techwisetv workshop: open nx-os and devops with puppet labs
TRANSCRIPT
1© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
TECHNOLOGY YOU CAN USE, FROM GEEKS YOU CAN TRUST!
Robb Boyd @robbboyd techwisetv.com
TechWiseTV Workshop -Accelerate Your IT Tasks with Open NX-OS
Shane Corban Product Manager CiscoCarl Caum Technical Marketing PuppetDecember 10th 2015
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Open NX-OS Introduction & Level Set• Open NX-OS Linux Architecture & Capabilities• Open NX-OS Devops Tool Integration• Open NX-OS Programmability Options
Agenda
3
5© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What problem are we trying to solve?
“I can spin up servers in minutes with my Configuration Management Tool workflows, why does it take orders of magnitude more to spin
up and affect change on my Network Elements?”
IT Organizations adopting DevOps processes and tools deploy 30x more frequently with 200x shorter lead times; they have 60x fewer failures and recover 168x faster.
6© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Services
CMT
NetworkApplications
CMT
Compute
CMTApplicationRequirements
Configuration Management Tool (CM Tools)/ Open API’s
Data Center Automation and IT CollaborationToday: Serialized Configuration and Management
SUCCESSFUL DEPLOYMENT
Slow ManualError Prone – Bottle Neck!
7© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
POAP
BootStrap and Provisioning
PXE
NX-API CLI
Programmability Tools
Package and Application Management
Native Agent SDK
Extensibility Server Management Tools
Standard Open Interfaces
Ease of Operations Modular Open 3rd Party Apps Programmable Ready for
DevOps
Cisco NX-OS – Programmable – Extensible – Open
NX-API REST
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Open NX-OS Introduction & Level Set• Open NX-OS Linux Architecture &
Capabilities• Open NX-OS Devops Tool Integration• Open NX-OS Programmability Options
Agenda
8
9© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Off the shelf Applications without modifications
Leverage ability to install third party packages in Secure Guestshell or natively in NX-OS kernel• Install all third party applications
(Puppet/Chef, Splunk/Nagios/Ganglia) as RPMs
Daemon managed via standard Linux interfaces
Built-in support for YUM package manager
Patching and upgrade using standardrpm/yum workflows• NX-OS processes(BGP) can be
upgraded/patched via “yum update”
Open NX-OS Linux Based Architecture
C app with standard Linux
constructs
Open Embedded 64
bit Build Environment
RPM Upload
Linux Daemon
Linux Kernel
Raw Socket NetdevsLibpcap
init.d
Monitoring
server
ASIC
Target Switch
Package as RPM
Build Server
Cisco/Local Repository
RPM Local Repository
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation ID
Kernel (cgroup, LSM)
NX-OS root file system
Native Linux
Processes
Native Linux
ProcessesBash Bash
Native Linux
Processes
Native Linux
Processes
Native Linux
Processes
Guest root file systemPkg-1.rpm Pkg-2.rpm
Pkg-2.rpm Pkg-3.rpm
Ns=globalNs=global Ns=guestshell Ns=guestshell Ns=guestshellNs=global Ns=guestshell
Native Shell, RPM + Containers
• Secure common distribution CentOS7 environment in which customer may install their own custom applications
• Use “guestshell resize” command to restrict CPU/memory/rootfs resources available to Guest Shell
Open NX-OS: Third Party Application IntegrationSecure Guest Shell
Pkg-4.rpm
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Open NX-OS Introduction & Level Set• Open NX-OS Linux Architecture & Capabilities• Open NX-OS Devops Tool Integration• Open NX-OS Programmability Options
Agenda
11
12© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential https://opennxos.cisco.com
Built on Flexible and Modular Linux
Shipped Q3CY15
Reduce OPEX and Enable Rapid Application Deployment using DevOps Model
OPEN NXOS
KEY BENEFITS
Reduced maintenance windows, higher availability enabled by non-disruptive RPM-based live patching and process restart
Choice of DevOps automation and monitoring tools, enabling rapid application deployment and enhanced visibility
Integrate natively and securely using common DevOps configuration management tools – Chef/Puppet/Ansible
Enable greater network visibility using industry standard analytics tools – Splunk/Ganglia/Nagios
Flexibility to integrate off-the-shelf and custom applications using the Linux SDK
13© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automating Device Operational Lifecycle
Day 0Install
Day 1Configure & Operate
Day 2Optimize
Day NUpgrade
GOAL: Get a device/s into an
operational state?
CHALLENGE: “I can bring up a server in
5 minutes, but a switch takes 2 days…”
GOAL: Get the network into an operational state?
CHALLENGE: Automation of configuration for servers and applications is relatively easy how can my network be as easy?
GOAL: Continuously upgrade
features within my network, incrementally and safely?
CHALLENGE: I can dynamically patch Linux
with automated tools; why can’t I do the same with my
network devices?
GOAL: Add dynamic services, optimize behavior and trouble shooting? (Includes information from applications and the network correlated).
CHALLENGE: My compute and application platforms are open and extensible why is my network not?
Ignite & POAP/PXE
Ansible, Puppet and ChefNX-API REST
Ansible Puppet and Chef
and Guestshell
Modular NxOS Patachablity,
ISSU
Puppet/Chef/AnsibleNX-API REST ensure model complianceGuestshell, Splunk/Nagios
14© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential https://github.com/datacenter/ignite
Enabling Day Zero Provisioning with Open Source Tools
PXE/iPXE
Automate day zero provisioning with open source, standards-based tools
Provides GUI for topology and configuration design packaged as an OVA, support for KVM or VMware
Acts as an image and configuration template store for POAP
Use python script extensions for third party application installation and post boot customizations
Operational Choice: Supported across Nexus 3K & 9K, bootstrap NX-OS using existing compute PXE/iPXE servers for switching infrastructure
Shipped Q3CY15
Simplify Operations, Eliminate Provisioning Errors, Reduce Cost with
OPEN NXOS
15© 2015 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPuppet/Chef Master Server
Native Linux Service/etc/init.d/puppet.d & chef.d
NX-OS
Cisco Puppet/Chef Agent
NX-APICisco Puppet/Chef Module(Incl Utility
GEMs)
Linux Software Repository
Server Yum/RPM install puppet/chef.rpm
• Support for Puppet, Chef and Ansible• Cisco Puppet Agent RPM/software package posted
to Puppet forge and Open Sourced to Github• Install Cisco Puppet Module on Puppet Master• Yum install Puppet Agent rpm on switches• Switch Agent periodically will poll Puppet/Chef
Master for updated catalog/cookbooks and attempt to converge switch to desired state
CM Agent Based Tool Architecture – Chef/Puppet
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation ID
Type/Provider Roadmap:VXLAN EVPN – Q1CY16
Virtual Port Channel – Q2CY16Segment Routing – Q3CY16
Open NX-OS Puppet/ChefCisco Chef & Puppet Agent Types/Provider Support
Chef/Puppet Agent Types/Providers
cisco_vtp
cisco_tacacs_server
cisco_tacacs_server_hostcisco_snmp_servercisco_snmp_community
cisco_snmp_groupcisco_ospfcisco_ospf_vrf
cisco_vlan
cisco_bgpcisco_bgp_vrf
cisco_interface
cisco_interface_ospf
cisco_interface_vlan
• Agents RPM installed natively on switch, using agent RPM or within isolated guestshell environment
• Supported Agent Types/Providers for Camden
• Cisco Network Element Chef/Puppet module code published on Git and Forge/Supermarket
• Agent is extensible beyond what we support by default by using the utility classes OR:
• Agent is also extensible by embedding CLI using cisco_command_config resource construct
Puppet Enterprise OverviewAutomate for Speed & Reliability
Carl CaumTechnical Marketing Manager at Puppet Labs
Reduce The Timeline
• Deliver value to business faster, more reliably
• Meet compliance & audit requirements
• Adopt & mature DevOps practices & supporting technologies
• Adopt new technology while supporting & sun-setting old
• Too much fire fighting• Scripting & manual
processes aren’t cutting it• Provisioning systems &
apps is manual, costly• Unexpected configuration
changes• Difficult to keep up with
demands from the business
Common Challenges. Critical Initiatives.
Our software automates the provisioning,
configuration & ongoing management
of your network & the applications, services & software running on them.
Automation Best PracticesModel & Enforce Your Desired State
Model desired state Continually enforce Audit & report
Automation Best PracticesAcross The Lifecycle
Provisioning DecommissioningInitial configuration Orchestration
Where To Start
Infrastructure as Code
Version Control
Configuration Management Peer Review
Collaboration IterationFast Feedback Visibility
Continuous Delivery
Automated Testing &
Deployments
How we help:• Apply DevOps practices to networking• Manage the network just like compute• Unify change insight & management for all
infrastructure at all levels of the application stack
A Unified Platform for Your Infrastructure
Network
Compute
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Use Case 1.1: Automatically deploying configuration based on roles
• Use Case 1.2: Understanding change as it occurs on the network
Demo 1 – Automating Open NX-OS with Puppet
25
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• All CM tools enforce model compliance and eliminate configuration drift
• All CM tools provide audit logging of change• All CM tools support concept of no-op runs
Configuration Managements ToolsAgent v/s Agent-less Architecture• Agent based CM are “pull based”
• Agent on managed device connects with master for config information periodically
• Changes made on master are pulled down and executed
• Operations are Idempotent
• Puppet and Chef are agent based
• Agent-less CM are “push based”
• CM scripts are run on the master
• Scripts connect to the managed device and execute the tasks
• No timer, control lies with the master
• Operations are Idempotent
• Ansible is agent-less
Ansible Enterprise Automation
Simple. Agentless. Powerful.
Control. Security. Delegation.
/Uses OpenSSH & NX-API
/No extra code to manage
/Ready for cloud-scale
/Uses YAML for playbooks/No special coding skills needed
/Fast learning curve/Tasks in playbooks executed in order
/App deployment/Orchestration/Configuration management
/Eliminates Config Drift
/Role-Based Access Control
/Delegation of credentials/keys
/Audit trail for automation
/Centralized job runs/ Job scheduling/Automation dashboard
/Push-button job execution
/Portal mode for delegation
/REST API for integration
AnsibleOpen Source
AnsibleTower
Ansible 2.0 Release with Tower in Q1CY16 includes complete support for Nexus platforms
29© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Configuration Management
Continuous Development /Source Control
CI Test Simulation Environment
Continuous Integration/Build
The Platform
DevOps: Tooling Categories
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Open NX-OS Virtual Nexus 9000 • Use with Beaker/KitchenCI for
ongoing application integration testing
• Test more often and catch errors early and often prior to live deployment
• Integrated support for Vmware Fusion, ESX 5.1/5.5 and KVM(QCOW2), VMDK(Virtual Box)
• Available under controlled availability – email [email protected] with CCO ids for access
• Targeting Public Release CY16 of v9K, with ViRL integration
• Feature Parity 7.0(3)I2(2)
v9k Test FabricCI Tools
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Use Case 2.1: Provisioning new tenant workloads for the network takes an exhorbitant amount of time manually, use Ansible and Open NX-OS to reduce this from days to mins
Demo 2 – Open NX-OS Ansible Demo
33
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Open NX-OS Introduction & Level Set• Open NX-OS Linux Architecture & Capabilities• Open NX-OS Devops Tool Integration• Open NX-OS Programmability Options
Agenda
34
35© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential https://opennxos.cisco.com
Customized Automation with NX-API REST
Shipped Q3CY15
Shorten Network Deployment Times, Reduce Human Error, Build Flexible, Responsive Automation Architecture
OPEN NXOS
KEY BENEFITS
Model Based – Provides a scalable, object model based architecture for custom automation tool development
Secure - Access to all network objects is authenticated, encrypted and authorized with AAA (Tacacs+, Radius)
Change Based Notifications - NX-API REST applications can subscribe to events from network objects without redundant polling, providing:
Application performance benefitsApplication processing time reduction
NX-API contains a modeled representation of critical NX-OS features in a tree based hierarchical model
Objects are modified and queried using HTTP REST API calls
System
Router-IDPeersEth1/1
Eth1/2..
ARP Entries
Physical BGP
Object Store• class• dn: distinguished name(url)• statistics• Properties(xml/json)
• object prop1• object prop2
…
MIT
ARP
Publisher
Subscribe
Any Updates – BGP Object
Push Notification – BGP Peer Down!
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialOpen NX-OS
What are we trying to solve with NX-API REST?Limitation with CLI Modeled Automation:Screen Scraping:
• With NX-API REST and the object model you send objects in XML/JSON not CLI’s to the switch, and receive objects back from the switch, removing the need for manipulation of strings in automation tools.
Centralized Database:• Direct access to our centralized database(object store), resulting in automation
tool performance improvements, no more need to go through CLI software layers
Sequencing:• With NX-API REST there is less need to be aware of command sequencing when
configuring something (conf t ; router bgp ; neighbor…)• Want to remove or update something? Re-do potentially have to redo the whole
CLI sequence with a “no” to the last command and re-configuration, so you need to build this intelligence into your automation.
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialOpen NX-OS
Referencing an Object in NX-API REST: Distinguished Name Globally unique identifier for an object in the database For example:
Adding a peer address to BGP default domain: DN: sys/bgp/inst/dom-default/peer-[192.168.0.2] Viewing a physical ethernet interface’s port capabilities: DN: sys/phys-[eth1/1]/phys/portcap
Object Definition or naming rule will be posted to http://developer.cisco.com
System
BgpEntity BgpInstance BgpDomain BgpPeer
BgpLocalASN
BgpPeerAf
BgpPeerEntry
L1PhysIf
ethpmPhysIf ethpmPortCap
L1Load
L1StormControl
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialOpen NX-OS
How do I utilize it? • To configure or update something: push an new object
to the switch via the HTTP POST REST API call • To check status of something: read the relevant object
using HTTP GET REST API call• To monitor something:
• Subscribe to an object for events related to that particular object• The switch will send you a push notification when this object
changes
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Use Case 3.1:Automation the provisioning of a BGP based programmable fabric utilizing our NX-API REST object model. Reduce time to fabric deployment from days to mins.
Demo 3 – Open NX-OS NX-API REST Demo
39
40© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Open-NXOS Reference LinksSoftware Link
Chef Agent (Supermarket)Chef Cookbook
http://supermarket.chef.iohttps://github.com/cisco/cisco-network-chef-cookbook
NX-API REST Model https://opennxos.cisco.com/public/api/nxapi-rest/
Puppet Agent (Puppetforge)Puppet Module
http://forge.puppetlabs.comhttps://github.com/cisco/cisco-network-puppet-module
Native 3rd Party Agent Repository(Cisco Repository)
http://developer.cisco.com/opennxos
Nexus 3/9K GiT Repository (Scripting Examples, etc)
http://github.com/datacenter/nexus9000
Ignite Open Source ToolkitNX Toolkit
https://github.com/datacenter/ignitehttps://github.com/datacenter/nxtoolkit
SDK for developing native application RPMs
www.yocto.org
Question/Thoughts?THANK YOU
Thank You for Attending
For TechWiseTV episodes, TechWiseTV Workshops, Fundamentals and Networking 101’s visit http://www.Cisco.com/go/TechWiseTV.com.
https://www.facebook.com/techwise
https://twitter.com/techwisetv