introduction to cli automation with ansible · introduction to cli automation with ansible tim...
TRANSCRIPT
Introduction to CLI Automation with Ansible
Tim Nothnagel, Consulting Engineer
Mike Leske, Technical Leader
LTRRST-1954
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark
Questions? Use Cisco Spark to communicate with the speaker after the session
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
How
cs.co/ciscolivebot#LTRRST-1954
• Introduction to Ansible
• Getting Started with Ansible
• Using Ansible
• Command Line, Playbooks & Templates
• Lab Introduction
• Lab Scenario
• Conclusion
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Session Objective
• Understanding of the basic principles of Ansible
• Being able to write a playbook including various Ansible concepts
• Getting hands-on experience in using Ansible with IOS, IOS XR and NX-OS
5LTRRST-1954
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Timetable
• 9:00h - 9:45h Ansible & Lab Intro
• 9:45h - 12:45h Lab time
• 12:45h - 13:00h Wrap up
6LTRRST-1954
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Related Sessions
• DEVNET-1002 – NetDevOps for the Network Dude
• DEVNET-1223 – IOS-XR Automation with Ansible
• TECDEV-4500 – Automating Network Operations with Ansible
• BRKDCN-2025 – Maximizing Network Programmability and Automation (...)
7LTRRST-1954
Introduction to Ansible
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ansible Overview
10LTRRST-1954
Open Source
Agentless
Simple
Wide Adoption
Management
Orchestration
Deployment
Con! guration
Getting Started with Ansible
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12LTRRST-1954
Getting started with Ansible
SSH
Ansible ControllerTargets
ansible.cfg Inventory Playbooks Modules
(user/pass, public key)
1. Push configuration
2. Get configuration/state
3. Execute commands
Using Ansible
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Common Ansible Terms
Let‘s first cover the
basic terms and concepts.
14LTRRST-1954
?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ansible Configuration – ansible.cfg
• The place for adjusting default settings based on your requirements
• Multiple alternative places for parameters and setting exists
• Typically, default settings are sufficient for most users
• Precedence order of Ansible configuration files (in this order):
1. ANSIBLE_CONFIG (an environment variable)
2. ansible.cfg (in the current directory)
3. .ansible.cfg (in the home directory)
4. /etc/ansible/ansible.cfg (global ansible configuration)
15LTRRST-1954
This lab uses ansible.cfg in scenario/project directory
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inventory
• INI format file usually called ‘hosts’
• Defines the hosts which Ansible manages
• Hosts can be grouped together with []
• Additional optional parameters can be defined
• Where does Ansible look for the inventory file:
• Option 1 (Default): /etc/ansible/hosts
• Option 2: “inventory” parameter in local ansible.cfg
• Option 3: -i <path> option on the command line
16LTRRST-1954
$ cat ansible/hosts
[core]
CORE_XR ansible_host=198.18.1.5
[branch1]
BRANCH_1_CSR ansible_host=198.18.1.12
BRANCH_1_SWITCH ansible_host=198.18.1.11
[branch2]
BRANCH_2_CSR ansible_host=198.18.1.22
BRANCH_2_SWITCH ansible_host=198.18.1.21
[csr]
BRANCH_1_CSR ansible_host=198.18.1.12
BRANCH_2_CSR ansible_host=198.18.1.22
[switch]
BRANCH_1_SWITCH ansible_host=198.18.1.11
BRANCH_2_SWITCH ansible_host=198.18.1.21
Further reading:
http://docs.ansible.com/ansible/latest/intro_inventory.html
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Modules
• Prepared “Scripts“ performing an action on a host
• All modules (~465+ Oct 2017) ship with Ansible
• Enormous variety of Ansible modules
• You can write your own modules
17LTRRST-1954
Further reading:
http://docs.ansible.com/ansible/latest/modules.html
http://docs.ansible.com/ansible/latest/modules_by_category.html
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ad-hoc Command
• Allows you to execute tasks really quick without saving steps
• Useful to understand the basics of how Ansible works
• ansible <hosts_section> -m <module> [-a <arguments>]
• Default module is „command“ („-m command“ can be omitted)
• „-m ping“ is the `Hello World´ of Ansible
18LTRRST-1954
$ ansible -a "date" control
localhost | SUCCESS | rc=0 >>
Wed Nov 15 05:58:55 CET 2017
$ ansible -m ping core
172.16.20.30 | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}
Further reading:
http://docs.ansible.com/ansible/latest/intro_adhoc.html
http://docs.ansible.com/ansible/latest/ping_module.html
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Playbooks
• Ansible‘s method of procedures (MoP)
• Playbooks store task sequences for later reuse
• Can have one or more plays and tasks
• Playbooks are written in YAML
19LTRRST-1954
Further reading:
http://docs.ansible.com/ansible/latest/playbooks.html
$ cat sample.yaml
---
- hosts: control
gather_facts: no
connection: local
tasks:
- name: PING ANSIBLE CONTROL
ping:
- name: DATE COMMAND ON CONTROL
command: date
$ ansible-playbook sample.yaml
PLAY [control]
**********************************************************************************************************************
TASK [PING ANSIBLE CONTROL]
**********************************************************************************************************************
ok: [localhost]
…
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ansible & Jinja2 Templates
20LTRRST-1954
• Jinja2 templates further enhance Ansible‘sconfiguration modelling capabilities, e.g. representconfiglets in native device CLI
• Jinja2 templates have access to Ansible variables and implement many filters and tests for validation
• Templating is executed on Ansible controller
$ cat ios_interface.j2
{% for interface in interfaces %}
{% if interface.name.startswith('Gigabit') %}
interface {{ interface.name }}
ip address {{ interface.intf_address }} {{ interface.intf_netmask }}
no shutdown
exit
!
{% endif %}
{% endfor %}
$ cat ios_interface.yaml
- hosts: branch1[0]
gather_facts: no
connection: local
vars:
interfaces:
- name: GigabitEthernet4
intf_address: 10.1.10.2
intf_netmask: 255.255.255.252
- name: GigabitEthernet5
intf_address: 10.1.10.6
intf_netmask: 255.255.255.252
tasks:
- name: BUILD DATA INTERFACE CONFIG
template:
src: templates/ios_interface.j2
dest: configs/ios_interface.cfg
- name: CONFIGURE DATA INTERFACES
ios_config:
src: configs/ios_interface.cfg
Further reading:
http://docs.ansible.com/ansible/latest/playbooks_templating.html
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Typical Folder Structure
21LTRRST-1954
Project specific inventoryProject specific configuration
YAML playbooks
Folder for jinja2 templates
Folder for configurations created by templates
Ansiblevs.|&
Cisco NSO
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Transactions – all or nothing
• Rollback built-in
• Variety of southbound protocols
(Netconf, REST, SNMP, ...)
• Model based abstraction via YANG
10,000-feet Comparison
23LTRRST-1954
• Run to completion or error
• No rollback
• SSH towards target device
• Explicit “tasks” to wrap CLI or operation
Ansible
Cisco NSO
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Reference ArchitecturesSpanning Applications and Networks
Ansible
NSO
App App
Ansible
NSO
App App
Application Centric Connectivity Centric
Playbooks
Playbooks
Further reading:
https://www.ansible.com/networks-with-cisco-nso-ansible
LTRRST-1954 24
Lab Introduction
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Lab Setup
• Lab contains 1 XRv core router, 2 IOSv branch routers, 2 NX-OS switches and 2 PCs to verify end-to-end connectivity
• Ansible VM (Ubuntu) running Ansible operations
26LTRRST-1954
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Lab Access
• Cisco dCloud is used for this lab, a Cisco CCO account is mandatory
27
Click “View” to get more lab access details
Get your dCloud Lab
VPN details
LTRRST-1954
In-browser Remote Desktop session
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Lab Access, cont.
Option A
• Access the Windows Workstation directly via in-browser RDP session
Option B
• Use the Cisco AnyConnect Client on your laptop with your Cisco dCloud Lab VPN settings to connect to your lab instance
• Use RDP to connect to the virtual Windows “Workstation”
• Alternatively, while inside dCloud VPN ssh directly into the Ansible controller
28LTRRST-1954
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Lab Access, cont.
• The Windows Workstation provides access to multiple resources
29LTRRST-1954
Putty: Doubleclick to direcly log into the Ansible controller
Atom: Text editor with yaml syntax highlighting &
FileSync plugin to copy files from/to Ansible controller
Chrome: Access to Internet & Ansible Docs
Maestro: Access to VIRL (not required for this Lab)
Lab Scenario
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Lab Scenario
31LTRRST-1954
Exercise Ansible Concepts & Objectives
1 Basics: ansible.cfg, inventory
Ad-Hoc Operations, modules
2 Playbooks, parents, wait_for, tags, variables
Prepare core config for CORE_XR: Loopback0 Interface, global OSPF activation
3 with_items, when, Jinja2 templates, register, debug
Activate OSPF on BRANCH_1_CSR, configure interfaces on CORE_XR and
BRANCH_1_CSR
4 nxos_nxapi, device-specific modules
OSPF & Interface configuration on BRANCH_1_SWITCH
5 Playbook optimization, vars_dir, import_playbook
Re-use playbooks to deploy configuration for BRANCH_2 service
Lab Time
Conclusion
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Conclusion
• Ansible is simple and easy to kickstart
• Ansible can work together with Cisco NSO
• Before you write a shell script consider to write a playbook!
34LTRRST-1954
Networking
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark
Questions? Use Cisco Spark to communicate with the speaker after the session
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
How
cs.co/ciscolivebot#LTRRST-1954
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Please complete your Online Session Evaluations after each session
• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt
• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.
Complete Your Online Session Evaluation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
37LTRRST-1954
Thank you