If you're working in network automation, you know Ansible can make life a whole lot easier. But picking between the straightforward Ansible CLI and the bigger Ansible Automation Platform (AAP) is key. Doesn't matter if you're just starting out or you're a seasoned pro – getting the difference helps you choose the right tool for the job.
Although many details are involved here is a TL;DR on when to use what.
Use Ansible CLI If:
Use Ansible Automation Platform If:
Ansible CLI (Command Line Interface) is the foundational tool for running Ansible playbooks, managing inventory, and automating repetitive tasks. It is open-source, simple, and lightweight, suitable for smaller environments or individual use.
Ansible CLI relies on SSH for communication with network devices and uses Ansible modules to perform tasks. You write Playbooks (YAML files) to describe what state you want things in, and use inventory files to tell Ansible which devices to target.Managing Inventory and Credentials in Ansible CLI
1. Inventory Management
Ansible CLI uses inventory files to define managed nodes. Inventory can be in INI, YAML, or dynamic formats.
Example Inventory (INI format):hosts.ini
[routers]
router1 ansible_host=192.168.1.1 ansible_user=admin ansible_password=pass
router2 ansible_host=192.168.1.2 ansible_user=admin ansible_password=pass
[switches]
switch1 ansible_host=192.168.2.1 ansible_user=admin ansible_password=pass
Example Inventory (YAML format):hosts.yml
all:
hosts:
router1:
ansible_host: 192.168.1.1
ansible_user: admin
ansible_password: pass
router2:
ansible_host: 192.168.1.2
ansible_user: admin
ansible_password: pass
switch1:
ansible_host: 192.168.2.1
ansible_user: admin
ansible_password: pass
children:
routers:
hosts:
router1:
router2:
2. Credentials Management
Okay, in a lab, you might just toss credentials into the inventory file for ease. Don't do this in production. Seriously. You can easily secure your sensitive data by using the Ansible Vault CLI for encrypting and decrypting credential files.
Example with Credentials in Inventory File (INI - using group vars):
[all:vars]
ansible_user=admin
ansible_password=pass
Use the ansible-playbook CLI command to run your playbook:
ansible-playbook -i hosts.yml playbook.yml
Example Ansible CLI Playbook
Here’s a basic playbook that grabs the running config from devices in the routers group. Note: For network engineers, using the ansible network_cli connection plugin ensures consistent and reliable automation for SSH-based device management.
- name: Gather Interface Facts
hosts: routers
gather_facts: no
tasks:
- name: Show running config
ios_command:
commands: show running-config
register: output
- name: Display Output
debug:
var: output.stdout
cron or something).Ansible Automation Platform is a comprehensive automation solution provided by Red Hat. It builds on the Ansible core engine but adds a lot more, like the Automation Controller (which used to be called AWX/Tower). This gives you a web UI, a REST API, role-based access control (RBAC), better reporting – the works. It’s made for larger deployments where you need more control and visibility.
Execution environments in AAP are containerized environments that package the required runtime, dependencies, and Ansible collections. This helps keep things consistent when moving from dev to test to prod. Instead of messing with Python virtual environments like you often do with CLI, AAP uses these containerized Execution environments. You can use pre-built ones or make your own.
Read more: Understand how to optimize your automation deployments with execution strategies.
Fair warning: AAP needs a paid Red Hat subscription. This gets you enterprise support, security patches, updates, and certified content, which is pretty important for production environments.
1. Automation Controller: The central web UI and API for managing everything.
2. Automation Mesh: Distributes execution across nodes.
3. Execution Environments: Containerized environments with dependencies.
4. Automation Analytics: Gives you reports on automation performance and usage.
Job templates in AAP define how and where playbooks are executed. They specify the playbook to run, inventory to use, credentials required, and other parameters such as verbosity and timeout settings.
Example:
● Job Template Name: Backup Network Devices
● Inventory: Routers and Switches
● Playbook: backup_configs.yaml
● Credentials: SSH keys or vault credentials
AAP stores credentials (SSH keys, API keys, passwords, etc.) securely. They're encrypted, and you use RBAC to control who can access what.
Common Types of Credentials:
● Machine Credentials (SSH keys)
● Network Credentials (for routers/switches)
● Generic String
● Generic Credentials
Projects link AAP to your version control system (like GitHub or GitLab) where your playbooks live. This is great for collaboration and tracking changes.
Example:
● Project Name: Network Toolkit
● Source Control: GitHub (e.g. https://github.com/your-org/network-playbooks.git)
● Branch: main
Inventories define the hosts you manage, usually grouped logically. AAP supports static inventories and dynamic ones that can pull info from cloud providers or a CMDB.
Example:
● Inventory Name: Data Center Routers
● Groups: Core, Distribution, Access
Read more: Explore practical use-cases and see how CloudMyLab facilitates real-world Ansible scenarios.
AWX is the upstream open-source project for Ansible Automation Platform. It has a similar web interface, job templates, and RBAC. However, AWX doesn't come with official Red Hat support, stability guarantees, certified content, or some of the advanced analytics and integrated components (like Automation Mesh) found in the paid AAP product. If you want to kick the tires on the controller features for free in a lab, AWX is a good place to start.
Similarities:
Differences:
In AWX, you create a project linked to your Git repository, define inventory, credentials, and execute playbooks via the web interface.
| Feature | Ansible CLI | Ansible Automation Platform |
| Ease of Use | Command-line based; requires manual scripting | Web UI and API for managing playbooks |
| Scalability | Suitable for small to medium environments | Ideal for large-scale automation |
| Inventory Management | Managed via flat files (INI/YAML) | Centralized inventory with dynamic sources |
| Role-Based Access Control | No RBAC; anyone with CLI access can run tasks | Granular RBAC for teams and users |
| Job Scheduling | No built-in scheduler | Supports job scheduling and periodic execution |
| Logging and Auditing | Limited to CLI output and custom logging | Centralized logging and detailed auditing |
| High Availability | Requires manual setup for redundancy | Built-in HA support with clustering |
| Integration | Basic with limited plugins | Integrates with CI/CD tools, ticketing systems, and more |
| Execution Environments | Uses Python virtual environments | Uses containerized execution environments |
Ansible CLI is great for smaller tasks, individuals, or getting started. But for serious, enterprise-level automation needing scalability, central control, and RBAC, Ansible Automation Platform is usually the better bet. AWX is a handy sandbox for trying out AAP-like features without the price tag.
Understanding these options helps you pick the tool that makes sense for your automation needs, whether you're managing a handful of devices or thousands.
Using Ansible CLI for its simplicity or exploring Ansible Automation Platform for scale? CloudMyLab offers virtual lab environments like GNS3, EVE-NG, and Cisco Modeling Labs (CML 2.0) to help you practice and test. Our cloud-based labs let you quickly set up network topologies, safely test your automation scripts, and run Proof-of-Concept (POC) projects without wrestling with hardware.
CloudMyLab environments let you:
Discover more about optimizing your automation journey with CloudMyLab's Network Automation Lab Services.
Here are some helpful resources for learning more about Ansible: