SlideShare a Scribd company logo

Ansible for networks

S
Scott van Kalken

This document discusses using Ansible to automate network device configuration and management. It describes how Ansible allows networks to be treated as code, enabling repeatable configurations, collaboration between teams, and integrating networks into development workflows and pipelines. Modules are presented for configuring various network devices like Cisco, Juniper, F5 and others. Playbooks demonstrate automating tasks like access control list and object configuration. The benefits of automation include reduced errors, focus on architecture rather than manual tasks, and consistency across many devices simultaneously.

Software
1 of 22
Download to read offline
Experiments with Ansible for Networks Scott van Kalken svk@redhat.com September 2017
2 Managing Networks hasn't changed in 30 years. ...until now
3 It’s your single source of truth ● Backups/restores can be automated ● Changes can be incremental or wholesale ● Manage “golden” versions of configurations (in source control) Configuration management and verification Ensure an on-going steady-state ● Daily, weekly, monthly scheduled tasks Why Automate?
4 Why Automate? Treat network devices like something repeatable
5 Ansible for Network Devices Next-Gen Network Ops • Community culture • Risk aware • Open solutions • Teams collaborating • Infrastructure as code • Virtual prototyping / DevOps Traditional Network Ops • Traditional culture • Risk averse • Proprietary solutions • Siloed from others • “Paper” practices, MOPs • “Artisanal” networks
6 Network Modules (literally over one hundred) A10 Apstra Arista EOS (cli, eAPI) AVI Networks Big Switch Networks Cisco ASA, IOS, IOS-XR, NX-OS Citrix Netscaler Cumulus Linux Dell OS6, OS9, OS10 Exoscale F5 BIG-IP Fortinet Huawei Illumos Juniper Junos Lenovo Ordnance NETCONF Netvisor Openswitch Open vSwitch (OVS) Palo Alto PAN-OS Nokia SR OS VyOS
7 - hosts: "{{ target_hosts | default('null-hosts') }}" connection: local vars: device_info: host: "{{ inventory_hostname }}" username: admin password: password authorize: yes auth_pass: password tasks: - name: create object group asa_config: lines: - range 192.168.100.0 192.168.100.255 parents: ['object network inside-net'] provider: "{{ device_info }}" register: result - debug: var=result - name: add ACL on outside interface asa_acl: lines: - access-list outside-in extended permit ip any object inside-net provider: "{{ device_info }}" Playbooks for Network Devices } } } Basic variables used as part of device authentication. Note the separate enable password. Using the module asa_config to configure the device. Pass in the variables previously defined. Register the result. Use the module asa_acl to configure the device. Use the object we defined earlier.
8 What does it all mean? As a developer you can: Include networks in your deployment pipelines. Configure firewall rules for your apps. Use the automation language you love.
9 Doing it the devops way Use your favourite deployment tool to configure networks as part of a pipeline.
10 Doing it the devops way
11 Doing it the devops way ● Include all network changes that your application needs. ● Tie specific network configurations to your application. ● Fewer config backups (the network config is stored either with the application and / or in a source code repository). ● Make everything repeatable ● Treat your network devices as part of an application.
12 PIPELINE DEPLOY DEMO Fedora Tomcat Server 192.168.100.126 Jenkins and Ansible Server 192.168.100.88 Cisco 5510 ASA 192.168.100.0/24 Inside 192.168.100.126 Outside 203.44.161.142 Internet Client 203.xx.xx.xx
13 What does it all mean? As a network admin you can: Stop worrying about day to day drudgery. Focus on architecture. Make everything repeatable. Treat the network as a whole rather than individual devices.
14 Doing it the devops way ● Run automated checks pre and post changes. ● Push mundane changes to multiple devices all at once ● Who wants to do an acl change across 100 devices? ● Who wants to update snmp community strings on 1000 devices? ● Who wants to have a completely consistant TOR switch config? Nobody Nobody Everyone
15 MULTI DEPLOY DEMO Ansible Server 192.168.100.88 Cisco 5510 ASA 192.168.100.0/24 Inside 192.168.100.126 Outside 203.44.161.142 13.70.137.188 13.73.111.80 13.70.139.137 13.70.137.164 Local post commit hook
16 Doing it the devops way HAVE YOUR OWN A-HA MOMENT
17 Things to watch for Paramiko options in your ansible installation may need to change for network devices. Some of the options I changed were: [paramiko_connection] record_host_keys=False look_for_keys = False [persistent connection] connect_timeout = 30 connect_retries = 30 connect_interval = 1
18 Call to action The ansible community is vast and welcoming. If there is anything that you'd like to see included in modules, please don't be shy and participate in the community. https://www.ansible.com/community
19 Links GitHub Project http://github.com/ansible/ Documentation http://docs.ansible.com Scott's GitHub https://github.com/codecowboydotio/ansible/blob/master/csr1000v.yml (yes I know using master makes me a bad developer, but I balance that with large amounts of hubris)
20 By the way ...in case you missed it
21 ANSIBLE TOWER IS NOW COMPLETELY OPEN SOURCE!!! http://github.com/ansible/awx (let's talk about this next time)
THANK YOU plus.google.com/+RedHat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNewslinkedin.com/company/red-hat

Recommended

Tower 3.x
Tower 3.xTower 3.x
Tower 3.xScott van Kalken
 
Short journey into the serverless world
Short journey into the serverless worldShort journey into the serverless world
Short journey into the serverless worldScott van Kalken
 
Ansible container
Ansible containerAnsible container
Ansible containerScott van Kalken
 
Awx
AwxAwx
AwxScott van Kalken
 
F5 Automation and service discovery
F5 Automation and service discoveryF5 Automation and service discovery
F5 Automation and service discoveryScott van Kalken
 
Ansible
AnsibleAnsible
AnsibleRahul Bajaj
 
Automating Networking! Do I Have to Start at Ground Zero?
Automating Networking! Do I Have to Start at Ground Zero?Automating Networking! Do I Have to Start at Ground Zero?
Automating Networking! Do I Have to Start at Ground Zero?Puppet
 
Ansible Tower | Docker | Cisco ACI
Ansible Tower | Docker | Cisco ACIAnsible Tower | Docker | Cisco ACI
Ansible Tower | Docker | Cisco ACIJoel W. King
 

Recommended

Tower 3.x
Tower 3.xTower 3.x
Tower 3.xScott van Kalken
 
Short journey into the serverless world
Short journey into the serverless worldShort journey into the serverless world
Short journey into the serverless worldScott van Kalken
 
Ansible container
Ansible containerAnsible container
Ansible containerScott van Kalken
 
Awx
AwxAwx
AwxScott van Kalken
 
F5 Automation and service discovery
F5 Automation and service discoveryF5 Automation and service discovery
F5 Automation and service discoveryScott van Kalken
 
Ansible
AnsibleAnsible
AnsibleRahul Bajaj
 
Automating Networking! Do I Have to Start at Ground Zero?
Automating Networking! Do I Have to Start at Ground Zero?Automating Networking! Do I Have to Start at Ground Zero?
Automating Networking! Do I Have to Start at Ground Zero?Puppet
 
Ansible Tower | Docker | Cisco ACI
Ansible Tower | Docker | Cisco ACIAnsible Tower | Docker | Cisco ACI
Ansible Tower | Docker | Cisco ACIJoel W. King
 
Ansible testing
Ansible testingAnsible testing
Ansible testingScott van Kalken
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMalcolm Duncanson, CISSP
 
Automating the Cloud with Terraform, and Ansible
Automating the Cloud with Terraform, and AnsibleAutomating the Cloud with Terraform, and Ansible
Automating the Cloud with Terraform, and AnsibleBrian Hogan
 
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...OpenNebula Project
 
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...NETWAYS
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...Simplilearn
 
Windows Azure PowerShell Cmdlets
Windows Azure PowerShell CmdletsWindows Azure PowerShell Cmdlets
Windows Azure PowerShell CmdletsPavel Revenkov
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case StudiesGreg DeKoenigsberg
 
Immutable Infrastructure with Packer Ansible and Terraform
Immutable Infrastructure with Packer Ansible and TerraformImmutable Infrastructure with Packer Ansible and Terraform
Immutable Infrastructure with Packer Ansible and TerraformMichael Peacock
 
Spinnaker for Azure
Spinnaker for AzureSpinnaker for Azure
Spinnaker for AzureLarry Guger
 
Quick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico LinQuick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico LinVietnam Open Infrastructure User Group
 
Immutable infrastructure 介紹與實做:以 kolla 為例
Immutable infrastructure 介紹與實做:以 kolla 為例Immutable infrastructure 介紹與實做:以 kolla 為例
Immutable infrastructure 介紹與實做:以 kolla 為例kao kuo-tung
 
Network Automation: Ansible 101
Network Automation: Ansible 101Network Automation: Ansible 101
Network Automation: Ansible 101APNIC
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with AnsibleSwapnil Jain
 
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...Vietnam Open Infrastructure User Group
 
.Net Core Fall update
.Net Core Fall update.Net Core Fall update
.Net Core Fall updateMSDEVMTL
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebula Project
 
Phantom app: Ansible Tower
Phantom app: Ansible TowerPhantom app: Ansible Tower
Phantom app: Ansible TowerJoel W. King
 
Automating Yourself Out of Trouble
Automating Yourself Out of TroubleAutomating Yourself Out of Trouble
Automating Yourself Out of TroubleJose De La Rosa
 
Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Dorian Hernandez
 

More Related Content

What's hot

Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMalcolm Duncanson, CISSP
 
Automating the Cloud with Terraform, and Ansible
Automating the Cloud with Terraform, and AnsibleAutomating the Cloud with Terraform, and Ansible
Automating the Cloud with Terraform, and AnsibleBrian Hogan
 
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...OpenNebula Project
 
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...NETWAYS
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...Simplilearn
 
Windows Azure PowerShell Cmdlets
Windows Azure PowerShell CmdletsWindows Azure PowerShell Cmdlets
Windows Azure PowerShell CmdletsPavel Revenkov
 
Immutable Infrastructure with Packer Ansible and Terraform
Immutable Infrastructure with Packer Ansible and TerraformImmutable Infrastructure with Packer Ansible and Terraform
Immutable Infrastructure with Packer Ansible and TerraformMichael Peacock
 
Spinnaker for Azure
Spinnaker for AzureSpinnaker for Azure
Spinnaker for AzureLarry Guger
 
Immutable infrastructure 介紹與實做:以 kolla 為例
Immutable infrastructure 介紹與實做:以 kolla 為例Immutable infrastructure 介紹與實做:以 kolla 為例
Immutable infrastructure 介紹與實做:以 kolla 為例kao kuo-tung
 
Network Automation: Ansible 101
Network Automation: Ansible 101Network Automation: Ansible 101
Network Automation: Ansible 101APNIC
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with AnsibleSwapnil Jain
 
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...Vietnam Open Infrastructure User Group
 
.Net Core Fall update
.Net Core Fall update.Net Core Fall update
.Net Core Fall updateMSDEVMTL
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebula Project
 
Phantom app: Ansible Tower
Phantom app: Ansible TowerPhantom app: Ansible Tower
Phantom app: Ansible TowerJoel W. King
 

What's hot (20)

Ansible testing
Ansible testingAnsible testing
Ansible testing
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM Roles
 
Automating the Cloud with Terraform, and Ansible
Automating the Cloud with Terraform, and AnsibleAutomating the Cloud with Terraform, and Ansible
Automating the Cloud with Terraform, and Ansible
 
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
 
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
 
Windows Azure PowerShell Cmdlets
Windows Azure PowerShell CmdletsWindows Azure PowerShell Cmdlets
Windows Azure PowerShell Cmdlets
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
 
Immutable Infrastructure with Packer Ansible and Terraform
Immutable Infrastructure with Packer Ansible and TerraformImmutable Infrastructure with Packer Ansible and Terraform
Immutable Infrastructure with Packer Ansible and Terraform
 
Spinnaker for Azure
Spinnaker for AzureSpinnaker for Azure
Spinnaker for Azure
 
Quick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico LinQuick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico Lin
 
Immutable infrastructure 介紹與實做:以 kolla 為例
Immutable infrastructure 介紹與實做:以 kolla 為例Immutable infrastructure 介紹與實做:以 kolla 為例
Immutable infrastructure 介紹與實做:以 kolla 為例
 
Network Automation: Ansible 101
Network Automation: Ansible 101Network Automation: Ansible 101
Network Automation: Ansible 101
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
 
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
 
.Net Core Fall update
.Net Core Fall update.Net Core Fall update
.Net Core Fall update
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
 
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
 
Phantom app: Ansible Tower
Phantom app: Ansible TowerPhantom app: Ansible Tower
Phantom app: Ansible Tower
 

Similar to Ansible for networks

Automating Yourself Out of Trouble
Automating Yourself Out of TroubleAutomating Yourself Out of Trouble
Automating Yourself Out of TroubleJose De La Rosa
 
Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Dorian Hernandez
 
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageWebinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageMayaData Inc
 
Unleash the Power of Open Networking
Unleash the Power of Open NetworkingUnleash the Power of Open Networking
Unleash the Power of Open NetworkingCumulus Networks
 
Using Software-Defined WAN implementation to turn on advanced connectivity se...
Using Software-Defined WAN implementation to turn on advanced connectivity se...Using Software-Defined WAN implementation to turn on advanced connectivity se...
Using Software-Defined WAN implementation to turn on advanced connectivity se...RedHatTelco
 
Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!pflueras
 
OVNC 2015-Software-Defined Networking: Where Are We Today?
OVNC 2015-Software-Defined Networking: Where Are We Today?OVNC 2015-Software-Defined Networking: Where Are We Today?
OVNC 2015-Software-Defined Networking: Where Are We Today?NAIM Networks, Inc.
 
Making the Switch to Bare Metal and Open Networking
Making the Switch to Bare Metal and Open NetworkingMaking the Switch to Bare Metal and Open Networking
Making the Switch to Bare Metal and Open NetworkingCumulus Networks
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysAdam Johnson
 
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters PROIDEA
 
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITThings You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITOpenStack
 
Presentation cisco unified fabric
Presentation cisco unified fabricPresentation cisco unified fabric
Presentation cisco unified fabricxKinAnx
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SAMeh Zaghloul
 
3 Ways to Connect to the Oracle Cloud
3 Ways to Connect to the Oracle Cloud3 Ways to Connect to the Oracle Cloud
3 Ways to Connect to the Oracle CloudSimon Haslam
 
IBM System Networking Overview - Jul 2013
IBM System Networking Overview - Jul 2013IBM System Networking Overview - Jul 2013
IBM System Networking Overview - Jul 2013Angel Villar Garea
 
PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...
PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...
PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...PROIDEA
 

Similar to Ansible for networks (20)

Automating Yourself Out of Trouble
Automating Yourself Out of TroubleAutomating Yourself Out of Trouble
Automating Yourself Out of Trouble
 
Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013
 
Automation Evolution with Junos
Automation Evolution with JunosAutomation Evolution with Junos
Automation Evolution with Junos
 
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageWebinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
 
Unleash the Power of Open Networking
Unleash the Power of Open NetworkingUnleash the Power of Open Networking
Unleash the Power of Open Networking
 
Using Software-Defined WAN implementation to turn on advanced connectivity se...
Using Software-Defined WAN implementation to turn on advanced connectivity se...Using Software-Defined WAN implementation to turn on advanced connectivity se...
Using Software-Defined WAN implementation to turn on advanced connectivity se...
 
Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!
 
SDN Basics
SDN BasicsSDN Basics
SDN Basics
 
OVNC 2015-Software-Defined Networking: Where Are We Today?
OVNC 2015-Software-Defined Networking: Where Are We Today?OVNC 2015-Software-Defined Networking: Where Are We Today?
OVNC 2015-Software-Defined Networking: Where Are We Today?
 
Making the Switch to Bare Metal and Open Networking
Making the Switch to Bare Metal and Open NetworkingMaking the Switch to Bare Metal and Open Networking
Making the Switch to Bare Metal and Open Networking
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization Overlays
 
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
 
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITThings You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
 
Cloud computing components
Cloud computing componentsCloud computing components
Cloud computing components
 
Presentation cisco unified fabric
Presentation cisco unified fabricPresentation cisco unified fabric
Presentation cisco unified fabric
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
 
3 Ways to Connect to the Oracle Cloud
3 Ways to Connect to the Oracle Cloud3 Ways to Connect to the Oracle Cloud
3 Ways to Connect to the Oracle Cloud
 
Mini-Track: Lessons from Public Cloud
Mini-Track: Lessons from Public CloudMini-Track: Lessons from Public Cloud
Mini-Track: Lessons from Public Cloud
 
IBM System Networking Overview - Jul 2013
IBM System Networking Overview - Jul 2013IBM System Networking Overview - Jul 2013
IBM System Networking Overview - Jul 2013
 
PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...
PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...
PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...
 

Recently uploaded

WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdfAzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdfryanfarris8
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...WSO2
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Eraconfluent
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2
 
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2
 
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2
 
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2
 

Recently uploaded (20)

WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdfAzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Era
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
 
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 

Ansible for networks

  • 1. Experiments with Ansible for Networks Scott van Kalken svk@redhat.com September 2017
  • 2. 2 Managing Networks hasn't changed in 30 years. ...until now
  • 3. 3 It’s your single source of truth ● Backups/restores can be automated ● Changes can be incremental or wholesale ● Manage “golden” versions of configurations (in source control) Configuration management and verification Ensure an on-going steady-state ● Daily, weekly, monthly scheduled tasks Why Automate?
  • 4. 4 Why Automate? Treat network devices like something repeatable
  • 5. 5 Ansible for Network Devices Next-Gen Network Ops • Community culture • Risk aware • Open solutions • Teams collaborating • Infrastructure as code • Virtual prototyping / DevOps Traditional Network Ops • Traditional culture • Risk averse • Proprietary solutions • Siloed from others • “Paper” practices, MOPs • “Artisanal” networks
  • 6. 6 Network Modules (literally over one hundred) A10 Apstra Arista EOS (cli, eAPI) AVI Networks Big Switch Networks Cisco ASA, IOS, IOS-XR, NX-OS Citrix Netscaler Cumulus Linux Dell OS6, OS9, OS10 Exoscale F5 BIG-IP Fortinet Huawei Illumos Juniper Junos Lenovo Ordnance NETCONF Netvisor Openswitch Open vSwitch (OVS) Palo Alto PAN-OS Nokia SR OS VyOS
  • 7. 7 - hosts: "{{ target_hosts | default('null-hosts') }}" connection: local vars: device_info: host: "{{ inventory_hostname }}" username: admin password: password authorize: yes auth_pass: password tasks: - name: create object group asa_config: lines: - range 192.168.100.0 192.168.100.255 parents: ['object network inside-net'] provider: "{{ device_info }}" register: result - debug: var=result - name: add ACL on outside interface asa_acl: lines: - access-list outside-in extended permit ip any object inside-net provider: "{{ device_info }}" Playbooks for Network Devices } } } Basic variables used as part of device authentication. Note the separate enable password. Using the module asa_config to configure the device. Pass in the variables previously defined. Register the result. Use the module asa_acl to configure the device. Use the object we defined earlier.
  • 8. 8 What does it all mean? As a developer you can: Include networks in your deployment pipelines. Configure firewall rules for your apps. Use the automation language you love.
  • 9. 9 Doing it the devops way Use your favourite deployment tool to configure networks as part of a pipeline.
  • 10. 10 Doing it the devops way
  • 11. 11 Doing it the devops way ● Include all network changes that your application needs. ● Tie specific network configurations to your application. ● Fewer config backups (the network config is stored either with the application and / or in a source code repository). ● Make everything repeatable ● Treat your network devices as part of an application.
  • 12. 12 PIPELINE DEPLOY DEMO Fedora Tomcat Server 192.168.100.126 Jenkins and Ansible Server 192.168.100.88 Cisco 5510 ASA 192.168.100.0/24 Inside 192.168.100.126 Outside 203.44.161.142 Internet Client 203.xx.xx.xx
  • 13. 13 What does it all mean? As a network admin you can: Stop worrying about day to day drudgery. Focus on architecture. Make everything repeatable. Treat the network as a whole rather than individual devices.
  • 14. 14 Doing it the devops way ● Run automated checks pre and post changes. ● Push mundane changes to multiple devices all at once ● Who wants to do an acl change across 100 devices? ● Who wants to update snmp community strings on 1000 devices? ● Who wants to have a completely consistant TOR switch config? Nobody Nobody Everyone
  • 15. 15 MULTI DEPLOY DEMO Ansible Server 192.168.100.88 Cisco 5510 ASA 192.168.100.0/24 Inside 192.168.100.126 Outside 203.44.161.142 13.70.137.188 13.73.111.80 13.70.139.137 13.70.137.164 Local post commit hook
  • 16. 16 Doing it the devops way HAVE YOUR OWN A-HA MOMENT
  • 17. 17 Things to watch for Paramiko options in your ansible installation may need to change for network devices. Some of the options I changed were: [paramiko_connection] record_host_keys=False look_for_keys = False [persistent connection] connect_timeout = 30 connect_retries = 30 connect_interval = 1
  • 18. 18 Call to action The ansible community is vast and welcoming. If there is anything that you'd like to see included in modules, please don't be shy and participate in the community. https://www.ansible.com/community
  • 20. 20 By the way ...in case you missed it
  • 21. 21 ANSIBLE TOWER IS NOW COMPLETELY OPEN SOURCE!!! http://github.com/ansible/awx (let's talk about this next time)