| technology | networking - John McGovern
Ansible vs Nornir: How Python Makes Automation Easier
"You're either the one that creates the automation or you're getting automated".
These are words of Github co-founder, Tim Preston-Werner, and while maybe a shade hyperbolic, there is no doubt that the demand for automation skills within the IT world are skyrocketing. Nothing signaled this shift within the networking industry quite like Cisco's recent revamping of all of their syllabuses and certifications.
When an industry superpower makes such a stark statement of intent, you can be sure this is not just a fad or a gimmick. To the contrary, automation is here to stay — and you don't want to find yourself left behind.
Here’s a full look at Nornir and Ansible in terms of ease of use, ease to learn, support, and automation power. In this video, I’ll also go into YAML versus Python, and provides a few examples. If you would like more information on how Python differs from YAML, take a look at this Python for beginners course.
In this blog post, I’ll go into how you can start performing simple tasks such as pulling show commands with both Ansible and Nornir. The rest is up to you.
Ansible: Running the Plays
Today, the most popular tool for automated configuration management is Ansible. The main reason is because Ansible promises a relatively low barrier for entry. The way this is engineered, however, is both the upside and downside of the tool. The central concept of Ansible is the Playbook, which is effectively a set of instructions of what processes you would like the automation tool to perform.
Perhaps you want to pull the running configuration of all the devices in the network, or update their NTP server configuration. These are examples of what might be specified in a Playbook. Ansible attempts to make this as simple as possible for the user by requiring its Playbooks to be written in the human-readable data-serialization language, "YAML". The net effect? Even someone who has no experience with programming has a good chance of eyeballing an Ansible Playbook and being able to decode roughly what it's designed to do.
Here's an example of a Playbook:
This all sounds pretty great so far, so what exactly is the problem? Well, as soon as you require more complex logic — and if you're using automation extensively within the network you will — Ansible's reliance on YAML for its hard logic quickly becomes cumbersome and reveals itself to be ill-equipped to handle many of tasks you find yourself wanting to implement.
Imagine all it took to learn the English language was to memorise the words "Yes", "No", "Left", "Right", "North" and "South". This might be pretty good if you were a non-native speaker and all you wanted to do was wander around with a map, ask directions and go sight-seeing.
But what if you wanted to describe the mountains that just took your breath away and all you could do was repeat the word "North" "North" "North" and point upward to convey the sheer magnitude and scale of the landscape? Suddenly, you might begin to question your ability to truly communicate what it is you're trying to say.
While this comparison may be harsh, it is analogous to attempting to (essentially) program in YAML vs programming with a fully developed and rich language such as Python.
Nornir: More than a Myth
In Norse mythology, the Norns or Nornir, are all powerful female beings who control the threads of fate for men and Gods. An appropriate name, then, for a multithreaded automation framework with the power to exact total control over the network. Developed and maintained by some of the most highly respected names in the automation community, Nornir is an automation solution designed to provide concurrent task execution as well as an abstraction layer for inventory management.
Nornir is very similar to Ansible with one big distinction: Nornir is pure Python.
What does this mean in real terms? Well, for a start, Nornir is extremely fast and can execute tasks in a fraction of the time it would take using Ansible. More importantly, Nornir has access to the entire Python ecosystem, meaning anything you can do in Python you can do in Nornir. With the ability to access and integrate any Python library you wish, suddenly, otherwise complex problems can now be solved with elegance and flexibility.
This, in my opinion, is absolutely invaluable. Moreover, when writing code in pure Python, you are also afforded the benefits of proper linting, static type checking, and a strong debugging ability. These are all powerful tools designed to support you in writing robust and stable, production-ready code.
The key distinction to me, above all, however, is that when you're learning Nornir, you're simply learning Python, as opposed to working within a very narrow domain-specific language such as YAML. Ultimately, it was my experience using Nornir that has allowed me to easily translate my skills into using other Python-based tools, such as the excellent automated testing solution, pyATS.
Image: Nornir executing an OSPF deployment
But what's the catch? Well, like always, there definitely is one, and that is that Nornir does have a slightly steeper learning curve at first compared to Ansible. The good news is that it's really not very steep at all. In fact, all that's required to begin using Nornir is an understanding of the basic fundamentals of Python.
Over time, as you regularly use the tool, your Python skills will naturally become stronger and stronger, with an ever-widening expanse of options continually becoming available. And eventually with Nornir, you will truly have the ability to control the fate of your network.