NetDevOps 101 Phil Huang 黃秉鈞 Ansible Taipei Meetup #1, Taiwan, Nov. 11, 2018 

Phil Huang 黃秉鈞 ● 社群斜槓青年 ○ SDNDS-TW ○ Cloud Native Taiwan User Group (CNTUG) ● Personal Information ○ https://blog.pichuang.com.tw ○ https://www.linkedin.com/in/phil-huang-09b09895/ 

Q&A 有獎徵答 

Questions! 

How Network Automation Is Different 1. Where do network modules execute? 2. Does it use SSH to control network devices ONLY? 3. If network OS is based on Linux platform, is it correct to use general Ansible modules FIRST? 

Q1: Where do network modules execute? Img ref: https://www.stackovercloud.com/2018/02/08/coming-soon-networking-features-in-ansible-2-5/ ● Execution on control node ● Network modules DO NOT run on the managed nodes mostly Control Node Managed Nodes 

Execution Progress ansible-playbook --connection=local ... Ansible DSL / Modules SDK/Library of Vendors (e.g. pyvmomi) Vendor Platform Network Devices Ansible Control Node 

Q2: Does it use SSH to control network devices ONLY? Ref: https://docs.ansible.com/ansible/latest/network/getting_started/network_differences.html#multiple-communication-protocols 

Q3: Is it correct to use general Ansible modules first? ● Strong recommand use Platform-specific modules Ref: https://www.agileintegratedsolutions.com/how-to-automate-your-network-using-ansible-and-napalm-part-1/ 

Ref: https://speakerdeck.com/pichuang/netdevops-next-generation-network-engineer?slide=10 

How to Start? 

Business Value FIRST ! Ref: https://www.youtube.com/watch?v=Vo02dLboTpk Top Down 

User Stories 使用者故事 As [a role], I want to [do something] so that [business value] 作為一位 IT 管理人員, 我想要一鍵自動部署新 VM, 這樣可以降低人為誤操作的可能性 Ref: http://kojenchieh.pixnet.net/blog/post/75411673-%E4%BD%BF%E7%94%A8%E8%80%85%E6%95%85%E4%BA%8B(user-stories) 

List of Checklist for “Create a New VM instance” 1. Create a VM instance from template 2. Assign VLAN ID on virtual switches 3. Assign VLAN ID on vendor specific switches 4. Allow Load-balance Polices on LB Appliance 5. Power on VM 6. Network testing 7. VM Configuration provisioning 8. Function testing 9. Send complete mail to administrator 10. ... Infra Environment Assumption: 1. VMWare vCenter 2. Red Hat Enterprise Linux 7 3. Juniper Junos 4. F5 BIG-IP 5. Red Hat Ansible 

Deep Into Ansible Modules 1. Platform/Vendor-specific documents 2. Read Ansible Modules Index 3. Learn GitHub sample code from others contributors Ref: https://github.com/topics/ansible 

Example: Ansible for Junos OS Ref: https://www.juniper.net/documentation/product/en_US/ansible-for-junos-os 

Example: VMWare vSphere Guest Modules 

NetDevOps 201 

Workflow Design ● Ansible Way ○ Module “import_playbook” would help you create reusable playbooks ● Ansible Tower Way Ref: https://docs.ansible.com/ansible/2.7/user_guide/playbooks_reuse.html 

Improve Your Ansible Playbook Ref: https://blog.pichuang.com.tw/suggestions_to_improve_your_ansible_playbook/ 

Looking for Easy Start? 

Ref: https://github.com/network-automation/linklight 

Anymore? 

● Windows ● SecDevOps (Security DevOps) ○ Security appliance integration ■ Splunk / Snort / Check Point ○ Compliance Check ■ PCI-DSS v3 / USGCB / ... Ref: https://github.com/Ansible-Security-Compliance 

No content