Ansible Networking RHUG

Transcript

1. Eric McLeroy, Sr. Solutions Architect, Networking, Ansible by Red Hat

   [email protected] AUTOMATION FOR NETWORK INFRASTRUCTURE

2. MANAGING NETWORKS HASN’T CHANGED IN 30 YEARS.

3. WHY AUTOMATE YOUR NETWORK? It’s your single source of truth

   • Backups/restores can be automated • Changes can be incremental or wholesale • Manage “golden” versions of configurations Configuration management and verification Ensure an on-going steady-state • Daily, weekly, monthly scheduled tasks WHY AUTOMATE YOUR NETWORK?

4. What is Ansible?

5. SIMPLE POWERFUL AGENTLESS App deployment Configuration management Workflow orchestration Orchestrate

   the app lifecycle Human readable automation No special coding skills needed Tasks executed in order Get productive quickly Agentless architecture Uses OpenSSH & WinRM No agents to exploit or update More efficient & more secure

6. • A10 • Apstra • Arista EOS (cli, eAPI) •

   AVI Networks • Big Switch Networks • Cisco ASA, IOS, IOS-XR, NX-OS • Citrix Netscaler • Cumulus Linux • Dell OS6, OS9, OS10 • Exoscale • F5 BIG-IP • Fortinet • Huawei • Illumos • Juniper Junos • Lenovo • Ordnance • NETCONF • Netvisor • Openswitch • Open vSwitch (OVS) • Palo Alto PAN-OS • Nokia SR OS • VyOS NETWORK MODULES: DEVICE SUPPORT

7. Control Node Managed Network Devices Control Node: Any client system

   (server, laptop, VM) running Linux or Mac OSX Managed Nodes (Inventory): A collection of endpoints being managed via SSH or API. Modules: Handles execution of remote system commands Inventory Playbook Modules SSH SSH SSH, API Cisco IOS Arista EOS Cumulus Linux

8. NETWORK MODULES: BASIC *_command: Run command get/use output *_config: Make

   a change to the config with context *_facts: Get information (e.g. OS version, interfaces, etc.) *_template (D) Deploy Template: Apply J2 Template. Deprecated in favor of *_config commands

9. PLAYBOOK EXAMPLE --- - name: run multiple commands and evaluate

   the output hosts: ios01 tasks: - name: show version and show interfaces ios_command: commands: - show version - show interfaces wait_for: - result[0] contains IOS - result[1] contains Loopback0

10. PLAYBOOK EXAMPLE – REAL WORLD --- - name: configure ios

    interface hosts: ios01 tasks: - name: collect device running-config ios_command: commands: show running-config interface GigabitEthernet0/2 provider: “{{ cli }}” register: config - name: administratively enable interface ios_config: lines: no shutdown parents: interface GigabitEthernet0/2 provider: “{{ cli }}” when: ‘”shutdown” in config.stdout[0]‘

11. PLAYBOOK EXAMPLE – REAL WORLD (CONT.) --- - name: verify

    operational status ios_command: commands: - show interfaces GigabitEthernet0/2 - show cdp neighbors GigabitEthernet0/2 detail waitfor: - result[0] contains ‘line protocol is up’ - result[1] contains ‘iosxr03’ - result[1] contains ’10.0.0.42’ provider: “{{ cli }}”

12. PLAYBOOK EXAMPLE – REAL WORLD (RESULTS) (ansible)[network]$ ansible-playbook ios_interface.yaml PLAY

    [configure ios interface] ************************************* TASK [collect device running-config] ******************************* ok: [ios01] TASK [administratively enable interface] *************************** changed: [ios01] TASK [verify operational status] *********************************** ok: [ios01] PLAY RECAP ********************************************************* ios01 : ok=3 changed=1 unreachable=0 failed=0

13. 2.0 1/2016 2.1 5/2016 2.2 10/2016 2.3 4/2017 2.4 Late

    2017 Introduction of networking support 7 Platforms 28 Modules 17 Platforms 141 Modules Persistent Connections NETCONF Support 29 Platforms* 267 Modules Session Tracing Declarative Module Support More Platforms More Modules *as of 3/2017

14. RESOURCES Ansible Networking Homepage: ansible.com/networking Download Ansible 2.3: releases.ansible.com/ansible/ Evaluate

    Ansible Tower: ansible.com/tower-trial/ Email: [email protected] Join the Community Users list: ansible-project Development list: ansible-devel Announcement list: ansible-announce (read only) irc.freenode.net: #ansible slack.networktocode.com: #ansible