Transcription
Powering YourAutomation:A Single Source of TruthTIM SCHREYACK
Network Automation: The DreamClick the easy button and yournetwork is configured
Network Automation: The Realityu Varyingvendor supportu Multiple, competing frameworksu Nothing is ”off the shelf”u There is no easy button to create theeasy button
Automation vs OrchestrationOrchestration – codifying your processesAutomation – codifying your tasksOrchestration is essentially stringingtogether multiple chunks of automation.
Network Automation OverviewuuBootstrapuDeploy new equipment with minimal human involvementuValidate physical infrastructureOperationsuuDevice ConfigurationuuEasy button for standard MACsTemplate based versions of config in whole or in partVersion ControluKeep templates in GithubuMaintain branches or forksuRequire peer review prior to merging to Master
Automation ToolsuuAutomation ToolsuAnsibleuPuppetuSaltuNAPALMOrchestration toolsuStackstormuRunDeck
Common Methods of DataInput/StorageThe Really Really Bad:By handStatically definedThe Still Pretty Bad:SpreadsheetsEmailAnd Still Not So Great:Disconnected toolsIPAMCMDBDCIM
A Better WayA Single Source of Truth DatabaseStore ALL of your static data in one databaseLink formerly disconnected pieces of data togetherMaintain only one copy of the data, instead of multiples
What data to store?uPhysical and virtual DevicesuLinksuData center info (sites, racks, pods, etc )uIP AddressinguVLANsuASNsuVRFsuAll your network and other infrastructure data
AdvantagesNow we can make connections between data that wasformerly disconnected.We can easily retrieve static values based on any numberof criteria.We can create resource pools of physical and logicalitems for use in our automation.
A Brief AsidePets vs cattleBut my resource is special – I need toname it and pet it and love it forever.No, no, it’s not. Treat all your resources ascattle.
Source of Truth ExamplesDIYu Mongou Postgresu Puppet DB/ Hierau YAML/JSON Files (easy, but limited)Off the Shelfu NetBox
Source of Truth Example Structure
A Practical ExampleDeploy a network update to configure a new physicalserver that will run web servers.uPhysical Requirementsu Switchports on two access switchesu Cabling requirements between server and switchesuLogical Requirementsu VLAN(s)u Public, Internal, and Management IP Addressesu FQDN(s)
A Practical Example (cont.)From resource pools in your single source of truth, you can nowprogrammatically allocate almost everything:Physical ResourcesRack Unit locationSwitchportsLogical ResourcesVLANsIP Addresses
A Practical Example (cont.)We can automatically generate:DC Ops request to rack and cable serverNetwork configuration (switches/firewalls/etc.)DNS Entries
A Practical Example (cont.)Ansible & PythonAnsiblePythonShort learning curveAgentlessOpen SourceBroad vendor supportMost common language(probably)ReadableSupported in virtually all tools
A Practical Example (cont.)Ansible & PythonFilter Plugins allow you to use Python to look up data fromthe single source of truth in your Ansible templates.ansible/plays/filter plugins/my functions.pyCreate Python functions and classes to access your database.
A Practical Example (cont.)Ansible & Pythonswitch template.j2interface Ethernet{{ fqdn allocate port(pool 'webservers') }}switchport access vlan {{ site get vlan(pool 'webservers') }}no shut
A Practical Example (cont.)Ansible & Pythonmy functions.pydef allocate port(fqdn, pool): code return port numberdef get vlan(site, pool): code return vlan number
A Practical Example (cont.)Ansible & Pythonmy play.yml--- hosts: "web switches"connection: localvars:fqdn: "my new server.mydomain"site: "my site"tasks:- name: Generate Switch Configurationtemplate:src: "my template.j2"dest: "my switch config.cfg"
A Practical Example (cont.)Ansible & Pythonmy switch config.cfginterface Ethernet12switchport access vlan 101no shut
A Practical Example (cont.)Deploy OverviewuAnsible has broad network supportuFairly easy to configure using plays to deploy configurationuuTake snapshot (depending on Network OS support)uDeploy config (SSH, API)uSave changesuRollback on failureCan use orchestration tools to handle deploying to multiple devices basedon events
ConclusionuNetwork automation is becoming mainstreamuA paradigm shift is required to take full advantage of the possibilitiesuStart by identifying key processes that can be automateduDon't be afraid to rethink how those processes workuStart writing code!
Questions
Oct 30, 2019 · CMDB DCIM The Really Really Bad: By hand Statically defined The Still Pretty Bad: Spreadsheets Email. A Better Way A Single Source of Truth Database Store ALL of your static data in one database Link formerly disconnected pieces of data together . Open Source Broad vendo
