⚙️ Network Automation Backup and Version Control with Ansible + GitLab
Manual configuration backups are time-consuming and error-prone. In this guide, we’ll build a Network Configuration Backup System using Ansible for automation and GitLab for version control. This approach allows every change to be traceable, stored, and auditable — a core principle of modern DevOps in network operations.
📦 1. Overview
- Ansible — Execute automated CLI tasks across multiple network devices.
- GitLab — Store and version control configuration files with CI/CD pipelines.
- Devices — Cisco, Juniper, FortiGate, or any SSH-enabled host.
[Ansible Control Node]
│
├──→ SSH → [Router / Switch / Firewall]
│
└──→ Collect configs → Push to GitLab → Version Tracking
🧩 2. Environment Setup
# Install Ansible and Git
sudo apt update
sudo apt install -y ansible git
# Create working directory
mkdir ~/network-backup && cd ~/network-backup
# Initialize Git project
git init
git remote add origin git@gitlab.com:youruser/network-backup.git
Recommended Folder Structure
network-backup/
├── inventory.yaml
├── playbooks/
│ ├── backup_cisco.yaml
│ ├── backup_juniper.yaml
│ └── backup_linux.yaml
└── configs/
├── cisco/
├── juniper/
└── linux/
🔧 3. Define Your Inventory
# inventory.yaml
all:
children:
routers:
hosts:
R1:
ansible_host: 192.168.10.1
ansible_user: admin
ansible_password: yourpass
switches:
hosts:
SW1:
ansible_host: 192.168.20.1
ansible_user: admin
ansible_password: yourpass
🧠 4. Ansible Playbook for Cisco Devices
# playbooks/backup_cisco.yaml
- name: Backup Cisco configuration
hosts: routers
gather_facts: no
connection: network_cli
tasks:
- name: Retrieve running-config
ios_command:
commands: show running-config
register: config_output
- name: Save configuration to file
copy:
content: "{{ config_output.stdout[0] }}"
dest: "configs/cisco/{{ inventory_hostname }}_{{ ansible_date_time.date }}.cfg"
Run the playbook:
ansible-playbook -i inventory.yaml playbooks/backup_cisco.yaml📁 5. Commit and Push to GitLab
# Commit backups to GitLab
cd ~/network-backup
git add configs/
git commit -m "Auto backup $(date '+%Y-%m-%d %H:%M')"
git push origin main
Automate via Cron Job
crontab -e
0 2 * * * cd /home/admin/network-backup && ansible-playbook -i inventory.yaml playbooks/backup_cisco.yaml && git add . && git commit -m "Auto backup $(date '+\%F')" && git push origin main
🚀 6. GitLab CI/CD Integration (Optional)
# .gitlab-ci.yml
stages:
- backup
backup_job:
stage: backup
script:
- ansible-playbook -i inventory.yaml playbooks/backup_cisco.yaml
- git add .
- git commit -m "Auto backup from CI $(date)"
- git push origin main
🛡 7. Rollback and Configuration Diff
# View commits
git log --oneline
# Compare two backups
git diff HEAD~1 HEAD -- configs/cisco/R1_2025-10-31.cfg
This allows you to identify unauthorized or unintended configuration changes within minutes.
🧭 Checklist
✅ Build Ansible inventory and playbooks
✅ Automate config retrieval from devices
✅ Push backups to GitLab repository
✅ Schedule cron jobs or CI pipelines
✅ Use Git diff to track and rollback changes
📘 Conclusion
Integrating Ansible and GitLab transforms network operations into an Infrastructure-as-Code workflow. It minimizes human error, enables full audit trails, and simplifies rollback processes. Whether for enterprise networks or lab environments, this approach provides both efficiency and reliability.
🔗 Related Articles
- 💾 Linux rsync Backup Automation
- 🛣 Juniper Configuration Backup and Rollback Guide
- 🛡 Linux Security Hardening: Firewalld, SELinux, and Fail2Ban
— WWFandy · Network Automation Notes
沒有留言:
張貼留言