As a fellow Scottish network engineer (Fae Glesga) it's good to hear you doing CBT nuggets and teaching others the massive benefits of network automation. Your vids on your channel have been so helpful, so thank you!
One theme that I often see in beginner-level network automation tutorials using Ansible is that the configuration scenarios are very simplistic: let's create some VLANs! let's configure static routing! let's enable OSPF! For these simple cases Ansible works just fine. The thing is, when facing real-world network automation scenarios you'll often have to adapt your automation to existing requirements, and this will involve a lot of nested if statement logic. In Ansible, anyone that has tried to implement multiple conditionals knows it is a chore. Data processing is a chore in ansible, as you need to explicitly register variables via a task and you can't just iterate over data structures like lists and dictionaries as easily as you'd want. Model-driven programmability can become a nightmare in Ansible. The more complex your automation becomes and the more requirements you put into the mix, the more control you need of what actually happens on the network. Ansible is simply not made to accomodate that amount of control. Even if you make your own Ansible modules with some custom Python code, you're just hacking around a tool that was never meant to do network automation in the first place; Ansible was built for system admins. Nornir, on the other hand, was built for network automation engineers.
Ansible is a tool that is written in Python and easily extensible by writing custom Ansible plugins which are basically Python files. Writing reusable custom Ansible plugins can avoid complex playbooks and abstract the code implementation from users.
Hey Ganesh, I agree. You can certainly write your own Ansible modules and this is certainly fine to do here and there, if you have the Python skills to do so. However, if you're having to resort to writing Python code to get around the barriers you're running into using Ansible, then in my opinion, you're probably going to be better served just using Nornir and enjoying the full flexibility and performance that it offers :)
IPvZero The point I wanted to make is you can learn python by using Ansible as well. I would say writing Ansible plugins is a smart way to solve problems by taming the tool :). While Ansible ecosystem can be tuned to achieve greater performance the main strength lies in ease of usability and maintainability as after automation is done most likely a person won't be sitting in front of system watching daily automation task run. I have used ssh based libraries in past for writing custom automation scripts but in my experience in the long run the maintenance overhead results in diminishing returns. Having said all of the above the best approach would be to understand the capabilities of available tools and pick the one that best fits a given environment :)
@@ganesh634 I definitely agree. Ultimately my position is both are very useful tools, and neither makes the other obsolete. As you say, pick the tool that's best for your environment! :)
@@IPvZero Hi, Does Nornir have vault feature like Ansible to encrypt variables such as usernames/password/etc? If not, can it be integrated with Ansible Vault? Thanks.
Very useful comparison John, thank you very much, I still feel much inclined to continue learning python3 therefore, Nornir is the way I choose. Looking forward to continuing to learn with you. Until the next skill, Take care!
Thanks, Jair! Yup, I definitely agree. I think if you're interested in learning Python then Nornir is a great way to go. That said, I always make sure that I keep labbing Ansible since it's pretty much an essential in the current landscape and you're very likely gonna bump into it in the real world, either in production or answering exam questions :) Speak soon! -John
Hey, Liliana. Ansible modules are tailored for that framework. However, the same type of logic you would write for an Ansible module - Python - is using natively within Nornir. So if you're comfortable with language you can just go straight to Nornir and write any Python logic you wish to achieve whatever task you want directly within the framework :) -John
Thanks for your question, Parth! Nornir in some of the early iterations, wasn't idempotency, but more things were introduced like Napalm and IP Fabric. The IP Fabric can be used for the network discovery and inventory and the rest can apply the configurations. We've heard of other ways of making this work and frankly, more and more plugins/improvements are being made to Nornir. This will largely also depend on how you write your scripts. We hope this is helpful for you, thank you for learning with us!
As a fellow Scottish network engineer (Fae Glesga) it's good to hear you doing CBT nuggets and teaching others the massive benefits of network automation. Your vids on your channel have been so helpful, so thank you!
One theme that I often see in beginner-level network automation tutorials using Ansible is that the configuration scenarios are very simplistic: let's create some VLANs! let's configure static routing! let's enable OSPF! For these simple cases Ansible works just fine.
The thing is, when facing real-world network automation scenarios you'll often have to adapt your automation to existing requirements, and this will involve a lot of nested if statement logic. In Ansible, anyone that has tried to implement multiple conditionals knows it is a chore. Data processing is a chore in ansible, as you need to explicitly register variables via a task and you can't just iterate over data structures like lists and dictionaries as easily as you'd want. Model-driven programmability can become a nightmare in Ansible.
The more complex your automation becomes and the more requirements you put into the mix, the more control you need of what actually happens on the network. Ansible is simply not made to accomodate that amount of control. Even if you make your own Ansible modules with some custom Python code, you're just hacking around a tool that was never meant to do network automation in the first place; Ansible was built for system admins. Nornir, on the other hand, was built for network automation engineers.
Very well said.
Excellent video. I really liked the trivia behind the terms.
Thanks for the comparisons!
:)
Great content John, very useful. Keep posting these helpful videos 👍
Ansible is a tool that is written in Python and easily extensible by writing custom Ansible plugins which are basically Python files. Writing reusable custom Ansible plugins can avoid complex playbooks and abstract the code implementation from users.
Hey Ganesh, I agree. You can certainly write your own Ansible modules and this is certainly fine to do here and there, if you have the Python skills to do so. However, if you're having to resort to writing Python code to get around the barriers you're running into using Ansible, then in my opinion, you're probably going to be better served just using Nornir and enjoying the full flexibility and performance that it offers :)
IPvZero The point I wanted to make is you can learn python by using Ansible as well. I would say writing Ansible plugins is a smart way to solve problems by taming the tool :). While Ansible ecosystem can be tuned to achieve greater performance the main strength lies in ease of usability and maintainability as after automation is done most likely a person won't be sitting in front of system watching daily automation task run. I have used ssh based libraries in past for writing custom automation scripts but in my experience in the long run the maintenance overhead results in diminishing returns. Having said all of the above the best approach would be to understand the capabilities of available tools and pick the one that best fits a given environment :)
@@ganesh634 I definitely agree. Ultimately my position is both are very useful tools, and neither makes the other obsolete. As you say, pick the tool that's best for your environment! :)
@@IPvZero Hi, Does Nornir have vault feature like Ansible to encrypt variables such as usernames/password/etc? If not, can it be integrated with Ansible Vault? Thanks.
@@afara2000 You can use Ansible vault with Nornir, as best I am aware. Probably the best solution would be using Hashicorp Vault, though! :)
Finally i can associate a face to the voice of the instructor that made me love nornir!!
Great video. Python is the way to go in network automation. We have to learn it.
Thanks Kaba! I definitely agree with you. Learning Python is a huge plus for network automation. Opens up so many possibilities!
^john thank you
Great explanation
Very useful comparison John, thank you very much, I still feel much inclined to continue learning python3 therefore, Nornir is the way I choose. Looking forward to continuing to learn with you. Until the next skill, Take care!
Thanks, Jair! Yup, I definitely agree. I think if you're interested in learning Python then Nornir is a great way to go. That said, I always make sure that I keep labbing Ansible since it's pretty much an essential in the current landscape and you're very likely gonna bump into it in the real world, either in production or answering exam questions :)
Speak soon!
-John
@@IPvZero great point! Thanks again, for all the great work you do.
@@jairusan Thanks Jair! :)
Ansible is also python :) If you want to write modules on Ansible you use Python.
Let me add a fourth reason to Ansible :), it is on the DevNet Associate content
Absolutely agree, Daniel! And on the DevNet Professional too!
:)
-John
Hi all! Is it possible to use Ansible modules with Nornir? Thanks!
Hey, Liliana. Ansible modules are tailored for that framework. However, the same type of logic you would write for an Ansible module - Python - is using natively within Nornir. So if you're comfortable with language you can just go straight to Nornir and write any Python logic you wish to achieve whatever task you want directly within the framework :)
-John
Good comparison. But What about idempotency of nornir ? I knew ansible has idempotency nature.
Thanks for your question, Parth!
Nornir in some of the early iterations, wasn't idempotency, but more things were introduced like Napalm and IP Fabric. The IP Fabric can be used for the network discovery and inventory and the rest can apply the configurations. We've heard of other ways of making this work and frankly, more and more plugins/improvements are being made to Nornir. This will largely also depend on how you write your scripts.
We hope this is helpful for you, thank you for learning with us!
The best
我全都要