NetDevOps 101

Transcript

1. NetDevOps 101 Phil Huang 黃秉鈞 <[email protected]> Ansible Taipei Meetup #1,

   Taiwan, Nov. 11, 2018

2. Phil Huang 黃秉鈞 • 社群斜槓青年 ◦ SDNDS-TW ◦ Cloud Native

   Taiwan User Group (CNTUG) • Personal Information ◦ https://blog.pichuang.com.tw ◦ https://www.linkedin.com/in/phil-huang-09b09895/

3. Q&A 有獎徵答

4. Questions!

5. How Network Automation Is Different 1. Where do network modules

   execute? 2. Does it use SSH to control network devices ONLY? 3. If network OS is based on Linux platform, is it correct to use general Ansible modules FIRST?

6. Q1: Where do network modules execute? Img ref: https://www.stackovercloud.com/2018/02/08/coming-soon-networking-features-in-ansible-2-5/ •

   Execution on control node • Network modules DO NOT run on the managed nodes mostly Control Node Managed Nodes

7. Execution Progress ansible-playbook --connection=local ... Ansible DSL / Modules SDK/Library

   of Vendors (e.g. pyvmomi) Vendor Platform Network Devices Ansible Control Node

8. Q2: Does it use SSH to control network devices ONLY?

   Ref: https://docs.ansible.com/ansible/latest/network/getting_started/network_differences.html#multiple-communication-protocols

9. Q3: Is it correct to use general Ansible modules first?

   • Strong recommand use Platform-specific modules Ref: https://www.agileintegratedsolutions.com/how-to-automate-your-network-using-ansible-and-napalm-part-1/

10. Ref: https://speakerdeck.com/pichuang/netdevops-next-generation-network-engineer?slide=10

11. How to Start?

12. Business Value FIRST ! Ref: https://www.youtube.com/watch?v=Vo02dLboTpk Top Down

13. User Stories 使用者故事 As [a role], I want to [do

    something] so that [business value] 作為一位 IT 管理人員, 我想要一鍵自動部署新 VM, 這樣可以降低人為誤操作的可能性 Ref: http://kojenchieh.pixnet.net/blog/post/75411673-%E4%BD%BF%E7%94%A8%E8%80%85%E6%95%85%E4%BA%8B(user-stories)

14. List of Checklist for “Create a New VM instance” 1.

    Create a VM instance from template 2. Assign VLAN ID on virtual switches 3. Assign VLAN ID on vendor specific switches 4. Allow Load-balance Polices on LB Appliance 5. Power on VM 6. Network testing 7. VM Configuration provisioning 8. Function testing 9. Send complete mail to administrator 10. ... Infra Environment Assumption: 1. VMWare vCenter 2. Red Hat Enterprise Linux 7 3. Juniper Junos 4. F5 BIG-IP 5. Red Hat Ansible

15. Deep Into Ansible Modules 1. Platform/Vendor-specific documents 2. Read Ansible

    Modules Index 3. Learn GitHub sample code from others contributors Ref: https://github.com/topics/ansible

16. Example: Ansible for Junos OS Ref: https://www.juniper.net/documentation/product/en_US/ansible-for-junos-os

17. Example: VMWare vSphere Guest Modules

18. NetDevOps 201

19. Workflow Design • Ansible Way ◦ Module “import_playbook” would help

    you create reusable playbooks • Ansible Tower Way Ref: https://docs.ansible.com/ansible/2.7/user_guide/playbooks_reuse.html

20. Improve Your Ansible Playbook Ref: https://blog.pichuang.com.tw/suggestions_to_improve_your_ansible_playbook/

21. Looking for Easy Start?

22. Ref: https://github.com/network-automation/linklight

23. Anymore?

24. • Windows • SecDevOps (Security DevOps) ◦ Security appliance integration

    ▪ Splunk / Snort / Check Point ◦ Compliance Check ▪ PCI-DSS v3 / USGCB / ... Ref: https://github.com/Ansible-Security-Compliance
25. None