$30 off During Our Annual Pro Sale. View Details »

Ansible for Network Automation

Phil Huang
June 27, 2019
Technology
0
190

Ansible for Network Automation

#redhat #ansible #netdevops #networking

Phil Huang

June 27, 2019
Tweet

More Decks by Phil Huang

See All by Phil Huang
20231129 如何選擇適當的 CNCF Project 來使用
pichuang
0
50
20231024 CNSW Lightning Talk: TAG Environmental Sustainability
pichuang
0
58
20230913_採用 Azure OpenAI 和 Azure Kubernetes Service 來建構您自己的 AI 應用程式
pichuang
1
64
20230615 Kubernetes Scalable Workloads
pichuang
1
220
混合雲基礎架構探討 Microsoft Azure Infrastructure
pichuang
0
56
20230328 ARO Technical Workshop
pichuang
0
57
20230320 Azure Red Hat OpenShift Network Concepts
pichuang
0
83
20221222 Unleashing the Power of Azure VMware Solution
pichuang
0
260
20221220 Azure Public IP 路由偏好教戰手冊
pichuang
0
140

Other Decks in Technology

See All in Technology
2023-12-01 吉祥寺.pm ベストプラクティスと組織とIaC
masasuzu
1
370
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
0
150
朝起こしてくれるメイドさんが欲しい (LT) - NIFTY Tech Day 2023
niftycorp
1
110
提案段階のVS CodeのチャットエージェントAPIを動かしてみた
masa5555
0
130
ROSCon 2023参加報告:Real-Time Workshop & Zenoh's Current Status and Forecast
takasehideki
1
220
ミチビク株式会社エンジニアカンパニーデック
knsg16
0
2.2k
10分でわかる株式会社ログラス − エンジニア向け会社説明資料 / Loglass in 10 min for Engineers
loglass2019
2
830
Repro の開発組織体制の変遷そして Platform Engineering / Platform Engineering Meetup #6
a_bicky
2
290
dbt Coreとdbt-athenaによるAWS上のdbt環境構築ナレッジ
nayuts
0
270
DMMオンラインサロン エンジニア採用資料/ for-software-engineers
onlinesalon
0
3.6k
Rest Clientユーザーの自分がPostman の VS Code拡張機能を扱ってみた感想
smt7174
0
140
KarateによるBDDベースのAPIテスト / BDD based API-Testing with Karate
takanorig
1
120

Featured

See All Featured
Agile that works and the tools we love
rasmusluckow
323
20k
What's new in Ruby 2.0
geeforr
335
30k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
5
740
KATA
mclloyd
13
11k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
51k
The Art of Programming - Codeland 2020
erikaheidi
39
12k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
26
5.7k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8.3k
Producing Creativity
orderedlist
PRO
335
38k
Building Adaptive Systems
keathley
29
1.6k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.7k
Atom: Resistance is Futile
akmur
257
24k

Transcript

  1. View Slide

  2. Phil Huang
    Solution Architect
    2019/06/27
    Ansible for Network Automation

    View Slide

  3. # whois Phil Huang
    Red Hat Solution Architect
    ● Ansible IT Automation
    ● OpenShift Container Platform
    ● SDN/NFV

    View Slide

  4. 管理網路的方式
    近30年
    沒有改變

    View Slide

  5. 現今管理網路的方式

    View Slide

  6. 為何需要自動化你的網路架構?
    真正可直接執行的計畫
    將日常任務規劃成可 重用 (Reusable) 的工作項目
    使用你既有的軟體開發模式
    Agile, DevOps, Waterfall
    比 PING 更好的測試方式
    可與正式的測試平台直接 集成 (Integrate) 測試
    在部署階段更有信心
    驗證更改 (Validate changes) 是否成功
    確保正在運行中的環境是穩定且 可控制狀態

    View Slide

  7. WHY ANSIBLE?
    SIMPLE POWERFUL AGENTLESS
    不需 python
    下載即可執行
    沿用既有知識
    適用於網路設備
    不需要使用任何代理
    採用標準 SSH 協定
    透過各廠商模組連接
    輕鬆地實現於各類平台
    整合既有 Linux 工具
    (for networks)

    View Slide

  8. 構建、管理動態 Inventory
    基於角色控制 (RBAC) 的組織授權方式
    利用 Ansible Workflow 來整合多平台任務
    利用 RESTful API 整合任何第三方平台
    為何 Ansible Tower 適合網路自動化?

    View Slide

  9. Ansible Tower WEB UI

    View Slide

  10. 協作:兩人以上共同使用一份 Playbooks
    集中:想要集中化管理及維護 Playbooks 機制
    整合:需要能透過 RESTful API 來控制 Playbooks
    授權:能整合 TACACS+, RADIUS, SAML, AD 等認證機制
    稽核:當老闆想要詢問合規性檢查及查詢紀錄時
    多平台:當你想要一鍵控制多個不同的平台
    何時你需要考慮使用 Ansible Tower?
    Watch Tower 守望塔

    View Slide

  11. Well Defined Role Based API
    API 驅動的基礎架構
    Reputation
    Monitoring
    Easily Customizable Back End
    Servers
    Storage
    Networking
    {|}

    View Slide

  12. 12
    12 CONFIDENTIAL
    VIRTUAL
    MACHINE
    CONTAINER
    PLATFORM
    1 2 5
    4
    7
    3
    6
    8
    Jira commit Git commit Commit code to master if
    approved
    9
    Jenkins
    hook
    Build
    docs
    Container
    Build
    Run
    Ansible
    Tower job
    Deploy
    VM
    ISSUE/BUG/
    ENHANCEMENT
    VERSION CONTROL
    SYSTEM
    BUILD/TEST DOCUMENTATION
    BINARY/PACKAGE
    REPO
    ELK STACK
    USER ACTION
    Log aggregation
    Push
    build to
    repo
    Get
    Playbooks
    & Roles
    IP Address
    Management (IPAM)
    Get/Assign
    IP
    Network Devices
    Deploy/
    manage
    Enterprise Grade CI/CD Architecture

    View Slide

  13. Control Version
    Notifies of
    pass / fail
    Check Out Branch
    Monitors
    repository for
    changes
    Deploy Playbooks
    Test changes
    Notifies of
    deployment
    Notify of PR
    Check In Branch /
    Create PR
    Make Changes
    Merge Branch
    Pulls new
    Playbooks
    Ansible Playbook
    Network CI Workflow
    1
    2
    3 4

    View Slide

  14. • 資訊和當前主機狀態查詢和設定
    – Ad hoc 或批量執行
    – 迭代設定特定網段、VLAN、VRF
    – 使用 Ansible Vault 進行憑證管理
    • 狀態檢查和驗證
    – 可明確比較出 running config 及 startup config 的差異
    • 多種調度例行任務方式
    – 手動、透過 Tower 提供的 RESTful API, 透過 Tower 提供的排程機制
    Automation Use Case

    View Slide

  15. Automation Use Case
    • 持續性合規計畫
    – 可將狀態驗證 (Stateful validation) 和計畫整合在一起
    – 彙整紀錄供稽核
    • 集成第三方平台
    – 接續 Zero Touch Provisioning 後的組態設定管理
    – 使用 RESTful API
    • Splunk, ServiceNow, VMware, Elastic
    • Atlassian, GitLab, Jenkins, and most all Red Hat products

    View Slide

  16. 可使用 Ansible 網路模組
    A10
    Apstra AOS
    Arista EOS, CVP
    Aruba Networks
    AVI Networks
    Big Switch Networks
    Brocade Ironware
    Cisco ACI, AireOS, ASA, Firepower,
    IOS, IOS-XR, Meraki, NSO, NX-OS
    Citrix Netscaler
    Cumulus Linux
    Dell OS6, OS9, OS10
    MikroTik RouterOS
    Openswitch (OPX)
    Ordnance
    NETCONF
    Netvisor
    OpenSwitch
    Open vSwitch (OVS)
    Palo Alto PAN-OS
    Nokia NetAct, SR OS
    Ubiquiti EdgeOS
    VyOS
    Exoscale
    Extreme EX-OS, NOS,
    SLX-OS, VOSS
    F5 BIG-IP, BIG-IQ
    Fortinet FortIOS, FMGR
    Huawei CloudEngine
    Illumos
    Infoblox NIOS
    Juniper JunOS
    Lenovo CNOS, ENOS
    Mellanox ONYX

    View Slide

  17. CLOUD
    SECURITY
    NETWORK
    DEVOPS
    AWS
    Azure
    Century
    Link
    Cloud
    Scale
    Google
    Linode
    OpenStack
    Rackspace
    Docker Digital
    Ocean
    Palo
    Alto
    Check
    Point
    Splunk
    Snort
    F5
    Arista
    A10
    Cumulus
    Big
    Switch
    Cisco
    Dell
    F5 Juniper
    Palo
    Alto
    OpenSwitch
    HipChat
    IRC
    Jabber
    Email
    RocketChat
    Sendgrid
    Slack
    Twilio
    INFRASTRUCTURE
    RHEL
    VMware
    Windows
    Netapp
    Stacki

    View Slide

  18. 學習 Ansible
    • 參與既有的 Ansible 當地或國際社群
    • 參加 Red Hat 或其他地方的 Ansible 培訓課程及分享活動
    制定成功標準 (Success Criteria)
    • 建立特定目標,為你的組織量身定制工作流程 (Pipeline)
    • 確保建立目標階段時,參與者和流程不會差距太多
    從小規模開始著手吧!
    • 建立只讀或檢查的 Ansible Playbooks
    • 從最煩人但又很簡單的例行工作開始出發
    • 保持彈性
    該如何開始?

    View Slide

  19. Red Hat Ansible System Administrator 培訓管道
    ANSIBLE SYSTEM
    ADMINISTRATOR
    DO409
    Automation with Ansible II:
    Ansible Tower
    DO407*
    Automation with Ansible I
    Red Hat Certificate of
    Expertise in Ansible
    Automation
    DO007
    Ansible Essentials:
    Simplicity in Automation
    DO457
    Ansible for Network
    Automation
    DO407 - Learn to use Ansible to automate system administration tasks
    on managed hosts & write Ansible Playbooks to standardize task
    executions.
    DO409 -Learn to configure users and teams for role-based access control
    to Tower resources & Perform basic maintenance and administration of
    an Ansible Tower installation.
    DO457 - You will be able to use Red Hat Ansible Automation for
    Networking to write Ansible playbooks and launch them to manage the
    routers, switches, and other devices in your network infrastructure.
    Impact of Training:

    View Slide

  20. 我們的目標是
    幫助你推動
    系統邊界
    讓你能透過
    自動化
    加速迭代
    透過
    整合與共同協作

    View Slide

  21. AUTOMATION
    EVERYWHERE

    View Slide

  22. Resources
    Ansible Networking Homepage:
    ansible.com/networking
    Download the latest Ansible:
    releases.ansible.com/ansible/
    Evaluate Ansible Tower:
    ansible.com/tower-trial/
    Email: [email protected]
    Join the Community
    Users list: ansible-project
    Development list: ansible-devel
    Announcement list: ansible-announce (read only)
    irc.freenode.net: #ansible
    slack.networktocode.com: #ansible

    View Slide