2. www.anm.com
Who we are
Klaus Mueller
Senior Solutions Architect, ANM
u Route/Switch CCIE #5450
u 30+ years experience in IT
u 20 years experience
working with State/Local,
Healthcare, Education,
and Commercial in New
Mexico
u Specialize in campus and
data center networks
Ian Logan
Senior Solutions Architect, ANM
u 20 years at NMSU
u Data center architecture
u Private networks for energy
management systems
u Unix & Linux systems
administration
u Specialize in data center
virtualization and
automation
3. www.anm.com
ANM is headquartered
in Albuquerque, NM and
operates in Colorado,
Texas and New Mexico.
In addition to
Albuquerque, ANM has
offices in Denver (CO),
Colorado Springs (CO)
and El Paso (TX).
4. www.anm.com
Evolution of Network Configuration
First Cisco Router
1986
Latest Cisco Router
2018
CLI via console
and Telnet
CLI via console
and SSH
8. www.anm.com
Data Center Network Fabrics
Cisco ACI VMware NSX
Software Defined Networks
Network Function Virtualization (NFV)
Network Programmability
APIs and Standards
NetDevOps
“Infrastructure as Code”
To be fair…
9. www.anm.com
“The Holy Grail”
Be like Facebook
Automatically
deploy a fully
populated
rack of
servers and
network gear
with minimal
intervention.
Or somewhere in between…
• Standardized configs
• Automated deployment
• Push changes quickly
• Automate repetitive tasks
11. www.anm.com
u Python
uScripting
u Linux (or Mac OS X)
uUsing open-source
tools
u Templating
uJinja
u Programmability
uREST APIs
uYAML, JSON, XML
uNETCONF
u Data Models
uYANG
Network Engineers need new skills
12. www.anm.com
“DevOps Tools”
can help bridge the gap
u Automation
uConfiguration deployment
and management
u Open Source
u Community Driven
u Many learning resources
u Chef and Puppet
uAgent-based
u Ansible and Salt
uAgent-less
13. www.anm.com
The Automation Journey
Manual Deployments
Config / Feature enablement via
CLI Notepad/Copy-Paste or
Scripts
Design to Provision
Network Deployment
Driven by Standardized
Design
Integrations Beyond The
Network
ITSM, DC Tools, Security
Ecosystem and beyond…
Best Effort
Intent Based
Deployment &
Compliance
Plug and Play
Zero Touch Day Zero
Network Deployment
The Automation Journey
14. www.anm.com
u Agent-less
u Works well for both network
and servers
u Idempotent configuration
management
u Modular framework
u Supported by Red Hat
u Works with templates and
variables
u Communicates over SSH
u Simple templating language
(Playbooks = YAML)
Ansible – “The Easier Button”
15. www.anm.com
u Cisco
u IOS
u IOS-XR
u NXOS (CLI and NXAPI)
u ASA
u ACI
u NETCONF devices
u Linux
u RHEL
u Ubuntu
u Windows
u Much, much more...
u Make your own ... all based on Python
“Out of the Box” Automation
17. www.anm.com
Ansible – Deep dive
How would you describe Ansible in one sentence?
u A tool/framework for expressing the desired state
of a system at a high level.
19. www.anm.com
Ansible – Deep dive
u Requirements for installing Ansible
uPython 2.6/2.7 or 3.5 and newer
uA Unix like system to act as the control
machine
20. www.anm.com
Ansible – Deep dive
Playbook
Ansible
Engine
Managed
Node
SSH
• Inventory Host File
• API
• Modules
• Password Vault
• Unix/Linux/
• Windows
• Cisco IOS/
• NXOS/ACI
• vSphere
• And many more…
• A YAML doc
• Living MOP
21. www.anm.com
Ansible – Deep dive
u Choices on installing Ansible
uVendor packages or Python pip
uPackages might be a little stale but ease of
maintenance is worth it
23. www.anm.com
Ansible – Deep dive
u Ansible’s master config file – ansible.cfg
ANSIBLE_CONFIG
Env. variable
ansible.cfg
In current
directory
$HOME/.ansible.cfg /etc/ansible/ansible.cfg
The first one found wins
25. www.anm.com
Ansible – Deep dive
Ansible’s inventory system:
u A simple text file.
u Dynamic inventory from AWS, OpenStack, etc.
u You can use both simultaneously.
26. www.anm.com
Ansible – Deep dive
Ansible host file:
u INI style formatting
u Group names are in []
u Hosts can belong to
multiple groups
u Groups can be nested
27. www.anm.com
Ansible – Deep dive
Linux demo environment:
uPrecreated a user named “ansible” on each
machine
uSSH authorized_keys configuration
uAdded sudo configuration for the ansible user
uThese steps are all optional, but they make the
demo easier.
29. www.anm.com
Ansible – Deep dive
Ansible facts & variables:
u Facts are variables that describe the system being
managed
u Facts can be automatically gathered
u You reference a variable with “{{ variable }}”
30. www.anm.com
Ansible – Deep dive
Ansible facts & variables:
u You can get all of the facts for a device
with a one liner
uansible ios-devices -c network_cli -m ios_facts
uansible linux -m setup
31. www.anm.com
Ansible – Deep dive
u Gathering facts
takes a while
u On a Linux host it
there are over 100
facts
u Output from many
one liners will be in JSON
32. www.anm.com
Ansible – Deep dive
Ansible playbooks:
u Playbooks are our tool for automating complex
tasks.
u Playbooks also allow us to express orchestration
across multiple managed nodes.
u They’re written as YAML documents.
33. www.anm.com
Ansible – Deep dive
YAML:
u Indentation matters!!
uIndent to group related items
u # begins a comment
u - - - begins a YAML document
u - to denote list elements
34. www.anm.com
Ansible – Deep dive
A sample playbook:
u Hosts: the target nodes
u Become* do we need
elevated privileges?
u Tasks: list of things to do
uWe call these plays
u Yum is an ansible module
uName: httpd – a RPM name
uState: present or absent
36. www.anm.com
Ansible – Deep dive
Playbooks can be executable scripts:
u Add a “#!/usr/bin/ansible-playbook” as the first
line
u Make the file executable
44. www.anm.com
Ansible – Deep dive
Make sure you write the entire command!
uIos_config module makes comparisons between
the playbook and the running config.
uIf its not an exact match, the command is
executed at every run.
45. www.anm.com
Ansible – Deep dive
We’re not using SSH keys to login to the router,
where’s the password?
u We can store the password in a variable.
u Variables can be stored in encrypted files called
vaults.
46. www.anm.com
Ansible – Deep dive
How do we organize per host or group variables?
u We can put them in the playbook itself.
u We can create host/group variables in the
host_vars/group_vars directory.
uOne file for each host/group.
47. www.anm.com
Ansible – Deep dive
Host variables for an IOS device
u Ansible_connection:
network_cli this module allows ansible
to manage CLI devices like IOS.
u Ansible_network_os: ios, vyos, junos, etc.
u Ansible_ssh_pass: the login password.
50. www.anm.com
E.g. Use Cases
u Regular, repetitive tasks
u Large-scale infrequent tasks
upushing config changes to
large number of devices
u In-frequent tasks that require
consistency
ue.g. device deployment
u Building flow
umanual tasks that take a long
time that can be automated
u Pushing configs to multiple device
u Templatizing config changes
u Automating config changes
u Automating deployments
u Reporting and compliance
54. www.anm.com
Websites
u Ansible Website: www.ansible.com
uDocumentation, Quick Start videos, Tutorials
u Cisco DevNet: developer.cisco.com
uFree login
uFree training
u"Network Programmability for Network
Engineers”
uAnsible videos and learning labs
55. www.anm.com
Links
u Ansible.com
u Documentation and Quick Start videos:
docs.ansible.com
u Developer.cisco.com
u ”Introduction to Ansible”
https://learninglabs.cisco.com/lab/ansible-02_ansible-intro/step/1
u “NetDevOps” videos – Ansible for Cisco configuration management
https://developer.cisco.com/video/net-prog-basics/05-netdevops
u “Getting Hands on with Ansible” Learning Lab
https://learninglabs.cisco.com/lab/ansible-03_ansible-hands-
on/step/1
56. www.anm.com
u See us at ANM Table
u Demo capability
u Email us:
u Klaus.Mueller@anm.com
u Ian.Logan@anm.com
u https://www.slideshare.net/klausternm
www.ANM.com
Contact Us