building cloud virtual topologies with ravello and ansible
TRANSCRIPT
Building Cloud Virtual Topologies with Ravello
& Ansible SF Network Automation Meetup, Feb 13th 2017
Damien Garros @damgarros
@dgarros
Agenda
● Quick introduction to Ravello● How to Build Topology easily with Ansible
(on Ravello)● How to use Ravello as part of a CI pipeline
Me● Datacenter Networking for 10y● Network Automation for 5y● 6y with Juniper ● Recently joined Apstra
as Customer Enablement Engineer
No affiliation with Ravello nor Ansible
Quick Introduction to Ravello
Ravello in a Nutshell● Solution to build Virtual Topology in the Cloud● Working on Top of AWS / GCE / Oracle Cloud● Work with any VMs (ova, vmdk, img …)● Pay by the hour● Now part of Oracle
Ravello Pros / Cons
Pro● Works with all VMs● Can build any topology● Everything available via REST API● All VMs can have Public IPs● Powerful Token system● Powerful Blueprint system● Pay by the hour● “Unlimited” capacity
Cons● Reduced Performance
Nested Virtualization● Network design sucks● REST API requires full objects● Can be expensive if used for a
long period
Ravello / Use cases for Networking● Training● On Demand Labs● Large topology reproduction ● CI Pipeline for Network ● Infrastructure as code● ….
Demo
Why Not AWS ??● L3 between VMs only,
○ no L1/L2 ( lldp, lacp)● No notion of “topology” in AWS● AWS do not support all VMs out of the box● No user portal and No delegation system
(token)
How to build topology easily with Ansible(on Ravello)
Problem Statement● Long & Complicated to build network topology
on Ravello● Very difficult to Update an existing topology
I need to update the NOS version
Solution● Abstract the definition of a new topology● Use Ansible to
○ Automate the creation of new topologies○ Automate the configuration of devices
Ansible Roles for Ravello
● Several Roles to:○ Create one application from scratch○ Create several applications from Blueprint○ Start/Stop VMs○ Collect Public IPs
● Published on Github / Docker● Currently in “Alpha” mode
https://github.com/Juniper/ravello-ansible
Example / Spine - Leaf Topology
Spine1 Spine2
Leaf1 Leaf2 Leaf3
● Assign a unique ID to each link
1
2 3 4 5
6● Assign an ID to
each interface
How to define a new topology## Ansible Inventory File
[spine]spine1 id=11spine2 id=21
[leaf]leaf1 id=111leaf2 id=121leaf3 id=131
[all:vars]ravello_app_name="Ip Fabric Junos"ravello_image=vqfx10k-re-15.1X53-D60
## Topology Definition file (yaml)
ravello_topology: leaf3: - link: dhcp-public services: [ ssh, icmp ] - link: 93 # To PFE - link: 83 # Reserved - link: 15 # Spine1 - link: 16 # Spine2
spine1: - link: dhcp-public services: [ ssh, icmp ] - link: 94 # To PFE - link: 84 # Reserved - link: 11 # Leaf1 - link: 13 # Leaf2 - link: 15 # Leaf3
Inventory File ## Ansible Inventory File
[spine]spine1 id=11spine2 id=21
[leaf]leaf1 id=111leaf2 id=121leaf3 id=131
[all:vars]ravello_app_name="Ip Fabric Junos"ravello_image=vqfx10k-re-15.1X53-D60
Mandatory information
● Unique “id” per VMs
● ravello_image matching the name of a VM image in Ravello
● ravello_app_name to define the name of the application in Ravello
How to define a new topology## Topology Definition file (yaml)
ravello_topology: leaf3: - link: dhcp-public services: [ ssh, icmp ] - link: 93 # To PFE - link: 83 # Reserved - link: 15 # Spine1 - link: 16 # Spine2
spine1: - link: dhcp-public services: [ ssh, icmp ] - link: 94 # To PFE - link: 84 # Reserved - link: 11 # Leaf1 - link: 13 # Leaf2 - link: 15 # Leaf3
● Each L2 domain has a unique identifier
● 2 interfaces connected to the same L2 domain simulate a point-to-point connection
● Interfaces are defined in order, to be able to predict interfaces name.
● Both “Leaf3-Int4” and “Spine1-Int5” are connected together (15)
Demohttps://github.com/dgarros/ravello-ansible-demo
What next ?
● Need more testers● Continue with Roles or create Modules ?● Add more features
https://github.com/Juniper/ravello-ansible
How to use Ravello as part of a CI Pipeline
Problem Statement1. Continuous Integration for Network related
tools requires real Network Devices.2. On-premise, complicated to have a dedicated
lab for CI3. On-Internet, impossible to access Nerwork
Devices
Solution1. Dynamically create Virtual Topology on Ravello
for each commit from CI tool (travis)2. Leverage Ravello Token to be able to expose
these publically3. Optional - Use IP Filtering to Restric the access
to the VMs
Solution Project on Github/GitlabFile .travis.yaml
Tests & Code
On Commit / PRTravis download the project
and execute .travis.yaml
1. Create topology on Ravello2. Collect VMs Public IP address3. Run tests
Demo
Variable File with Tokens## Variable file## host_vars/aos/ravello-token.yaml
ravello_ci: aos_version: "1.1": blueprint: 78709495 token: WWcsYxdcmxuv5pedRa4hRtE8AFsYOMLVIA4cZn2f64b6QBUfvBhN4pPL3FVkD9pG "1.0": blueprint: 78709497 token: 97V09ML3nNDleL4s466Za8UR5Ub5VHMMmjFOshstKm2Khil6hg4ar2zwJoSRnkVW
Inventory file## Ansible Inventory File
[aos]aos port=8888 username=admin
[all:vars]ravello_ci_app_name="aos-ansible AOS_{{ lookup('env','AOS_VERSION') }} Travis_{{ lookup('env','TRAVIS_JOB_ID') }} {{ lookup('env','TRAVIS_COMMIT') }}"ravello_ci_expiration_time_min=50ravello_ci_token="{{ ravello_ci.aos_version[aos_ver].token }}"ravello_ci_blueprint="{{ ravello_ci.aos_version[aos_ver].blueprint }}"
Playbook (partial)---- name: Create Application on Ravello for CI connection: local hosts: all gather_facts: no roles: - ravello.lib tasks: - name: Create Application from Blueprint for CI uri: url: "https://cloud.ravellosystems.com/api/v1/applications/" method: POST status_code: 201 HEADER_Content-Type: 'application/json' HEADER_Accept: 'application/json' HEADER_X-Ephemeral-Token-Authorization: "{{ ravello_ci_token }}" body: name: "{{ ravello_ci_app_name }}" description: "App created by Travis CI" baseBlueprintId: "{{ ravello_ci_blueprint }}" body_format: json run_once: true changed_when: true
Travis CI
Ravello
Thank You
Community @ http://community.apstra.com/
● Universal ZTP Serverhttps://github.com/Apstra/aeon-ztps
● Python Library for AOS https://github.com/Apstra/aos-pyez
● Ansible Modules for AOS (in progress) http://docs.ansible.com/ansible/list_of_network_modules.html#aos
Useful Links● Ravello - https://www.ravellosystems.com/● Ansible - https://www.ansible.com/
● Ravello Roles for Ansible - https://github.com/Juniper/ravello-ansible● Demos project : https://github.com/dgarros/ravello-ansible-demo● Sample Project 2 - https://github.com/dgarros/rav-ipfabric-demo
● Download vQFX - http://www.juniper.net/us/en/dm/free-vqfx-trial/