This document proposes using Ansible for continuous integration and continuous delivery (CI/CD) of logical configurations on Cisco Application Centric Infrastructure (ACI). It discusses:
1) Cisco ACI's proprietary data model and API for managing logical configurations through a central controller.
2) How Ansible supports state enforcement of configuration elements as "present", "deleted", or "changed" in a way compatible with ACI.
3) A model where a "super" Ansible playbook enforces the full state of an ACI tenant, keeping the configuration and code fully separated and using a templated meta-language to describe the JSON/YAML configuration.
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Ansible based CI / CD for Cisco ACI logical configuration
1. Ansible based CI / CD for Cisco ACI logical configuration
a possible model
Kristof Imre Szabo
2. 2
Cisco ACI logical model and API
●
Proprietary data-model for logical configuration
●
Provides state enforcement through central controller
●
API
– Supports XML / JSON and YAML REST
– the object model is generalized, the API is not human readable by any
mean
– Ansible compatible state enforcement (configuration elements can be
'present', 'deleted' or 'changed')
3. 3
Ansible
●
RedHat project
●
DNA-wise it is to configure compute resources and applications
●
Getting foot in networks
●
Core components
– inventory (configuration database)
– playbook
– roles / tasks
●
Powerful templating to save you from repetition
4. 4
Ansible for ACI
●
Full ACI support in Ansible
– dedicated tasks for most of the use cases (create tenant, VRF, application
endpoint group)
– REST API support for specifics (which are actually not that specific)
●
State enforcement is comprehensive
●
Could be ideal for configuration management…
– playbooks are not comprehensive, a set of tasks do not represent the
state of the fabric
– configuration and code gets very difficult to separate
5. 5
Tenant management
●
“Super” playbook to enforce the full state of a tenant
– Implements only of a subset of the full ACI data model
●
ACI configuration and Ansible code is fully separated
●
Human and machine readable, templated meta-language to
describe configuration (JSON / YAML formatted text)
●
Example
6. 6
Continous integration / continous delivery
●
Code / configuration is stored in a version control system (GIT)
●
Specific changes in the code trigger specific automated tasks
– regression testing
– application testing
– deployment to various environment
– notification on success / failure