SlideShare uma empresa Scribd logo

Ansible for networks

S
Scott van Kalken

This document discusses using Ansible to automate network device configuration and management. It describes how Ansible allows networks to be treated as code, enabling repeatable configurations, collaboration between teams, and integrating networks into development workflows and pipelines. Modules are presented for configuring various network devices like Cisco, Juniper, F5 and others. Playbooks demonstrate automating tasks like access control list and object configuration. The benefits of automation include reduced errors, focus on architecture rather than manual tasks, and consistency across many devices simultaneously.

Software
1 de 22
Baixar para ler offline
Experiments with Ansible for Networks Scott van Kalken svk@redhat.com September 2017
2 Managing Networks hasn't changed in 30 years. ...until now
3 It’s your single source of truth ● Backups/restores can be automated ● Changes can be incremental or wholesale ● Manage “golden” versions of configurations (in source control) Configuration management and verification Ensure an on-going steady-state ● Daily, weekly, monthly scheduled tasks Why Automate?
4 Why Automate? Treat network devices like something repeatable
5 Ansible for Network Devices Next-Gen Network Ops • Community culture • Risk aware • Open solutions • Teams collaborating • Infrastructure as code • Virtual prototyping / DevOps Traditional Network Ops • Traditional culture • Risk averse • Proprietary solutions • Siloed from others • “Paper” practices, MOPs • “Artisanal” networks
6 Network Modules (literally over one hundred) A10 Apstra Arista EOS (cli, eAPI) AVI Networks Big Switch Networks Cisco ASA, IOS, IOS-XR, NX-OS Citrix Netscaler Cumulus Linux Dell OS6, OS9, OS10 Exoscale F5 BIG-IP Fortinet Huawei Illumos Juniper Junos Lenovo Ordnance NETCONF Netvisor Openswitch Open vSwitch (OVS) Palo Alto PAN-OS Nokia SR OS VyOS
7 - hosts: "{{ target_hosts | default('null-hosts') }}" connection: local vars: device_info: host: "{{ inventory_hostname }}" username: admin password: password authorize: yes auth_pass: password tasks: - name: create object group asa_config: lines: - range 192.168.100.0 192.168.100.255 parents: ['object network inside-net'] provider: "{{ device_info }}" register: result - debug: var=result - name: add ACL on outside interface asa_acl: lines: - access-list outside-in extended permit ip any object inside-net provider: "{{ device_info }}" Playbooks for Network Devices } } } Basic variables used as part of device authentication. Note the separate enable password. Using the module asa_config to configure the device. Pass in the variables previously defined. Register the result. Use the module asa_acl to configure the device. Use the object we defined earlier.
8 What does it all mean? As a developer you can: Include networks in your deployment pipelines. Configure firewall rules for your apps. Use the automation language you love.
9 Doing it the devops way Use your favourite deployment tool to configure networks as part of a pipeline.
10 Doing it the devops way
11 Doing it the devops way ● Include all network changes that your application needs. ● Tie specific network configurations to your application. ● Fewer config backups (the network config is stored either with the application and / or in a source code repository). ● Make everything repeatable ● Treat your network devices as part of an application.
12 PIPELINE DEPLOY DEMO Fedora Tomcat Server 192.168.100.126 Jenkins and Ansible Server 192.168.100.88 Cisco 5510 ASA 192.168.100.0/24 Inside 192.168.100.126 Outside 203.44.161.142 Internet Client 203.xx.xx.xx
13 What does it all mean? As a network admin you can: Stop worrying about day to day drudgery. Focus on architecture. Make everything repeatable. Treat the network as a whole rather than individual devices.
14 Doing it the devops way ● Run automated checks pre and post changes. ● Push mundane changes to multiple devices all at once ● Who wants to do an acl change across 100 devices? ● Who wants to update snmp community strings on 1000 devices? ● Who wants to have a completely consistant TOR switch config? Nobody Nobody Everyone
15 MULTI DEPLOY DEMO Ansible Server 192.168.100.88 Cisco 5510 ASA 192.168.100.0/24 Inside 192.168.100.126 Outside 203.44.161.142 13.70.137.188 13.73.111.80 13.70.139.137 13.70.137.164 Local post commit hook
16 Doing it the devops way HAVE YOUR OWN A-HA MOMENT
17 Things to watch for Paramiko options in your ansible installation may need to change for network devices. Some of the options I changed were: [paramiko_connection] record_host_keys=False look_for_keys = False [persistent connection] connect_timeout = 30 connect_retries = 30 connect_interval = 1
18 Call to action The ansible community is vast and welcoming. If there is anything that you'd like to see included in modules, please don't be shy and participate in the community. https://www.ansible.com/community
19 Links GitHub Project http://github.com/ansible/ Documentation http://docs.ansible.com Scott's GitHub https://github.com/codecowboydotio/ansible/blob/master/csr1000v.yml (yes I know using master makes me a bad developer, but I balance that with large amounts of hubris)
20 By the way ...in case you missed it
21 ANSIBLE TOWER IS NOW COMPLETELY OPEN SOURCE!!! http://github.com/ansible/awx (let's talk about this next time)
THANK YOU plus.google.com/+RedHat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNewslinkedin.com/company/red-hat

Recomendados

Tower 3.x
Tower 3.xTower 3.x
Tower 3.x
Scott van Kalken
 
Short journey into the serverless world
Short journey into the serverless worldShort journey into the serverless world
Short journey into the serverless world
Scott van Kalken
 
Ansible container
Ansible containerAnsible container
Ansible container
Scott van Kalken
 
Awx
AwxAwx
Awx
Scott van Kalken
 
F5 Automation and service discovery
F5 Automation and service discoveryF5 Automation and service discovery
F5 Automation and service discovery
Scott van Kalken
 
Ansible
AnsibleAnsible
Ansible
Rahul Bajaj
 
Automating Networking! Do I Have to Start at Ground Zero?
Automating Networking! Do I Have to Start at Ground Zero?Automating Networking! Do I Have to Start at Ground Zero?
Automating Networking! Do I Have to Start at Ground Zero?
Puppet
 
Ansible Tower | Docker | Cisco ACI
Ansible Tower | Docker | Cisco ACIAnsible Tower | Docker | Cisco ACI
Ansible Tower | Docker | Cisco ACI
Joel W. King
 

Recomendados

Tower 3.x
Tower 3.xTower 3.x
Tower 3.x
Scott van Kalken
 
Short journey into the serverless world
Short journey into the serverless worldShort journey into the serverless world
Short journey into the serverless world
Scott van Kalken
 
Ansible container
Ansible containerAnsible container
Ansible container
Scott van Kalken
 
Awx
AwxAwx
Awx
Scott van Kalken
 
F5 Automation and service discovery
F5 Automation and service discoveryF5 Automation and service discovery
F5 Automation and service discovery
Scott van Kalken
 
Ansible
AnsibleAnsible
Ansible
Rahul Bajaj
 
Automating Networking! Do I Have to Start at Ground Zero?
Automating Networking! Do I Have to Start at Ground Zero?Automating Networking! Do I Have to Start at Ground Zero?
Automating Networking! Do I Have to Start at Ground Zero?
Puppet
 
Ansible Tower | Docker | Cisco ACI
Ansible Tower | Docker | Cisco ACIAnsible Tower | Docker | Cisco ACI
Ansible Tower | Docker | Cisco ACI
Joel W. King
 
Ansible testing
Ansible testingAnsible testing
Ansible testing
Scott van Kalken
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Malcolm Duncanson, CISSP
 
Automating the Cloud with Terraform, and Ansible
Automating the Cloud with Terraform, and AnsibleAutomating the Cloud with Terraform, and Ansible
Automating the Cloud with Terraform, and Ansible
Brian Hogan
 
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
OpenNebula Project
 
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
NETWAYS
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
Suresh Kumar
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 
Windows Azure PowerShell Cmdlets
Windows Azure PowerShell CmdletsWindows Azure PowerShell Cmdlets
Windows Azure PowerShell Cmdlets
Pavel Revenkov
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
Greg DeKoenigsberg
 
Immutable Infrastructure with Packer Ansible and Terraform
Immutable Infrastructure with Packer Ansible and TerraformImmutable Infrastructure with Packer Ansible and Terraform
Immutable Infrastructure with Packer Ansible and Terraform
Michael Peacock
 
Spinnaker for Azure
Spinnaker for AzureSpinnaker for Azure
Spinnaker for Azure
Larry Guger
 
Quick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico LinQuick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico Lin
Vietnam Open Infrastructure User Group
 
Immutable infrastructure 介紹與實做:以 kolla 為例
Immutable infrastructure 介紹與實做:以 kolla 為例Immutable infrastructure 介紹與實做:以 kolla 為例
Immutable infrastructure 介紹與實做:以 kolla 為例
kao kuo-tung
 
Network Automation: Ansible 101
Network Automation: Ansible 101Network Automation: Ansible 101
Network Automation: Ansible 101
APNIC
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
Swapnil Jain
 
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
Vietnam Open Infrastructure User Group
 
.Net Core Fall update
.Net Core Fall update.Net Core Fall update
.Net Core Fall update
MSDEVMTL
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
Diana Tkachenko
 
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebula Project
 
Phantom app: Ansible Tower
Phantom app: Ansible TowerPhantom app: Ansible Tower
Phantom app: Ansible Tower
Joel W. King
 
Automating Yourself Out of Trouble
Automating Yourself Out of TroubleAutomating Yourself Out of Trouble
Automating Yourself Out of Trouble
Jose De La Rosa
 
Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013
Dorian Hernandez
 

Mais conteúdo relacionado

Mais procurados

Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
NETWAYS
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 
Windows Azure PowerShell Cmdlets
Windows Azure PowerShell CmdletsWindows Azure PowerShell Cmdlets
Windows Azure PowerShell Cmdlets
Pavel Revenkov
 

Mais procurados (20)

Ansible testing
Ansible testingAnsible testing
Ansible testing
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM Roles
 
Automating the Cloud with Terraform, and Ansible
Automating the Cloud with Terraform, and AnsibleAutomating the Cloud with Terraform, and Ansible
Automating the Cloud with Terraform, and Ansible
 
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
OpenNebulaConf2018 - We use OpenNebula everywhere now - Florian Heigl and Tho...
 
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
Puppet Camp Berlin 2015: Andrea Giardini | Configuration Management @ CERN: G...
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
 
Windows Azure PowerShell Cmdlets
Windows Azure PowerShell CmdletsWindows Azure PowerShell Cmdlets
Windows Azure PowerShell Cmdlets
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
 
Immutable Infrastructure with Packer Ansible and Terraform
Immutable Infrastructure with Packer Ansible and TerraformImmutable Infrastructure with Packer Ansible and Terraform
Immutable Infrastructure with Packer Ansible and Terraform
 
Spinnaker for Azure
Spinnaker for AzureSpinnaker for Azure
Spinnaker for Azure
 
Quick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico LinQuick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico Lin
 
Immutable infrastructure 介紹與實做:以 kolla 為例
Immutable infrastructure 介紹與實做:以 kolla 為例Immutable infrastructure 介紹與實做:以 kolla 為例
Immutable infrastructure 介紹與實做:以 kolla 為例
 
Network Automation: Ansible 101
Network Automation: Ansible 101Network Automation: Ansible 101
Network Automation: Ansible 101
 
DevOps with Ansible
DevOps with AnsibleDevOps with Ansible
DevOps with Ansible
 
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
 
.Net Core Fall update
.Net Core Fall update.Net Core Fall update
.Net Core Fall update
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
 
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
 
Phantom app: Ansible Tower
Phantom app: Ansible TowerPhantom app: Ansible Tower
Phantom app: Ansible Tower
 

Semelhante a Ansible for networks

Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013
Dorian Hernandez
 
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageWebinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
MayaData Inc
 
Unleash the Power of Open Networking
Unleash the Power of Open NetworkingUnleash the Power of Open Networking
Unleash the Power of Open Networking
Cumulus Networks
 
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITThings You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
OpenStack
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SAMeh Zaghloul
 

Semelhante a Ansible for networks (20)

Automating Yourself Out of Trouble
Automating Yourself Out of TroubleAutomating Yourself Out of Trouble
Automating Yourself Out of Trouble
 
Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013
 
Automation Evolution with Junos
Automation Evolution with JunosAutomation Evolution with Junos
Automation Evolution with Junos
 
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageWebinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
 
Unleash the Power of Open Networking
Unleash the Power of Open NetworkingUnleash the Power of Open Networking
Unleash the Power of Open Networking
 
Using Software-Defined WAN implementation to turn on advanced connectivity se...
Using Software-Defined WAN implementation to turn on advanced connectivity se...Using Software-Defined WAN implementation to turn on advanced connectivity se...
Using Software-Defined WAN implementation to turn on advanced connectivity se...
 
Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!
 
SDN Basics
SDN BasicsSDN Basics
SDN Basics
 
OVNC 2015-Software-Defined Networking: Where Are We Today?
OVNC 2015-Software-Defined Networking: Where Are We Today?OVNC 2015-Software-Defined Networking: Where Are We Today?
OVNC 2015-Software-Defined Networking: Where Are We Today?
 
Making the Switch to Bare Metal and Open Networking
Making the Switch to Bare Metal and Open NetworkingMaking the Switch to Bare Metal and Open Networking
Making the Switch to Bare Metal and Open Networking
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization Overlays
 
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
PLNOG 8: Ivan Pepelnjak - Data Center Fabrics - What Really Matters
 
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITThings You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
 
Cloud computing components
Cloud computing componentsCloud computing components
Cloud computing components
 
Presentation cisco unified fabric
Presentation cisco unified fabricPresentation cisco unified fabric
Presentation cisco unified fabric
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
 
3 Ways to Connect to the Oracle Cloud
3 Ways to Connect to the Oracle Cloud3 Ways to Connect to the Oracle Cloud
3 Ways to Connect to the Oracle Cloud
 
Mini-Track: Lessons from Public Cloud
Mini-Track: Lessons from Public CloudMini-Track: Lessons from Public Cloud
Mini-Track: Lessons from Public Cloud
 
IBM System Networking Overview - Jul 2013
IBM System Networking Overview - Jul 2013IBM System Networking Overview - Jul 2013
IBM System Networking Overview - Jul 2013
 
PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...
PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...
PLNOG 17 - Andrzej Jeruzal - Dell Networking OS10: sieciowy system operacyjny...
 

Último

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 

Último (20)

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 

Ansible for networks

  • 1. Experiments with Ansible for Networks Scott van Kalken svk@redhat.com September 2017
  • 2. 2 Managing Networks hasn't changed in 30 years. ...until now
  • 3. 3 It’s your single source of truth ● Backups/restores can be automated ● Changes can be incremental or wholesale ● Manage “golden” versions of configurations (in source control) Configuration management and verification Ensure an on-going steady-state ● Daily, weekly, monthly scheduled tasks Why Automate?
  • 4. 4 Why Automate? Treat network devices like something repeatable
  • 5. 5 Ansible for Network Devices Next-Gen Network Ops • Community culture • Risk aware • Open solutions • Teams collaborating • Infrastructure as code • Virtual prototyping / DevOps Traditional Network Ops • Traditional culture • Risk averse • Proprietary solutions • Siloed from others • “Paper” practices, MOPs • “Artisanal” networks
  • 6. 6 Network Modules (literally over one hundred) A10 Apstra Arista EOS (cli, eAPI) AVI Networks Big Switch Networks Cisco ASA, IOS, IOS-XR, NX-OS Citrix Netscaler Cumulus Linux Dell OS6, OS9, OS10 Exoscale F5 BIG-IP Fortinet Huawei Illumos Juniper Junos Lenovo Ordnance NETCONF Netvisor Openswitch Open vSwitch (OVS) Palo Alto PAN-OS Nokia SR OS VyOS
  • 7. 7 - hosts: "{{ target_hosts | default('null-hosts') }}" connection: local vars: device_info: host: "{{ inventory_hostname }}" username: admin password: password authorize: yes auth_pass: password tasks: - name: create object group asa_config: lines: - range 192.168.100.0 192.168.100.255 parents: ['object network inside-net'] provider: "{{ device_info }}" register: result - debug: var=result - name: add ACL on outside interface asa_acl: lines: - access-list outside-in extended permit ip any object inside-net provider: "{{ device_info }}" Playbooks for Network Devices } } } Basic variables used as part of device authentication. Note the separate enable password. Using the module asa_config to configure the device. Pass in the variables previously defined. Register the result. Use the module asa_acl to configure the device. Use the object we defined earlier.
  • 8. 8 What does it all mean? As a developer you can: Include networks in your deployment pipelines. Configure firewall rules for your apps. Use the automation language you love.
  • 9. 9 Doing it the devops way Use your favourite deployment tool to configure networks as part of a pipeline.
  • 10. 10 Doing it the devops way
  • 11. 11 Doing it the devops way ● Include all network changes that your application needs. ● Tie specific network configurations to your application. ● Fewer config backups (the network config is stored either with the application and / or in a source code repository). ● Make everything repeatable ● Treat your network devices as part of an application.
  • 12. 12 PIPELINE DEPLOY DEMO Fedora Tomcat Server 192.168.100.126 Jenkins and Ansible Server 192.168.100.88 Cisco 5510 ASA 192.168.100.0/24 Inside 192.168.100.126 Outside 203.44.161.142 Internet Client 203.xx.xx.xx
  • 13. 13 What does it all mean? As a network admin you can: Stop worrying about day to day drudgery. Focus on architecture. Make everything repeatable. Treat the network as a whole rather than individual devices.
  • 14. 14 Doing it the devops way ● Run automated checks pre and post changes. ● Push mundane changes to multiple devices all at once ● Who wants to do an acl change across 100 devices? ● Who wants to update snmp community strings on 1000 devices? ● Who wants to have a completely consistant TOR switch config? Nobody Nobody Everyone
  • 15. 15 MULTI DEPLOY DEMO Ansible Server 192.168.100.88 Cisco 5510 ASA 192.168.100.0/24 Inside 192.168.100.126 Outside 203.44.161.142 13.70.137.188 13.73.111.80 13.70.139.137 13.70.137.164 Local post commit hook
  • 16. 16 Doing it the devops way HAVE YOUR OWN A-HA MOMENT
  • 17. 17 Things to watch for Paramiko options in your ansible installation may need to change for network devices. Some of the options I changed were: [paramiko_connection] record_host_keys=False look_for_keys = False [persistent connection] connect_timeout = 30 connect_retries = 30 connect_interval = 1
  • 18. 18 Call to action The ansible community is vast and welcoming. If there is anything that you'd like to see included in modules, please don't be shy and participate in the community. https://www.ansible.com/community
  • 20. 20 By the way ...in case you missed it
  • 21. 21 ANSIBLE TOWER IS NOW COMPLETELY OPEN SOURCE!!! http://github.com/ansible/awx (let's talk about this next time)