NetDevOps 101

Transcript

1. NetDevOps 101
   Phil Huang 黃秉鈞
   Ansible Taipei Meetup #1, Taiwan, Nov. 11, 2018
   

   View Slide

2. Phil Huang 黃秉鈞
   ● 社群斜槓青年
   ○ SDNDS-TW
   ○ Cloud Native Taiwan
   User Group (CNTUG)
   ● Personal Information
   ○ https://blog.pichuang.com.tw
   ○ https://www.linkedin.com/in/phil-huang-09b09895/
   

   View Slide

3. Q&A 有獎徵答
   

   View Slide

4. Questions!
   

   View Slide

5. How Network Automation Is Different
   1. Where do network modules execute?
   2. Does it use SSH to control network devices ONLY?
   3. If network OS is based on Linux platform, is it correct to
   use general Ansible modules FIRST?
   

   View Slide

6. Q1: Where do network modules execute?
   Img ref: https://www.stackovercloud.com/2018/02/08/coming-soon-networking-features-in-ansible-2-5/
   ● Execution on control node
   ● Network modules DO NOT run on
   the managed nodes mostly
   Control Node Managed Nodes
   

   View Slide

7. Execution Progress
   ansible-playbook --connection=local ...
   Ansible DSL / Modules
   SDK/Library of Vendors (e.g. pyvmomi)
   Vendor Platform
   Network Devices
   Ansible Control Node
   

   View Slide

8. Q2: Does it use SSH to control network devices ONLY?
   Ref: https://docs.ansible.com/ansible/latest/network/getting_started/network_differences.html#multiple-communication-protocols
   

   View Slide

9. Q3: Is it correct to use general Ansible modules first?
   ● Strong recommand use Platform-specific modules
   Ref: https://www.agileintegratedsolutions.com/how-to-automate-your-network-using-ansible-and-napalm-part-1/
   

   View Slide

10. Ref: https://speakerdeck.com/pichuang/netdevops-next-generation-network-engineer?slide=10
    

    View Slide

11. How to Start?
    

    View Slide

12. Business Value FIRST !
    Ref: https://www.youtube.com/watch?v=Vo02dLboTpk
    Top
    Down
    

    View Slide

13. User Stories 使用者故事
    As [a role], I want to [do something] so that [business value]
    作為一位 IT 管理人員, 我想要一鍵自動部署新 VM,
    這樣可以降低人為誤操作的可能性
    Ref: http://kojenchieh.pixnet.net/blog/post/75411673-%E4%BD%BF%E7%94%A8%E8%80%85%E6%95%85%E4%BA%8B(user-stories)
    

    View Slide

14. List of Checklist for “Create a New VM instance”
    1. Create a VM instance from template
    2. Assign VLAN ID on virtual switches
    3. Assign VLAN ID on vendor specific switches
    4. Allow Load-balance Polices on LB Appliance
    5. Power on VM
    6. Network testing
    7. VM Configuration provisioning
    8. Function testing
    9. Send complete mail to administrator
    10. ...
    Infra Environment Assumption:
    1. VMWare vCenter
    2. Red Hat Enterprise Linux 7
    3. Juniper Junos
    4. F5 BIG-IP
    5. Red Hat Ansible
    

    View Slide

15. Deep Into Ansible Modules
    1. Platform/Vendor-specific documents
    2. Read Ansible Modules Index
    3. Learn GitHub sample code from others contributors
    Ref: https://github.com/topics/ansible
    

    View Slide

16. Example: Ansible for Junos OS
    Ref: https://www.juniper.net/documentation/product/en_US/ansible-for-junos-os
    

    View Slide

17. Example: VMWare vSphere Guest Modules
    

    View Slide

18. NetDevOps 201
    

    View Slide

19. Workflow Design
    ● Ansible Way
    ○ Module “import_playbook” would help you create reusable playbooks
    ● Ansible Tower Way
    Ref: https://docs.ansible.com/ansible/2.7/user_guide/playbooks_reuse.html
    

    View Slide

20. Improve Your Ansible Playbook
    Ref: https://blog.pichuang.com.tw/suggestions_to_improve_your_ansible_playbook/
    

    View Slide

21. Looking for Easy Start?
    

    View Slide

22. Ref: https://github.com/network-automation/linklight
    

    View Slide

23. Anymore?
    

    View Slide

24. ● Windows
    ● SecDevOps (Security DevOps)
    ○ Security appliance integration
    ■ Splunk / Snort / Check Point
    ○ Compliance Check
    ■ PCI-DSS v3 / USGCB / ...
    Ref: https://github.com/Ansible-Security-Compliance
    

    View Slide

25. View Slide