SlideShare a Scribd company logo

Data manipulation for configuration management using Ansible

Download as PPTX, PDF
Joel W. King
Joel W. King

Ansible Durham Meetup 19 February 2020

Technology
1 of 43
February2020 Joel W. King Engineering and Innovations Global Solutions Development Data manipulation techniques for configuration management using Ansible
Title: Data manipulation techniques for configuration management using Ansible What is the most important thing that people will learn from your presentation?: This talk explores techniques and best practices for ingesting, manipulating and storing configuration management data for managing multi-cloud infrastructure deployments using Ansible. Abstract: Ansible is widely adopted as a configuration management tool for both on-premise infrastructure and multi-cloud deployments. Most learning tracks focus on procedural programming concepts, learning playbook syntax. This talk focuses on techniques to ingest, manipulate and optimize configuration management data to drive the process. We examine techniques to create data sinks for audit and input to downstream workflows. Also highlighted is the application of relational, NoSQL and graph databases as well as sequential files used for configuration management.
@joelwking @joel_w_king @programmablenetworks/ www.slideshare.net/joelwking/ https://www.wwt.com/
 Low Barrier to Entry  Highly Extensible  Broad Industry adoption for Configuration Management  ACI Modules 100 for ACI and MSO https://youtu.be/3vuPRoyOIFo WWT Saves Time and Money Using Ansible Automation docs.ansible.com/ansible/latest/modules/list_of_network_modules.html#aci docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html
AUTOMATION: BASICS: variables and facts AUTOMATION: PRIVATE CLOUD : Cisco ACI AUTOMATION: SECURITY AND COMPLIANCE AUTOMATION: ADVANCED FEATURES: plugins | facts modules KNOWLEDGE EXPERIENCE USE CASES SHARE YOUR
Background and use cases are typically network and security automation focused. Ansible Playbooks != programming language https://developer.cisco.com/codeexchange/explore#search=joelwking Use Ansible Collections! Design playbooks to be data driven
01100100011000010111010001100001 DATA (SOURCE OF TRUTH) PROCESS (TASKS) INFRASTRUCTURE BUSINESS REQUIREMENTS DESIRED STATE KNOWLEDGE EXPERIENCE
01100100011000010111010001100001 DATA (SOURCE OF TRUTH) PROCESS (TASKS) INFRASTRUCTURE BUSINESS REQUIREMENTS DESIRED STATE KNOWLEDGE EXPERIENCE How Google does Machine Learning … It's all about data https://www.coursera.org/learn/google-machine-learning/
#SILICONVALLEYINSTLAUTOMATION: BASICS
Ansible facts are variables that are automatically discovered by Ansible from a managed host. Facts are pulled by the setup module.(*) (*) Automation with Ansible -Student Workbook Variables can be defined in a bewildering variety of places in an Ansible project.(*) HOSTS NETWORK DEVICES { API }
IPAM GLOBAL CONFIG YAML ENCRYPTED CREDENTIALS SERVICE TICKETING SYSTEM VERSION CONTROL SOURCE OF TRUTH NETWORK PROGRAMMABILITY DEVELOPER MongoDB DEVELOPMENT OPERATIONALIZE ANSIBLE PLAYBOOKANSIBLE PLAYBOOK ROLES | COLLECTIONS Minio INFRASTRUCTURE MANAGEMENT PUBLISH CONSUME
https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable command line values (eg “-u user”) role defaults [1] inventory file or script group vars [2] inventory group_vars/all [3] playbook group_vars/all [3] inventory group_vars/* [3] playbook group_vars/* [3] inventory file or script host vars [2] inventory host_vars/* [3] playbook host_vars/* [3] host facts / cached set_facts [4] play vars play vars_prompt play vars_files role vars (defined in role/vars/main.yml) block vars (only for tasks in block) task vars (only for the task) include_vars set_facts / registered vars role (and include_role) params include params extra vars (always win precedence) most least
administrator@flint:~/ansible/playbooks$ python Python 2.7.12 (default, Oct 8 2019, 14:14:10) [GCC 5.4.0 20160609] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import yaml >>> input = ''' ... - name: '/usr/bin/ansible' ... state: put ... meta_data: 'foo=bar' ... - name: '{{ playbook_dir }}/files/csv123.csv' ... state: put ... meta_data: 'foo=bar' ... ''' >>> data = yaml.load(input) >>> type(data) <type 'list'> >>> type(data[0]) <type 'dict'> >>> data[0] {'state': 'put', 'meta_data': 'foo=bar', 'name': '/usr/bin/ansible'} >>> #!/usr/bin/ansible-playbook --- # # - name: Data Manipulation | Meetup | Ansible Durham | S3 hosts: s3.amazonaws.com connection: local gather_facts: '{{ facts | default("no") }}' module_defaults: aws_s3: aws_access_key: '{{ access.key }}' aws_secret_key: '{{ secret.key }}' bucket: '{{ bucket }}' vars: input: - name: '/usr/bin/ansible' state: put meta_data: 'foo=bar' - name: '{{ playbook_dir }}/files/csv123.csv' state: put meta_data: 'foo=bar'
Proper variable naming can make plays more readable and avoid variable name conflicts(*) Use descriptive, unique human-meaningful variable names(*) Prefix variables with it’s “owner” such as a role name or package(*) (*) ANSIBLE BEST PRACTICES: THE ESSENTIALS – Kyle Benson vars: mongodb_database: "{{ database }}" mongodb_collection: "{{ collection }}" mongodb_document: "{{ filename }}" vars: dns: ipv6: - '2001:4860:4860::8888' - '2001:4860:4860::8844' dns6: "{{ dns.ipv6 }}"collection: "{{ mongodb_collection }}"
- name: Data Manipulation | Meetup | Ansible Durham hosts: sandboxapicdc.cisco.com connection: local gather_facts: '{{ facts | default("no") }}' vars: foo: name: bar description: '{{ desc | default("This is a test") }}' vars_files: - '{{ playbook_dir }}/files/LTM_vip_v6-3.json' tasks: - name: Hostvars | run with or without gathering facts debug: var: hostvars[inventory_hostname] - name: Variable from vars_file specified debug: var: imdata - name: Variable defined in playbook debug: msg: '{{ foo.description }}' Why might you run gather facts on a local host? Using a dictionary rather than a scalar variable Where is variable ‘imdata’ defined? Difference between? -e 'desc=this is a test’ and -e 'desc="this is a test"'
https://gitlab.com/joelwking/cisco_dc_community_of_interest/-/blob/master/demos/engine/playbooks/sample.yml --- all: children: APIC: hosts: sandboxapicdc.cisco.com: apic_hostname: sandboxapicdc.cisco.com apic_username: admin apic_use_proxy: no apic_validate_certs: no apic_password: foo!bar inventory.yml
KNOWLEDGE EXPERIENCE SHARE YOUR
#SILICONVALLEYINSTLAUTOMATION: ADVANCED TOPICS
https://docs.ansible.com/ansible/latest/plugins/plugins.html Filters in Ansible… are used for transforming data … Lookup plugins allow Ansible to access data from outside sources. Lookups are an integral part of loops Modules are used as information gatherers _info _facts Modules have modes to ‘put’ or ‘get’ aws_s3
#!/usr/bin/ansible-playbook --- # # Copyright (c) 2019 World Wide Technology, Inc. # All rights reserved. # # author: Joel W. King, World Wide Technology # - name: Msg broker for big or little Tetration hosts: localhost gather_facts: yes connection: local vars: verify_broker: 'no' big_tetration: '10.6.36.24:443,10.6.36.25:443,10.6.36.26:443' little_tetration: '192.0.2.1:443' tasks: - debug: msg: 'Big Tetration have three Kafka brokers, pick one: {{ item }}' with_random_choice: '{{ big_tetration.split(",") }}' - debug: msg: 'Little Tetration only has one Kafka broker: {{ item }}' with_random_choice: '{{ little_tetration.split(",") }}' - set_fact: kafka_broker: '{{ item }}' with_random_choice: '{{ big_tetration.split(",") }}' - name: Optionally verify reachability to the broker shell: 'openssl s_client -connect {{ kafka_broker }} -tls1 ' ignore_errors: False register: openssl when: verify_broker|bool return random element from list 10.6.36.24:443 10.6.36.25:443 10.6.36.26:443 192.0.2.1:443 Little Big FORM FACTORS filter returning boolean
acl_action: {"ALLOW": "permit", "DROP": "deny"} # translator for action verbs - name: Configure firewall access-list debug: msg: "access-list {{ acl_name }} line 1 extended {{ acl_action[item.action] }} {{item.ip_protocol }}" loop: "{{ tnp.ansible_facts.intents }}" https://gitlab.com/tetration-network-policy-publisher/policy-stream-12-pub-vrf/-/blob/master/view_network_policy_decrypt.yml Policy engine uses different keywords than the firewall where the policy is being applied
IPAM GLOBAL CONFIG YAML ENCRYPTED CREDENTIALS YAML SERVICE TICKETING SYSTEM VERSION CONTROL SOURCE OF TRUTH NETWORK DEPLOYMENT ENGINEER https://github.wwt.com/it-automation-aci/ansible-aci-include-data MongoDB BOOTSTRAP EXTRA_VARS PRE-PROCESSING POST-PROCESSING ANSIBLE PLAYBOO K
ENCRYPTED CREDENTIALS YAML SERVICE TICKETING SYSTEM VERSION CONTROL SOURCE OF TRUTH NETWORK DEPLOYMENT ENGINEER BOOTSTRAP EXTRA_VARS https://github.wwt.com/it-automation-aci/ansible-aci-credentials ANSIBLE PLAYBOO K
https://gitlab.com/joelwking/cisco_dc_community_of_interest/-/blob/master/demos/engine/playbooks/sample_wwt_roles.yml ./sample.yml -v -i inventory.yml --e 'bootstrap=sample456 All playbooks call these roles for managing credentials and including data
VERSION CONTROL SOURCE OF TRUTH NETWORK DEPLOYMENT ENGINEER MongoDB MongoDB is an open-source document / NoSQL database. Implemented as a Docker Container ANSIBLE PLAYBOO K
SOURCE OF TRUTH NETWORK DEPLOYMENT ENGINEER Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services that provides object storage through a web service interface. ANSIBLE PLAYBOO K
- name: Data Manipulation | Meetup | Ansible Durham | S3 hosts: s3.amazonaws.com connection: local gather_facts: '{{ facts | default("no") }}' module_defaults: aws_s3: aws_access_key: '{{ access.key }}' aws_secret_key: '{{ secret.key }}' bucket: '{{ bucket }}' vars: keys: '/home/administrator/amazon_web_service/access_keys/s3.yml' input: - name: '/usr/bin/ansible' state: put meta_data: 'foo=bar' - name: '{{ playbook_dir }}/files/sample_csv_file.csv' state: put meta_data: 'foo=bar' vars_files: - '{{ keys }}' tasks: - name: PUT/upload with metadata aws_s3: object: '{{ item.name }}' src: '{{ item.name }}' mode: '{{ item.state }}' metadata: '{{ item.meta_data }}' loop: '{{ input }}'
https://min.io/product MinIO is best suited for high performance tasks such as analytics, machine learning and modern, high throughput application development. … … As an object store, MinIO can store unstructured data such as photos, videos, log files, backups and container / VM images. Size of an object can range from a few KBs to a maximum of 5TB. https://en.wikipedia.org/wiki/Minio Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services that provides object storage through a web service interface.
KNOWLEDGE EXPERIENCE SHARE YOUR
#SILICONVALLEYINSTLAUTOMATION: Cisco ACI
Configuration  Network Engineers like spreadsheets  Free and readily available – no training  YAML, JSON and XML confound non-programmers tabular structure to hierarchical
./csv_to_mongo.yml -e filename="/it-automation-aci/TEST_DATA/aci_constructs_policies_3.csv" --skip-tags "mongo" tasks: - name: Get facts from CSV file csv_to_facts: src: '{{ filename }}' table: spreadsheet vsheets: - VRFs: - VRF - Tenant - TENANTs: - Tenant - APs: - Tenant - AppProfile - debug: msg: '{{ TENANTs }}' TASK [debug] ****************************************************************************************************************** ok: [localhost] => {} MSG: [{u'Tenant': u'WWT-INT'}, {u'Tenant': u'WWT-DMZ'}, {u'Tenant': u'WWT_NULL'}] UNIQUE (SET) OF TENANTS PRESENT IN THE SPREADSHEET CSV FILE FROM EXCEL VIRTUAL SPREADSHEET https://github.com/joelwking/csv-source-of-truth
Contract Subject (vzSubj) Contract (vzBrCP) Filter (vzFilter) Filter Entry (vzEntry) Bind Filter to Contract Subject (vzRsSubjFiltAtt) Tenant (fvTenant) End Point Group (fvAEPg) Application Profile (fvAP) Bind EPGs to Contracts (fv:RsCons, fv:RsProv) Looping over ‘virtual spreadsheet
# # This Excel / CSV file is managed by network engineering, it identifies the target Tenant, AP and EPG # - block: - name: Extract the specified sheet from the Excel file xls_to_csv: src: '{{ spreadsheet }}' dest: '{{ playbook_dir }}/files/aci/' sheets: '{{ sheet_name }}' - name: Load the EPG, AP and Tenant mapping csv_to_facts: src: '{{ playbook_dir }}/files/aci/{{ sheet_name }}.csv' vsheets: - TENANTs: - ap - epg - tenant - name: Iterate over the spreadsheet roles, creating an associative array (dictionary) using the EPG as the key set_fact: epg_ap_tenant: "{{ epg_ap_tenant | combine( {item.epg: item} ) }}" loop: "{{ TENANTs }}"
#SILICONVALLEYINSTLAUTOMATION: SECURITY AND COMPLIANCE
When network configuration (policy) is generated programmatically, it must be applied to network devices programmatically. Zero Trust Architecture (2nd Draft) https://csrc.nist.gov/publications/detail/sp/800-207/draft
VERSION CONTROL SOURCE OF TRUTH NETWORK DEPLOYMENT ENGINEER ANSIBLE PLAYBOO K
api_create_policy.yml
 Most Network Engineers are not familiar with data serialization formats – which is why we use spreadsheets.  Don’t clutter playbooks with conditionals validating data format  Playbooks are not intended to be programming languages, write modules, and plugins.  Structure your data so it drives the functionality of the playbooks
Examples from the Cisco Data Center webinar https://gitlab.com/joelwking/cisco_dc_community_of_interest CSV source of truth https://github.com/joelwking/csv-source-of-truth Foray into Ansible Content Collections https://www.slideshare.net/joelwking/foray-into-ansible-content-collections YAML Magic https://www.slideshare.net/roidelapluie/yaml-magic The 100% Open Source, Enterprise-Grade, Amazon S3 Compatible Object Storage https://min.io/ https://docs.minio.io/docs/minio-quickstart-guide.html
Data manipulation for configuration management using Ansible

Recommended

DevNet Associate : Python introduction
DevNet Associate : Python introductionDevNet Associate : Python introduction
DevNet Associate : Python introduction
Joel W. King
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.
Joel W. King
 
Ports, pods and proxies
Ports, pods and proxiesPorts, pods and proxies
Ports, pods and proxies
LibbySchulze
 
Monitoring&Logging - Stanislav Kolenkin
Monitoring&Logging - Stanislav Kolenkin Monitoring&Logging - Stanislav Kolenkin
Monitoring&Logging - Stanislav Kolenkin
Kuberton
 
[Hands-on] Kubernetes | Nov 18, 2017
[Hands-on] Kubernetes | Nov 18, 2017[Hands-on] Kubernetes | Nov 18, 2017
[Hands-on] Kubernetes | Nov 18, 2017
Oracle Korea
 
Oracle meetup kubernetes_171118
Oracle meetup kubernetes_171118Oracle meetup kubernetes_171118
Oracle meetup kubernetes_171118
Oracle Korea
 
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes WorkloadsAWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summits
 
OpenStack in Enterprise
OpenStack in EnterpriseOpenStack in Enterprise
OpenStack in Enterprise
Nalee Jang
 

Recommended

DevNet Associate : Python introduction
DevNet Associate : Python introductionDevNet Associate : Python introduction
DevNet Associate : Python introduction
Joel W. King
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.
Joel W. King
 
Ports, pods and proxies
Ports, pods and proxiesPorts, pods and proxies
Ports, pods and proxies
LibbySchulze
 
Monitoring&Logging - Stanislav Kolenkin
Monitoring&Logging - Stanislav Kolenkin Monitoring&Logging - Stanislav Kolenkin
Monitoring&Logging - Stanislav Kolenkin
Kuberton
 
[Hands-on] Kubernetes | Nov 18, 2017
[Hands-on] Kubernetes | Nov 18, 2017[Hands-on] Kubernetes | Nov 18, 2017
[Hands-on] Kubernetes | Nov 18, 2017
Oracle Korea
 
Oracle meetup kubernetes_171118
Oracle meetup kubernetes_171118Oracle meetup kubernetes_171118
Oracle meetup kubernetes_171118
Oracle Korea
 
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes WorkloadsAWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summits
 
OpenStack in Enterprise
OpenStack in EnterpriseOpenStack in Enterprise
OpenStack in Enterprise
Nalee Jang
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
Paul Czarkowski
 
Kubernetes best practices
Kubernetes best practicesKubernetes best practices
Kubernetes best practices
Bill Liu
 
Kubernetes and Istio
Kubernetes and IstioKubernetes and Istio
Kubernetes and Istio
Ketan Gote
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
smalltown
 
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
NETWAYS
 
Security model for a remote company
Security model for a remote companySecurity model for a remote company
Security model for a remote company
Pierre Mavro
 
Openshift Container Platform on Azure
Openshift Container Platform on AzureOpenshift Container Platform on Azure
Openshift Container Platform on Azure
Glenn West
 
How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2
Fernando Lopez Aguilar
 
ОЛЕКСАНДР ЛИПКО «Graceful Shutdown Node.js + k8s» Online WDDay 2021
ОЛЕКСАНДР ЛИПКО «Graceful Shutdown Node.js + k8s» Online WDDay 2021ОЛЕКСАНДР ЛИПКО «Graceful Shutdown Node.js + k8s» Online WDDay 2021
ОЛЕКСАНДР ЛИПКО «Graceful Shutdown Node.js + k8s» Online WDDay 2021
WDDay
 
[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture
[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture
[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture
OpenStack Korea Community
 
K8s best practices from the field!
K8s best practices from the field!K8s best practices from the field!
K8s best practices from the field!
DoiT International
 
Meetup 12-12-2017 - Application Isolation on Kubernetes
Meetup 12-12-2017 - Application Isolation on KubernetesMeetup 12-12-2017 - Application Isolation on Kubernetes
Meetup 12-12-2017 - Application Isolation on Kubernetes
dtoledo67
 
Enabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via KubernetesEnabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via Kubernetes
mountpoint.io
 
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Henning Jacobs
 
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinAnsible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Vietnam Open Infrastructure User Group
 
Deploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
Deploy Prometheus - Grafana and EFK stack on Kubic k8s ClustersDeploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
Deploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
Syah Dwi Prihatmoko
 
Cloud infrastructure as code
Cloud infrastructure as codeCloud infrastructure as code
Cloud infrastructure as code
Tomasz Cholewa
 
Open Stack compute-service-nova
Open Stack compute-service-novaOpen Stack compute-service-nova
Open Stack compute-service-nova
GHANSHYAM MANN
 
Infrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsInfrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and Ops
Mykyta Protsenko
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Nati Shalom
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of Truth
Joel W. King
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of Truth
Joel W. King
 

More Related Content

What's hot

Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Henning Jacobs
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Nati Shalom
 

What's hot (20)

Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
 
Kubernetes best practices
Kubernetes best practicesKubernetes best practices
Kubernetes best practices
 
Kubernetes and Istio
Kubernetes and IstioKubernetes and Istio
Kubernetes and Istio
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
 
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
OSDC 2018 | Spicing up VMWare with Ansible and InSpec by Martin Schurz and S...
 
Security model for a remote company
Security model for a remote companySecurity model for a remote company
Security model for a remote company
 
Openshift Container Platform on Azure
Openshift Container Platform on AzureOpenshift Container Platform on Azure
Openshift Container Platform on Azure
 
How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2
 
ОЛЕКСАНДР ЛИПКО «Graceful Shutdown Node.js + k8s» Online WDDay 2021
ОЛЕКСАНДР ЛИПКО «Graceful Shutdown Node.js + k8s» Online WDDay 2021ОЛЕКСАНДР ЛИПКО «Graceful Shutdown Node.js + k8s» Online WDDay 2021
ОЛЕКСАНДР ЛИПКО «Graceful Shutdown Node.js + k8s» Online WDDay 2021
 
[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture
[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture
[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture
 
K8s best practices from the field!
K8s best practices from the field!K8s best practices from the field!
K8s best practices from the field!
 
Meetup 12-12-2017 - Application Isolation on Kubernetes
Meetup 12-12-2017 - Application Isolation on KubernetesMeetup 12-12-2017 - Application Isolation on Kubernetes
Meetup 12-12-2017 - Application Isolation on Kubernetes
 
Enabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via KubernetesEnabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via Kubernetes
 
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
 
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinAnsible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
 
Deploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
Deploy Prometheus - Grafana and EFK stack on Kubic k8s ClustersDeploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
Deploy Prometheus - Grafana and EFK stack on Kubic k8s Clusters
 
Cloud infrastructure as code
Cloud infrastructure as codeCloud infrastructure as code
Cloud infrastructure as code
 
Open Stack compute-service-nova
Open Stack compute-service-novaOpen Stack compute-service-nova
Open Stack compute-service-nova
 
Infrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsInfrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and Ops
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
 

Similar to Data manipulation for configuration management using Ansible

Service discovery and configuration provisioning
Service discovery and configuration provisioningService discovery and configuration provisioning
Service discovery and configuration provisioning
Source Ministry
 
Solutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
Solutions for bi-directional Integration between Oracle RDMBS & Apache KafkaSolutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
Solutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
Guido Schmutz
 
Solutions for bi-directional integration between Oracle RDBMS and Apache Kafk...
Solutions for bi-directional integration between Oracle RDBMS and Apache Kafk...Solutions for bi-directional integration between Oracle RDBMS and Apache Kafk...
Solutions for bi-directional integration between Oracle RDBMS and Apache Kafk...
confluent
 
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
NETWAYS
 
Developing your first application using FIWARE
Developing your first application using FIWAREDeveloping your first application using FIWARE
Developing your first application using FIWARE
FIWARE
 

Similar to Data manipulation for configuration management using Ansible (20)

Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of Truth
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of Truth
 
DevOps Enabling Your Team
DevOps Enabling Your TeamDevOps Enabling Your Team
DevOps Enabling Your Team
 
Just one-shade-of-openstack
Just one-shade-of-openstackJust one-shade-of-openstack
Just one-shade-of-openstack
 
Automatically Scaling Your Kubernetes Workloads - SVC209-S - Anaheim AWS Summit
Automatically Scaling Your Kubernetes Workloads - SVC209-S - Anaheim AWS SummitAutomatically Scaling Your Kubernetes Workloads - SVC209-S - Anaheim AWS Summit
Automatically Scaling Your Kubernetes Workloads - SVC209-S - Anaheim AWS Summit
 
Streamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariStreamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache Ambari
 
Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.Null Bachaav - May 07 Attack Monitoring workshop.
Null Bachaav - May 07 Attack Monitoring workshop.
 
Introduction To Apache Mesos
Introduction To Apache MesosIntroduction To Apache Mesos
Introduction To Apache Mesos
 
Play 2.0
Play 2.0Play 2.0
Play 2.0
 
Service discovery and configuration provisioning
Service discovery and configuration provisioningService discovery and configuration provisioning
Service discovery and configuration provisioning
 
Terraform, Ansible or pure CloudFormation
Terraform, Ansible or pure CloudFormationTerraform, Ansible or pure CloudFormation
Terraform, Ansible or pure CloudFormation
 
Bosh 2.0
Bosh 2.0Bosh 2.0
Bosh 2.0
 
Ansible & Salt - Vincent Boon
Ansible & Salt - Vincent BoonAnsible & Salt - Vincent Boon
Ansible & Salt - Vincent Boon
 
Incrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern AutomationIncrementalism: An Industrial Strategy For Adopting Modern Automation
Incrementalism: An Industrial Strategy For Adopting Modern Automation
 
Solutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
Solutions for bi-directional Integration between Oracle RDMBS & Apache KafkaSolutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
Solutions for bi-directional Integration between Oracle RDMBS & Apache Kafka
 
Solutions for bi-directional integration between Oracle RDBMS and Apache Kafk...
Solutions for bi-directional integration between Oracle RDBMS and Apache Kafk...Solutions for bi-directional integration between Oracle RDBMS and Apache Kafk...
Solutions for bi-directional integration between Oracle RDBMS and Apache Kafk...
 
Red Hat Agile integration Workshop Labs
Red Hat Agile integration Workshop LabsRed Hat Agile integration Workshop Labs
Red Hat Agile integration Workshop Labs
 
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
 
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
 
Developing your first application using FIWARE
Developing your first application using FIWAREDeveloping your first application using FIWARE
Developing your first application using FIWARE
 

More from Joel W. King

Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...
Joel W. King
 

More from Joel W. King (20)

DevNetCreate_2021_joelwking.pptx
DevNetCreate_2021_joelwking.pptxDevNetCreate_2021_joelwking.pptx
DevNetCreate_2021_joelwking.pptx
 
BRKEVT-2311_joeking_pbr.pptx
BRKEVT-2311_joeking_pbr.pptxBRKEVT-2311_joeking_pbr.pptx
BRKEVT-2311_joeking_pbr.pptx
 
Introduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOSIntroduction to GraphQL using Nautobot and Arista cEOS
Introduction to GraphQL using Nautobot and Arista cEOS
 
NetDevOps Development Environments
NetDevOps Development EnvironmentsNetDevOps Development Environments
NetDevOps Development Environments
 
Using Batfish for Network Analysis
Using Batfish for Network AnalysisUsing Batfish for Network Analysis
Using Batfish for Network Analysis
 
Cisco IP Video Surveillance Design Guide
Cisco IP Video Surveillance Design GuideCisco IP Video Surveillance Design Guide
Cisco IP Video Surveillance Design Guide
 
Meraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomMeraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk Phantom
 
Business Ready Teleworker Design Guide
Business Ready Teleworker Design GuideBusiness Ready Teleworker Design Guide
Business Ready Teleworker Design Guide
 
DevNet Study Group: Using a SDK
DevNet Study Group: Using a SDKDevNet Study Group: Using a SDK
DevNet Study Group: Using a SDK
 
Foray into Ansible Content Collections
Foray into Ansible Content CollectionsForay into Ansible Content Collections
Foray into Ansible Content Collections
 
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
Analytics for Application Security and Policy Enforcement in Cloud Managed Ne...
 
Enabling policy migration in the Data Center with Ansible
Enabling policy migration in the Data Center with AnsibleEnabling policy migration in the Data Center with Ansible
Enabling policy migration in the Data Center with Ansible
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...
 
Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...Using Ansible Tower to implement security policies and telemetry streaming fo...
Using Ansible Tower to implement security policies and telemetry streaming fo...
 
Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)Introduction to Git for Network Engineers (Lab Guide)
Introduction to Git for Network Engineers (Lab Guide)
 
Introduction to Git for Network Engineers
Introduction to Git for Network EngineersIntroduction to Git for Network Engineers
Introduction to Git for Network Engineers
 
Under the Hood
Under the HoodUnder the Hood
Under the Hood
 
What is Code?
What is Code?What is Code?
What is Code?
 
World Wide Technology | Red Hat Ansible for Networking Workshop
World Wide Technology | Red Hat Ansible for Networking WorkshopWorld Wide Technology | Red Hat Ansible for Networking Workshop
World Wide Technology | Red Hat Ansible for Networking Workshop
 
From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...
From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...
From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution wi...
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Data manipulation for configuration management using Ansible

  • 1. February2020 Joel W. King Engineering and Innovations Global Solutions Development Data manipulation techniques for configuration management using Ansible
  • 2. Title: Data manipulation techniques for configuration management using Ansible What is the most important thing that people will learn from your presentation?: This talk explores techniques and best practices for ingesting, manipulating and storing configuration management data for managing multi-cloud infrastructure deployments using Ansible. Abstract: Ansible is widely adopted as a configuration management tool for both on-premise infrastructure and multi-cloud deployments. Most learning tracks focus on procedural programming concepts, learning playbook syntax. This talk focuses on techniques to ingest, manipulate and optimize configuration management data to drive the process. We examine techniques to create data sinks for audit and input to downstream workflows. Also highlighted is the application of relational, NoSQL and graph databases as well as sequential files used for configuration management.
  • 4.  Low Barrier to Entry  Highly Extensible  Broad Industry adoption for Configuration Management  ACI Modules 100 for ACI and MSO https://youtu.be/3vuPRoyOIFo WWT Saves Time and Money Using Ansible Automation docs.ansible.com/ansible/latest/modules/list_of_network_modules.html#aci docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html
  • 5. AUTOMATION: BASICS: variables and facts AUTOMATION: PRIVATE CLOUD : Cisco ACI AUTOMATION: SECURITY AND COMPLIANCE AUTOMATION: ADVANCED FEATURES: plugins | facts modules KNOWLEDGE EXPERIENCE USE CASES SHARE YOUR
  • 6. Background and use cases are typically network and security automation focused. Ansible Playbooks != programming language https://developer.cisco.com/codeexchange/explore#search=joelwking Use Ansible Collections! Design playbooks to be data driven
  • 8. 01100100011000010111010001100001 DATA (SOURCE OF TRUTH) PROCESS (TASKS) INFRASTRUCTURE BUSINESS REQUIREMENTS DESIRED STATE KNOWLEDGE EXPERIENCE How Google does Machine Learning … It's all about data https://www.coursera.org/learn/google-machine-learning/
  • 9.
  • 11. Ansible facts are variables that are automatically discovered by Ansible from a managed host. Facts are pulled by the setup module.(*) (*) Automation with Ansible -Student Workbook Variables can be defined in a bewildering variety of places in an Ansible project.(*) HOSTS NETWORK DEVICES { API }
  • 12. IPAM GLOBAL CONFIG YAML ENCRYPTED CREDENTIALS SERVICE TICKETING SYSTEM VERSION CONTROL SOURCE OF TRUTH NETWORK PROGRAMMABILITY DEVELOPER MongoDB DEVELOPMENT OPERATIONALIZE ANSIBLE PLAYBOOKANSIBLE PLAYBOOK ROLES | COLLECTIONS Minio INFRASTRUCTURE MANAGEMENT PUBLISH CONSUME
  • 13. https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable command line values (eg “-u user”) role defaults [1] inventory file or script group vars [2] inventory group_vars/all [3] playbook group_vars/all [3] inventory group_vars/* [3] playbook group_vars/* [3] inventory file or script host vars [2] inventory host_vars/* [3] playbook host_vars/* [3] host facts / cached set_facts [4] play vars play vars_prompt play vars_files role vars (defined in role/vars/main.yml) block vars (only for tasks in block) task vars (only for the task) include_vars set_facts / registered vars role (and include_role) params include params extra vars (always win precedence) most least
  • 14. administrator@flint:~/ansible/playbooks$ python Python 2.7.12 (default, Oct 8 2019, 14:14:10) [GCC 5.4.0 20160609] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import yaml >>> input = ''' ... - name: '/usr/bin/ansible' ... state: put ... meta_data: 'foo=bar' ... - name: '{{ playbook_dir }}/files/csv123.csv' ... state: put ... meta_data: 'foo=bar' ... ''' >>> data = yaml.load(input) >>> type(data) <type 'list'> >>> type(data[0]) <type 'dict'> >>> data[0] {'state': 'put', 'meta_data': 'foo=bar', 'name': '/usr/bin/ansible'} >>> #!/usr/bin/ansible-playbook --- # # - name: Data Manipulation | Meetup | Ansible Durham | S3 hosts: s3.amazonaws.com connection: local gather_facts: '{{ facts | default("no") }}' module_defaults: aws_s3: aws_access_key: '{{ access.key }}' aws_secret_key: '{{ secret.key }}' bucket: '{{ bucket }}' vars: input: - name: '/usr/bin/ansible' state: put meta_data: 'foo=bar' - name: '{{ playbook_dir }}/files/csv123.csv' state: put meta_data: 'foo=bar'
  • 15. Proper variable naming can make plays more readable and avoid variable name conflicts(*) Use descriptive, unique human-meaningful variable names(*) Prefix variables with it’s “owner” such as a role name or package(*) (*) ANSIBLE BEST PRACTICES: THE ESSENTIALS – Kyle Benson vars: mongodb_database: "{{ database }}" mongodb_collection: "{{ collection }}" mongodb_document: "{{ filename }}" vars: dns: ipv6: - '2001:4860:4860::8888' - '2001:4860:4860::8844' dns6: "{{ dns.ipv6 }}"collection: "{{ mongodb_collection }}"
  • 16. - name: Data Manipulation | Meetup | Ansible Durham hosts: sandboxapicdc.cisco.com connection: local gather_facts: '{{ facts | default("no") }}' vars: foo: name: bar description: '{{ desc | default("This is a test") }}' vars_files: - '{{ playbook_dir }}/files/LTM_vip_v6-3.json' tasks: - name: Hostvars | run with or without gathering facts debug: var: hostvars[inventory_hostname] - name: Variable from vars_file specified debug: var: imdata - name: Variable defined in playbook debug: msg: '{{ foo.description }}' Why might you run gather facts on a local host? Using a dictionary rather than a scalar variable Where is variable ‘imdata’ defined? Difference between? -e 'desc=this is a test’ and -e 'desc="this is a test"'
  • 20. https://docs.ansible.com/ansible/latest/plugins/plugins.html Filters in Ansible… are used for transforming data … Lookup plugins allow Ansible to access data from outside sources. Lookups are an integral part of loops Modules are used as information gatherers _info _facts Modules have modes to ‘put’ or ‘get’ aws_s3
  • 21. #!/usr/bin/ansible-playbook --- # # Copyright (c) 2019 World Wide Technology, Inc. # All rights reserved. # # author: Joel W. King, World Wide Technology # - name: Msg broker for big or little Tetration hosts: localhost gather_facts: yes connection: local vars: verify_broker: 'no' big_tetration: '10.6.36.24:443,10.6.36.25:443,10.6.36.26:443' little_tetration: '192.0.2.1:443' tasks: - debug: msg: 'Big Tetration have three Kafka brokers, pick one: {{ item }}' with_random_choice: '{{ big_tetration.split(",") }}' - debug: msg: 'Little Tetration only has one Kafka broker: {{ item }}' with_random_choice: '{{ little_tetration.split(",") }}' - set_fact: kafka_broker: '{{ item }}' with_random_choice: '{{ big_tetration.split(",") }}' - name: Optionally verify reachability to the broker shell: 'openssl s_client -connect {{ kafka_broker }} -tls1 ' ignore_errors: False register: openssl when: verify_broker|bool return random element from list 10.6.36.24:443 10.6.36.25:443 10.6.36.26:443 192.0.2.1:443 Little Big FORM FACTORS filter returning boolean
  • 22. acl_action: {"ALLOW": "permit", "DROP": "deny"} # translator for action verbs - name: Configure firewall access-list debug: msg: "access-list {{ acl_name }} line 1 extended {{ acl_action[item.action] }} {{item.ip_protocol }}" loop: "{{ tnp.ansible_facts.intents }}" https://gitlab.com/tetration-network-policy-publisher/policy-stream-12-pub-vrf/-/blob/master/view_network_policy_decrypt.yml Policy engine uses different keywords than the firewall where the policy is being applied
  • 23. IPAM GLOBAL CONFIG YAML ENCRYPTED CREDENTIALS YAML SERVICE TICKETING SYSTEM VERSION CONTROL SOURCE OF TRUTH NETWORK DEPLOYMENT ENGINEER https://github.wwt.com/it-automation-aci/ansible-aci-include-data MongoDB BOOTSTRAP EXTRA_VARS PRE-PROCESSING POST-PROCESSING ANSIBLE PLAYBOO K
  • 24. ENCRYPTED CREDENTIALS YAML SERVICE TICKETING SYSTEM VERSION CONTROL SOURCE OF TRUTH NETWORK DEPLOYMENT ENGINEER BOOTSTRAP EXTRA_VARS https://github.wwt.com/it-automation-aci/ansible-aci-credentials ANSIBLE PLAYBOO K
  • 25. https://gitlab.com/joelwking/cisco_dc_community_of_interest/-/blob/master/demos/engine/playbooks/sample_wwt_roles.yml ./sample.yml -v -i inventory.yml --e 'bootstrap=sample456 All playbooks call these roles for managing credentials and including data
  • 26. VERSION CONTROL SOURCE OF TRUTH NETWORK DEPLOYMENT ENGINEER MongoDB MongoDB is an open-source document / NoSQL database. Implemented as a Docker Container ANSIBLE PLAYBOO K
  • 27.
  • 28. SOURCE OF TRUTH NETWORK DEPLOYMENT ENGINEER Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services that provides object storage through a web service interface. ANSIBLE PLAYBOO K
  • 29. - name: Data Manipulation | Meetup | Ansible Durham | S3 hosts: s3.amazonaws.com connection: local gather_facts: '{{ facts | default("no") }}' module_defaults: aws_s3: aws_access_key: '{{ access.key }}' aws_secret_key: '{{ secret.key }}' bucket: '{{ bucket }}' vars: keys: '/home/administrator/amazon_web_service/access_keys/s3.yml' input: - name: '/usr/bin/ansible' state: put meta_data: 'foo=bar' - name: '{{ playbook_dir }}/files/sample_csv_file.csv' state: put meta_data: 'foo=bar' vars_files: - '{{ keys }}' tasks: - name: PUT/upload with metadata aws_s3: object: '{{ item.name }}' src: '{{ item.name }}' mode: '{{ item.state }}' metadata: '{{ item.meta_data }}' loop: '{{ input }}'
  • 30. https://min.io/product MinIO is best suited for high performance tasks such as analytics, machine learning and modern, high throughput application development. … … As an object store, MinIO can store unstructured data such as photos, videos, log files, backups and container / VM images. Size of an object can range from a few KBs to a maximum of 5TB. https://en.wikipedia.org/wiki/Minio Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services that provides object storage through a web service interface.
  • 33. Configuration  Network Engineers like spreadsheets  Free and readily available – no training  YAML, JSON and XML confound non-programmers tabular structure to hierarchical
  • 34. ./csv_to_mongo.yml -e filename="/it-automation-aci/TEST_DATA/aci_constructs_policies_3.csv" --skip-tags "mongo" tasks: - name: Get facts from CSV file csv_to_facts: src: '{{ filename }}' table: spreadsheet vsheets: - VRFs: - VRF - Tenant - TENANTs: - Tenant - APs: - Tenant - AppProfile - debug: msg: '{{ TENANTs }}' TASK [debug] ****************************************************************************************************************** ok: [localhost] => {} MSG: [{u'Tenant': u'WWT-INT'}, {u'Tenant': u'WWT-DMZ'}, {u'Tenant': u'WWT_NULL'}] UNIQUE (SET) OF TENANTS PRESENT IN THE SPREADSHEET CSV FILE FROM EXCEL VIRTUAL SPREADSHEET https://github.com/joelwking/csv-source-of-truth
  • 35. Contract Subject (vzSubj) Contract (vzBrCP) Filter (vzFilter) Filter Entry (vzEntry) Bind Filter to Contract Subject (vzRsSubjFiltAtt) Tenant (fvTenant) End Point Group (fvAEPg) Application Profile (fvAP) Bind EPGs to Contracts (fv:RsCons, fv:RsProv) Looping over ‘virtual spreadsheet
  • 36. # # This Excel / CSV file is managed by network engineering, it identifies the target Tenant, AP and EPG # - block: - name: Extract the specified sheet from the Excel file xls_to_csv: src: '{{ spreadsheet }}' dest: '{{ playbook_dir }}/files/aci/' sheets: '{{ sheet_name }}' - name: Load the EPG, AP and Tenant mapping csv_to_facts: src: '{{ playbook_dir }}/files/aci/{{ sheet_name }}.csv' vsheets: - TENANTs: - ap - epg - tenant - name: Iterate over the spreadsheet roles, creating an associative array (dictionary) using the EPG as the key set_fact: epg_ap_tenant: "{{ epg_ap_tenant | combine( {item.epg: item} ) }}" loop: "{{ TENANTs }}"
  • 38. When network configuration (policy) is generated programmatically, it must be applied to network devices programmatically. Zero Trust Architecture (2nd Draft) https://csrc.nist.gov/publications/detail/sp/800-207/draft
  • 39. VERSION CONTROL SOURCE OF TRUTH NETWORK DEPLOYMENT ENGINEER ANSIBLE PLAYBOO K
  • 41.  Most Network Engineers are not familiar with data serialization formats – which is why we use spreadsheets.  Don’t clutter playbooks with conditionals validating data format  Playbooks are not intended to be programming languages, write modules, and plugins.  Structure your data so it drives the functionality of the playbooks
  • 42. Examples from the Cisco Data Center webinar https://gitlab.com/joelwking/cisco_dc_community_of_interest CSV source of truth https://github.com/joelwking/csv-source-of-truth Foray into Ansible Content Collections https://www.slideshare.net/joelwking/foray-into-ansible-content-collections YAML Magic https://www.slideshare.net/roidelapluie/yaml-magic The 100% Open Source, Enterprise-Grade, Amazon S3 Compatible Object Storage https://min.io/ https://docs.minio.io/docs/minio-quickstart-guide.html