www.anm.com
Ansible: Server and Network Device
AutomationKlaus Mueller & Ian Logan
www.anm.comJune 8, 2018
www.anm.com
Who we are
Klaus MuellerSenior Solutions Architect, ANM
• Route/Switch CCIE #5450
• 30+ years experience in IT
• 20 years experience working with State/Local, Healthcare, Education, and Commercial in New Mexico
• Specialize in campus and data center networks
Ian LoganSenior Solutions Architect, ANM
• 20 years at NMSU– Data center architecture
– Private networks for energy management systems
– Unix & Linux systems administration
• Specialize in data center virtualization and automation
www.anm.comwww.anm.com
ANM is headquartered in Albuquerque, NM and operates in Colorado,
Texas and New Mexico. In addition to Albuquerque,
ANM has offices in Denver (CO),
Colorado Springs (CO) and El Paso (TX).
www.anm.com
Evolution of Network Configuration
First Cisco Router1986
Latest Cisco Router2018
CLI via console and Telnet
CLI via console and SSH
www.anm.com
There are tools…
… but they are costly and frustrating…and often go un-/under-used
www.anm.com
…and old habits die hard…
Notepad
Copy &Paste
www.anm.com
Meanwhile in Servers…
Server Virtualization
Linux
DevOps
Chef/PuppetPowerShell
Cloud
vRA
Technologies
MethodologiesTools
Open Source
www.anm.com
To be fair…
Data Center Network FabricsCisco ACI VMware NSX
Software Defined Networks
Network Function Virtualization (NFV)Network Programmability
APIs and Standards
NetDevOps“Infrastructure as Code”
www.anm.com
More on “Software Defined”
Software Defined NetworksMany approaches:• Controller-based, centralized data plane (e.g.
OpenFlow)• Central policy engine (e.g. Cisco ACI)
Focus has been on data center – ACI, Vmware NSX
Evolving to WAN (SD-WAN – e.g. Viptela, Riverbed), and Access (SD-Access – e.g. Cisco Digital Network Architecture, aka DNA)
Very promising, still early in adoption in most orgs.
www.anm.com
“The Holy Grail”
Be like FacebookAutomatically deploy a fully populated rack of servers and network gear with minimal intervention.
Or somewhere in between…• Standardized configs• Automated deployment• Push changes quickly • Automate repetitive tasks
www.anm.com
Network Engineers need new skills
www.anm.com
• Python– Scripting
• Linux (or Mac OS X)– Using open-source tools
• Templating– Jinja
• Programmability– REST APIs– YAML, JSON, XML– NETCONF
• Data Models– YANG
Network Engineers need new skills
www.anm.com
“DevOps Tools” can help bridge the gap
• Automation– Configuration
deployment and management
• Open Source• Community Driven• Many learning
resources
• Chef and Puppet– Agent-based
• Ansible and Salt– Agent-less
www.anm.com
• Agent-less• Works well for both
network and servers• Idempotent
configuration management
• Modular framework• Supported by Red Hat
• Works with templates and variables
• Communicates over SSH
• Simple templating language (Playbooks = YAML)
Ansible – “The Easier Button”
www.anm.com
Ansible
Deep Dive
www.anm.com
Ansible – Deep dive
How would you describe Ansible in one sentence?• A tool for expressing the desired state of a
system at a high level.
www.anm.com
Ansible – Deep dive
• Ansible plays nicely with just about everyone!
www.anm.com
Ansible – Deep dive
• Requirements for installing Ansible– Python 2.6/2.7 or 3.5 and newer– A Unix like system to act as the control machine
www.anm.com
Ansible – Deep dive
Playbook Ansible Engine
Managed Node
SSH
• Inventory Host File• API• Modules• Password Vault
• Unix/Linux/Windows• Cisco IOS/NXOS/ACI• vSphere• And many more…
• A YAML doc• Living MOP
www.anm.com
Ansible – Deep dive
• Choices on installing Ansible– Vendor packages or Python pip– Packages might be a little stale but ease of
maintenance is probably worth it.
www.anm.com
Ansible – Deep dive
• We’ll use CENTOS 7.5 for our examples.
• Its that easy.
www.anm.com
Ansible – Deep dive
• Ansible’s master config file – ansible.cfg
ANSIBLE_CONFIGEnv. variable
ansible.cfgIn current directory
$HOME/.ansible.cfg /etc/ansible/ansible.cfg
The first one found wins
www.anm.com
Ansible – Deep dive
We’ll take all the defaults except for 2 lines
www.anm.com
Ansible – Deep dive
Ansible’s inventory system:• A simple text file.• Dynamic inventory from AWS, OpenStack, etc.• You can use both simultaneously.
www.anm.com
Ansible – Deep dive
Ansible host file:• INI style formatting• Group names are in []• Hosts can belong to
multiple groups• Groups can be nested
www.anm.com
Ansible – Deep dive
Linux demo environment:– Precreated a user named “ansible” on each
machine– SSH authorized_keys configuration– Added sudo configuration for the ansible user– These steps are all optional, but they make the
demo easier.
www.anm.com
Ansible – Deep dive
Ansible one liners for Linux:
www.anm.com
Ansible – Deep dive
Ansible facts & variables:• Facts are variables that describe the system
being managed• Facts can be automatically gathered• You reference a variable with “{{ variable }}”
www.anm.com
Ansible – Deep dive
Ansible facts & variables:• You can get all of the facts for a device with a
one liner– ansible ios-devices -c network_cli -m ios_facts– ansible linux -m setup
www.anm.com
Ansible – Deep dive
• Gathering facts takes a while
• On a Linux host it there are over 100facts
• Output from many one liners will be in JSON
www.anm.com
Ansible – Deep dive
Ansible playbooks:• Playbooks are our tool for automating
complex tasks.• Playbooks also allow us to express
orchestration across multiple managed nodes.• They’re written as YAML documents.
www.anm.com
Ansible – Deep dive
YAML:• Indentation matters!!– Indent to group related items
• # begins a comment• - - - begins a YAML document• - to denote list elements
www.anm.com
Ansible – Deep diveA sample playbook:• Hosts: the target nodes• Become* do we need
elevated privileges?• Tasks: list of things to do
– We call these plays• Yum is an ansible module
– Name: httpd – a RPM name– State: present or absent
www.anm.com
Ansible – Deep dive
Running a playbook:
www.anm.com
Ansible – Deep dive
Playbooks can be executable scripts:• Add a “#!/usr/bin/ansible-playbook” as the
first line • Make the file executable
www.anm.com
Ansible – Deep dive
Lets get rid of Apache:
www.anm.com
Ansible – Deep dive
One more Linux playbook:• One play with two tasks
www.anm.com
Ansible – Deep dive
www.anm.com
Ansible – Deep dive
Lets look at a Network playbook:• Inventory_hostname is a builtin variable
www.anm.com
Ansible – Deep dive
{{ inventory_hostname }} is replaced with the name of the current node
www.anm.com
Ansible – Deep dive
• We can iterate acrosslists with items
• Parents are how wechange the configcontext for IOS
www.anm.com
Ansible – Deep dive
www.anm.com
Ansible – Deep dive
Make sure you write the entire command!– Ios_config module makes comparisons between
the playbook and the running config.– If its not an exact match, the command is
executed at every run.
www.anm.com
Ansible – Deep dive
We’re not using SSH keys to login to the router, where’s the password?• We can store the password in a variable.• Variables can be stored in encrypted files
called vaults.
www.anm.com
Ansible – Deep dive
How do we organize per host or group variables?• We can put them in the playbook itself.• We can create host/group variables in the
host_vars/group_vars directory.– One file for each host/group.
www.anm.com
Ansible – Deep diveHost variables for an IOS device• Ansible_connection: network_cli optimizes
Ansibles interaction with CLI style devices• Ansible_network_os: ios, vyos, junos, etc.• Ansible_ssh_pass: the login password
www.anm.com
Choosing What to Automate
www.anm.com
DevOps: “The 3 Ways”
via Gene Kim, et al see “The Phoenix Project”and “The DevOps Handbook”
www.anm.com
E.g. Use Cases• Regular, repetitive tasks• Large-scale infrequent tasks
– pushing config changes to large number of devices
• In-frequent tasks that require consistency – e.g. device deployment
• Building Flow: Theory of Constraints– manual tasks that take a long
time that can be automated
• Pushing configs to multiple device
• Templatizing config changes• Automating config changes• Automating deployments• Reporting and compliance
www.anm.com
What Next?
Resources
www.anm.com
Books
www.anm.com
Websites
• Ansible Website: www.ansible.com– Documentation, Quick Start videos, Tutorials
• Cisco DevNet: developer.cisco.com– Free login– Free training
• "Network Programmability for Network Engineers”• Ansible videos and learning labs
www.anm.com
Links• Ansible.com
– Documentation and Quick Start videos: docs.ansible.com
• Developer.cisco.com– ”Introduction to Ansible”
https://learninglabs.cisco.com/lab/ansible-02_ansible-intro/step/1– “NetDevOps” videos – Ansible for Cisco configuration management
https://developer.cisco.com/video/net-prog-basics/05-netdevops – “Getting Hands on with Ansible” Learning Lab
https://learninglabs.cisco.com/lab/ansible-03_ansible-hands-on/step/1
www.anm.com
Contact Us• See us at ANM table in the Vendor Fair– Demo capability
• Email us:– [email protected] – [email protected]
• https://www.slideshare.net/klausternm• www.anm.com
Top Related