AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on SONiC Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate SONiC (Software for Open Networking in the Cloud) switches with Ansible: sonic.sonic collection, ConfigDB, BGP/EVPN, image upgrades, drift checks.

SONiC (Software for Open Networking in the Cloud) is the open-source NOS originated by Microsoft and now governed by the Linux Foundation. It runs on white-box switches from Edgecore, Celestica, Mellanox/NVIDIA, Dell, and others. SONiC's configuration lives in ConfigDB (Redis), which Ansible drives via the sonic.sonic and dellemc.enterprise_sonic collections plus sonic-cli/REST. This is the master Ansible guide for SONiC.

SONiC release facts

| Item | Value | |---|---| | Releases | 202311, 202405, 202411 (community) | | Vendor builds | Dell Enterprise SONiC, NVIDIA SONiC, Edgecore SONiC | | Programmability | sonic-cli, REST/gNMI, ConfigDB | | Underlying OS | Debian-based |

See also: Ansible Network Automation: Configure Cisco, Arista, and Juniper at Scale

Ansible-core compatibility

Use ansible-core 2.18 LTS with dellemc.enterprise_sonic >= 2.5 (Dell variant) or sonic.sonic upstream collection.

Inventory

[sonic]
sonic-leaf01 ansible_host=10.30.0.1
sonic-leaf02 ansible_host=10.30.0.2

[sonic:vars]
ansible_network_os=dellemc.enterprise_sonic.sonic
ansible_connection=ansible.netcommon.httpapi
ansible_httpapi_use_ssl=true
ansible_httpapi_validate_certs=false
ansible_user=admin
ansible_password='{{ vault_sonic_password }}'

See also: Ansible on Arista EOS 4.33 Automation Complete Guide

Configuration backup

- name: Backup SONiC ConfigDB
  hosts: sonic
  gather_facts: false
  tasks:
    - name: Save running-config
      ansible.netcommon.cli_command:
        command: "show runningconfiguration all"
      register: rc

- name: Persist backup locally
      ansible.builtin.copy:
        content: "{{ rc.stdout }}"
        dest: "./backups/{{ inventory_hostname }}-{{ ansible_date_time.iso8601_basic_short }}.json"
      delegate_to: localhost

BGP configuration

- name: Configure BGP on SONiC leaf
  hosts: sonic
  gather_facts: false
  tasks:
    - name: BGP global + neighbors
      dellemc.enterprise_sonic.sonic_bgp:
        config:
          - bgp_as: 65001
            router_id: "{{ rid }}"
            log_neighbor_changes: true
            timers:
              holdtime: 30
              keepalive_interval: 10
        state: merged

- name: Neighbors
      dellemc.enterprise_sonic.sonic_bgp_neighbors:
        config:
          - bgp_as: 65001
            neighbors:
              - neighbor: 10.0.0.10
                remote_as:
                  peer_as: 65000
        state: merged

See also: Ansible on Cisco NX-OS 10.4 Automation Complete Guide

EVPN-VXLAN

- name: EVPN-VXLAN on SONiC
  hosts: sonic
  gather_facts: false
  tasks:
    - name: VXLAN tunnel
      dellemc.enterprise_sonic.sonic_vxlans:
        config:
          - name: vtep1
            source_ip: 10.0.1.1
            evpn_nvo: nvo1
            vlan_map:
              - vni: 10010
                vlan: 10
        state: merged

Image upgrade orchestration

- name: Upgrade SONiC image
  hosts: sonic
  gather_facts: false
  tasks:
    - name: Install new image
      ansible.netcommon.cli_command:
        command: "sudo sonic-installer install --yes /tmp/sonic-broadcom-202411.bin"
      register: install
      changed_when: "'Installed' in install.stdout"

- name: Set next-boot
      ansible.netcommon.cli_command:
        command: "sudo sonic-installer set-next-boot 202411"


- name: Reboot
      ansible.builtin.reboot:
        reboot_timeout: 600

Drift detection

- name: Drift on SONiC
  hosts: sonic
  gather_facts: false
  tasks:
    - name: Pull running config
      ansible.netcommon.cli_command:
        command: show runningconfiguration all
      register: rc

- name: Compare to intended
      ansible.builtin.assert:
        that: rc.stdout == lookup('ansible.builtin.file', 'intended/' ~ inventory_hostname ~ '.json')

Best practices

• Use the vendor-specific collection (Dell, NVIDIA, Edgecore) when available — feature coverage is better than upstream sonic.sonic. • Pre-stage SONiC images on an internal HTTP cache; do not pull from the public bin server in production. • Validate ConfigDB JSON locally with jsonschema before push. • Pair SONiC with Telegraf/Prometheus for telemetry; Ansible handles config, telemetry handles state.

Conclusion

SONiC + Ansible democratizes data-center switch automation across hardware vendors. The dellemc.enterprise_sonic and sonic.sonic collections provide declarative resource modules, while sonic-installer flows can be orchestrated for in-place image upgrades.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home