Ansible is one of the newer and more exciting automation toolsets for networking. Ansible (unlike Puppet and Chef) is agentless, which makes it significantly easier to automate existing devices that may not have an agent installed – such as many networking devices.
Networks are evolving from hundreds or thousands of individual devices to the Software-Defined Network paradigm of a single fabric under a central controller. The GUI on top of an SDN controller isn’t sufficient and will still need automation.
This presentation describes how Ansible can add value to configuration management of a Cisco Application Centric Infrastructure (ACI) infrastructure.
Ansible- Durham Meetup: Using Ansible for Cisco ACI deploymentJoel W. King
Networks are evolving from hundreds or thousands of individual devices to the Software-Defined Network paradigm of a single fabric under a central controller.
The GUI on top of an SDN controller isn't sufficient and we will still need automation. This presentation describes how Ansible can add value to configuration management of a Cisco Application Centric Infrastructure (ACI) infrastructure. It demonstrates how Ansible modules can use the northbound REST API interface of the Application Policy Infrastructure Controller (APIC).
Configuration Management Tools on NX-OSCisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. On Cisco Nexus devices, configuration is performed using command-line interfaces (CLIs) that run only on the device. Configuration Management Tools allow you to automate the network devices configuration in the same way sysadmin have automated the server configuration. These tools include Puppet, Chef and Ansible. We will be introducing the concept of each of them, agent vs agent-less and demoing some use cases.
We will also describe some of the technology enablers like NX-API REST that allows you to enable configurations that would require issuing many CLI commands by combining configuration actions in relatively few HTTP/HTTPS operations."
Automating with NX-OS: Let's Get Started!Cisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. Cisco's flagship data center platform, the Nexus series of switches, has a variety of programming protocols to offer. This session will provide participants with an overview and code examples on various protocols: * NX-API * XMPP * Netconf
Ansible- Durham Meetup: Using Ansible for Cisco ACI deploymentJoel W. King
Networks are evolving from hundreds or thousands of individual devices to the Software-Defined Network paradigm of a single fabric under a central controller.
The GUI on top of an SDN controller isn't sufficient and we will still need automation. This presentation describes how Ansible can add value to configuration management of a Cisco Application Centric Infrastructure (ACI) infrastructure. It demonstrates how Ansible modules can use the northbound REST API interface of the Application Policy Infrastructure Controller (APIC).
Configuration Management Tools on NX-OSCisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. On Cisco Nexus devices, configuration is performed using command-line interfaces (CLIs) that run only on the device. Configuration Management Tools allow you to automate the network devices configuration in the same way sysadmin have automated the server configuration. These tools include Puppet, Chef and Ansible. We will be introducing the concept of each of them, agent vs agent-less and demoing some use cases.
We will also describe some of the technology enablers like NX-API REST that allows you to enable configurations that would require issuing many CLI commands by combining configuration actions in relatively few HTTP/HTTPS operations."
Automating with NX-OS: Let's Get Started!Cisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. Cisco's flagship data center platform, the Nexus series of switches, has a variety of programming protocols to offer. This session will provide participants with an overview and code examples on various protocols: * NX-API * XMPP * Netconf
We've added the presentation used by John Walter, Solution Architect for Red Hat's Training and Certification team, from our Accelerating with Ansible webinar. He discussed the emergence of radically simple Ansible automation and answered questions from attendees. Learn how Ansible automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs. Also learn how Ansible is designed for multi-tier deployments from day one and how Ansible models your IT infrastructure by describing how all your systems inter-relate, rather than just managing one system at a time.
Sydney based cloud consultancy Cloudten's Richard Tomkinson shows how masterless Puppet can be used in concert with AWS's services including Lambda to automate server builds and manage code deployments
Build cloud like Rackspace with OpenStack AnsibleJirayut Nimsaeng
Build cloud like Rackspace with OpenStack Ansible Workshop in 2nd Cloud OpenStack-Container Conference and Workshop 2016 at Grand Postal Building, Bangrak, Bangkok on September 22-23, 2016
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Sanjeev Rampal
Introduction to the architecture of Cisco Container Platform. This is a new offering from Cisco and is an enterprise grade Multi-Cloud Kubernetes based Container platform.. The presentation covers overall architecture, internal details on networking storage, operations and automation as well as multi-cloud features including the use of this platform alongwith hosted Kubernetes offerings from AWS (EKS) and Google (GKE)
OpenStack Summit Vancouver: Lessons learned on upgradesFrédéric Lepied
Deploying OpenStack in production at any scale, upgrade support is one of the requirements to have a successful deployment. Without upgrade management, adeployment will have bugs and security issues from day 1. Also in longer term, it will miss the latest features that OpenStack offers.
This presentation starts with an introduction to the rationale behind automated deployments in Continuous Delivery and DevOps. Then, I compare agent-based architectures, such as Chef and Puppet with the agentless architecture of the server orchestration engine Ansible. The presentation concludes with an automated deployment of Dynatrace into a simulated production environment.
We've added the presentation used by John Walter, Solution Architect for Red Hat's Training and Certification team, from our Accelerating with Ansible webinar. He discussed the emergence of radically simple Ansible automation and answered questions from attendees. Learn how Ansible automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs. Also learn how Ansible is designed for multi-tier deployments from day one and how Ansible models your IT infrastructure by describing how all your systems inter-relate, rather than just managing one system at a time.
Sydney based cloud consultancy Cloudten's Richard Tomkinson shows how masterless Puppet can be used in concert with AWS's services including Lambda to automate server builds and manage code deployments
Build cloud like Rackspace with OpenStack AnsibleJirayut Nimsaeng
Build cloud like Rackspace with OpenStack Ansible Workshop in 2nd Cloud OpenStack-Container Conference and Workshop 2016 at Grand Postal Building, Bangrak, Bangkok on September 22-23, 2016
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Sanjeev Rampal
Introduction to the architecture of Cisco Container Platform. This is a new offering from Cisco and is an enterprise grade Multi-Cloud Kubernetes based Container platform.. The presentation covers overall architecture, internal details on networking storage, operations and automation as well as multi-cloud features including the use of this platform alongwith hosted Kubernetes offerings from AWS (EKS) and Google (GKE)
OpenStack Summit Vancouver: Lessons learned on upgradesFrédéric Lepied
Deploying OpenStack in production at any scale, upgrade support is one of the requirements to have a successful deployment. Without upgrade management, adeployment will have bugs and security issues from day 1. Also in longer term, it will miss the latest features that OpenStack offers.
This presentation starts with an introduction to the rationale behind automated deployments in Continuous Delivery and DevOps. Then, I compare agent-based architectures, such as Chef and Puppet with the agentless architecture of the server orchestration engine Ansible. The presentation concludes with an automated deployment of Dynatrace into a simulated production environment.
Goodbye CLI, hello API: Leveraging network programmability in security incid...Joel W. King
Automation and Orchestration has been the purview of cloud computing and system administration, but now is increasingly important to security operations and network administration. By automating the data collection and corrective action component of incident response, significant time savings can be realized. Corrective actions often need be applied to multiple assets in the organization and automation improves consistency and time savings as well. This talk describes how security and IT orchestration can be integrated through code reuse and integration with APIs.
We demonstrate how Phantom and Ansible can be integrated to automate the incident response data collection, corrective action, and notification.
Flexible, simple deployments with OpenStack-AnsibleMajor Hayden
I gave this talk at the OpenStack Austin Meetup on June 20, 2016. The talk covers the reasons why OpenStack-Ansible exists and the value that it brings for production OpenStack deployments.
Ansible, Vagrant and Packer are tools that allow you to model production systems on your laptop. This talk was given by Bas Meijer at GOTO Amsterdam 2015. Source code at https://github.com/bbaassssiiee/vagransible
Awareness presentation on the integration of Network Operations into DevOps and using tools like Ansible and UCS director to automate network operations.
How to use Ansible to go faster when creating AWS resources, building servers, and deploying apps. This talk focuses on how AWS developers and admins can use simple Ansible scripts to rapidly create AWS resources including VPCs, security groups and instances, then configure new development and production servers, and deploy their apps. No more "snowflake servers"!
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld
VMworld 2013
Taruna Gandhi, VMware
Jeremy Hanmer, DreamHost
Funs Kessen, Schuberg Philis
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Patrick Chanezon
In two years, Docker hit the sweet spot for devs and ops, with tools for building, shipping, and running distributed apps architected as a set of collaborating microservices packaged as Linux containers. One area of the Docker ecosystem that saw a lot of innovation in the past year is container orchestration systems. This session compares and contrasts various Docker orchestration systems (Swarm, Machine, and Compose), the batteries included with Docker itself, Mesos, Kubernetes, CoreOS/Fleet, Deis, Cloud Foundry, and Tutum. It includes a demo of how to deploy a Java 8 app with MongoDB on several of these systems. The goal of the session is to give you a framework to help evaluate how these systems can meet your particular requirements.
Demo code at https://github.com/chanezon/docker-tips/blob/master/orchestration-networking/README.md
Uwe Richter, Juniper Networks
Juniper Day, Praha, 13.5.2015
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).
Those who out-compute can many times out-compete. The cloud gives you access to a massive amount of compute power when you need it. This talk will present an introduction to HPC in the cloud, including, the benefits of HPC in the cloud, how to get started, some tools to use, and how you can manage data. We will showcase several examples of HPC in the cloud by a number of public sector and commercial customers.
Created by: Dr. Jeff Layton, Principal, Solutions Architect
Daniel Firestone and Gabriel Silva's presentation from the 2017 Open Networking Summit.
SDN is at the foundation of all large scale networks in the public cloud, such as Microsoft Azure - at past ONSes, Microsoft has detailed how all of Azure's virtual networks, load balancing, and security operate on SDN. But how do we make a software network scale to an era of 40, 50, and 100 gigabit networks on servers, providing great performance to end customers with ever increasing VM and container scale and density?
In this presentation, Daniel Firestone and Gabriel Silva will detail Azure Accelerated Networking, using Azure's FPGA-based SmartNICs. They will show how using FPGAs, we can achieve the programmability of a software network with the performance of a hardware one. They will detail how this and other host SDN advances have led to huge performance increases for Linux VMs in particular, and Linux-based NFV appliances, giving Azure industry-leading network performance.
Klepsydra Streaming Distribution Optimiser (SDO):
• • • •
•
Runs on a separate computer
Executes several dry runs on the OBC
Collect statistics
Runs a genetic algorithm to find the optimal solution for latency, power or throughput
The main variable to optimise is the distribution of layers are the two dimension of the threading model.
OpenStack is an open source cloud operating system. More and more Service Provider and Enterprise customers are looking for a top-to-bottom cloud stack that is rapidly deployable, open source based and does not break the bank and this is where OpenStack shines. For more information please visit our website here: http://www.cisco.com/web/CA/index.html
AWS September Webinar Series - Visual Effects Rendering in the AWS Cloud with...Amazon Web Services
Visual effects rendering has traditionally been a time consuming, resource intensive process. As a result, content producers are moving rendering workloads to the AWS cloud to take advantage of the scalable, on-demand compute resources that can accelerate their rendering workloads.
By attending this webinar, you will learn how to create a scalable rendering infrastructure to grow your farm for any size workload, reduce overall processing time with on-demand and reserve compute instances, and move to a project based cost structure. You will also learn how to implement hybrid rendering workloads using Thinkbox dependency manager.
Learning Objectives:
How to use AWS Cloud to rapidly scale up and down rendering infrastructure to power ThinkBox Deadline software in the cloud for visual effects rendering
Who should attend:
IT administrators, rendering and visual effects professionals
I have over a thousand Powerpoint files on my laptop’s hard drive. The session examines using the MinIO Python SDK to upload and query presentation objects in the cloud. The Python libraries python-pptx, rake-nltk and Fuzzy Wuzzy are included to categorize and match keywords.
BRKEVT-2311 - Network Design and Implementation for IP Video Surveillance
This session discusses the fundamentals of deploying IP video surveillance. It provides a foundation on selecting the type of IP cameras, the placement, field of view, resolution and frame rate to address the safety and security requirements of the organization.
Introduction to GraphQL using Nautobot and Arista cEOSJoel W. King
GraphQL is a query language for APIs and has been adopted by popular web services, including GitHub, ArangoDB and Nautobot, a network automation platform. This session introduces GraphQL and demonstrates using Nautobot as a Source of Truth for managing the configuration of Arista Containerized EOS (cEOS) routers using Ansible.
Network engineers who wish to learn GraphQL for Nautobot, Ansible, and cEOS will benefit from this session. A sample code repository will be published for attendees.
One challenge for a network engineer learning the ‘tools of the trade’ for programmable networks is how to set up a development environment.
The environment must be ephemeral, consistent, and repeatable with the instructor, your teammates and your study partner.
In this session, we demonstrate how to use Visual Studio Code along with Vagrant, Docker and cloud compute environments. We will share sample configurations in GitLab and also a number of Jupyter Notebooks which can be used as study aides for the Cisco DevNet Certification exams.
Refer to RTP Programmability and Automation Meetup Group:
https://www.meetup.com/Cisco-Programmability-and-Automation-Meetup-Group/events/278002529/
As engineers embrace infrastructure-as-code, building in testing and sanity checks of the proposed changes becomes critical. Batfish is an open-source tool that does network configuration analysis. Some of the project’s capabilities include analysis of system information, routing and forwarding tables, and ACLs. Batfish is written in python and is consumable in python, but also has Ansible modules available.
Using Terraform to manage the configuration of a Cisco ACI fabric.Joel W. King
Terraform is an open-source infrastructure as code software tool created by HashiCorp. It is written in GoLang. Cisco has developed an ACI terraform provider used to interact with the Cisco APIC. Network engineers define and provision the ACI infrastructure using a declarative configuration language known as HCL, HashiCorp Configuration Language.
This session will begin with a short presentation on Terraform and how it can be used to manage resources in an ACI fabric. There is a companion GitLab repository (https://gitlab.com/joelwking/terraform_aci) which will be used as a demo environment. Attendees can download Vagrant and VirtualBox to their laptop and execute the demonstration using the Cisco DevNet Always-on ACI sandbox.
Meraki Virtual Hackathon: app for Splunk PhantomJoel W. King
The Meraki app for Splunk Phantom uses the Meraki dashboard API to locate end-user devices within one or more organizations, networks / devices, and to bind a configuration template to a specified network.
Foray into Ansible Content CollectionsJoel W. King
Overview on building and using Ansible Content Collections.
To quote - https://www.wwt.com/article/ansiblefest-2019-retrospective
Red Hat has announced Ansible Content Collections, a new packaging format for managing and consuming modules, plugins, roles, documentation and playbooks. This new package format, which leverages Ansible Galaxy, makes it easier for the community to consume this content without waiting for the next Ansible release.
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Joel W. King
This talk provides insight into how network security will evolve in the next five years; a zero-trust model enabled thorough telemetry streaming, analytics, and policy publishing, using automation to implement policy through APIs in cloud managed networks.
Enabling policy migration in the Data Center with AnsibleJoel W. King
At AnsibleFest Austin 2018, we demonstrated using Ansible to extract policy from Cisco Tetration Analytics and expose it as variables to playbooks.
The internal World Wide Technology IT department is migrating from a traditional Nexus fabric to Application Centric Infrastructure (ACI).
This talk describes how Ansible is used to migrate policy to, and automate the configuration of, the new data center fabric.
Using Tetration for application security and policy enforcement in multi-vend...Joel W. King
Network engineers increasingly must view the network as one big software system, which streams telemetry data from software sensors and network devices to an analytics engine.
To implement the whitelist-based segmentation and zero-trust policy model generated from the data analysis, automation is a requirement when dealing with tens of thousands of workloads and complex rules.
This session examines how Cisco Tetration Analytics combined with automation can be used to implement a zero-trust policy model on multi-vendor network fabrics, firewalls and application delivery controllers.
Using Ansible Tower to implement security policies and telemetry streaming fo...Joel W. King
Network analytics provides insight to the traffic flow between applications and endpoints. Telemetry data is streamed in real-time from software sensors and network devices to big-data clusters. Implementing the policy to create a whitelist-based segmentation and zero-trust model requires automation when dealing with tens of thousands of workloads and complex rules.
This session examines how Cisco Tetration Analytics provides an accurate inventory of devices, software packages and version information to detect software vulnerabilities and implement a zero-trust policy model on network fabrics, firewalls and application delivery controllers.
View IT operations as a flow of data (Sources of Truth) thru work-cells (automation processes) to deliver value to the customer.
There should be only one source of truth for every piece of configuration data.
Device configurations are poor source of truth.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
2. Agenda
• Whoami, how I got started using Ansible
• Introduction to Ansible
• Demo – Power on VMs
• Demo – Power on VMs, copy file to Linux hosts
• Application Centric Infrastructure (ACI) Integration
• Why we need automation for Software-Defined Networking (SDN)
• Ansible Modules for ACI
• Demo- Find the MAC address
• Demo- Apply ACI policy, run Docker application
• ACI workflow using Ansible, developing configuration libraries
• APIC-EM Integration (time permitting)
• Discussion – Q and A
3. whoami
• At World Wide Technology, Inc. – Enterprise SDN, NetDevOps, Programmable Networks
• Past Experience
• NetApp – Technical Solutions Architect, Digital Video Surveillance – Big Data – E-Series
• Cisco – Technical Leader - Enterprise Systems Engineering (ESE) – Cisco Validated Designs (CVDs)
• Network Architect – AMP Incorporated – LAN / WAN design for 150 location global network
• Flash cutover of AMP’s network from OSPF to EIGRP using Perl and Telnet ~ 1996
• CCIE No. 1846 (retired)
• Participated on Networking Panel at AnsibleFest NYC 2015
joel.king@wwt.com
@joel_w_king
www.slideshare.net/joelwking
github.com/joelwking/
4. How I got started with Ansible…
• Cisco Nexus switches have a variety of network programmability features.
• We had use cases with everything but Orchestration and NX-API.
• I thought installing an agent might be a pain point!
Power
On
Auto
Provisio
ning
(POAP)
Nexus 9K
NX-API
RPC / REST API
Python
Interpreter
Bash shell
Introduction
to Python
Programming
on Nexus
Switches
Nexus Data Broker
w/ REST API
NXOS ACI
Orchestration APIC
REST API
OpenFlow
Security-Defined
Routing
5. … after a little research
• Downloaded The Benefits of Agentless Architecture
• Installed Ansible on Ubuntu in Virtual Box
git clone git://github.com/ansible/ansible.git --recursive
• Found in the FAQs: ansible_connection=local
• Enabled NX-API
NEX-9396-A-TRNG-CLASS(config)# feature nxapi
NEX-9396-A-TRNG-CLASS(config)# end
NEX-9396-A-TRNG-CLASS# copy run start
[###########################] 100%
Copy complete.
• Wrote an Ansible module for NX-API !
NX-API Developer Sandbox
6. Introduction to Ansible
• Ansible uses
SSH instead of
agents.
• Python
modules run
locally or on
target systems
SIMPLE AGENTLESS POWERFUL
• Deploy
applications
• Configuration
management
• Network
provisioning
• Playbooks are
both human
and machine
readable.
• Large library of
modules.
7. Pushed Based
• Chef and Puppet are “pull-based”
• The agent on the server periodically checks with the central server for configuration
information. (Chef agent by default checks with Chef server every 30 minutes)
• Chef uses a “convergent” model of configuration. As changes propagate through the
nodes, the network as a whole converges to the desired configuration state.
• Ansible is “push-based”
• You run the playbook,
• Ansible modules connect to the target servers and executes the modules
• Push based approach - you control when the changes are made on the server!
• No need to wait for a timer to fire.
Source: Ansible Up & Running & www.chef.io/solutions/configuration-management/
8. Lexicon
• Inventory A file grouping host names and (optionally) variables.
• Playbooks A design plan of tasks to act on one or more hosts.
• YAML Markup language, more human readable than XML / JSON.
• Facts Variables describing the target system.
• Tasks An activity to be carried out, e.g. install package, configure interface.
• Modules Python code to implement tasks.
• Idempotent Producing the same results if executed once or multiple times.
• Jinja2 Templating language converting templates to configuration files
9. Ansible and the Cisco Network
SSH – TCP/22
Users, API
NTP – UDP / 123
HTTP(s) TCP/80:443:22
HTTP(s) TCP/80:443
SSH – TCP/22
GitHub
HTTPS TCP/443
LDAP – TCP / 389
ESX
Server
Windows
Systems
Linux
DockerAmazon
Web Services
Agentless
Ansible / Tower
REST API
connection: local
feature nx-api
Nexus 3000 | 9000
CentOS
Nexus 9000
ACI
github.com/joelwking/
PARAMIKO
APIC-EM
Cisco IOS
• Provides “tool based” abstraction
• Low barrier to entry
• User written modules
• Common framework to manage
controllers and individual devices
10. $ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13)
>>> import yaml
>>> playbook = yaml.load(open("add_local_user.yml", "r"))
>>> print playbook[0]["tasks"][0]["name"]
Add local user
What is YAML?
• YAML ( rhymes with camel) is a data
serialization format.
• Designed to be human and machine
readable.
• Ansible playbooks are YAML format
• Syntax is designed to be mapped to
data types in programming languages:
lists,
associative array (Python dictionaries),
and scalar variables.
11. Use Case: Power On
• ESXi hosts on ACI Demo
Fabric were power cycled.
• VMs for ACI Tenant were in
power-down state following
reboot.
• Run playbook to power-up
my demo VMs, rather than
use vSphere Client
$ cat power_up_vms.yml
---
- hosts: 127.0.0.1
connection: local
user: administrator
sudo: false
gather_facts: false
vars:
vmware_guest_facts: yes
joelking:
- X-DOCKER-CLIENT
- X-DOCKER-SERVER-1
- X-DOCKER-SERVER-2
- X-A10-vThunder
tasks:
- name: Power UP
vsphere_guest:
vcenter_hostname: 10.255.40.128
username: administrator@vsphere.local
password: **foo**
guest: "{{item}}"
state: powered_on
esxi:
datacenter: "ACI Demo DC"
hostname: 10.255.138.168
with_items: joelking
13. Use Case: Copy File to VMs
• Modify playbook to list VM names
and Ubuntu hosts in Inventory file
• Items under group
[virtual_machines[] are VM names
not DNS names
• Items under group
[Ubuntu]
• X-A10-vThunder is a virtual
appliance, not a Ubuntu host
• When running a play, the values
are referenced by variable
{{inventory_hostname}}
$ cat hosts
#
[aci]
aci-demo.sandbox.wwtatc.local ansible_connection=local
ansible_ssh_user=kingjoe admin_uid=netdeploy
#
#
[server]
scp-server.sandbox.wwtatc.local ansible_ssh_user=administrator
#
[virtual_machines]
X-DOCKER-CLIENT
X-DOCKER-SERVER-1
X-DOCKER-SERVER-2
X-A10-vThunder
[Ubuntu]
X-DOCKER-CLIENT.sandbox.wwtatc.local
X-DOCKER-SERVER-1.sandbox.wwtatc.local
X-DOCKER-SERVER-2.sandbox.wwtatc.local
14. Use Case: Copy File to VMs (continued)
$ cat power_up_vms.yml
---
- hosts: virtual_machines
connection: local
user: kingjoe
sudo: false
gather_facts: false
vars:
vmware_guest_facts: yes
vars_prompt:
- name: "vCenter_password"
prompt: "Enter vCenter password"
private: yes
tasks:
- name: Power UP my VMs
vsphere_guest:
vcenter_hostname: 10.255.40.128
username: administrator@vsphere.local
password: "{{vCenter_password}}"
guest: "{{inventory_hostname}}"
state: powered_on
esxi:
datacenter: "ACI Demo DC"
hostname: 10.255.138.168
- hosts: Ubuntu
user: administrator
vars:
MY_directory: "/tmp/ansible"
tasks:
- name: Create directory
file: dest={{MY_directory}} state=directory mode=0755
- name: Download a file to the directory
get_url: url=http://docs.ansible.com/ansible/modules.html
dest={{MY_directory}} mode=0666 validate_certs=no
$ ansible-playbook -i hosts power_up_vms.yml --ask-pass
Note: this is an example of running modules locally and on remote
systems from the same playbook
continued
15. Demo:
Modify Power On virtual machines
playbook to use inventory file,
Copy file to Linux hosts
16. Ansible Tower
Ansible Enterprise Automation
Simple. Agentless. Powerful.
Control. Security. Delegation.
/ Uses OpenSSH
/ No extra code to manage
/ Ready for cloud-scale
/ Uses YAML for playbooks
/ No special coding skills needed
/ Fast learning curve
/ App deployment
/ Orchestration
/ Configuration management
/ Role-Based Access Control
/ Delegation of credentials/keys
/ Audit trail for automation
/ Centralized job runs
/ Job scheduling
/ Automation dashboard
/ Push-button job execution
/ Portal mode for delegation
/ REST API for integration
Ansible
Open Source
Ansible
Tower
17. PUSH-BUTTON LAUNCH
Launch automation jobs with a
button
ACCESS CONTROL
Role-based access
control & LDAP
integration DELEGATION OF
CREDENTIALS
Delegate credentials
without giving away
secrets
SCHEDULING
Schedule
automation jobs
(great for
periodic
remediation)
INVENTORY MANAGEMENT
Graphically manage your internal
& cloud resources
API & CLI
Documented RESTful
API and Tower CLI to
integrate Tower into your
tools
AUDITING
See a full Ansible job
history with drill-in details
ANSIBLE TOWER
The best way to run Ansible in your organization.
21. Cisco Nexus Data Center Switching
• If you are looking to Cisco for a Data Center switch, it will be a Nexus 9000.
• Nexus 9000 runs in either of two modes:
• NX-OS
• Application Centric Infrastructure – ACI
• Networks need Automation & Programmability.
• NX-API enables a northbound REST interface on individual NX-OS switches
• Nexus 3000 NX-API supported NX-OS 6.0(2)U4(1).
• NX-OS release 7.x enables NX-API on Cisco Nexus 5000 and 6000
• APIC is the Software Defined Networking controller for ACI
• Ansible | Tower can be your automation engine.
22. Why do I need automation with ACI?
• Using the ACI GUI is time consuming and prone to human error.
• WWT Integration Technology Center
(ITC) is the hub of our
global deployments and
supply chain programs.
• Customers use the ITC to
stage their data center
infrastructure prior to
deployment.
23. Cisco Application-Centric Infrastructure (ACI)
• A data center fabric with three components:
• Nexus 9000 Series Switches and the Cisco Application Virtual Switch (AVS)
• SDN architecture based on a policy framework for configuration, management, security
• Cisco Application Policy Infrastructure Controllers (APIC)
• Nexus switches in the fabric are plug-n-play.
• All functions of the controller
are exposed via REST APIs.
• The Web GUI designed for
initial configuration, a
tool for automation. Cisco APIC Python SDK
(“cobra”)
CLI admin@apic1:aci>
24. Ansible and Nexus Switches
• Nexus 9K switches run either ACI
mode or NX-OS mode.
• Enhancements to NX-OS
including feature nx-api in
Nexus 3K, 7K, 5K, etc.
• NX-API provide HTTP based APIs
for configuration management –
XML or JSON
• Application Policy Infrastructure
Controller – APIC is an
SDNcontroller managing Nexus
9K in ACI mode.
• Servers, applications, and
network can be managed in a
single playbook.
SSH – TCP/22
Users, API
NTP – UDP / 123
HTTP(s) TCP/80:443
HTTP(s) TCP/80:443
SSH – TCP/22
GitHub
HTTPS TCP/443
LDAP – TCP / 389
ESX
Server
Windows
Systems
Linux
Docker
Agentless
Ansible / Tower
REST API
connection: local
feature nx-api
Nexus 3000 | 9000
CentOS
Nexus 9000
25. Ansible ACI Modules
• aci_gather_facts.py
• Gather Facts using Class or
Managed Object Queries
• https://youtu.be/Ec_ArXjgryo
• aci_install_config.py
• Configures the fabric via
ACI controller (APIC) northbound
REST API interface.
• https://youtu.be/PGBYIxEsqU8
• This module issues POST of XML,
the APIC will create or update object as required.
• Deletions implemented by including status="deleted“ in the XML
APIC
26. Gathering Facts: Types of Queries
• Managed Objects (MO) are abstract representations of physical / logical entity.
• Contain a set of configurations and properties.
• Organized in a tree structure called the Management Information Tree.
get /api/mo/uni/tn-ACME.jsonget /api/class/fvTenant.json
tn-mgmt tn-ACMEtn-infra tn-mgmt tn-ACMEtn-infra
Object-level queryClass-level query
27. Managed Object Query
• Managed Object Queries and Class Queries are handled by the same module,
aci_gather_facts.py
• The difference is the URI specified as argument to the module,
• In either case, the answer set is a list of objects, typically the Class Query will have
more than one element in the list.
• If the REST call is successful, but the results are null, the list is empty.
• Example playbook for Managed Object query:
https://github.com/joelwking/ansible-aci/blob/master/aci_mo_example.yml
28. Class Query: Find MAC address given IP
fvCEp A client endpoint attaching to the network.
./bin/ansible-playbook find_macaddress.yml
---
# https://github.com/joelwking/ansible-aci/blob/master/find-macaddress.yml
- name: Ansible ACI Demo of gathering facts using a class query
hosts: prod-01
connection: local
gather_facts: no
vars:
IPaddr: 198.51.100.4
tasks:
- name: Find the MAC address given an IP address
aci_gather_facts:
queryfilter: 'eq(fvCEp.ip, "{{IPaddr}}")'
URI: /api/class/fvCEp.json
host: "{{hostname}}"
username: admin
password: "{{password}}"
- name: use msg format
debug: msg=" ManagementIP {{ fvCEp[0].ip }} mac {{ fvCEp[0].mac }} encap {{ fvCEp[0].encap
}} "
TASK: [use msg format]
*****************************************
ok: [prod-01] => {
"msg": " ManagementIP 198.51.100.4
mac 00:50:56:B6:1C:CC encap vlan-2142 "
}
Filter results based on ip address specified
Can anyone tell me the flaw in this logic?
29. Importing Playbook into Tower
• Logon Tower
• Create directory /var/lib/awx/projects/find-macaddress
• Copy the contents of the playbook
into a file in the directory,
e.g. find-macaddress.yml
• I commented out the variable,
IPaddr, Tower will prompt.
• Create a project,
• Create a job template,
• Run job template.
31. Install ACI Configuration
• Ansible module aci_install_config.py
• Configures the fabric via
ACI controller (APIC) northbound
REST API interface.
• Reads the XML file specified as an argument
• Authenticates with the APIC
• Issues HTTP Post with the URL specified.
• Key Point
• Gather Facts provided the MAC and ‘dn’ based
on a Tenant and IP address
• Now we can programmatically build a
troubleshooting policy and load into tenant.
• By automating the creation of monitoring
and troubleshooting policies, we save time.
32. • Tower initiates Python modules
to apply policy to tenant in ACI
fabric.
• Tower initiates Python application
installed in Docker container
on client machine.
Ansible Tower – Apply ACI policy and run Docker app
x-docker-client
x-docker-server-1
.10
.1
.1
.10
192.0.2.0 / 24
TEST-NET-1
198.51.100.0 / 24
TEST-NET-2
Bridge Domain
TEST-NET-2
Bridge Domain
TEST-NET-1
management network
policy
app
33. Demo: Apply ACI policy, run Docker app
https://youtu.be/t03ty5Y295U?t=1m49s
35. Using Playbooks to Organize your Workflow
• While developing ACI configurations, I found myself
using Ansible Playbooks
to organize my work.
• The total configuration is broken into distinct,
verified steps.
• The configuration snippits can be shared among
engineers as ACI ‘best practice’ configs.
• Repository on WWT’s GitHub Enterprise server
atc-ops / aci-config-templates
36. Configure via the GUI
configure
Verify |
test
Save XML
Incorporate
into
playbook
automate
37. Verify and Test the configuration
configure
Verify |
test
Save XML
Incorporate
into
playbook
automate
38. Save the config snippet as XML
<fvTenant>
<traceroutepTrEp adminSt="start" descr="traceroute policy for client to server 10"
dn="uni/tn-A10_DEMO/trEp-CLIENT_SERVER10" name="CLIENT_SERVER10" ownerKey="" ownerTag="" payloadSz="56">
<traceroutepRsTrEpSrc tDn="uni/tn-A10_DEMO/ap-SMALL_SERVERS/epg-CLIENT/cep-00:50:56:9A:79:5C"/>
<traceroutepRsTrEpDst tDn="uni/tn-A10_DEMO/ap-SMALL_SERVERS/epg-SERVER/cep-00:50:56:9A:6A:03"/>
</traceroutepTrEp>
</fvTenant>
configure
Verify |
test
Save XML
Incorporate
into
playbook
automate
39. Incorporate into Playbook
---
- name: Deploy Tenant for A10 ADC
hosts: prod-01
connection: local
gather_facts: no
vars:
local_path: /home/administrator/ansible/CFGS
fvTenant: A10_DEMO
L4L7: vnsLDevVip_A10.xml
tasks:
- name: Loop through the variables to deploy the tenant
aci_install_config:
xml_file: "{{ local_path }}/{{ item }}"
URI: "/api/mo/uni/tn-{{fvTenant}}.xml"
host: "{{hostname}}"
username: admin
password: "{{password}}"
with_items:
- fvTenant_A10_DEMO.xml # Create Tenant
- vzFilter_A10_TCP_SMALL_SERVERS.xml # Create Filter
- vzBrCP_A10_CONTRACT_SUBJ.xml # Create Contract and Subject
- fvCtx_A10_DEMO.xml # Create Pritx_A10_DEMO.xml
- fvBD_A10_BRIDGE_DOMAIN.xml # Create Bridge Domains
- fvAP_A10_APP.xml # Create Application EPGs
- traceroutepTrEp_A10_clientserver.xml # Create traceroute policy
- "{{ L4L7 }}" # Create L4-L7 Services
configure
Verify |
test
Save XML
Incorporate
into
playbook
automate
41. Configuration Libraries
• ACI needs a library of ‘best practice’ configurations.
• Network engineers create configurations using
the APIC GUI.
• Configurations are tested, verified and then saved
in XML.
• The configuration snippets are organized into a
playbook.
• Only the with_items loop needs be changed in the
playbook.
• XML files can be converted into templates.
• Playbooks, XML and Templates stored in Git Repo.
42. Key Take-away
• Networks are evolving from individual devices to the SDN paradigm
of a single fabric under a central controller.
• Cisco ACI is an SDN implementation which abstracts the network devices,
the fabric is plug-n-play, provides central management and visibility.
• The GUI on top of an SDN controller isn't sufficient and we will still need automation
• Eliminate the hands in operations -
• No keyboard errors,
• No incomplete configurations,
• Build libraries of ‘best practice’ configurations.
• Network Engineers can use Ansible to automate Nexus switches to more closely align with
DevOps.
44. Synergy
Ansible
• Ansible is an open source
automation tool.
• Designed to be easy for anyone to
understand and learn.
• Written module to apply
configuration changes to Cisco IOS
devices
• Requires an inventory file to
identify target routers and switches
to apply a baseline configuration.
Cisco APIC-EM
• APIC-EM is a SDN controller for
legacy LAN/WAN devices.
• Single source of truth.
• Provides inventory to Ansible by
discovery of Cisco IOS devices in
the network.
WWT
• Python module to integrate the
two applications.
45. Understanding the Network
• You can’t automate what you don’t understand!
• Discovery based on
• CDP
• IP address ranges
• Imitated either via GUI
or REST API
• Discovered Devices
46. “you used the northbound API, put two disparate pieces of technology together and made
them work better than they can individually.”
Phil Casini, Director Product Management for Cisco’s LAN/WAN SDN controller APIC EM.
Advanced Technology Center (ATC)
Using APIC-EM as the single source of truth.
47. Playbook
Tasks
1. apic_em_gather_facts
Query the APIC-EM controller
for a list of discovered
devices.
2. cisco_ios_install_config
Updates running config of
discovered devices.
---
- name: Integration of APIC-EM with Ansible
hosts: 127.0.0.1
connection: local
gather_facts: no
vars:
ansible_ssh_user: administrator
enablepw: xxxxx
password: xxxxx
tasks:
- name: Use APIC-EM controller to return a list of discovered devices
apic_em_gather_facts:
host: 10.255.40.125
username: bob
password: xxxxxx
- name: Install the configuration file
cisco_ios_install_config:
URI: ftp://ftpuser:xxxxx@10.255.40.101/sdn/lab_config_files/ios_config.cfg
host: "{{ item }}"
username: admin
enablepw: "{{ enablepw }}"
password: "{{ password }}"
debug: off
with_items: mgmtIp
github.com/joelwking/ansible-apic-em
github.com/joelwking/ansible-ios
48. !
!
ip name-server vrf management 8.8.8.8
!
ip http server
ip http secure-server
!
ip access-list extended ACL-AGENT-REDIRECT
remark explicitly prevent DNS from being redirected to address a bug
deny udp any any eq domain
remark redirect HTTP traffic only
permit tcp any any eq www
remark all other traffic will be implicitly denied from the redirection
ip access-list extended ACL-ALLOW
permit ip any any
!
ip access-list extended ACL-DEFAULT
remark DHCP
permit udp any eq bootpc any eq bootps
permit udp any any eq domain
remark Ping
permit icmp any any
remark PXE / TFTP
permit udp any any eq tftp
deny ip any any log
!
end
Execute the Playbook in Ansible Tower
mgmtIp
50. Thanks to our sponsors
www.slideshare.net/joelwking
Slides are available at:
51. "It is no longer about writing 300,000 lines of code. It is about writing as little code as possible to get
that rapid speed.“
Tim Vanderham, the head of development for IBM Bluemix and IBM Cloud Marketplace.
searchsoa.techtarget.com/feature/Cultivating-the-API-Economy
Cultivating the API Economy
Roles to allow you to break up configuration into more modular steps.
Jinja2 is a full featured template engine for Python.
http://en.wikipedia.org/wiki/Idempotence
Controllers attach to leaf switches
Python API provides a Python programming interface to the underlying REST API
http://cobra.readthedocs.org/en/latest/index.html#
Class fvCEp A client endpoint attaching to the network.
administrator@api:~/apic/wwt/bin$ python api-tool.py fvCEp | grep A10
dn= uni/tn-A10_DEMO/ap-SMALL_SERVERS/epg-SERVER/cep-00:50:56:B6:1C:CC 0 children
dn= uni/tn-A10_DEMO/ap-SMALL_SERVERS/epg-CLIENT/cep-00:50:56:B6:03:3B 0 children
dn= uni/tn-A10_DEMO/ap-SMALL_SERVERS/epg-CLIENT/cep-00:50:56:9A:79:5C 0 children
dn= uni/tn-A10_DEMO/ap-SMALL_SERVERS/epg-SERVER/cep-00:50:56:9A:6A:03 0 children
dn= uni/tn-A10_DEMO/ap-SMALL_SERVERS/epg-SERVER/cep-00:50:56:9A:66:1D 0 children
administrator@api:~/apic/wwt/bin$
From the last exercise, we determined the application profile, Endpoint Group and MAC address from an IP address,
Here we are using this information to build a traceroute policy for the Tenant.