ask an expert ansible network automation
play

Ask an Expert: Ansible Network Automation Sean Cavanaugh Iftikhar - PowerPoint PPT Presentation

Ask an Expert: Ansible Network Automation Sean Cavanaugh Iftikhar Khan Technical Marketing Manager Senior Manager, Engineering Team Red Hat Ansible Automation Red Hat Ansible Automation seanc@redhat.com ikhan@redhat.com @IPvSean @ifty_k


  1. Ask an Expert: Ansible Network Automation Sean Cavanaugh Iftikhar Khan Technical Marketing Manager Senior Manager, Engineering Team Red Hat Ansible Automation Red Hat Ansible Automation seanc@redhat.com ikhan@redhat.com @IPvSean @ifty_k

  2. Nashville, TN Tampa, FL New York, NY October 25, 2018 November 14, 2018 December 4, 2018 For more information or to register visit: ansible.com/automates

  3. Portland, OR Houston, TX Rochester November 6, 2018 November 7, 2018 November 7, 2018 NETWORKING WORKSHOP NETWORKING WORKSHOP NETWORKING WORKSHOP For more information or to register visit: ansible.com/workshops

  4. WHAT WE’RE TALKING ABOUT TODAY httpapi net_get and net_put new netconf modules cli_command and cli_config New Tower 3.3 UI Improvements Tower Credential Management for Network Devices Custom Ansible Environment Support for Ansible Tower Ansible Network Roles Q/A with Ifty and Sean

  5. httpapi connection plugin ● New top level connection method available on Ansible 2.6 and later ● To invoke use connection: httpapi ● Initially supports ○ Cisco Nexus NX-API for the NX-OS platform ○ Arista eAPI for the EOS platform ● The httpapi method is implied by the ansible_network_os Networking Platform httpapi method ansible_network_os Arista EOS eAPI ansible_network_os=eos Cisco NX-OS NX-API ansible_network_os=nxos

  6. httpapi connection plugin example --- - name : httpapi Playbook hosts : leaf01 connection : httpapi gather_facts : false tasks : - name : type a simple arista command eos_command : commands : - show version | json register : command_output - name : print command output to terminal window debug : var : command_output.stdout[0]["version"]

  7. net_get and net_put ● agnostic network modules ● requires connection: network_cli type ● Support SCP or SFTP transfer protocols ● Requires scp installed and enabled on control and target nodes

  8. net_get and net_put example --- - name : PLAYBOOK SHOWCASING NET_GET AND NET_PUT hosts : leaf01 connection : network_cli gather_facts : false tasks : - name : COPY FILE FROM THE NETWORK DEVICE TO ANSIBLE CONTROLLER net_get : src : running_cfg_eos1.txt - name : COPY FILE FROM THE ANSIBLE CONTROLLER TO THE NETWORK DEVICE net_put : src : temp.txt

  9. netconf ● network management protocol developed and standardized by the IETF ● alternative to SSH command line ( network_cli ) and device APIs ( httpapi ) ● Three netconf specific modules ○ netconfg_get - fetch configuration/state data from NETCONF enabled network devices ○ netconf_rpc - execute operations on NETCONF enabled network devices ○ netconf_config - netconf device configuration, module allows the user to send a configuration XML file to a netconf device, and detects if there was a configuration change.

  10. netconf - converting RPC to a Playbook <rpc> <get-interface-information> <interface-name>ge-2/3/0</interface-name> <detail/> </get-interface-information> </rpc> ]]>]]> - name : GET INTERFACE INFO netconf_rpc : display : json rpc : get-interface-information content : interface-name : "em1.0"

  11. netconf - full example --- - name : RUN A NETCONF COMMAND hosts : juniper gather_facts : no connection : netconf tasks : - name : GET INTERFACE INFO netconf_rpc : display : json rpc : get-interface-information content : interface-name : "em1.0" register : netconf_info

  12. cli_command and cli_config ● agnostic network modules, available Ansible 2.7 and later ● requires connection: network_cli type

  13. Networking Inventory [cisco] rtr1 ansible_host=54.201.149.175 rtr2 ansible_host=34.222.129.140 rtr3 ansible_host=34.219.120.71 [cisco:vars] ansible_network_os identifies ansible_user=admin operating system and plugins to use ansible_network_os=ios [arista] leaf01 ansible_host=34.217.176.5 leaf02 ansible_host=34.217.176.6 [arista:vars] ansible_user=admin ansible_network_os=eos

  14. cli_* - full example --- - name : AGNOSTIC PLAYBOOK hosts : cisco gather_facts : no connection : network_cli tasks : - name : CONFIGURE DNS cli_config : config : ip name-server 8.8.8.8 - name : CHECK CONFIGURATION cli_command : command : show run | i ip name-server register : cisco_output

  15. Red Hat Ansible Tower What is Tower? Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and RESTful API. https://www.ansible.com/tower

  16. Red Hat Ansible Tower When would I need Tower vs the command-line Ansible? ● When 2 or more people start using the same Playbooks in their ○ organization. When I need a central point of execution ○ When I need an API to control my Playbooks ○ When I need integrations with TACACS+, RADIUS, SAML, AD ○ When I am doing more than just networks ○ How do I get started? ● Free Workshops, Free Trials (Linux, Vagrant, AWS EC2) ○ Red Hat Global Learning Services: https://red.ht/2jVOvNg ○

  17. New Tower 3.3 UI Improvements Get more things done, with less clicks! Credentials Orgs, Users and Teams Notifications

  18. More Top Level Info under Jobs When the job was launched Who launched this job What the job was launched against

  19. Network Credential Management ● Treat network devices just like servers! ● SSH keys or username/pass ● Utilizing AES-256 in CBC mode alongside a SHA-256 HMAC.

  20. Ansible Environment ● More flexibility ● Control which version of Ansible on a per-Job basis ● No more locking of Tower to specific Engine release

  21. Ansible Network Roles Network Activities for Operators Distributed through Ansible ● Galaxy Data driven workflows for ● performing network operator tasks Extensible and adaptable for ● any platform, any device Fully Supported through your ● Red Hat Subscription https://galaxy.ansible.com/ansible-network

  22. cloud_vpn - Network Role Purpose Providers Ansible Version Agnostic role for creating IPSEC Cloud: 2.6+ VPN tunnels between two clouds or AWS, Azure, OpenStack endpoints. EndPoints: AWS VPN, VyOS, Cisco CSR, RHEL, CentOS Functions Example create_vpn ● - include_role : delete_vpn name : ansible-network.cloud_vpn ● - include_role : VPN name : ansible-network.cloud_vpn tasks_from : delete_vpn Cisco CSR on AWS RHEL on Azure https://galaxy.ansible.com/ansible-network/cloud_vpn

  23. config_manager - Network Role Purpose Providers Ansible Version platform agnostic approach to VyOS, Junos OS, Arista EOS, Cisco IOS, 2.6+ managing the active (running) IOS-XR, IOS-XE, NX-OS configuration file on network devices Functions Example get ● --- load - hosts : network ● Juniper Junos gather_facts : false save ● roles : - name ansible-network.config_manager Cisco IOS-XE function : get Arista EOS https://galaxy.ansible.com/ansible-network/config_manager

  24. yang - Network Role Purpose Providers Ansible Version platform agnostic approach to Cisco IOS-XR and Juniper Junos 2.6.2+ managing the active (running) configuration file on network devices Functions Example configure ● - hosts : iosxr spec connection : netconf ● Juniper Junos gather_facts : false fetch ● tasks : - name : include yang role include_role : Cisco IOS-XE name : ansible-network.yang tasks_from : fetch https://galaxy.ansible.com/ansible-network/yang

  25. Q / A ansible-network@redhat.com facebook.com/ansibleautomation github.com/network-automation twitter.com/ansible 25

Recommend


More recommend