Ansible on Arista EOS 4.33 Automation Complete Guide
By Luca Berton · Published 2024-01-01 · Category: security-compliance
Automate Arista EOS 4.33 with Ansible: arista.eos collection, eAPI, AVD/CVP, EVPN-VXLAN, MLAG, OSPF/BGP, configuration drift.
Arista EOS 4.33 is a current 4.33.x train running on 7050X/7280R/7500R/7800R series switches. Ansible's arista.eos collection plus the Arista Validated Designs (AVD) roles drive day-0 EVPN-VXLAN fabrics, MLAG, OSPF/BGP, and CloudVision (CVP) integration. This is the master Ansible guide for EOS 4.33.
Arista EOS 4.33 release facts
| Item | Value | |---|---| | Train | 4.33.x | | Programmability | eAPI (REST/JSON-RPC), gNMI, OpenConfig YANG | | Validated automation | Arista Validated Designs (AVD) | | Telemetry | TerminAttr/CVP |
See also: Ansible on Cisco NX-OS 10.4 Automation Complete Guide
Ansible-core compatibility
Use ansible-core 2.18 LTS with arista.eos >= 9.0 and AVD ≥ 5.0 roles via arista.avd.
Inventory
[eos]
spine01 ansible_host=10.20.0.1
spine02 ansible_host=10.20.0.2
leaf01 ansible_host=10.20.0.10
leaf02 ansible_host=10.20.0.11
[eos:vars]
ansible_network_os=arista.eos.eos
ansible_connection=ansible.netcommon.httpapi
ansible_httpapi_use_ssl=true
ansible_httpapi_validate_certs=false
ansible_user=admin
ansible_password='{{ vault_eos_password }}'
See also: Ansible on SONiC Automation Complete Guide
Backup running-config
- name: Backup EOS configs
hosts: eos
gather_facts: false
tasks:
- name: Save running-config
arista.eos.eos_config:
backup: true
backup_options:
dir_path: ./backupsOSPF underlay
- name: OSPFv2 underlay
hosts: eos
gather_facts: false
tasks:
- name: OSPF
arista.eos.eos_ospfv2:
config:
processes:
- process_id: 1
router_id: "{{ rid }}"
areas:
- area_id: '0.0.0.0'
state: mergedSee also: Ansible AWS: Complete Guide to Cloud Automation (2026)
MLAG
- name: MLAG between leaf01/leaf02
hosts: leaf01:leaf02
gather_facts: false
tasks:
- name: MLAG config
arista.eos.eos_config:
lines:
- mlag configuration
- domain-id mlag1
- local-interface Vlan4094
- peer-address 10.0.0.{{ peer_id }}
- peer-link Port-Channel999EVPN-VXLAN with AVD
group_vars/EVPN_FABRIC.yml:
fabric_name: dc1
underlay_routing_protocol: ebgp
overlay_routing_protocol: ebgp
local_users:
- name: admin
privilege: 15
role: network-admin
sha512_password: "{{ vault_admin_sha512 }}"Playbook:
- name: Build EVPN fabric with AVD
hosts: EVPN_FABRIC
gather_facts: false
tasks:
- import_role: { name: arista.avd.eos_designs }
- import_role: { name: arista.avd.eos_cli_config_gen }
- import_role: { name: arista.avd.eos_config_deploy_eapi }CloudVision (CVP) integration
- name: Push configs through CVP
hosts: localhost
tasks:
- name: Apply configlets via CVP
arista.cvp.cv_configlet_v3:
configlets:
spine01: "{{ lookup('ansible.builtin.file', 'intended/spine01.cfg') }}"
state: presentDrift detection
- name: Drift check on EOS
hosts: eos
gather_facts: false
tasks:
- name: Compare to intended
arista.eos.eos_config:
src: "intended/{{ inventory_hostname }}.cfg"
diff_against: intended
register: driftBest practices
• Adopt AVD over hand-written templates — it encodes Arista's reference designs and validates inputs. • Use eAPI (httpapi) transport for performance; SSH is fallback. • Push through CVP for change management and audit when available. • Combine drift detection with TerminAttr telemetry to alert on out-of-band changes.Conclusion
EOS 4.33 with arista.eos and the AVD framework gives the most opinionated, deterministic networking automation experience available today. Ansible orchestrates AVD inputs and CVP delivery for production-grade fabric rollouts.
Category: security-compliance