Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AnsibleではじめるNW設定の自動化について - Cisco(VIRL)編 -

2,183 views

Published on

2018年10月の#ssmjp
~Ansibleを語る会~

Published in: Technology
  • Be the first to comment

AnsibleではじめるNW設定の自動化について - Cisco(VIRL)編 -

  1. 1. Ansibleではじめる
 NW設定の自動化について - Cisco(VIRL)編 - 2018/10/12 1
  2. 2. - 非ネットワークエンジニア:
 - サーバ・インフラ/アプリケーション側の人 - お仕事柄、NW関係に携わることが多い: - NWの構成管理,自動設定, SDN etc.. - NW技術が好き - 最近のつらみ: Java有償化 https://www.facebook.com/yasuyuki.sugai よろしくお願いしまーす ※この資料の内容は、 個人の見解です 自己紹介 菅井 康之 2
  3. 3. 
 
 ・副題 ・VIRLすごいよ! V・I・R・L! V・I・R・L! ・余談 ・ngrokまぢ便利 3
  4. 4. 4 https://www.slideshare.net/akira6592/ansiblesvnwautomation20181012ssmjp-119201162 
 

  5. 5. 
 
 5 重くてとても持ってこれません。。。
  6. 6. 6 
 
 
 自動化業務する人におすすめ!!
  7. 7. 
 7
  8. 8. 
 8
  9. 9. 
 
 9
  10. 10. 
 10
  11. 11. 
 
 
 
 11 下手するとNW機器買わずにVIRLだけで
 本番のNW組めちゃうけど、それはやっちゃダメ
  12. 12. 
 12
  13. 13. 
 
 
 
 13 下手するとNW機器買わずに(ry https://learningnetwork.cisco.com/docs/DOC-30476
  14. 14. 
 14
  15. 15. 
 
 
 
 15 http://archive.virl.info/virl.cluster.php 下手すると(ry
  16. 16. 今日はAnsibleの話をしないといけないので、 一旦ここまで・・・
  17. 17. 18
  18. 18. 19 えっ・・・、私のMacBookAir スペック低すぎ!?
  19. 19. 20
  20. 20. 21 
 

  21. 21. 22
  22. 22. 23 https://ngrok.com/product セキュリティには 十分留意ください 見られても良いやつだけ
  23. 23. 25 VIRL-NW 172.16.1.0/16 WORK-NW 10.102.0.0/22 my-pc internet VIRL VM 172.16.1.250 10.102.3.125 10.102.2.193 static なぜか/22なのは、うちのマンションの仕様です。。。
  24. 24. 26 全部VIRLの上に載っけています
  25. 25. 27
  26. 26. 28
  27. 27. 29 vlan10 vlan20 vlan10 vlan20
  28. 28. 30
  29. 29. switch# configure terminal switch(config)# hostname core-sw core-sw(config)# no feature ssh core-sw(config)# ssh key rsa 1024 core-sw(config)# feature ssh core-sw(config)# vrf context management core-sw(config-vrf)# ip route 0.0.0.0/0 172.16.1.250 core-sw(config-vrf)# exit core-sw(config)# interface mgmt0 core-sw(config-if)# ip address 172.16.1.200/16 core-sw(config-if)# no shutdown core-sw(config-if)# end core-sw# copy running-config startup-config 
  30. 30. Switch>enable Switch#configure terminal Switch(config)#enable secret cisco Switch(config)#hostname edge-sw-a edge-sw-a(config)#username cisco password cisco edge-sw-a(config)#ip domain-name sugawi.jp edge-sw-a(config)#crypto key generate rsa How many bits in the modulus [512]: 1024 edge-sw-a(config)#ip ssh version 2 edge-sw-a(config)#line vty 0 4 edge-sw-a(config-line)#transport input telnet ssh edge-sw-a(config-line)#login local edge-sw-a(config-line)#exit edge-sw-a(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.250 edge-sw-a(config)#interface Vlan1 edge-sw-a(config-if)#ip address 172.16.1.210 255.255.0.0 edge-sw-a(config-if)#no shutdown edge-sw-a(config-if)#end edge-sw-a#write memory
  31. 31. 33 172.16.1.200 core-sw 172.16.1.210 edge-sw-a 172.16.1.220 edge-sw-b 172.16.1.230 edge-sw-c 172.16.1.110 server-1 172.16.1.120 server-2 172.16.1.130 server-3 172.16.1.140 server-4
  32. 32. 34 fatal: [172.16.1.30]: FAILED! => {"msg": "paramiko: The authenticity of host 'XXXX' can't be established.nThe ssh-rsa key fingerprint is XXXX."}
  33. 33. 35 [edge-sw_ios] edge-sw-a edge-sw-b edge-sw-c [core-sw_nxos] core-sw [edge-sw_ios:vars] ansible_connection=network_cli ansible_network_os=ios ansible_user=cisco ansible_ssh_pass=cisco ansible_become=yes ansible_become_method=enable ansible_become_pass=cisco [core-sw_nxos:vars] ansible_connection=network_cli ansible_network_os=nxos ansible_user=admin ansible_ssh_pass=admin ansible_become=no
  34. 34. 36 

  35. 35. 37 https://docs.ansible.com/ansible/2.6/modules/
  36. 36. 38
  37. 37. 39 https://docs.ansible.com/ansible/2.6/modules/nxos_vlan_module.html - hosts: core-sw_nxos tasks: - name: Create vlan nxos_vlan: vlan_id: 120 name: test-vlan state: present
  38. 38. 40 $ ansible-playbook -i inventory vlan_for_nxos.yml -vvv PLAYBOOK: vlan_for_nxos.yml ************ 1 plays in vlan_for_nxos.yml PLAY [core-sw_nxos] ******************** TASK [Gathering Facts] ***************** ok: [core-sw] TASK [Create vlan] ********************* changed: [core-sw] => { "changed": true, "commands": [ "vlan 120", "name test-vlan", "state active", "no shutdown", "exit" ], PLAY RECAP ***************************** core-sw : ok=2 changed=1 unreachable=0 failed=0
  39. 39. 41 core-sw# show running-config : vlan 1,120 vlan 120 name test-vlan : $ ansible-playbook -i inventory vlan_for_nxos.yml -vvv PLAY RECAP ******************************************************************** core-sw : ok=2 changed=0 unreachable=0 failed=0
  40. 40. 42
  41. 41. 43 
 

  42. 42. 44 - hosts: core-sw_nxos tasks: - name: Create vlan v2 nxos_vlan: vlan_id: 130 name: test-vlan2 interfaces: - Ethernet3/1 state: present core-sw# show running-config : interface Ethernet3/1 shutdown no switchport mac-address 0000.0000.002f :
  43. 43. 45 $ ansible-playbook -i inventory vlan_for_nxos_v2.yml -vvv PLAYBOOK: vlan_for_nxos_v2.yml **************************************** 1 plays in vlan_for_nxos_v2.yml PLAY [core-sw_nxos] *************************************************** TASK [Gathering Facts] ************************************************ ok: [core-sw] TASK [Create vlan v2] ************************************************* changed: [core-sw] => { "changed": true, "commands": [ "vlan 130", "name test-vlan2", "state active", "no shutdown", "exit", "interface Ethernet3/1", "switchport", "switchport mode access", "switchport access vlan 130" ], PLAY RECAP ************************************************************ core-sw : ok=2 changed=1 unreachable=0 failed=0
  44. 44. 46 core-sw# show running-config : vlan 1,120,130 vlan 120 name test-vlan vlan 130 name test-vlan2 : interface Ethernet3/1 shutdown switchport switchport access vlan 130 :
  45. 45. 47 https://docs.ansible.com/ansible/2.6/modules/nxos_l2_interface_module.html - hosts: core-sw_nxos tasks: - name: mode to tagged port nxos_l2_interface: name: Ethernet3/2 mode: trunk trunk_allowed_vlans: 130
  46. 46. 48 $ ansible-playbook -i inventory l2port_for_nxos.yml -vvv PLAYBOOK: l2port_for_nxos.yml ************************************ 1 plays in l2port_for_nxos.yml PLAY [core-sw_nxos] ********************************************** TASK [Gathering Facts] ******************************************* ok: [core-sw] TASK [mode to tagged port] *************************************** fatal: [core-sw]: FAILED! => { "changed": false, "msg": "Ensure interface is configured to be a L2nport first before using this module. You can usenthe nxos_interface module for this." } PLAY RECAP ******************************************************* core-sw : ok=1 changed=0 unreachable=0 failed=1
  47. 47. 49 - hosts: core-sw_nxos tasks: - name: mode to layer2 nxos_interface: name: Ethernet3/2 mode: layer2 - name: mode to tagged port nxos_l2_interface: name: Ethernet3/2 mode: trunk trunk_allowed_vlans: 130 core-sw# show running-config : interface Ethernet3/2 shutdown no switchport mac-address 0000.0000.002f : 

  48. 48. 50 $ ansible-playbook -i inventory l2port_for_nxos_v2.yml -vvv PLAYBOOK: l2port_for_nxos_v2.yml ***************************************************** 1 plays in l2port_for_nxos_v2.yml PLAY [core-sw_nxos] ****************************************************************** TASK [Gathering Facts] *************************************************************** ok: [core-sw] TASK [mode to layer2] **************************************************************** changed: [core-sw] => { "changed": true, "commands": [ "interface Ethernet3/2", "switchport", "no shutdown", "interface Ethernet3/2", "no shutdown" ], TASK [mode to tagged port] *********************************************************** changed: [core-sw] => { "changed": true, "commands": [ "interface ethernet3/2", "switchport mode trunk", "switchport trunk allowed vlan 130" ], PLAY RECAP *************************************************************************** core-sw : ok=3 changed=2 unreachable=0 failed=0
  49. 49. 51 core-sw# show running-config : interface Ethernet3/2 switchport switchport mode trunk switchport trunk allowed vlan 130 no shutdown : PLAY RECAP ********************************************************************* core-sw : ok=3 changed=0 unreachable=0 failed=0
  50. 50. 52
  51. 51. 53 https://docs.ansible.com/ansible/2.6/modules/ios_vlan_module.html - hosts: edge-sw_ios tasks: - name: Create vlan ios_vlan: vlan_id: 120 name: test-vlan interfaces: - GigabitEthernet0/4 state: present
  52. 52. 54 $ ansible-playbook -i inventory vlan_for_ios.yml -vvv PLAYBOOK: vlan_for_ios.yml ********************************************** 1 plays in vlan_for_ios.yml PLAY [edge-sw_ios] ****************************************************** TASK [Gathering Facts] ************************************************** ok: [edge-sw-a] TASK [Create vlan] ****************************************************** changed: [edge-sw-a] => { "changed": true, "commands": [ "vlan 120", "name test-vlan", "interface GigabitEthernet0/4", "switchport mode access", "switchport access vlan 120" ], PLAY RECAP ************************************************************** edge-sw-a : ok=2 changed=1 unreachable=0 failed=0
  53. 53. 55 edge-sw-a#show running-config : interface GigabitEthernet0/4 switchport access vlan 120 switchport mode access media-type rj45 negotiation auto : PLAY RECAP ************************************************************* edge-sw-a : ok=2 changed=0 unreachable=0 failed=0 interface GigabitEthernet0/4 media-type rj45 negotiation auto
  54. 54. 56
  55. 55. 57 https://docs.ansible.com/ansible/2.6/modules/ios_l2_interface_module.html - hosts: edge-sw_ios tasks: - name: mode to tagged port ios_l2_interface: name: GigabitEthernet0/5 mode: trunk trunk_allowed_vlans: 120
  56. 56. 58 $ ansible-playbook -i inventory l2port_for_ios.yml -vvv PLAYBOOK: l2port_for_ios.yml ***************************************************** 1 plays in l2port_for_ios.yml PLAY [edge-sw_ios] *************************************************************** TASK [Gathering Facts] *********************************************************** ok: [edge-sw-a] TASK [mode to tagged port] ******************************************************* changed: [edge-sw-a] => { "changed": true, "commands": [ "interface gigabitethernet0/5", "switchport mode trunk", "switchport trunk allowed vlan 120" ], PLAY RECAP *********************************************************************** edge-sw-a : ok=2 changed=1 unreachable=0 failed=0
  57. 57. 59 edge-sw-a#show running-config : interface GigabitEthernet0/5 switchport trunk allowed vlan 120 media-type rj45 negotiation auto :
  58. 58. 60 - hosts: edge-sw_ios tasks: - name: encapsulation dot1q ios_config: lines: - switchport trunk encapsulation dot1q parents: interface GigabitEthernet0/5 - name: mode to tagged port ios_l2_interface: name: GigabitEthernet0/5 mode: trunk trunk_allowed_vlans: 120
  59. 59. 61 $ ansible-playbook -i inventory l2port_for_ios_v2.yml -vvv PLAYBOOK: l2port_for_ios_v2.yml ********************************************* 1 plays in l2port_for_ios_v2.yml PLAY [edge-sw_ios] ********************************************************** TASK [Gathering Facts] ****************************************************** ok: [edge-sw-a] TASK [encapsulation dot1q] ************************************************** changed: [edge-sw-a] => { "changed": true, "commands": [ "interface GigabitEthernet0/5", "switchport trunk encapsulation dot1q" ], TASK [mode to tagged port] ************************************************* changed: [edge-sw-a] => { "changed": true, "commands": [ "interface gigabitethernet0/5", "switchport mode trunk" ], PLAY RECAP ***************************************************************** edge-sw-a : ok=3 changed=2 unreachable=0 failed=0
  60. 60. 62 edge-sw-a#show running-config : interface GigabitEthernet0/5 switchport trunk allowed vlan 120 switchport trunk encapsulation dot1q switchport mode trunk media-type rj45 negotiation auto :
  61. 61. 63 PLAY RECAP ****************************************************************** edge-sw-a : ok=3 changed=0 unreachable=0 failed=0
  62. 62. 64 https://qiita.com/akira6592/items/92e6efc478978eb41eac
  63. 63. 
 
 65
  64. 64. 66
  65. 65. 67 vlan10 vlan20 vlan10 vlan20
  66. 66. 
 
 68 
 
 
 もちろんワンタイム的な使い方もあると思っています
  67. 67. 69  一般的なPlaybookの構成ではなく、 最低限のファイルだけ置いてあります
  68. 68. 70 [edge-sw_ios] edge-sw-a edge-sw-b edge-sw-c [core-sw_nxos] core-sw [edge-sw_ios:vars] ansible_connection=network_cli ansible_network_os=ios ansible_user=cisco ansible_ssh_pass=cisco ansible_become=yes ansible_become_method=enable ansible_become_pass=cisco [core-sw_nxos:vars] ansible_connection=network_cli ansible_network_os=nxos ansible_user=admin ansible_ssh_pass=admin ansible_become=no
  69. 69. 71 

  70. 70. 72 

  71. 71. 73
  72. 72. 74 

  73. 73. 75 

  74. 74. 76 
 

  75. 75. 77
  76. 76. 78 $ ansible-playbook -i inventory add_edge_for_edge_sw.yml PLAY [configuration add edge-sw for edge-sw] *********************************************************************************************************************************** TASK [Gathering Facts] ****************************************************************************************************************************************************** ok: [edge-sw-a] ok: [edge-sw-b] ok: [edge-sw-c] TASK [Create dummy vlan] ******************************************************************************************************************************************************* changed: [edge-sw-a] changed: [edge-sw-b] changed: [edge-sw-c] TASK [upport initialize] ******************************************************************************************************************************************************* changed: [edge-sw-a] changed: [edge-sw-b] changed: [edge-sw-c] TASK [upport mode to tagged port] ********************************************************************************************************************************************** changed: [edge-sw-a] changed: [edge-sw-b] changed: [edge-sw-c] PLAY RECAP ******************************************************************************************************************************************************* ************** edge-sw-a : ok=4 changed=3 unreachable=0 failed=0 edge-sw-b : ok=4 changed=3 unreachable=0 failed=0 edge-sw-c : ok=4 changed=3 unreachable=0 failed=0
  77. 77. 79 $ ansible-playbook -i inventory add_edge_for_edge_sw.yml PLAY [configuration add edge-sw for edge-sw] *********************************************************************************************************************************** TASK [Gathering Facts] ****************************************************************************************************************************************************** ok: [edge-sw-a] ok: [edge-sw-b] ok: [edge-sw-c] TASK [Create dummy vlan] ******************************************************************************************************************************************************* ok: [edge-sw-a] ok: [edge-sw-b] ok: [edge-sw-c] TASK [upport initialize] ******************************************************************************************************************************************************* ok: [edge-sw-a] ok: [edge-sw-b] ok: [edge-sw-c] TASK [upport mode to tagged port] ********************************************************************************************************************************************** ok: [edge-sw-a] ok: [edge-sw-b] ok: [edge-sw-c] PLAY RECAP ******************************************************************************************************************************************************* ************** edge-sw-a : ok=4 changed=0 unreachable=0 failed=0 edge-sw-b : ok=4 changed=0 unreachable=0 failed=0 edge-sw-c : ok=4 changed=0 unreachable=0 failed=0 冪等性確認
  78. 78. 80 $ ansible-playbook -i inventory add_edge_for_core-sw.yml PLAY [configuration add edge-sw for core-sw] ****************************************************************************************************************** TASK [Gathering Facts] ****************************************************************************************************************** ok: [core-sw] TASK [Create dummy vlan] ****************************************************************************************************************** changed: [core-sw] TASK [downport mode to layer2] ****************************************************************************************************************** changed: [core-sw] PLAY RECAP ****************************************************************************************************************** core-sw : ok=3 changed=2 unreachable=0 failed=0
  79. 79. 81 $ ansible-playbook -i inventory add_edge_for_core-sw.yml PLAY [configuration add edge-sw for core-sw] ****************************************************************************************************************** TASK [Gathering Facts] ****************************************************************************************************************** ok: [core-sw] TASK [Create dummy vlan] ****************************************************************************************************************** ok: [core-sw] TASK [downport mode to layer2] ****************************************************************************************************************** ok: [core-sw] PLAY RECAP ****************************************************************************************************************** core-sw : ok=3 changed=0 unreachable=0 failed=0 冪等性確認
  80. 80. 82 $ ansible-playbook -i inventory provisioning_for_edge-sw.yml PLAY [configuration provisioning for edge-sw] ********************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************* ok: [edge-sw-a] TASK [add vlan] **************************************************************************************************************************************************************** changed: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) changed: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) TASK [description server name] ************************************************************************************************************************************************* skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) changed: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) changed: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) TASK [allowed trunk vlan] ****************************************************************************************************************************************************** changed: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) : PLAY RECAP ********************************************************************************************************************************************************************* edge-sw-a : ok=4 changed=3 unreachable=0 failed=0 数が多いので、1ノード分だけ+一部省略
  81. 81. 83 $ ansible-playbook -i inventory provisioning_for_edge-sw.yml PLAY [configuration provisioning for edge-sw] ********************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************* ok: [edge-sw-a] TASK [add vlan] **************************************************************************************************************************************************************** ok: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) ok: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) TASK [description server name] ************************************************************************************************************************************************* skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) ok: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) ok: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) TASK [allowed trunk vlan] ****************************************************************************************************************************************************** ok: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}]) skipping: [edge-sw-b] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}]) skipping: [edge-sw-a] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}]) : PLAY RECAP ********************************************************************************************************************************************************************* edge-sw-a : ok=4 changed=0 unreachable=0 failed=0 冪等性確認 whenで対象にならない変数の組み合わせはskippingされます。 変数見て正しいか目視でも確認可能。
  82. 82. 84 $ ansible-playbook -i inventory provisioning_for_core-sw.yml PLAY [configuration provisioning for core-sw] ********************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************* ok: [core-sw] TASK [add vlan] **************************************************************************************************************************************************************** changed: [core-sw] => (item={u'vlan': 10, u'name': u'serviceA'}) changed: [core-sw] => (item={u'vlan': 20, u'name': u'serviceB'}) TASK [allowed trunk vlan] ****************************************************************************************************************************************************** changed: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) changed: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) changed: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) changed: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) PLAY RECAP ********************************************************************************************************************************************************************* core-sw : ok=3 changed=2 unreachable=0 failed=0
  83. 83. 85 $ ansible-playbook -i inventory provisioning_for_core-sw.yml PLAY [configuration provisioning for core-sw] ********************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************* ok: [core-sw] TASK [add vlan] **************************************************************************************************************************************************************** ok: [core-sw] => (item={u'vlan': 10, u'name': u'serviceA'}) ok: [core-sw] => (item={u'vlan': 20, u'name': u'serviceB'}) TASK [allowed trunk vlan] ****************************************************************************************************************************************************** ok: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) ok: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 10, u'name': u'serviceA'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-1', u'service': u'serviceA', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) ok: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/3', u'name': u'server-2', u'service': u'serviceB', u'edge_sw': u'edge-sw-a'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-3', u'service': u'serviceA', u'edge_sw': u'edge-sw-b'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/1', u'edge_sw': u'edge-sw-a'}]) skipping: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/2', u'edge_sw': u'edge-sw-b'}]) ok: [core-sw] => (item=[{u'vlan': 20, u'name': u'serviceB'}, {u'port': u'GigabitEthernet0/2', u'name': u'server-4', u'service': u'serviceB', u'edge_sw': u'edge-sw-c'}, {u'port': u'Ethernet2/3', u'edge_sw': u'edge-sw-c'}]) PLAY RECAP ********************************************************************************************************************************************************************* core-sw : ok=3 changed=0 unreachable=0 failed=0 冪等性確認
  84. 84. 86 core-sw#show running-config : vlan 1,10,20,99 vlan 10 name Vlan_serviceA" vlan 20 name Vlan_serviceB" vlan 99 name dummy-Vlan" : interface Ethernet2/1 description connect to edge-sw-a switchport switchport mode trunk switchport trunk allowed vlan 10,20,99 no shutdown interface Ethernet2/2 description connect to edge-sw-b switchport switchport mode trunk switchport trunk allowed vlan 10,99 no shutdown interface Ethernet2/3 description connect to edge-sw-c switchport switchport mode trunk switchport trunk allowed vlan 20,99 no shutdown : edge-sw-a#show running-config : interface GigabitEthernet0/1 description connect to core-sw switchport trunk allowed vlan 10,20,99 switchport trunk encapsulation dot1q switchport mode trunk media-type rj45 negotiation auto ! interface GigabitEthernet0/2 description connect to server-1 switchport access vlan 10 switchport mode access media-type rj45 negotiation auto ! interface GigabitEthernet0/3 description connect to server-2 switchport access vlan 20 switchport mode access media-type rj45 negotiation auto ! : なんだかんだで想定通りに設定できました edge-sw-b,edge-sw-cは割愛
  85. 85. 冪等性まぢ大事
  86. 86. 何回か動かしたら分かるレベルの ヤバさなので、まぁ気づくと思いますが。。。
  87. 87. 
 
 89 NW機器もサーバ側もAnsibleでまとめて設定、 動作確認を実施することができます
  88. 88. 
 
 
 90
  89. 89. おわり。 91

×