philip dileo - eos+ consulting servicesansible_nova-meetup.pdf · config-based approach with...
TRANSCRIPT
![Page 1: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/1.jpg)
+
Philip DiLeo - EOS+ Consulting Services
![Page 2: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/2.jpg)
But first, football...
Odell Beckham:1. Sprint 10 yards2. Slant at 45 degrees3. Run 4 yards4. Catch ball at 60mph
Third string player:1. Sprint 5 yards2. Slant at 45 degrees3. Run 1 yard4. Catch ball at 20mph
What would a data model look like for the player?
Odell Beckhamslant_route: sprint: 10 post_slant_sprint: 5 ball_speed: 60
Third string playerslant_route: sprint: 5 post_slant_sprint: 1 ball_speed: 20
Group Variableslant_angle: 45
How would you describe the play for the wide receiver in red?
![Page 3: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/3.jpg)
- players: wide_receivers
tasks: - name: On hike, sprint! sprinting: distance={{ slant_route.sprint }}
- name: Then slant in change_direction: angle={{ slant_angle }}
- name: Then sprint again sprinting: distance={{ slant_route.post_slant_sprint }}
- name: Prepare to catch receive_ball: speed={{ slant_route.ball_speed }}
Okay Coach, write the play...
group_vars/wide_receivers:slant_angle: 45
player_vars/odell_beckham:slant_route: sprint: 10 post_slant_sprint: 5 ball_speed: 60
player_vars/third_string:slant_route: sprint: 5 post_slant_sprint: 1 ball_speed: 20
players file:[wide_receivers]odell_beckhamthird_string
1. Who runs the play?
4. Gather Player Vars
5. Run tasks
3. Any group vars?
2. Who’s in that group? (Iterate per player)
![Page 4: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/4.jpg)
Conceptually, then...
- host_vars- group_vars- sql database- git repo- static config lines
- Ansible Tasks/Roles - Config Blocks - API Calls
Data Execution Strategy
RunningConfig
![Page 5: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/5.jpg)
Some Background on Ansible● Goal: simplicity and ease of use● Playbooks written in easily-read YAML● Written in Python● Agent-less architecture (no client daemon)● Security (uses OpenSSH or SSL)● Can be used by all within organization● Tower: Operationalize Ansible
![Page 6: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/6.jpg)
Why do I need Ansible?
“Why can’t I write a python or shell script that configures the switch?”
● Idempotency● Manageability● One platform for entire infra● Community-driven (1000 >> 1)
![Page 7: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/7.jpg)
Ansible ModulesAnsible includes 400+ built-in modules including:● apt, yum, copy, command, cron, dns,
docker, easy_install, ec2 (amazon modules), file, filesystem, find, git, known_hosts, mysql, mongodb, nagios, npm, openstack, rax (rackspace) pip, shell, snmp_facts…
Sample options for the yum module
But where are the networking modules?
![Page 8: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/8.jpg)
Ways to use Ansible with Arista
● API-based approach with arista.eos role available through Galaxy
● Config-based approach with ansible core module eos_config (Ansible 2.0+)
![Page 9: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/9.jpg)
The Ansible Role for EOS
The Ansible Role for EOS allows us to package multiple EOS-related modules into one convenient role.
This can be installed using Ansible Galaxy
$ ansible-galaxy install arista.eos
![Page 10: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/10.jpg)
EOS Role - What’s included?
● eos_acl_entry● eos_bgp_config● eos_bgp_neighbor● eos_bgp_network● eos_ethernet● eos_facts● eos_interface● eos_ipinterface● eos_mlag_config● eos_mlag_interface● eos_ping● eos_portchannel● eos_purge
● eos_routemap● eos_staticroute● eos_stp_interface● eos_switchport● eos_system● eos_user● eos_varp● eos_varp_interface● eos_vlan● eos_vrrp● eos_vxlan● eos_vxlan_vlan● eos_vxlan_vtep
Handler● save running config
Modules
![Page 11: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/11.jpg)
How does it work?tasks:
- name: Configure Vlan 1 eos_vlan: vlanid=1 enable=yes name=foo
![Page 12: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/12.jpg)
Additional EOS Roles[ Ansible Roles that built on top of arista.eos ]
Stop writing tasks.Start to model your configuration as CLI-
agnostic data structures
arista.eos base role
(includes mainly modules)
arista.eos-route-control
(mainly tasks)
arista.eos-system(mainly tasks)
arista.eos-virtual-router
(mainly tasks)
arista.eos-vxlan(mainly tasks)
arista.eos-bridging(mainly tasks)
arista.eos-interfaces(mainly tasks)
arista.eos-ipv4(mainly tasks)
arista.eos-bgp(mainly tasks)
arista.eos-mlag(mainly tasks)
![Page 13: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/13.jpg)
Available Through Galaxy[ Ansible Roles that built on top of arista.eos ]
https://galaxy.ansible.com/detail#/user/5790
![Page 14: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/14.jpg)
Connection Methods
Option A - SSH
Requirements:● Password-less SSH
associations● pyeapi installed on switch
(you can do this with Ansible)
● eAPI enabled● bash user
Notes:● You can use http_local or
unix sockets on >4.14.5F● Technically more secure
Option B - eAPI
Requirements:● pyeapi installed on
Ansible Control Host● eAPI enabled
Notes:● Simplicity but
potentially less secure. Need to store eapi credentials in cleartext.
![Page 15: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/15.jpg)
A New Method...
![Page 16: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/16.jpg)
eos_config Core Module[ New in Ansible 2.0+ ]
- name: get eos facts
eos_facts:
include_config: yes
device: "{{ eapi }}"
- name: Configure Arista Interface
eos_config:
block:
- "description {{ item.description }}"
- "{{ item.enabled | ternary('no shutdown', 'shutdown') }}"
- "no switchport"
- "ip address {{ item.address }}"
parent: "interface {{ item.name }}"
device: "{{ eapi_connection }}"
config: "{{ eos_facts.config }}"
with_items: interfaces
ansible_connection: local
eapi_connection:
host: "{{ inventory_hostname }}"
username: admin
password: admin
use_ssl: no
interfaces:
- name: Ethernet1
enabled: yes
description: My interface 1
address: 1.1.1.1/24
- name: Ethernet2
enabled: yes
description: My interface 2
address: 1.1.2.1/24
![Page 17: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/17.jpg)
eos_config Core Module[ New in Ansible 2.0+ ]
Advantages
● No third-party libraries needed (pyeapi, arista.eos)● Work directly with known running-configuration● Easy to use/understand. Zero barrier to entry● Offline-mode (generate configuration lines)● Leverages eAPI connection
![Page 18: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/18.jpg)
Best Practices...
![Page 19: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/19.jpg)
Beginner’s Playbook(s)#1. playbooks/deploy_app1_spine.yml
---
- hosts: spine
tasks:
- name: Configure App Vlan vlan: vlanid=10 enable=yes name=app1
- name: Configure BGP bgp: key=value key=value key=value
- name: Configure Interfaces intf: key=value key=value key=value
- name: Configure SMNP system: key=value key=value key=value
- name: Configure mlag mlag: key=value key=value key=value
#N. playbooks/deploy_appN_spine.yml
---
- hosts: spine
tasks:
- name: Configure App Vlan vlan: vlanid=1000 enable=yes name=app1
- name: Configure BGP bgp: key=value key=value key=value
- name: Configure Interfaces intf: key=value key=value key=value
- name: Configure SMNP system: key=value key=value key=value
![Page 20: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/20.jpg)
Solution: Ansible Roles“We’ll pretty much assume you are using roles at this point. You should be using roles for sure. Roles are great. You are using roles aren’t you? Hint hint.” docs.ansible.com
“...they allow you to focus more on the big picture and only dive down into the details when needed.”
![Page 21: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/21.jpg)
Example EOS Role - Varp[ Abstract Virtual Router Configuration ]
host_vars/veos-3
virtual_mac_addr: "00:1c:73:00:00:99"varp_interfaces: - vlanid: 1001 name: Varp_Vlan1001 interface_addr: 192.168.1.3/24 virtual_addrs: - 192.168.1.1 - vlanid: 1002 name: Varp_Vlan1002 interface_addr: 192.168.2.3/24 virtual_addrs: - 192.168.2.1
host_vars/veos-4
virtual_mac_addr: "00:1c:73:00:00:99"varp_interfaces: - vlanid: 1001 name: Varp_Vlan1001 interface_addr: 192.168.1.4/24 virtual_addrs: - 192.168.1.1 - vlanid: 1002 name: Varp_Vlan1002 interface_addr: 192.168.2.4/24 virtual_addrs: - 192.168.2.1
# Playbook- hosts: leafs roles: - arista.eos-virtual-router
# Run
ansible-playbook -i hosts play.yml
# hosts file[leafs]veos-3veos-4
![Page 22: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/22.jpg)
Using Roles - Site Configuration[ Simply include roles ]
# Run
ansible-playbook -i hosts site.yml
# hosts file[spine]veos-1veos-2
[leaf]veos-3veos-4
# Playbook site.yml- include: spine.yaml- include: leaf.yaml
# Playbook spine.yml- hosts: spine gather_facts: no
roles: - arista.eos-system - arista.eos-interfaces - arista.eos-bridging - arista.eos-ipv4 - arista.eos-route-control - arista.eos-bgp
# Playbook leaf.yml- hosts: leaf gather_facts: no
roles: - arista.eos-system - arista.eos-interfaces - arista.eos-bridging - arista.eos-ipv4 - arista.eos-route-control - arista.eos-bgp - arista.eos-mlag - arista.eos-virtual-router
![Page 23: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/23.jpg)
Sample Demo[ Zero Touch into Tower ]
https://youtu.be/VB29kjSOp7ESetup
1. Spine/leaf in bowtie2. All nodes in ZTP mode3. Nodes statically +
dynamically identified by ZTPServer
4. Nodes get base config:a. hostnameb. mgmt ipc. eAPI enabled
5. Nodes register themselves with Tower
6. Run Job Template in Tower to provision nodes.
![Page 24: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/24.jpg)
Getting Started● Main Ansible Documentation● Ansible EOS Quickstart Guide● Writing a Module● Ask about our Ravello Blueprint
● Ask for Help - [email protected]
![Page 25: Philip DiLeo - EOS+ Consulting ServicesAnsible_Nova-Meetup.pdf · Config-based approach with ansible core module eos_config (Ansible 2.0+) The Ansible Role for EOS The Ansible Role](https://reader033.vdocuments.us/reader033/viewer/2022051916/6007982822534e333045b8a0/html5/thumbnails/25.jpg)
Thanks!