The document outlines how Chef, an open-source framework, manages network infrastructure through declarative policies and continuous testing. It highlights the integration of Chef with Cisco Nexus platforms to manage devices effectively, providing resources and tools for network configuration. Furthermore, it emphasizes the importance of treating infrastructure as code, facilitating continuous delivery, versioning, and testing in network management.

1. Network Infrastructure as Code
with Chef and Cisco
June 9, 2015
Matt Ray
matt@chef.io

2. What is Chef?
• Open Source framework for
managing complexity
• Declarative language for
describing & configuring
infrastructure
• An awesome community of
professionals
• A fast-growing company based in
Seattle, WA with >50% remote

3. How does Chef work?
• Ensures desired state by continually testing and repairing
individual resources in the system
• You compose policies using a series of simple declarations
• The Chef client fetches those policies from a central server
and applies them to the local machine
• The state of the machine is recorded and sent back to a
database, where it is indexed for search, reporting, and audit.

4. Policy-based
• Chef provides a domain-specific language (DSL) that
allows you to specify policy for your infrastructure
• Policy describes the desired state
• Policies can be statically or dynamically defined
• Chef ensures each node in your infrastructure
complies with the policy

5. Recipes
package "httpd"
template "/etc/httpd/conf.d/mysite.conf" do
source "mysite.conf.erb"
owner "root"
group "root"
mode "0644"
variables(:allow_override => "All")
notifies :reload, "service[httpd]"
end
service "httpd" do
action [:enable,:start]
supports :reload => true
end
Resource one
Resource two
Resource three

6. Infrastructure as Code
• Programmatically provision
and configure components
• Treat like any other code
base
• Reconstruct business from
code repository, data
backup, and compute
resources

7. Built-in Resources
• package
• template
• service
• cron
• directory
• mount
• user
• group
• registry_key
• remote_directory
• route
• ...and many more!

8. Build Anything
• Simple internal applications
• Complex external applications
• Workstations
• Hadoop clusters
• IaaS infrastructure
• PaaS infrastructure
• SaaS applications
• Storage systems
• You name it
http://www.flickr.com/photos/hyku/245010680/

9. And Manage it Simply
• Automatically reconfigure everything
• Linux, Windows, Unixes, BSDs
• Switches and load balancers
• Storage systems
• Metrics collection systems
• Monitoring systems
• Cloud migrations become trivial
http://www.flickr.com/photos/helico/404640681/

10. Servers are great and all…
• Chef easily scales to deployments of hundreds of
thousands of servers.
• Physical, virtual or cloud instances
• Linux, Windows, AIX, Solaris, OS X and many more

11. …but Networking is Different!
• Managing network devices is trickier
• Especially without an agent
• But many devices are Linux or FreeBSD-based
• Chef is already cross-platform and on many
operating systems already

12. Chef & Cisco

13. Nexus 9k and 3k Platforms
• Chef and Cisco are working together to bring
officially supported packages to NX-OS and IOS-XR
• Support across Nexus 9300/9500 & 3000 Series
• Q3 of this year

14. Omnibus Packages
• Omnibus is our open source cross-platform full-stack packaging
system (Linux, Windows, AIX, OS X, etc.)
• github.com/chef/omnibus
• Includes all of the dependencies for running Chef on an
operating system (Ruby, OpenSSL, etc.)
• Produces a dependency-free package (ie. RPM, DEB, MSI)
• Installs into /opt/chef

15. node[‘platform’] = ‘nexus’
node[‘platform_family’] = ‘wrlinux’
Chef Client
• Currently building from Chef 12 master branch
• Omnibus and ohai patches upstreamed
• Chef Resources being updated accordingly

16. Chef’s CD Pipeline
• Continuous delivery of Chef client
builds
• currently 22 targets
• Cisco will be a Tier 1 Platform
• Downloads will be available:
• downloads.chef.io
• packagecloud.io/chef/
• Omnitruck API (www.chef.io)

17. Cisco Cookbook
• Provides Resources for managing NX-OS
• Ruby API calls to NXAPI
• Abstracts underlying Cisco specifics, cross-platform
• ChefSpec and Test Kitchen support
• Cookbook and Ruby Gems open source soon

18. Cisco Cookbook Resources
• cisco_command_config
• cisco_interface
• cisco_interface_ospf
• cisco_ospf
• cisco_ospf_vrf
• cisco_package
• cisco_snmp_community
• cisco_snmp_group
• cisco_snmp_server
• cisco_snmp_user
• cisco_tacacs_server
• cisco_tacacs_server_host
• cisco_vlan
• cisco_vtp
• …and more coming!

19. cisco_interface 'Ethernet1/1' do
action :create
ipv4_address '1.1.1.1'
ipv4_netmask_length 24
ipv4_proxy_arp true
ipv4_redirects true
shutdown true
switchport_mode 'disabled'
end
Cisco Cookbook Resource Example

20. Test Driven Infrastructure
• Versioning is baked into Chef
Cookbooks and Environments
• Infrastructure as Code should
be treated like code
• Version control
• Testing
• Continuous Delivery

21. Testing with Chef
• RuboCop: Ruby code analyzer
• FoodCritic: lint testing for Chef cookbooks
• ChefSpec: unit testing for Chef
cookbooks
• Test Kitchen: platform for integration
testing Chef infrastructure

22. Continuous Delivery and Networking
• Controlled promotion of change
across environments with testing
reduces risk
• Visibility and accountability of all
changes across all infrastructure
• Faster and safer delivery of new
features

23. Strategies for Managing Networks
• Chef-only
• Controller-less, Chef manages devices
• Cisco Application-Centric Infrastructure-only
• Chef interacts directly with ACI which manages everything
• Hybrid
• Chef manages devices, ACI manages networking

24. Further Cisco Integrations
• UCS
•Ruby ucslib-based solutions
• ACI
• OpenStack
•knife-openstack
•chef-provisioning-openstack

25. Thanks!
Matt Ray
matt@chef.io
@mattray