware lifecycle — coordinating firmware upgrade workflows across servers, fabric interconnects, and adapters without manual staging in the Intersight console.
- Port configuration — managing port roles, breakout modes, and connectivity policies at scale across fabric interconnects.
How It Fits Into AAP 2.7
cisco.intersight is one of 12 collections announced for AAP 2.7, alongside cloud collections (google.cloud, azure.azcollection), a secrets management collection (hashicorp.vault), platform tooling (ansible.platform), observability integrations (splunk.enterprise, splunk.es, splunk.itsi), Microsoft endpoint and monitoring collections (microsoft.mecm, microsoft.scom), and validated content roles (infra.mecm_ops, infra.windows_ops).
| Collection | Primary Focus | Relevance to Network Teams |
|---|---|---|
| cisco.intersight | Day-2 network ops, firmware, port config | Direct — core network/compute fabric automation |
| hashicorp.vault | Secrets, OIDC, PKI, EDA integration | Indirect — securing Intersight API credentials |
| microsoft.scom | Infra monitoring + EDA alert routing | Complementary — event-driven remediation triggers |
| infra.windows_ops | Security baseline enforcement | Complementary — cross-domain governance parity |
| ansible.platform | Configuration-as-code, RBAC | Foundational — governs how intersight jobs are managed |
See also: Build an AAP Self-Service Template: Branch Network Health Check
Example: Automating Port Configuration and Firmware Checks
Because cisco.intersight was announced as part of the AAP 2.7 wave rather than shipped with granular module-by-module documentation at announcement time, the example below illustrates the shape of a Day-2 playbook you can expect once the collection lands in your execution environment. Module and variable names here follow Cisco's existing Intersight API naming conventions and Ansible's established patterns for the intersight_rest_api-style modules.
---
- name: Day-2 network operations against Cisco Intersight
hosts: localhost
gather_facts: false
collections:
- cisco.intersight
vars:
intersight_api_key_id: "{{ vault_intersight_api_key_id }}"
intersight_api_private_key: "{{ vault_intersight_private_key }}"
tasks:
- name: Ensure fabric interconnect port is configured as a server port
cisco.intersight.port_policy:
api_key_id: "{{ intersight_api_key_id }}"
api_private_key: "{{ intersight_api_private_key }}"
organization: Production
name: FI-A-Port-Policy
port_roles:
- slot_id: 1
port_id: 17
role: Server
state: present
- name: Check current firmware version on fabric interconnect
cisco.intersight.firmware_info:
api_key_id: "{{ intersight_api_key_id }}"
api_private_key: "{{ intersight_api_private_key }}"
device_type: FabricInterconnect
device_name: FI-A
register: fw_status
- name: Schedule firmware upgrade if out of compliance
cisco.intersight.firmware_upgrade:
api_key_id: "{{ intersight_api_key_id }}"
api_private_key: "{{ intersight_api_private_key }}"
device_name: FI-A
target_version: "4.3(4a)"
maintenance_window: "Sat-02:00-06:00"
when: fw_status.current_version != "4.3(4a)"
- name: Enforce network control policy drift remediation
cisco.intersight.network_control_policy:
api_key_id: "{{ intersight_api_key_id }}"
api_private_key: "{{ intersight_api_private_key }}"
name: LLDP-CDP-Baseline
cdp_enabled: true
lldp_enabled: true
state: presentThis pattern — inventory of policies as code, idempotent state: present reconciliation, and conditional firmware actions gated on _info module output — mirrors how Red Hat's other infrastructure collections (like infra.windows_ops for STIG/CIS drift remediation) approach Day-2 governance. Running it through an AAP 2.7 job template means you get scheduling, RBAC-scoped execution, and audit logging for free, courtesy of the ansible.platform improvements announced in the same wave.
Governance and Scale Implications
Red Hat framed all 12 collections around Efficiency, Resilience, Governance, and Scale. For cisco.intersight specifically:
- Efficiency — replacing manual port-by-port and firmware-by-firmware console clicks with declarative playbooks that run unattended.
- Resilience — codifying maintenance windows and pre-checks for firmware upgrades reduces the risk of unplanned fabric interconnect failovers.
- Governance — port policies and network control policies become version-controlled artifacts reviewable in source control, not tribal knowledge in someone's Intersight bookmarks.
- Scale — with 100+ modules, teams managing dozens or hundreds of UCS domains can template policies once and apply them fleet-wide through AAP job templates and workflows.
Key Takeaways
- The cisco.intersight collection, announced at Red Hat Tech Day Netherlands 2026 (Bunnik, 3 June 2026), ships 100+ modules targeting Day-2 network operations, firmware lifecycle, and port configuration.
- It is one of 12 new collections coming to AAP 2.7, alongside cloud, secrets management, observability, and Windows/endpoint collections.
- Pairing cisco.intersight with hashicorp.vault (for credential management) and ansible.platform (for RBAC and configuration-as-code) gives network teams a governed, auditable automation stack rather than a pile of standalone scripts.
- Typical use cases include enforcing port role policies, checking and scheduling firmware upgrades, and remediating network control policy drift — all expressible as idempotent Ansible tasks.
- Teams currently managing Cisco Intersight manually should plan execution environment and credential integration work now, so they're ready to adopt the collection as soon as it's generally available with AAP 2.7.
Category: troubleshooting