Author: Assaf Feuerstein
A comprehensive automation framework for managing Cisco MDS SAN (Storage Area Network) switches using Ansible, Python, and Jenkins CI/CD pipelines.
This project provides enterprise-grade automation for Cisco MDS Fibre Channel switches, enabling:
- Device Alias Management: Automated creation and removal of device aliases (human-readable names for WWPNs)
- Zone Configuration: Automated zone and zoneset management for controlling storage access
- Interface Management: Enable/disable FC interfaces during host provisioning and decommissioning
- Migration Tools: Convert Brocade SAN configurations to Cisco MDS format
- Maintenance Scripts: Automated CFS lock clearing and zone commit operations
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CI/CD Pipeline β
β (Jenkins/GitHub Actions) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Python Automation β
β βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ β
β β Device Aliasβ β Zone β β Maintenance β β
β β Scripts β β Scripts β β Scripts β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ β
β β β
β βΌ β
β βββββββββββββββββββββββ β
β β NX-API Module β β
β β (REST API Client) β β
β βββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Ansible Playbooks β
β βββββββββββββββββββββββ βββββββββββββββββββββββββββββββ β
β β Device Alias Config β β Zone/Zoneset Config β β
β βββββββββββββββββββββββ βββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Cisco MDS Fabric β
β βββββββββββββββββ βββββββββββββββββ β
β β Fabric A β β Fabric B β β
β β (Redundancy) β β (Redundancy) β β
β β β β β β
β β βββββββββββββ β β βββββββββββββ β β
β β βCore Switchβ β β βCore Switchβ β β
β β βββββββββββββ β β βββββββββββββ β β
β β β β β β β β
β β ββββββ΄βββββ β β ββββββ΄βββββ β β
β β βEdge NPV β β β βEdge NPV β β β
β β βSwitches β β β βSwitches β β β
β β βββββββββββ β β βββββββββββ β β
β βββββββββββββββββ βββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
CiscoMDS/
βββ ansible/ # Ansible playbooks and inventory
β βββ group_vars/ # Ansible variables
β β βββ all.yml.example # Global variables template
β β βββ nxos.yml.example # NX-OS connection settings
β βββ templates/ # Jinja2 templates
β βββ hosts.ini.example # Inventory template
β βββ device-alias-fabric-a.yml.example
β βββ zone-fabric-a.yml.example
β βββ change_interface_state.yml
β
βββ python/ # Python automation scripts
β βββ cisco/ # NX-API client module
β β βββ __init__.py
β β βββ nxapi.py # REST API client
β βββ add_device_alias.py # Add device aliases
β βββ add_zone.py # Add zones
β βββ remove_device_alias.py # Remove device aliases
β βββ remove_zone.py # Remove zones
β βββ cisco_mds_maintenance.py # Maintenance tasks
β βββ brocade_migration.py # Brocade to Cisco migration
β βββ find_duplicates.py # Find duplicate PWWNs
β βββ requirements.txt # Python dependencies
β
βββ pipeline/ # Jenkins pipeline definitions
β βββ Jenkinsfile.DeviceAlias
β βββ Jenkinsfile.Zone
β βββ Jenkinsfile.InterfaceState
β
βββ switch_configs/ # Switch configuration templates
β βββ core_switch_initial.txt
β βββ edge_switch_npv.txt
β βββ enable_nxapi.txt
β
βββ scripts/ # Shell utility scripts
β βββ fix_device_alias.sh # Rename device aliases
β βββ backup_config.sh # Backup switch configs
β
βββ configs/ # Configuration backups (gitignored)
βββ docs/ # Additional documentation
- Python 3.8+
- Ansible 2.10+ with
cisco.nxoscollection - Cisco MDS switches with NX-API enabled
- (Optional) Jenkins for CI/CD pipelines
-
Clone the repository
git clone https://github.com/assaffeuerstein/CiscoMDS.git cd CiscoMDS -
Set up Python environment
python3 -m venv .env source .env/bin/activate pip install -r python/requirements.txt -
Install Ansible collections
ansible-galaxy collection install cisco.nxos ansible-galaxy collection install ansible.netcommon
-
Configure inventory
cp ansible/hosts.ini.example ansible/hosts.ini # Edit hosts.ini with your switch IPs -
Configure credentials
cp ansible/group_vars/nxos.yml.example ansible/group_vars/nxos.yml # Edit nxos.yml and use ansible-vault for encryption ansible-vault encrypt ansible/group_vars/nxos.yml
configure terminal
feature nxapi
no nxapi http port 8080
nxapi https port 8443
exit
copy running-config startup-config
# Check and fix CFS locks and pending zone changes
python3 python/cisco_mds_maintenance.py \
--ip 192.168.1.10 \
--username admin \
--password secret \
--vsan 2
# Dry run (check only)
python3 python/cisco_mds_maintenance.py \
--ip 192.168.1.10 \
--username admin \
--password secret \
--dry-run# Add a device alias
python3 python/add_device_alias.py \
--device-alias esxi_prod_host_01 \
--pwwns 10:00:00:00:00:00:00:01 \
--sw-username admin \
--sw-password secret
# Remove a device alias
python3 python/remove_device_alias.py \
--fabric 1 \
--device-alias esxi_prod_host_01# Add a zone
python3 python/add_zone.py \
--zone storage_array_01_esxi_prod_host_01 \
--members storage_array_01,esxi_prod_host_01
# Remove a zone
python3 python/remove_zone.py \
--fabric 1 \
--zone storage_array_01_esxi_prod_host_01# Convert Brocade config to Cisco Ansible playbook
python3 python/brocade_migration.py \
--source 192.168.2.1 \
--context 1 \
--vsan 2 \
--zoneset ZS_Fabric_A \
--fabric 1 \
--username admin \
--password secret \
--aliases --zones# Apply device alias configuration
ansible-playbook -i ansible/hosts.ini \
ansible/device-alias-fabric-a.yml \
--vault-password-file vault_pass.txt
# Apply zone configuration
ansible-playbook -i ansible/hosts.ini \
ansible/zone-fabric-a.yml \
--vault-password-file vault_pass.txt
# Change interface state
ansible-playbook -i ansible/switches.ini \
ansible/change_interface_state.yml \
-e "interface_on_first_switch=fc1/5" \
-e "interface_on_second_switch=fc1/5" \
-e "enabled=true"The project includes three Jenkins pipelines:
-
Device Alias Pipeline (
Jenkinsfile.DeviceAlias)- Parameters: operation, hostname, wwn1, wwn2, dc
- Automates adding/removing device aliases
-
Zone Pipeline (
Jenkinsfile.Zone)- Parameters: operation, hostname, storage_array, dc
- Automates adding/removing zones
-
Interface State Pipeline (
Jenkinsfile.InterfaceState)- Parameters: action, serial, switch IPs, interfaces
- Enables/disables FC interfaces
Store sensitive credentials using Ansible Vault:
# Create encrypted credentials file
ansible-vault create ansible/group_vars/nxos.yml
# Encrypt a single string
ansible-vault encrypt_string 'mypassword' --name 'ansible_password'
# Edit encrypted file
ansible-vault edit ansible/group_vars/nxos.ymlThe scripts support these environment variables:
| Variable | Description |
|---|---|
CISCO_USER |
Default username for switch authentication |
CISCO_PASSWORD |
Default password for switch authentication |
ANSIBLE_VAULT_PASSWORD_FILE |
Path to vault password file |
- Use underscores, not hyphens:
esxi_prod_host_01 - Include environment:
esxi_prod_,k8s_stage_ - Storage arrays:
storage_array_01_ct0_fc0
- Format:
<storage_array>_<hostname> - Example:
storage_array_01_esxi_prod_host_01
- Fabric A:
ZS_Fabric_A - Fabric B:
ZS_Fabric_B
-
Credential Management
- Use Ansible Vault for all credentials
- Never commit passwords or vault files to Git
- Use Jenkins credentials store for CI/CD
-
Network Security
- NX-API uses HTTPS by default (port 8443)
- Disable HTTP access on switches
- Use dedicated management network
-
Access Control
- Limit switch access to automation service accounts
- Use RBAC on Jenkins for pipeline execution
- Audit all configuration changes via Git
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Cisco for the NX-API and Ansible modules
- The Ansible community for the network automation tools
- All contributors to this project
Author: Assaf Feuerstein
For questions or support, please open an issue on GitHub.
Note: This is a template project. Configure the example files with your environment-specific settings before use.