Hybrid Network Automation: Nornir + Ansible Integration¶
Status¶
Accepted — Nornir and Ansible are combined as a unified automation stack for both network and infrastructure orchestration, balancing flexibility and governance.
Context¶
HybridOps.Studio manages both compute (VMs, Kubernetes nodes, cloud resources) and traditional network infrastructure (Cisco CSR1000v, Arista vEOS, pfSense).
While Ansible provides excellent orchestration and idempotency for host-level configuration, it is not ideal for concurrent, connection-aware device automation at scale.
Nornir offers: - Python-native execution and granular concurrency. - Low-level control over connections (SSH/Netmiko/NAPALM). - Dynamic inventory loading compatible with Ansible’s YAML structure.
Combining both enables: - Unified inventory (NetBox → dynamic generator → YAML). - Seamless orchestration pipelines — Ansible drives hosts; Nornir drives network fabric. - Evidence collection and correlation under one workflow.
Decision¶
Adopt a hybrid model where: - Ansible remains the primary orchestrator for servers, agents, and Kubernetes components. - Nornir executes network-specific tasks such as configuration diff, compliance validation, and connectivity testing. - Shared inventories and credential sources are generated from a NetBox-backed Source of Truth. - Jenkins pipelines orchestrate both stacks with evidence emission and rollback capabilities.
Integration Highlights¶
- Single YAML inventory structure shared between both tools.
- Nornir plugins (
env_guard,connectivity_test) integrated into CI pipelines. - Evidence logs stored in
/output/artifacts/networking/nornir-ansible-interop/. - WAN edge roles (
wan_edge,wan_validate) follow the Ansible collection pattern with Nornir-compatible inventory
Consequences¶
- Improved parallelism for network automation workloads.
- Unified audit trail for hybrid operations.
- Slightly more complexity in CI/CD pipelines due to mixed tool orchestration.
- Requires Python dependencies (Nornir, Netmiko, Napalm) to be preinstalled in the automation control plane.
References¶
- Runbook: Nornir + Ansible Integration
- Diagram: Nornir–Ansible Interoperability
- Run artefacts & logs: proof logs and compliance diffs
- ADR-0115 – Linux Edge WAN with strongSwan and FRR
Maintainer: HybridOps.Studio License: MIT-0 for code, CC-BY-4.0 for documentation unless otherwise stated.