Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ansible ではじめるネットワーク自動化

2,239 views

Published on

構成管理ツールの Ansible は ネットワーク機器にも対応しています。 ネットワークモジュールの使い方やPlaybookのサンプル、ハマりどころをご紹介します。

Ansible Night in Fukuoka 2018.08 での発表資料です
https://ansible-users.connpass.com/event/93620/

Published in: Technology
  • Be the first to comment

Ansible ではじめるネットワーク自動化

  1. 1. @akira6592 13. 0 . .1 / 2/
  2. 2. l A 6 o e a l e a n o . b ko il 2 2
  3. 3. 3 https://tekunabe.hatenablog.jp https://www.slideshare.net/akira6592/ 96
  4. 4. 4 l l l l l
  5. 5. 5
  6. 6. ◦ SSH NETCONF HTTP/HTTPS API ◦ show ◦ 6 ( ((
  7. 7. Cisco IOS IOS-XR NX-OS Juniper Junos Arista EOS 40 ◦ 7 • • • E DF • 0 • E 9 • • I • FJ • E • AD C C • AD F DC • 0 • B A F • AA0 • AA0 • AA0 • 0 • 0 • 0 • 60 • • DE B C E • DE 0 • AA BDF • 0 • 0 6 • EDC5 E • CDF • E • • F A E • I FDE • 0 • • 60 • 0 6 • 0E C C • 0 • 1 0 • J E • -6 0 • 0 • L0 https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html
  8. 8. Ansible 1. ◦ copy ◦ ◦ 2 ◦ ◦ 3 ◦ Ansible ◦ 8 2 1 A 3 1 1 2. 3
  9. 9. 9
  10. 10. Ansible 2.5 ◦ network_cli: Cisco IOS Arista EOS VyOS ◦ netconf: Juniper Junos ◦ httpapi: Cisco NX-OS Arista EOS HTTP(S) API Ansible 2.6 Ansible 2.4 ◦ local: 10 - hosts: ios connection: network_cli [ios:vars] ansible_connection=network_cli •• Playbook
  11. 11. 11 https://docs.ansible.com/ansible/latest/network/user_guide/platform_index.html#settings-by-platform
  12. 12. ansible_network_os ◦ ios junos eos vyos 12 [ios:vars] ansible_connection=network_cli ansible_network_os=ios •
  13. 13. 13 https://docs.ansible.com/ansible/latest/network/user_guide/platform_index.html#settings-by-platform
  14. 14. *_facts ◦ gather_facts: yes Ansible *_facts ◦ ios_facts ◦ junos_facts ◦ eos_facts ◦ vyos_facts 14 - hosts: ios gather_facts: yes connection: network_cli tasks: - ios_facts:
  15. 15. ios_facts ◦ ◦ ◦ ◦ ◦ LLDP ◦ 15 https://docs.ansible.com/ansible/latest/modules/ios_facts_module.html • *
  16. 16. IOS EOS enable 16 ansible_become yes/no: no ansible_become_method network_cli enable ansible_become_pass [ios:vars] ansible_connection=network_cli ansible_network_os=ios ansible_become=yes ansible_become_method=enable ansible_become_pass=enablepass999 • NW
  17. 17. 17 1-1
  18. 18. 1-1: show version Ansible 18 Hostname: vsrx1 Model: firefly-perimeter JUNOS Software Release [12.1X47-D15.4] ( ) ( 2 13 Hostname: vsrx1 Model: firefly-perimeter JUNOS Software Release [12.1X47-D15.4]
  19. 19. 1-1: 19 [junos] 172.16.0.1 [junos:vars] ansible_connection=netconf ansible_network_os=junos ansible_user=testuser ansible_ssh_pass=testpassword99 • inventory OS
  20. 20. 1-1: Playbook 20 - hosts: junos gather_facts: no tasks: - name: show command test junos_command: commands: - show version register: result - name: debug output debug: msg: "{{ result.stdout_lines[0] }}" result • Playbook show01.yml junos junos_command ( 1) 1 junos_command https://docs.ansible.com/ansible/latest/modules/junos_command_module.htmlç debug
  21. 21. 1-1: 21 [vagrant@centos7 demo]$ ansible-playbook -i inventory show01.yml PLAY [junos] ****************************************************************** TASK [show command test] ****************************************************** ok: [172.16.0.1] TASK [debug output] *********************************************************** ok: [172.16.0.1] => { "msg": [ "Hostname: vsrx1", "Model: firefly-perimeter", "JUNOS Software Release [12.1X47-D15.4]" ] } PLAY RECAP ******************************************************************** 172.16.0.1 : ok=2 changed=0 unreachable=0 failed=0 • ansible-playbook show version
  22. 22. 1-1: 22 "msg": { "changed": false, "failed": false, "stdout": [ "Hostname: vsrx1¥nModel: firefly-perimeter¥nJUNOS Software Release [12.1X47-D15.4]" ], "stdout_lines": [ [ "Hostname: vsrx1", "Model: firefly-perimeter", "JUNOS Software Release [12.1X47-D15.4]" ] ] } - name: debug output debug: msg: "{{ result }}" - name: debug output debug: msg: "{{ result.stdout_lines[0] }}" result 1 1 stdout_lines 0 commands [ ] COMMAND MODULE DEEP DIVE FOR NETWORKS https://www.ansible.com/blog/command-module-deep-dive-for-networks
  23. 23. 23 1-2
  24. 24. 1-2: show configuration 24 ( ) ) 21 21 3 ## Last commit: 2018-06-28 05:45:49 UTC by root version 12.1X47-D15.4; system { host-name vsrx1; root-authentication { encrypted-password "$1$nq..... ssh-rsa "ssh-rsa AAAAB3Nz..... } login { user vagrant { uid 2000; class super-user; authentication { ssh-rsa "ssh-rsa ..... } } } services { ssh { root-login allow; } netconf { ssh; } web-management { http { interface ge-0/0/0.0; } ## Last commit: 2018-06-28 05:45:49 UTC by root version 12.1X47-D15.4; system { host-name vsrx1; root-authentication { encrypted-password "$1$nq..... ssh-rsa "ssh-rsa AAAAB3Nz..... } login { user vagrant { uid 2000; class super-user; authentication { ssh-rsa "ssh-rsa ..... } } } services { ssh { root-login allow; } netconf { ssh; } web-management { http { interface ge-0/0/0.0; }
  25. 25. 1-2: Playbook 25 - hosts: junos gather_facts: no tasks: - name: show command test junos_command: commands: - show configuration register: result - name: save config to file copy: content: "{{ result.stdout[0] }}" dest: "show_config_{{ inventory_hostname }}.txt" copy • Playbook show02.yml junos junos_command IP
  26. 26. 1-2: 26 [vagrant@centos7 demo]$ ansible-playbook -i inventory show02.yml PLAY [junos] ********************************************************** TASK [show command test] ********************************************** ok: [172.16.0.1] TASK [save config to file] ******************************************** changed: [172.16.0.1] PLAY RECAP ************************************************************ 172.16.0.1 : ok=2 changed=1 unreachable=0 failed=0 • ansible-playbook
  27. 27. 1-2: 27 [vagrant@centos7 demo]$ cat show_config_172.16.0.1.txt ## Last changed: 2018-06-28 05:45:50 UTC version 12.1X47-D15.4; system { host-name vsrx1; root-authentication { encrypted-password "$1$nq.N1UsY$Jx...( )..."; ssh-rsa "ssh-rsa AAAAB3NzaC1yc2...( )...."; } ...( ).... ge-0/0/1 { unit 0 { family inet { address 172.16.0.1/24; } } } ...( ).... } • IP show configuration
  28. 28. 28 1-3 show CSV
  29. 29. 1-3: show CSV show interfaces CSV 29 2 4 3 1 ) 2 Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 134, SNMP ifIndex: 507 Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, … Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Current address: 08:00:27:ae:f4:51, Hardware address: 08:00:27:ae:f4:51 Last flapped : 2018-06-28 05:45:29 UTC (04:54:28 ago) Input rate : 3432 bps (7 pps) Output rate : 4256 bps (4 pps) Active alarms : None Active defects : None Interface transmit statistics: Disabled Logical interface ge-0/0/0.0 (Index 69) (SNMP ifIndex 509) Flags: SNMP-Traps 0x4000 Encapsulation: ENET2 Input packets : 522 Output packets: 580 Security: Zone: Null [TextFSM ] ^¥s+ [CSV ] {{ }} ( C 5
  30. 30. 1-3: show CSV Playbook 30 - hosts: junos gather_facts: no tasks: - name: show command test junos_command: commands: - show interfaces register: result - name: output csv file template: src: "./template_interface_junos.txt" dest: "./result_interface.csv" vars: parsed_result: "{{ result.stdout[0] | parse_cli_textfsm('juniper_junos_show_interfaces.template') }}" • Playbook show03.yml junos junos_command TextFSM parsed_result template CSV parse_cli_textfsm https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#network-cli-filters https://tekunabe.hatenablog.jp/entry/2017/09/23/parse_cli_textfsm
  31. 31. 1-3: show CSV CSV 31 "INTERFACE","ADMIN_STATE","LINK_STATUS","HARDWARE_TYPE" {% for r in parsed_result %} "{{ r['INTERFACE'] }}","{{ r['ADMIN_STATE'] }}","{{ r['LINK_STATUS'] }}","{{ r['HARDWARE_TYPE'] }}" {% endfor %} • CSV template_interface_junos.txt show interfaces r[‘XXXX’] for CSV 2 2 2
  32. 32. 1-3: show CSV TextFSM 32 Value Required INTERFACE (¥S+) Value LINK_STATUS (¥w+) Value ADMIN_STATE (¥S+) Value HARDWARE_TYPE (¥S+) Value MTU (¥d+|Unlimited) Start ^¥s+Logical¥s+interface¥s+${INTERFACE} ^Physical¥s+interface:¥s+${INTERFACE},¥s+${ADMIN_STATE},¥s+Physical¥s+link¥s+is¥s+${LINK_STATUS} ^.*ype:¥s+${HARDWARE_TYPE},.*MTU:¥s+${MTU}.* -> Record ^.*MTU:¥s+${MTU}.* -> Record ^.*flags -> Record EOF • TextFSM juniper_junos_show_interfaces.template TextFSM Junos show interfaces https://raw.githubusercontent.com/networktocode/ntc-templates/master/templates/juniper_junos_show_interfaces.template
  33. 33. 1-3: show CSV 33 [vagrant@centos7 demo]$ ansible-playbook -i inventory show03.yml PLAY [junos] ********************************************************** TASK [show command test] ********************************************** ok: [172.16.0.1] TASK [output csv file] ************************************************ changed: [172.16.0.1] PLAY RECAP *********************************************************************** 172.16.0.1 : ok=2 changed=1 unreachable=0 failed=0 • ansible-playbook CSV
  34. 34. 1-3: show CSV CSV 34 • CSV result_interface.csv "INTERFACE","ADMIN_STATE","LINK_STATUS","HARDWARE_TYPE","MTU" "ge-0/0/0","Enabled","Up","Ethernet","1514" "ge-0/0/0.0","","","","1500" "gr-0/0/0","Enabled","Up","GRE","Unlimited" "ip-0/0/0","Enabled","Up","IP-over-IP","Unlimited" "lsq-0/0/0","Enabled","Up","LinkService","1504" "lt-0/0/0","Enabled","Up","Logical-tunnel","Unlimited" "mt-0/0/0","Enabled","Up","GRE","Unlimited" "sp-0/0/0","Enabled","Up","Adaptive-Services","9192" "sp-0/0/0.0","","","","9192" "sp-0/0/0.16383","","","","9192" "ge-0/0/1","Enabled","Up","Ethernet","1514" "ge-0/0/1.0","","","","1500" "ge-0/0/2","Enabled","Up","Ethernet","1514" "ge-0/0/2.0","","","","1500" "dsc","Enabled","Up","Software-Pseudo","Unlimited" "gre","Enabled","Up","GRE","Unlimited" "ipip","Enabled","Up","IP-over-IP","Unlimited" "irb","Enabled","Up","Ethernet","1514" "lo0","Enabled","Up","Loopback","Unlimited" "lo0.16384","","","","Unlimited" "lo0.16385","","","","Unlimited" "lsi","Enabled","Up","LSI","1496" "mtun","Enabled","Up","GRE","Unlimited" "pimd","Enabled","Up","PIM-Decapsulator","Unlimited" "pime","Enabled","Up","PIM-Encapsulator","Unlimited" "pp0","Enabled","Up","PPPoE","1532" "ppd0","Enabled","Up","PIM-Decapsulator","Unlimited" "ppe0","Enabled","Up","PIM-Encapsulator","Unlimited" "st0","Enabled","Up","Secure-Tunnel","9192" "tap","Enabled","Up","Interface-Specific","Unlimited" "vlan","Enabled","Down","VLAN","1518" CSV CSV
  35. 35. 35 2-1
  36. 36. 2-1: NTP 36 ( ( ( ) 1
  37. 37. 2-1: Playbook 37 - hosts: junos gather_facts: no tasks: - name: config test junos_config: lines: - set system ntp server 10.0.0.123 • Playbook set01.yml Junos junos_config 1 1 junos_config https://docs.ansible.com/ansible/latest/modules/junos_config_module.html
  38. 38. 2-1: 38 [vagrant@centos7 demo]$ ansible-playbook -i inventory set01.yml PLAY [junos] ********************************************************* TASK [config test] *************************************************** changed: [172.16.0.1] PLAY RECAP ********************************************************************** 172.16.0.1 : ok=1 changed=1 unreachable=0 failed=0 • ansible-playbook
  39. 39. 2-1: 39 root@vsrx1> show configuration system ntp | display set set system ntp server 10.0.0.123 root@vsrx1> •
  40. 40. 40 2-2
  41. 41. 2-2: NTP 41 2 3 1( 2 3 1 [ ] {{ }} )
  42. 42. 2-2: Playbook 42 - hosts: junos gather_facts: no tasks: - name: config test junos_config: src: template_ntp_junos.txt vars: ntp_servers: - 10.0.1.123 - 10.0.2.123 - 10.0.3.123 - 10.0.4.123 - 10.0.5.123 • Playbook set02.yml NTP IP ntp_servers Junos junos_config
  43. 43. 2-2: 43 {% for n in ntp_servers %} set system ntp server {{ n }} {% endfor %} • template_ntp_j.txt for Playbook ntp_servers 2 2 2 • set system ntp server 10.0.1.123 set system ntp server 10.0.2.123 set system ntp server 10.0.3.123 set system ntp server 10.0.4.123 set system ntp server 10.0.5.123
  44. 44. 2-2: 44 [vagrant@centos7 demo]$ ansible-playbook -i inventory set02.yml PLAY [junos] ********************************************************* TASK [config test] *************************************************** changed: [172.16.0.1] PLAY RECAP ********************************************************************** 172.16.0.1 : ok=1 changed=1 unreachable=0 failed=0 • ansible-playbook
  45. 45. 2-2: 45 root@vsrx1> show configuration system ntp | display set set system ntp server 10.0.0.123 set system ntp server 10.0.2.123 set system ntp server 10.0.3.123 set system ntp server 10.0.4.123 set system ntp server 10.0.5.123 root@vsrx1> •
  46. 46. 46 2-3
  47. 47. 2-3: OK 47 ( () ( ( 2 34 34 y 1 ' '
  48. 48. 2-3: Playbook 48 - hosts: junos gather_facts: no tasks: - name: confirm pause: prompt: "continue? [y/N]" register: input - name: abort fail: when: input.user_input != "y" - name: config test junos_config: lines: - set system ntp server 10.0.0.123 • Playbook set03.yml Junos junos_config pause input y
  49. 49. 2-3: 1: 49 [vagrant@centos7 demo]$ ansible-playbook -i inventory set03.yml PLAY [junos] ****************************************************** TASK [confirm] **************************************************** [confirm] continue? [y/N]: y ok: [172.16.0.1] TASK [abort] ****************************************************** skipping: [172.16.0.1] TASK [config test] ************************************************ changed: [172.16.0.1] PLAY RECAP ******************************************************** 172.16.0.1 : ok=2 changed=1 unreachable=0 failed=0 • y y ansible-playbook
  50. 50. 2-3: 2: 50 [vagrant@centos7 demo]$ ansible-playbook -i inventory set03.yml PLAY [junos] ******************************************************************** TASK [confirm] ******************************************************************** [confirm] continue? [y/N]: N ok: [172.16.0.1] TASK [abort] ******************************************************** fatal: [172.16.0.1]: FAILED! => {"changed": false, "msg": "Failed as requested from task"} PLAY RECAP ********************************************************************* 172.16.0.1 : ok=1 changed=0 unreachable=0 failed=1 • ansible-playbook N y
  51. 51. 51
  52. 52. changed *_config changed 52 - name: config ios_config: lines: - ntp ser 10.0.0.123 RouterA# sh run | inc ntp ntp server 10.0.0.123 • • Playbook server ser 172.16.0.2 : ok=1 changed=1 unreachable=0 failed=0 172.16.0.2 : ok=1 changed=1 unreachable=0 failed=0 Playbook changed • • . = / *- . / /= - /. = / = /? =/. - . == ##. - / - # /# =/ =# /= # / * ./# : = . = / - . / /= - /. = / = /? =/. - .
  53. 53. SSH 53 fatal: [172.16.0.2]: FAILED! => {"msg": "paramiko: The authenticity of host '172.16.0.2' can't be established.¥nThe ssh-rsa key fingerprint is xxxxxxx."} ansible.cfg 1 [defaults] host_key_checking = False export ANSIBLE_HOST_KEY_CHECKING=False 2 [paramiko_connection] host_key_auto_add = True export ANSIBLE_PARAMIKO_HOST_KEY_AUTO_ADD=True 3 SSH - - • fatal: [172.16.0.1]: FAILED! => {"msg": "Unknown host key [xxxxxxx] for [172.16.0.1]"} netconf network_cli 2 netconf
  54. 54. Ansible 2.4 54 c u # c u # P c u c u -5 2 55 5 2 / . -5 . -5 :4 / - : -5 2 2 5 -5 2 55han b se [ se . / ogpur A -5 # ]ki tudogpur mid https://www.slideshare.net/akira6592/ansible25nw-92031433
  55. 55. 55
  56. 56. 0 4 0 56 lt 0 0 0 kb ia / _ o / / / n / A sr e /
  57. 57. ◦ ◦ https://docs.ansible.com/ ◦ Ansible for Network Automation ◦ https://docs.ansible.com/ansible/latest/network/index.html ◦ Platform Options OES IOS Junos ◦ https://docs.ansible.com/ansible/latest/network/user_guide/platform_index.html ◦ ◦ https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html ◦ Ansible ◦ https://www.slideshare.net/akira6592/networkengineermeetsansible-85889620 ◦ Ansible ◦ https://www.slideshare.net/akira6592/ansibleadhocnetworkautomation ◦ Ansible 2.5 ◦ https://www.slideshare.net/akira6592/ansible25nw-92031433 57

×