network automation guest-starring ansible · 2019-10-03 · ansible ansible architecture: •...
Post on 09-Jun-2020
30 Views
Preview:
TRANSCRIPT
5#ArubaAirheads
Network Automation : WhyAKA Why we need to move on from just CLI
More devices
• IoT• Larger network estates
Business Agility
• IT central to business transformation• Yet networking yet to evolve
Increase Reliability
• Drive lower costs• Quicker deployments
Typos = 🥀
Lower Cost! 💸
9#ArubaAirheads
No Surprises
• True and that’s good.
• PERL/Expect > Python/Go
• Not just rebadging ideas from cooler software folk.
10#ArubaAirheads
Networks be Automating
No surprise that we want to automate. Networking has been automating Day One for years
ZTPZero-Touch Provisioning automate
initial provisioning on boot
SLAACGlobally routable address generation
‘baked in’
DHCPAutomated address allocation
11#ArubaAirheads
What Went Wrong?
Network Automation is Network Management.Failure to automate is a network mgmt failure.
• Lack of adoption for SNMP Write• Cost of writing SNMP Agent vs CLI• Vendor doing their own thing
• Lack of interest for NETCONF (?)
12#ArubaAirheads
Network Automation is HARD
Real-time traffic
ConfigEasy
Dynamic State
Hard
Needs Networking experience
Config:• Interface up• VLAN 199 configured
Dynamic State• Is the int up (line
protocol)?• ARP cache• Routing table
Real-time trafficIs TCP / UDP flowing?
13#ArubaAirheads
The Gartner Hype Cycle
By Jeremykemp at English Wikipedia, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=10547051
14#ArubaAirheads
The Gartner Hype Cycle
By Jeremykemp at English Wikipedia, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=10547051
Coding is HARD!
• 100 Days of Code – Abandoned after 3 days• The Expert Beginner• Stuck in the labyrinth of ‘Getting Started’
15#ArubaAirheads
Network Automation is HardCommon Automation Story
• One or two engineers are interested.• Go to bootcamps / code academy.• Very excited to start.
16#ArubaAirheads
Common Automation Story
• Piece together some scripts, ansible playbooks.• Mix of Python, ansible, YAML• Add a front-end (flask, django).• ”See how easy it is!”
Caution! This is a team sport.
17#ArubaAirheads
• Then someone goes on holiday
• Or pulls a sickie• Or the on-call engineer runs
the wrong script
And….
Cue automation horror stories
Failure at scale!
18#ArubaAirheads
Automation is Not Just the Network
Automation
Change Management
Monitoring Ticketing
PEOPLE
19#ArubaAirheads
Change the Networking Skillset
• Education is key• Expand the Networking skill set
Linux Python Git
NetOps 2020 Tool Kit
Fundamentals
CI/CD ToolchainsCloud
IPv6
21#ArubaAirheads
Network Automation – Three Methods
Aruba Product
• Automation Built-in:AOS8, ClearPass Roles
• Automation Tools:Netedit, Airwave
Do-It-Yourself
• Python, Go scripting• Custom ansible
modules
Third-Party Tools
• Core ansible• Salt• NMS systems
23#ArubaAirheads
Ansible
• Open Source Project written by Michael De Haan
• Now run by Red Hat• Started as Configuration Mgmt for Linux Servers• Modular – expanding way beyond initial scope• Supports Windows, containers, cloud….and
networks.
24#ArubaAirheads
Ansible
Agentless No installs on remote hosts
Open Source Hosted on github
Cross-platform support Manage servers and
switches
Idempotent Only change if required
Low Time to Automate
Easier to start automation if no coding skills
25#ArubaAirheads
Ansible
Ansible architecture:• Clients (Windows, linux, network device)• Control Machine – run command on this to control clients. Windows not supported.• Original model: ansible interacts using SSH with clients.• Adapted to use REST API.
Control Machine
Client (hosts)
Ansible Files
26#ArubaAirheads
Ansible
Ansible architecture:• Very adaptable – can be a single line command AKA ad-hoc command:
ansible all -m service -a "name=httpd state=started"
Target hostsClients to run command on
TaskSpecific action to takeModule
Feature to run
27#ArubaAirheads
Ansible
Ansible architecture:• Scales up with adaptable file structure:
Host File / InventoryList of clientsINI or YAML
ansible.cfgBasic operation variables
mail.example.com
[webservers]foo.example.combar.example.com[dbservers]one.example.comtwo.example.com
all:hosts:
core:switch1switch2
leaf:switch3switch4
INI
YAML
28#ArubaAirheads
YAML – Yet Another Markup Language
Humanly readable data-serialization language (thanks Wikipedia)Way of presenting data object (lists, key-value pairs) in a config fileStructure is significant. Indented block or in-line
---- bread- milk- eggs
[one, two, three]
name: bruce waynejob: spiderman
{name: peter parker, job: jedi knight}
Key-value pair
List
29#ArubaAirheads
Ansible
Ansible playbookWritten in YAML
- name: Turn up isc dhcp serverbecome: yeshosts: alltasks:
- name: update & upgradeapt: update_cache=yes upgrade=full
- name: install isc dhcpapt: name=isc-dhcp-server
- name: copy dhcpd6 configcopy:
src: dhcpd6.confdest: /etc/dhcp/dhcpd6.confowner: rootgroup: rootmode: 0644backup: yes
- name: start and enable dhcpv6systemd:
state: startedname: isc-dhcp-server6enabled: yes
Hosts to run on
Task
module
actionSimple Linux Example
• Install ISC DHCP pkg• Build DHCPv6 Server• Configure .conf• Start Service
31#ArubaAirheads
ArubaOS-Switch Ansible ModulesVLAN Creation
Update Interface 5 description
Creates VLAN 300
32#ArubaAirheads
ArubaOS-Switch ModulesAvailable modules
Apply ACLs to interfaces Restore Configurations Attach VRFs to VLAN interfaces
Manage User Information Configure DNS Server Configure NTP
Manage VLANs Configure Radius Profile Update/Configure PoE Ports
Configure QoS rate on interfaces Configure/Delete QoS Policies Configure SNMP Traps
Configure STP Configure/Manage AAA Configure Syslog
33#ArubaAirheads
ArubaOS-CX ModulesAvailable modules
Apply ACLs to L3 interfaces Enable/Disable interfaces Attach VRFs to VLAN interfaces
Attach VLANs to L2 interfaces Assign IP helper addresses to interfaces Assign VSX MAC Address virtual gateway to VLAN interface
Create/Delete VLAN interfaces Assign IP addresses to VLAN interfaces Create/Delete L2 VLANs
Configure QoS rate on interfaces Delete/Create L2 interfaces Attach VRFs to L3 interfaces
Delete/Create L3 interfaces Attaching QoS schedule profile to interfaces
Assign active IP gateway to VLAN interface
34#ArubaAirheads
NEW: Ansible Galaxy CX Roles
• Recently posted to ansible community site.• Roles = defined ansible file structure, imported into
playbooks. Eases sharing.• 11 tasks for ArubaOS-CX:
o L2 Interface creationo L3 Interface creationo Static routeo Vlano Vlan interface configurationo VRF creationo ACL configuration
36#ArubaAirheads
Can be confusing
Ansible – Scaled Up
Ansible scales up by abstracting and expanding functionality into separate directories and files
Examples:
• Inventory• Variables – for use in playbooks • Playbooks• Tasks• Templates - for jinja2 templating• Files - to be copied to clients
https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#playbooks-best-practices
😳
38#ArubaAirheads
Ansible Or Python?
Written in Python but users do not need to know Python
YAML easier to work with than native Python for beginners.
Pro Users write playbooks for actions in YAML.
39#ArubaAirheads
Ansible Or Python?
Ansible Playbooks create abstraction layer, hiding complexity of tasks, roles, hosts etc into a single command
Lower skilled staff empowered with automation tooling
Running playbooks can constitute day-to-day NetOps
40#ArubaAirheads
Ansible Or Python?
The more ansible deviates from initial config mgmt goal, the more the structure becomes a restriction
Think training wheels on a bike
42#ArubaAirheads
Aruba & Ansible
• Aruba Ansible Modules GitHub:• Link: https://github.com/aruba/aruba-ansible-modules
• Aruba Ansible Workflows GitHub:• Link: https://github.com/aruba/aruba-switch-ansible
• Switching Automation Series on ABC Networking• Link: https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ
top related