AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Cisco NX-OS 10.4 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: security-compliance

Automate Cisco NX-OS 10.4 (Nexus 9000) with Ansible: cisco.nxos collection, NX-API, VXLAN/EVPN, vPC, OSPF/BGP, and configuration drift.

Cisco NX-OS 10.4 runs on Nexus 9000 data-center switches. Ansible's cisco.nxos collection (≥ 6.0) drives day-0 provisioning, VXLAN/EVPN fabrics, vPC, BGP/OSPF, telemetry, and drift detection over NX-API CLI or NETCONF. This is the master Ansible guide for NX-OS 10.4.

NX-OS 10.4 release facts

| Item | Value | |---|---| | Release | 2024 (10.4.x train) | | Platforms | Nexus 9300/9500 (Cloud Scale ASIC, Silicon One) | | Programmability | NX-API CLI, NETCONF, gNMI, YANG, MTX | | Default fabric | VXLAN/EVPN |

See also: Ansible on Cisco IOS XE 17.15 Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS with cisco.nxos >= 6.0 and ansible.netcommon >= 6.1.

Inventory

[nxos]
leaf01 ansible_host=10.1.1.1
leaf02 ansible_host=10.1.1.2
spine01 ansible_host=10.1.1.10

[nxos:vars]
ansible_network_os=cisco.nxos.nxos
ansible_connection=ansible.netcommon.httpapi
ansible_httpapi_use_ssl=true
ansible_httpapi_validate_certs=false
ansible_user=admin
ansible_password='{{ vault_nxos_password }}'

See also: Ansible on Arista EOS 4.33 Automation Complete Guide

Backup running-config

- name: Backup NX-OS configs
  hosts: nxos
  gather_facts: false
  tasks:
    - name: Save running-config
      cisco.nxos.nxos_config:
        backup: true
        backup_options:
          dir_path: ./backups
          filename: "{{ inventory_hostname }}-{{ ansible_date_time.iso8601_basic_short }}.cfg"

VXLAN/EVPN leaf

- name: Configure VXLAN/EVPN leaf
  hosts: leaf01
  gather_facts: false
  tasks:
    - name: Enable features
      cisco.nxos.nxos_feature:
        feature: "{{ item }}"
        state: enabled
      loop:
        - bgp
        - vn-segment-vlan-based
        - nv overlay
        - interface-vlan
        - lacp
        - vpc

- name: Configure NVE1
      cisco.nxos.nxos_config:
        lines:
          - interface nve1
          - source-interface loopback1
          - host-reachability protocol bgp
          - member vni 10010 associate-vrf
          - mcast-group 239.1.1.1


- name: BGP EVPN
      cisco.nxos.nxos_bgp_global:
        config:
          as_number: 65001
          router_id: 10.0.0.1
          neighbors:
            - neighbor_address: 10.0.0.10
              remote_as: 65000
              update_source: loopback0
        state: merged

See also: Ansible on SONiC Automation Complete Guide

vPC peering

- name: vPC config
  hosts: leaf01
  gather_facts: false
  tasks:
    - name: vPC domain
      cisco.nxos.nxos_config:
        lines:
          - vpc domain 10
          - peer-keepalive destination 10.0.0.2 source 10.0.0.1
          - peer-switch
          - peer-gateway
          - ip arp synchronize

OSPF underlay

- name: OSPFv2 underlay
  hosts: nxos
  gather_facts: false
  tasks:
    - name: Configure OSPFv2
      cisco.nxos.nxos_ospfv2:
        config:
          processes:
            - process_id: 1
              router_id: "{{ rid }}"
              areas:
                - area_id: '0.0.0.0'
        state: merged

Drift detection against templates

- name: NXOS drift check
  hosts: nxos
  gather_facts: false
  tasks:
    - name: Compare to intended
      cisco.nxos.nxos_config:
        src: "templates/{{ inventory_hostname }}.j2"
        diff_against: intended
      register: drift

Best practices

• Prefer *cisco.nxos.nxos_ resource modules over nxos_config for declarative VXLAN/EVPN. • Use httpapi (NX-API) transport for fast batch runs; keep network_cli as fallback. • Use gather_facts: false** + cisco.nxos.nxos_facts for selective fact gathering. • Run drift checks via AAP daily and feed results into your config-management dashboard.

Conclusion

NX-OS 10.4 with cisco.nxos 6.x and ansible-core 2.18 makes data-center fabric automation deterministic. VXLAN/EVPN, vPC, BGP, and OSPF all have first-class resource modules — embrace them over CLI scraping.

Category: security-compliance

Browse all Ansible tutorials · AnsiblePilot Home