ansible: server and network device automation · ansible: server and network device automation...

54
www.anm.com Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan www.anm.com June 8, 2018

Upload: lykhuong

Post on 13-Sep-2018

290 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible: Server and Network Device

AutomationKlaus Mueller & Ian Logan

www.anm.comJune 8, 2018

Page 2: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Who we are

Klaus MuellerSenior Solutions Architect, ANM

• Route/Switch CCIE #5450

• 30+ years experience in IT

• 20 years experience working with State/Local, Healthcare, Education, and Commercial in New Mexico

• Specialize in campus and data center networks

Ian LoganSenior Solutions Architect, ANM

• 20 years at NMSU– Data center architecture

– Private networks for energy management systems

– Unix & Linux systems administration

• Specialize in data center virtualization and automation

Page 3: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.comwww.anm.com

ANM is headquartered in Albuquerque, NM and operates in Colorado,

Texas and New Mexico. In addition to Albuquerque,

ANM has offices in Denver (CO),

Colorado Springs (CO) and El Paso (TX).

Page 4: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Evolution of Network Configuration

First Cisco Router1986

Latest Cisco Router2018

CLI via console and Telnet

CLI via console and SSH

Page 5: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

There are tools…

… but they are costly and frustrating…and often go un-/under-used

Page 6: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

…and old habits die hard…

Notepad

Copy &Paste

Page 7: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Meanwhile in Servers…

Server Virtualization

Linux

DevOps

Chef/PuppetPowerShell

Cloud

vRA

Technologies

MethodologiesTools

Open Source

Page 8: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

To be fair…

Data Center Network FabricsCisco ACI VMware NSX

Software Defined Networks

Network Function Virtualization (NFV)Network Programmability

APIs and Standards

NetDevOps“Infrastructure as Code”

Page 9: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

More on “Software Defined”

Software Defined NetworksMany approaches:• Controller-based, centralized data plane (e.g.

OpenFlow)• Central policy engine (e.g. Cisco ACI)

Focus has been on data center – ACI, Vmware NSX

Evolving to WAN (SD-WAN – e.g. Viptela, Riverbed), and Access (SD-Access – e.g. Cisco Digital Network Architecture, aka DNA)

Very promising, still early in adoption in most orgs.

Page 10: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

“The Holy Grail”

Be like FacebookAutomatically deploy a fully populated rack of servers and network gear with minimal intervention.

Or somewhere in between…• Standardized configs• Automated deployment• Push changes quickly • Automate repetitive tasks

Page 11: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Network Engineers need new skills

Page 12: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

• Python– Scripting

• Linux (or Mac OS X)– Using open-source tools

• Templating– Jinja

• Programmability– REST APIs– YAML, JSON, XML– NETCONF

• Data Models– YANG

Network Engineers need new skills

Page 13: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

“DevOps Tools” can help bridge the gap

• Automation– Configuration

deployment and management

• Open Source• Community Driven• Many learning

resources

• Chef and Puppet– Agent-based

• Ansible and Salt– Agent-less

Page 14: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

• Agent-less• Works well for both

network and servers• Idempotent

configuration management

• Modular framework• Supported by Red Hat

• Works with templates and variables

• Communicates over SSH

• Simple templating language (Playbooks = YAML)

Ansible – “The Easier Button”

Page 15: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible

Deep Dive

Page 16: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

How would you describe Ansible in one sentence?• A tool for expressing the desired state of a

system at a high level.

Page 17: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

• Ansible plays nicely with just about everyone!

Page 18: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

• Requirements for installing Ansible– Python 2.6/2.7 or 3.5 and newer– A Unix like system to act as the control machine

Page 19: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Playbook Ansible Engine

Managed Node

SSH

• Inventory Host File• API• Modules• Password Vault

• Unix/Linux/Windows• Cisco IOS/NXOS/ACI• vSphere• And many more…

• A YAML doc• Living MOP

Page 20: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

• Choices on installing Ansible– Vendor packages or Python pip– Packages might be a little stale but ease of

maintenance is probably worth it.

Page 21: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

• We’ll use CENTOS 7.5 for our examples.

• Its that easy.

Page 22: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

• Ansible’s master config file – ansible.cfg

ANSIBLE_CONFIGEnv. variable

ansible.cfgIn current directory

$HOME/.ansible.cfg /etc/ansible/ansible.cfg

The first one found wins

Page 23: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

We’ll take all the defaults except for 2 lines

Page 24: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Ansible’s inventory system:• A simple text file.• Dynamic inventory from AWS, OpenStack, etc.• You can use both simultaneously.

Page 25: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Ansible host file:• INI style formatting• Group names are in []• Hosts can belong to

multiple groups• Groups can be nested

Page 26: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Linux demo environment:– Precreated a user named “ansible” on each

machine– SSH authorized_keys configuration– Added sudo configuration for the ansible user– These steps are all optional, but they make the

demo easier.

Page 27: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Ansible one liners for Linux:

Page 28: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Ansible facts & variables:• Facts are variables that describe the system

being managed• Facts can be automatically gathered• You reference a variable with “{{ variable }}”

Page 29: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Ansible facts & variables:• You can get all of the facts for a device with a

one liner– ansible ios-devices -c network_cli -m ios_facts– ansible linux -m setup

Page 30: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

• Gathering facts takes a while

• On a Linux host it there are over 100facts

• Output from many one liners will be in JSON

Page 31: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Ansible playbooks:• Playbooks are our tool for automating

complex tasks.• Playbooks also allow us to express

orchestration across multiple managed nodes.• They’re written as YAML documents.

Page 32: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

YAML:• Indentation matters!!– Indent to group related items

• # begins a comment• - - - begins a YAML document• - to denote list elements

Page 33: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep diveA sample playbook:• Hosts: the target nodes• Become* do we need

elevated privileges?• Tasks: list of things to do

– We call these plays• Yum is an ansible module

– Name: httpd – a RPM name– State: present or absent

Page 34: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Running a playbook:

Page 35: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Playbooks can be executable scripts:• Add a “#!/usr/bin/ansible-playbook” as the

first line • Make the file executable

Page 36: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Lets get rid of Apache:

Page 37: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

One more Linux playbook:• One play with two tasks

Page 38: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Page 39: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Lets look at a Network playbook:• Inventory_hostname is a builtin variable

Page 40: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

{{ inventory_hostname }} is replaced with the name of the current node

Page 41: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

• We can iterate acrosslists with items

• Parents are how wechange the configcontext for IOS

Page 42: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Page 43: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

Make sure you write the entire command!– Ios_config module makes comparisons between

the playbook and the running config.– If its not an exact match, the command is

executed at every run.

Page 44: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

We’re not using SSH keys to login to the router, where’s the password?• We can store the password in a variable.• Variables can be stored in encrypted files

called vaults.

Page 45: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep dive

How do we organize per host or group variables?• We can put them in the playbook itself.• We can create host/group variables in the

host_vars/group_vars directory.– One file for each host/group.

Page 46: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Ansible – Deep diveHost variables for an IOS device• Ansible_connection: network_cli optimizes

Ansibles interaction with CLI style devices• Ansible_network_os: ios, vyos, junos, etc.• Ansible_ssh_pass: the login password

Page 47: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Choosing What to Automate

Page 48: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

DevOps: “The 3 Ways”

via Gene Kim, et al see “The Phoenix Project”and “The DevOps Handbook”

Page 49: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

E.g. Use Cases• Regular, repetitive tasks• Large-scale infrequent tasks

– pushing config changes to large number of devices

• In-frequent tasks that require consistency – e.g. device deployment

• Building Flow: Theory of Constraints– manual tasks that take a long

time that can be automated

• Pushing configs to multiple device

• Templatizing config changes• Automating config changes• Automating deployments• Reporting and compliance

Page 50: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

What Next?

Resources

Page 51: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Books

Page 52: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Websites

• Ansible Website: www.ansible.com– Documentation, Quick Start videos, Tutorials

• Cisco DevNet: developer.cisco.com– Free login– Free training

• "Network Programmability for Network Engineers”• Ansible videos and learning labs

Page 53: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Links• Ansible.com

– Documentation and Quick Start videos: docs.ansible.com

• Developer.cisco.com– ”Introduction to Ansible”

https://learninglabs.cisco.com/lab/ansible-02_ansible-intro/step/1– “NetDevOps” videos – Ansible for Cisco configuration management

https://developer.cisco.com/video/net-prog-basics/05-netdevops – “Getting Hands on with Ansible” Learning Lab

https://learninglabs.cisco.com/lab/ansible-03_ansible-hands-on/step/1

Page 54: Ansible: Server and Network Device Automation ·  Ansible: Server and Network Device Automation Klaus Mueller & Ian Logan  June 8, 2018

www.anm.com

Contact Us• See us at ANM table in the Vendor Fair– Demo capability

• Email us:– [email protected][email protected]

• https://www.slideshare.net/klausternm• www.anm.com