1

Devops Day Amsterdam 2014

Network Automation Tools

Chef and Zero Touch Provisioning/Replacement (ZTP/ZTR)

2

Agenda

Introduction (EB)

ZTP (MA)- Boot three bare metal switches

Chef (EB)- Orchestrate two switches with baseline interface configuration - Enforce configuration statements- Reject certain config lines

VxLAN (MA)- Create a VxLAN tunnel between leaf 1 and leaf 2 using CVX

Opendaylight (MA)- Start the Opendaylight controller on MadDog- Configure Openflow on the switches- Create a flow that ensure that all HTTP traffic from BigDog MadDog will use ethernet

interface 1

3

Prerequisites

Experience:

- Some experience with Virtualbox is a pre

Hardware:

- Notebook with at least 4GB of RAM

- 10GB available hard drive storage

Software:

- Hypervisor installed: Virtualbox (www.virtualbox.org)

- Virtualization solution supporting

Note: The workshop will be held in english, native dutch speakers are around if needed

4

Speaker Bios

Michael Amstelveen, Consulting Engineer, Arista Networks

Arista Networks: a leading supplier of cloud networking solutions that use software innovations to address the needs of large-scale Internet companies, cloud service providers and next-generation data centers for enterprises.

I’m passionate about computer networking, automation and innovation.

Mail: ma@arista.com

Edwin Beekman, Engineer, Schuberg Philis bv

Working at Schuberg Philis bv, a company focused on Critical Application Outsourcing.

My main focus is everything related to networking, from routing/switching/security to SDN, virtualization, programming and automation.

BsC in Telematics and CISSP Certified.

Mail: ebeekman@schubergphilis.com and Twitter: FirebladeEd

5

Audiance

Why should you visit this workshop?- The workshop covers two network automation topics- - Zero Touch Provisioning and Replacement for bare metal switches- - Provisioning the switches through Chef

Who should visit this workshop? - Devops engineers interested in the network site of devops

6

Physical Setup

7

MGMT Network

8

Logical Topology

9

Lab 0: Preparation

Copy the files from USB to your local drive

Copy the following files from the USB stick to your local workshop directory:

- ztps-ubuntu-12.04_amd64-2014-06-16T11/49/05Z.ova (1.27GB)

- veos-dc1-pod1-spine1.ova (652.5MB)

- veos-dc1-pod1-tor1.ova (842.5MB)

- veos-dc1-pod1-tor2.ova (842.5MB)

- Aboot-veos-2.0.8.iso (4.2MB)

VirtualBox pre-requisites

IMPORTANT: Regarding VirtualBox networks. The default setup places eth1 on vboxnet2. This might not be created in your Virtual Box environment.

Therefore, open Vbox and open the General Settings/Preferences menu. Click on the Network tab. Click on Host-only Networks. Add or Modify vboxnet2. Configure the IPv4 Address for 172.16.130.1, the Netmask 255.255.255.0 and ensure that DHCP server is turned off under the DHCP Server tab.

10

Lab 0: Get all VMs up and running

Import the copied .ova files in vBOX

In this activity you will need to import the .ova files. Start vBOX and goto File>Import Appliance and select the .ova file. Repeat this for all four .ova files

- Installed all VMs and have them up and running- Have management connectivity between all lab host

Required Resources - As part of the installation above, sample files were copied from the ztpserver-demo

repo and placed into the necessary locations (/etc/ztpserver/ and /usr/share/ztpserver). Follow the steps below to create a quick demo:

- type cd /usr/share/ztpserver/nodes.- copy the default spine config to a new node that has the MAC address of your local

vEOS instance. mv 005056761aae <local spine MAC>.- start ztpserver ztps.

11

Lab 0: Get all VMs up and running

Activity Objective

In this activity you will meet these objectives: - Installed all VMs and have them up and running- Have management connectivity between all lab host

Required Resources

These are the resources and equipment required to complete this activity: - Two Ubuntu servers- Three Arista vEOS switches

Command List - Ping - Ifconfig

12

Task 0: Get your virtual lab prepared for this workshop

Activity Procedure Complete these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

13

Chef controlled network

Chef is an automation platform that transforms infrastructure into code.

Chef relies on reusable definitions known as cookbooks and recipes that are written using the Ruby programming language. Cookbooks and recipes automate common infrastructure tasks.

Their definitions describe what your infrastructure consists of and how each part of your infrastructure should be deployed, configured and managed. Chef applies those definitions to servers to produce an automated infrastructure.

14

Chef controlled network

For coding the infrastructure we have chosen for Chef and rolled out our own private Chef infrastructure. We can automate an awful lot: roll-out new Hypervisors, applications, configurations, services.

But coding the underlay is still something that is in development. Cisco has an integration with OnePK/Chef/Puppet or with an expect script. But what really intrigues me are the implementations that makes directly use of the network Operating System on the device itself. Integrations which allows for off-the-shelve installation of the Chef-client, with or without an additional plugin.

Arista switches can easily be integrated in the Chef deployment and allows for easy central configuration.

But actual any (Linux) network device can be used for automation.

15

Chef controlled network

server

client

RecipesRolesNodesAttribbutesTemplates

16

Task 1: The Chef server

Download the prepared VM from the USB stick and import the OVA file.Default installation of an Ubuntu 14.04 desktop

Install Curl:

sudo apt-get install curl

Install a SSH server

sudo apt-get install openssh-server

Install chef server from the Opscode website

sudo su -

wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.1.1-1_amd64.deb

dpkg -i chef-server_11.1.1-1_amd64.deb

chef-server-ctl reconfigure

When you browse on the VM (password: arista) to https://172.16.0.100 you will get the Chef login page (admin/p@ssw0rd1 or arista/arista). The prepared VM will show two configured nodes.

17

Task 2: The Chef client

The Chef client is already installed on the Chef server VM.Default installation of an Ubuntu 14.04 desktop

Install chef client from the Opscode website:

curl -L https://www.opscode.com/chef/install.sh sudo bash

Install Git for version control:

sudo apt-get install git

cd ~

sudo git clone https://github.com/opscode/chef-repo.git

sudo mkdir ~/chef-repo/.chef

Copy admin.pem and validator.pem from the Chef server after creating them in the UI, which are located in /etc/chef-server to ~/.chef/

Initialize knife and answer the questions for IP addresses and folders

knife configure –initial

Verify the Chef setup with for example knife node list

18

Task 3: The Chef client on vEOS Create two new machines in VirtualBox by adding a new machine with the vmdk

files from the USB stick (arista_sw1 (and 2), linux/other-linux, 2GB memory, select virtual disk: vEOS vmdk)

Enable the network interfaces in the properties and select internal network with arista_sw1

Start the VM (userid: arista, password: arista)

Set the correct time/date on the switch.

Make sure the /opt/secrets.json configuration exists. This file is being used to authenticate against the switch API.

{

"username”: “api_access",

"password”: “arista"

}

Make sure all the hosts can ping each other.

Sometimes a VM reload is required or enable promiscuous mode on the interface (and remove it again).

19

The Chef demo environment

server

client

ubuntu-arista-vm1

eth1: .100

172.16.0.0/24

arista-sw1

eth2: .11

eth0:bridge or nat

eth1

eth3

arista-sw2

eth2: .12

eth1

eth3

20

Task 4: Automate the VEOS switch

Check the arista_api cookbook on the Chef client server in /home/arista/cookbooks

The attributes can be found in the recipe. In this case simple interface configuration

# arista_api_interface "Ethernet[n]" do

# description 'something'

# interfaceForwardingModel '[bridged - routed]'

# vlanId [n - 0]

# interfaceMode '[bridged - trunk]'

# vlanExplanation '[n - null]'

# allowedtrunkvlanId [n - 0]

# linkStatus '[enabled - disabled]'

# end

21

Task 4: Automate the VEOS switch

The two switches are in this case controlled from roles in /home/arista/chef-repo/roles/

{

"name": "arista_sw1",

"description": "This roles configures the EOS sw1",

"json_class": "Chef::Role",

"default_attributes": { },

"override_attributes": {

"arista": {

"interfaces": [

{

"name": "ethernet1",

"description": "test",

"interfaceForwardingModel": "routed",

"vlanId": 15,

"interfaceMode": "bridged",

"vlanExplanation": "null",

"linkStatus": "enabled"

},

]

}

},

"chef_type": "role",

"run_list": ["recipe[arista_api]"],

"env_run_lists": { }

}

22

Task 4: Automate the VEOS switch

From the Chef client server:

Edit the ~chef-repo/roles/arista_sw1.json (or arista_sw2.json) to change the interface configuration or add an extra interface

Knife role from file arista_sw1.json (or arista_sw2.json)

Now you can wait until the Chef client runs on the switch, or run from bash: chef-client –v /persist/local/chef/client.rb

Check the switch configuration if it’s changed, if not go to the switch bash and run the Chef client manually to look for errors.

Check out www.cupfighter.net to see any updates on the cookbook and network automation developments.

23

SDN initiatives in the Netherlands

Early this year we started a new SDN MeetUp group in Amsterdam.

We held two meetings which where well received.

If you are interested make sure to check and join the group:

http://www.meetup.com/Amsterdam-SDN-Group/