building cloud virtual topologies with ravello and ansible

Building Cloud Virtual Topologies with Ravello

& Ansible SF Network Automation Meetup, Feb 13th 2017

Damien Garros @damgarros

@dgarros

Agenda

● Quick introduction to Ravello● How to Build Topology easily with Ansible

(on Ravello)● How to use Ravello as part of a CI pipeline

Me● Datacenter Networking for 10y● Network Automation for 5y● 6y with Juniper ● Recently joined Apstra

as Customer Enablement Engineer

No affiliation with Ravello nor Ansible

Quick Introduction to Ravello

Ravello in a Nutshell● Solution to build Virtual Topology in the Cloud● Working on Top of AWS / GCE / Oracle Cloud● Work with any VMs (ova, vmdk, img …)● Pay by the hour● Now part of Oracle

Ravello Pros / Cons

Pro● Works with all VMs● Can build any topology● Everything available via REST API● All VMs can have Public IPs● Powerful Token system● Powerful Blueprint system● Pay by the hour● “Unlimited” capacity

Cons● Reduced Performance

Nested Virtualization● Network design sucks● REST API requires full objects● Can be expensive if used for a

long period

Ravello / Use cases for Networking● Training● On Demand Labs● Large topology reproduction ● CI Pipeline for Network ● Infrastructure as code● ….

Demo

Why Not AWS ??● L3 between VMs only,

○ no L1/L2 ( lldp, lacp)● No notion of “topology” in AWS● AWS do not support all VMs out of the box● No user portal and No delegation system

(token)

How to build topology easily with Ansible(on Ravello)

Problem Statement● Long & Complicated to build network topology

on Ravello● Very difficult to Update an existing topology

I need to update the NOS version

Solution● Abstract the definition of a new topology● Use Ansible to

○ Automate the creation of new topologies○ Automate the configuration of devices

Ansible Roles for Ravello

● Several Roles to:○ Create one application from scratch○ Create several applications from Blueprint○ Start/Stop VMs○ Collect Public IPs

● Published on Github / Docker● Currently in “Alpha” mode

https://github.com/Juniper/ravello-ansible

Example / Spine - Leaf Topology

Spine1 Spine2

Leaf1 Leaf2 Leaf3

● Assign a unique ID to each link

1

2 3 4 5

6● Assign an ID to

each interface

How to define a new topology## Ansible Inventory File

[spine]spine1 id=11spine2 id=21

[leaf]leaf1 id=111leaf2 id=121leaf3 id=131

[all:vars]ravello_app_name="Ip Fabric Junos"ravello_image=vqfx10k-re-15.1X53-D60

## Topology Definition file (yaml)

ravello_topology: leaf3: - link: dhcp-public services: [ ssh, icmp ] - link: 93 # To PFE - link: 83 # Reserved - link: 15 # Spine1 - link: 16 # Spine2

spine1: - link: dhcp-public services: [ ssh, icmp ] - link: 94 # To PFE - link: 84 # Reserved - link: 11 # Leaf1 - link: 13 # Leaf2 - link: 15 # Leaf3

Inventory File ## Ansible Inventory File

[spine]spine1 id=11spine2 id=21

[leaf]leaf1 id=111leaf2 id=121leaf3 id=131

[all:vars]ravello_app_name="Ip Fabric Junos"ravello_image=vqfx10k-re-15.1X53-D60

Mandatory information

● Unique “id” per VMs

● ravello_image matching the name of a VM image in Ravello

● ravello_app_name to define the name of the application in Ravello

How to define a new topology## Topology Definition file (yaml)

ravello_topology: leaf3: - link: dhcp-public services: [ ssh, icmp ] - link: 93 # To PFE - link: 83 # Reserved - link: 15 # Spine1 - link: 16 # Spine2

spine1: - link: dhcp-public services: [ ssh, icmp ] - link: 94 # To PFE - link: 84 # Reserved - link: 11 # Leaf1 - link: 13 # Leaf2 - link: 15 # Leaf3

● Each L2 domain has a unique identifier

● 2 interfaces connected to the same L2 domain simulate a point-to-point connection

● Interfaces are defined in order, to be able to predict interfaces name.

● Both “Leaf3-Int4” and “Spine1-Int5” are connected together (15)

Demohttps://github.com/dgarros/ravello-ansible-demo

What next ?

● Need more testers● Continue with Roles or create Modules ?● Add more features

https://github.com/Juniper/ravello-ansible

How to use Ravello as part of a CI Pipeline

Problem Statement1. Continuous Integration for Network related

tools requires real Network Devices.2. On-premise, complicated to have a dedicated

lab for CI3. On-Internet, impossible to access Nerwork

Devices

Solution1. Dynamically create Virtual Topology on Ravello

for each commit from CI tool (travis)2. Leverage Ravello Token to be able to expose

these publically3. Optional - Use IP Filtering to Restric the access

to the VMs

Solution Project on Github/GitlabFile .travis.yaml

Tests & Code

On Commit / PRTravis download the project

and execute .travis.yaml

1. Create topology on Ravello2. Collect VMs Public IP address3. Run tests

Demo

Variable File with Tokens## Variable file## host_vars/aos/ravello-token.yaml

ravello_ci: aos_version: "1.1": blueprint: 78709495 token: WWcsYxdcmxuv5pedRa4hRtE8AFsYOMLVIA4cZn2f64b6QBUfvBhN4pPL3FVkD9pG "1.0": blueprint: 78709497 token: 97V09ML3nNDleL4s466Za8UR5Ub5VHMMmjFOshstKm2Khil6hg4ar2zwJoSRnkVW

Inventory file## Ansible Inventory File

[aos]aos port=8888 username=admin

[all:vars]ravello_ci_app_name="aos-ansible AOS_{{ lookup('env','AOS_VERSION') }} Travis_{{ lookup('env','TRAVIS_JOB_ID') }} {{ lookup('env','TRAVIS_COMMIT') }}"ravello_ci_expiration_time_min=50ravello_ci_token="{{ ravello_ci.aos_version[aos_ver].token }}"ravello_ci_blueprint="{{ ravello_ci.aos_version[aos_ver].blueprint }}"

Playbook (partial)---- name: Create Application on Ravello for CI connection: local hosts: all gather_facts: no roles: - ravello.lib tasks: - name: Create Application from Blueprint for CI uri: url: "https://cloud.ravellosystems.com/api/v1/applications/" method: POST status_code: 201 HEADER_Content-Type: 'application/json' HEADER_Accept: 'application/json' HEADER_X-Ephemeral-Token-Authorization: "{{ ravello_ci_token }}" body: name: "{{ ravello_ci_app_name }}" description: "App created by Travis CI" baseBlueprintId: "{{ ravello_ci_blueprint }}" body_format: json run_once: true changed_when: true

Travis CI

Ravello

Thank You

Community @ http://community.apstra.com/

● Universal ZTP Serverhttps://github.com/Apstra/aeon-ztps

● Python Library for AOS https://github.com/Apstra/aos-pyez

● Ansible Modules for AOS (in progress) http://docs.ansible.com/ansible/list_of_network_modules.html#aos

Useful Links● Ravello - https://www.ravellosystems.com/● Ansible - https://www.ansible.com/

● Ravello Roles for Ansible - https://github.com/Juniper/ravello-ansible● Demos project : https://github.com/dgarros/ravello-ansible-demo● Sample Project 2 - https://github.com/dgarros/rav-ipfabric-demo

● Download vQFX - http://www.juniper.net/us/en/dm/free-vqfx-trial/