+

Philip DiLeo - EOS+ Consulting Services

But first, football...

Odell Beckham:1. Sprint 10 yards2. Slant at 45 degrees3. Run 4 yards4. Catch ball at 60mph

Third string player:1. Sprint 5 yards2. Slant at 45 degrees3. Run 1 yard4. Catch ball at 20mph

What would a data model look like for the player?

Odell Beckhamslant_route: sprint: 10 post_slant_sprint: 5 ball_speed: 60

Third string playerslant_route: sprint: 5 post_slant_sprint: 1 ball_speed: 20

Group Variableslant_angle: 45

How would you describe the play for the wide receiver in red?

- players: wide_receivers

tasks: - name: On hike, sprint! sprinting: distance={{ slant_route.sprint }}

- name: Then slant in change_direction: angle={{ slant_angle }}

- name: Then sprint again sprinting: distance={{ slant_route.post_slant_sprint }}

- name: Prepare to catch receive_ball: speed={{ slant_route.ball_speed }}

Okay Coach, write the play...

group_vars/wide_receivers:slant_angle: 45

player_vars/odell_beckham:slant_route: sprint: 10 post_slant_sprint: 5 ball_speed: 60

player_vars/third_string:slant_route: sprint: 5 post_slant_sprint: 1 ball_speed: 20

players file:[wide_receivers]odell_beckhamthird_string

1. Who runs the play?

4. Gather Player Vars

5. Run tasks

3. Any group vars?

2. Who’s in that group? (Iterate per player)

Conceptually, then...

- host_vars- group_vars- sql database- git repo- static config lines

- Ansible Tasks/Roles - Config Blocks - API Calls

Data Execution Strategy

RunningConfig

Some Background on Ansible● Goal: simplicity and ease of use● Playbooks written in easily-read YAML● Written in Python● Agent-less architecture (no client daemon)● Security (uses OpenSSH or SSL)● Can be used by all within organization● Tower: Operationalize Ansible

Why do I need Ansible?

“Why can’t I write a python or shell script that configures the switch?”

● Idempotency● Manageability● One platform for entire infra● Community-driven (1000 >> 1)

Ansible ModulesAnsible includes 400+ built-in modules including:● apt, yum, copy, command, cron, dns,

docker, easy_install, ec2 (amazon modules), file, filesystem, find, git, known_hosts, mysql, mongodb, nagios, npm, openstack, rax (rackspace) pip, shell, snmp_facts…

Sample options for the yum module

But where are the networking modules?

Ways to use Ansible with Arista

● API-based approach with arista.eos role available through Galaxy

● Config-based approach with ansible core module eos_config (Ansible 2.0+)

The Ansible Role for EOS

The Ansible Role for EOS allows us to package multiple EOS-related modules into one convenient role.

This can be installed using Ansible Galaxy

$ ansible-galaxy install arista.eos

EOS Role - What’s included?

● eos_acl_entry● eos_bgp_config● eos_bgp_neighbor● eos_bgp_network● eos_ethernet● eos_facts● eos_interface● eos_ipinterface● eos_mlag_config● eos_mlag_interface● eos_ping● eos_portchannel● eos_purge

● eos_routemap● eos_staticroute● eos_stp_interface● eos_switchport● eos_system● eos_user● eos_varp● eos_varp_interface● eos_vlan● eos_vrrp● eos_vxlan● eos_vxlan_vlan● eos_vxlan_vtep

Handler● save running config

Modules

How does it work?tasks:

- name: Configure Vlan 1 eos_vlan: vlanid=1 enable=yes name=foo

Additional EOS Roles[ Ansible Roles that built on top of arista.eos ]

Stop writing tasks.Start to model your configuration as CLI-

agnostic data structures

arista.eos base role

(includes mainly modules)

arista.eos-route-control

(mainly tasks)

arista.eos-system(mainly tasks)

arista.eos-virtual-router

(mainly tasks)

arista.eos-vxlan(mainly tasks)

arista.eos-bridging(mainly tasks)

arista.eos-interfaces(mainly tasks)

arista.eos-ipv4(mainly tasks)

arista.eos-bgp(mainly tasks)

arista.eos-mlag(mainly tasks)

Available Through Galaxy[ Ansible Roles that built on top of arista.eos ]

https://galaxy.ansible.com/detail#/user/5790

Connection Methods

Option A - SSH

Requirements:● Password-less SSH

associations● pyeapi installed on switch

(you can do this with Ansible)

● eAPI enabled● bash user

Notes:● You can use http_local or

unix sockets on >4.14.5F● Technically more secure

Option B - eAPI

Requirements:● pyeapi installed on

Ansible Control Host● eAPI enabled

Notes:● Simplicity but

potentially less secure. Need to store eapi credentials in cleartext.

A New Method...

eos_config Core Module[ New in Ansible 2.0+ ]

- name: get eos facts

eos_facts:

include_config: yes

device: "{{ eapi }}"

- name: Configure Arista Interface

eos_config:

block:

- "description {{ item.description }}"

- "{{ item.enabled | ternary('no shutdown', 'shutdown') }}"

- "no switchport"

- "ip address {{ item.address }}"

parent: "interface {{ item.name }}"

device: "{{ eapi_connection }}"

config: "{{ eos_facts.config }}"

with_items: interfaces

ansible_connection: local

eapi_connection:

host: "{{ inventory_hostname }}"

username: admin

password: admin

use_ssl: no

interfaces:

- name: Ethernet1

enabled: yes

description: My interface 1

address: 1.1.1.1/24

- name: Ethernet2

enabled: yes

description: My interface 2

address: 1.1.2.1/24

eos_config Core Module[ New in Ansible 2.0+ ]

Advantages

● No third-party libraries needed (pyeapi, arista.eos)● Work directly with known running-configuration● Easy to use/understand. Zero barrier to entry● Offline-mode (generate configuration lines)● Leverages eAPI connection

Best Practices...

Beginner’s Playbook(s)#1. playbooks/deploy_app1_spine.yml

---

- hosts: spine

tasks:

- name: Configure App Vlan vlan: vlanid=10 enable=yes name=app1

- name: Configure BGP bgp: key=value key=value key=value

- name: Configure Interfaces intf: key=value key=value key=value

- name: Configure SMNP system: key=value key=value key=value

- name: Configure mlag mlag: key=value key=value key=value

#N. playbooks/deploy_appN_spine.yml

---

- hosts: spine

tasks:

- name: Configure App Vlan vlan: vlanid=1000 enable=yes name=app1

- name: Configure BGP bgp: key=value key=value key=value

- name: Configure Interfaces intf: key=value key=value key=value

- name: Configure SMNP system: key=value key=value key=value

Solution: Ansible Roles“We’ll pretty much assume you are using roles at this point. You should be using roles for sure. Roles are great. You are using roles aren’t you? Hint hint.” docs.ansible.com

“...they allow you to focus more on the big picture and only dive down into the details when needed.”

Example EOS Role - Varp[ Abstract Virtual Router Configuration ]

host_vars/veos-3

virtual_mac_addr: "00:1c:73:00:00:99"varp_interfaces: - vlanid: 1001 name: Varp_Vlan1001 interface_addr: 192.168.1.3/24 virtual_addrs: - 192.168.1.1 - vlanid: 1002 name: Varp_Vlan1002 interface_addr: 192.168.2.3/24 virtual_addrs: - 192.168.2.1

host_vars/veos-4

virtual_mac_addr: "00:1c:73:00:00:99"varp_interfaces: - vlanid: 1001 name: Varp_Vlan1001 interface_addr: 192.168.1.4/24 virtual_addrs: - 192.168.1.1 - vlanid: 1002 name: Varp_Vlan1002 interface_addr: 192.168.2.4/24 virtual_addrs: - 192.168.2.1

# Playbook- hosts: leafs roles: - arista.eos-virtual-router

# Run

ansible-playbook -i hosts play.yml

# hosts file[leafs]veos-3veos-4

Using Roles - Site Configuration[ Simply include roles ]

# Run

ansible-playbook -i hosts site.yml

# hosts file[spine]veos-1veos-2

[leaf]veos-3veos-4

# Playbook site.yml- include: spine.yaml- include: leaf.yaml

# Playbook spine.yml- hosts: spine gather_facts: no

roles: - arista.eos-system - arista.eos-interfaces - arista.eos-bridging - arista.eos-ipv4 - arista.eos-route-control - arista.eos-bgp

# Playbook leaf.yml- hosts: leaf gather_facts: no

roles: - arista.eos-system - arista.eos-interfaces - arista.eos-bridging - arista.eos-ipv4 - arista.eos-route-control - arista.eos-bgp - arista.eos-mlag - arista.eos-virtual-router

Sample Demo[ Zero Touch into Tower ]

https://youtu.be/VB29kjSOp7ESetup

1. Spine/leaf in bowtie2. All nodes in ZTP mode3. Nodes statically +

dynamically identified by ZTPServer

4. Nodes get base config:a. hostnameb. mgmt ipc. eAPI enabled

5. Nodes register themselves with Tower

6. Run Job Template in Tower to provision nodes.

Getting Started● Main Ansible Documentation● Ansible EOS Quickstart Guide● Writing a Module● Ask about our Ravello Blueprint

● Ask for Help - ansible-dev@arista.com

Thanks!