Upload
philip-dileo
View
261
Download
4
Embed Size (px)
Citation preview
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Confidential. Copyright © Arista 2016. All rights reserved.
Ansible Integration![ a simple, elegant approach to configuration management ]
1
+
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Ansible Background
• Goal: simplicity and ease of use • Playbooks written in easy-to-read YAML • Core code written in Python • Modules can be written in any language you like • Agent-less architecture (no client daemon) • Tower: Operationalize Ansible • Idempotency • Community-driven (1300 >> 1)
Confidential. Copyright © Arista 2016. All rights reserved. 3
A New Solution...![ modules built right into Ansible 2.1 ]
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Ansible Modules 500+ built-in modules including: apt, yum, copy, command, cron, dns, docker, easy_install, ec2 (amazon modules), file, filesystem, find, git, known_hosts, mysql, mongodb, nagios, npm, openstack, rax (rackspace) pip, shell, snmp_facts… New network modules in Ansible 2.1 • eos_template • eos_command • eos_eapi • eos_config
Sample options for the yum module
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
eos_* Core Modules [ New in Ansible 2.1+ ]
Advantages
● No third-party libraries needed ● No additional config or client running on the switch ● Leverages eAPI/CLI(SSH) connection ● Work directly with running-configuration ● Easy to use/understand ● Offline-mode (generate configuration lines)
Confidential. Copyright © Arista 2016. All rights reserved. 6
Configuration Management![ manage EOS configuration with eos_template]
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Ansible 101 - Identify Templates leaf-b leaf-a
vlan 2 name production vlan 3 name app interface Ethernet1 description [BGP]Spine1 no switchport ip address 10.1.1.1/31 interface Ethernet2 description [BGP]Spine2 no switchport ip address 10.1.2.1/31
vlan 2 name production vlan 3 name app interface Ethernet1 description [BGP]Spine1 no switchport ip address 10.1.1.3/31 interface Ethernet2 description [BGP]Spine2 no switchport ip address 10.1.2.3/31
Vlan template
Ethernet Interface Template
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Ansible 101 – Create a Data Model leaf-a
vlan 2 name production vlan 3 name app interface Ethernet1 description [BGP]Spine1 no switchport ip address 10.1.1.1/31 interface Ethernet2 description [BGP]Spine2 no switchport ip address 10.1.2.1/31
vlan: vlanid: 2 name: production
interface: name: Ethernet1 description: [BGP]Spine1 address: 10.1.1.1/31
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Ansible 101 – Create Vlan Jinja Template leaf-a
vlan 2 name production vlan 3 name app interface Ethernet1 description [BGP]Spine1 no switchport ip address 10.1.1.1/31 interface Ethernet2 description [BGP]Spine2 no switchport ip address 10.1.2.1/31
vlans: -‐ vlanid: 2 name: production -‐ vlanid: 3 name: app
{% for vlan in vlans %} vlan {{ vlan.vlanid }} name {{ vlan.name }} {% endfor %}
Jinja Template [ vlans.j2 ]
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Ansible 101 – Create Eth Jinja Template leaf-a
vlan 2 name production vlan 3 name app interface Ethernet1 description [BGP]Spine1 no switchport ip address 10.1.1.1/31 interface Ethernet2 description [BGP]Spine2 no switchport ip address 10.1.2.1/31
interfaces: -‐ name: Ethernet1 description: [BGP]Spine1 address: 10.1.1.1/31 -‐ name: Ethernet2 description: [BGP]Spine2 address: 10.1.2.1/31
{% for intf in interfaces %} interface {{ intf.name }} description {{ intf.description }} no switchport ip address {{ intf.address }} {% endfor %}
Jinja Template [ intf.j2 ]
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
host_vars/leaf-b: interfaces: -‐ name: Ethernet1 description: [BGP]Spine1 address: 10.1.1.2/31 -‐ name: Ethernet2 description: [BGP]Spine2 address: 10.1.2.2/31
- hosts: pod1_leafs tasks: - name: Configure Arista Vlans eos_template: src=vlan.j2 - name: ConfigureArista Eth Interfaces eos_template: src=intf.j2
group_vars/pod1_leaf: vlans: - vlanid: 2 name: production - vlanid: 3 name: app
hosts file: [pod1_leafs] leaf-a leaf-b
1. Who runs the play?
4. Gather host vars
5. Run tasks
3. Any group vars?
2. Who’s in that group? (Fork per player)
Ansible 101 – Running the playbook
host_vars/leaf-a: interfaces: -‐ name: Ethernet1 description: [BGP]Spine1 address: 10.1.1.1/31 -‐ name: Ethernet2 description: [BGP]Spine2 address: 10.1.2.1/31
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Eos_Template: How it Works
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Conceptually
- host_vars - group_vars - sql database - cmdb - git repo - static config
- Ansible Tasks - Ansible Roles - Config Blocks - Jinja Templates
Data Execution Running
Config
[frequent changes] [seldom changes]
Confidential. Copyright © Arista 2016. All rights reserved. 14
Continuous Compliance![ verify EOS state with eos_command ]
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Validating System Details -‐ name: Gather Show Version From EOS eos_command: commands: -‐ ‘show version’ register: showvers -‐ name: Check EOS System Parameters assert: that: -‐ “’4.16.6M’ == showvers['stdout'][0]['version']” -‐ “’DCS-‐7150S-‐24' == showvers['stdout'][0]['modelName’]”
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Validating Ephemeral State -‐ name: Gather MLAG Status from EOS eos_command: commands: -‐ ‘show mlag’ register: showmlag -‐ name: Verify MLAG State assert: that: -‐ "'active' == showmlag['stdout'][0]['state']" -‐ "'connected' == showmlag['stdout'][0]['negStatus']" -‐ "'up' == showmlag['stdout'][0]['peerLinkStatus']"
Confidential. Copyright © Arista 2016. All rights reserved. 17
Revision Control![ use Git to manage changes ]
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Authorize Changes via Pull Requests
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Synchronize Changes in Tower
• Tower syncs with Git repo • All playbooks
automatically imported • Single source of truth
Confidential. Copyright © Arista 2016. All rights reserved. 20
Ansible Roles![ reusable, flexible implementation via roles]
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
• Package similar templates/tasks • Create flexible and dynamic templates/tasks • Create reusable code • Easily distribute and manage template/task changes
Use Ansible Roles to:
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Sample Roles from Arista – Ansible Galaxy [ Ansible Roles that built on top of arista.eos ]
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Example EOS Role - Varp [ Abstract Virtual Router Configuration ]
host_vars/veos-‐3 virtual_mac_addr: "00:1c:73:00:00:99" varp_interfaces: -‐ vlanid: 1001 name: Varp_Vlan1001 interface_addr: 192.168.1.3/24 virtual_addrs: -‐ 192.168.1.1 -‐ vlanid: 1002 name: Varp_Vlan1002 interface_addr: 192.168.2.3/24 virtual_addrs: -‐ 192.168.2.1
host_vars/veos-‐4 virtual_mac_addr: "00:1c:73:00:00:99" varp_interfaces: -‐ vlanid: 1001 name: Varp_Vlan1001 interface_addr: 192.168.1.4/24 virtual_addrs: -‐ 192.168.1.1 -‐ vlanid: 1002 name: Varp_Vlan1002 interface_addr: 192.168.2.4/24 virtual_addrs: -‐ 192.168.2.1
# Playbook -‐ hosts: leafs roles: -‐ arista.eos-‐virtual-‐router # Run ansible-‐playbook -‐i hosts play.yml
# hosts file [leafs] veos-‐3 veos-‐4
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Using Roles - Site Configuration [ Simply include roles ]
# Run ansible-‐playbook -‐i hosts site.yml
# hosts file [spine] veos-‐1 veos-‐2 [leaf] veos-‐3 veos-‐4
# Playbook site.yml -‐ include: spine.yaml -‐ include: leaf.yaml
# Playbook spine.yml -‐ hosts: spine gather_facts: no roles: -‐ arista.eos-‐system -‐ arista.eos-‐interfaces -‐ arista.eos-‐bridging -‐ arista.eos-‐ipv4 -‐ arista.eos-‐route-‐control -‐ arista.eos-‐bgp
# Playbook leaf.yml -‐ hosts: leaf gather_facts: no roles: -‐ arista.eos-‐system -‐ arista.eos-‐interfaces -‐ arista.eos-‐bridging -‐ arista.eos-‐ipv4 -‐ arista.eos-‐route-‐control -‐ arista.eos-‐bgp -‐ arista.eos-‐mlag -‐ arista.eos-‐virtual-‐router
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Sample Demo [ Zero Touch into Tower ]
https://youtu.be/VB29kjSOp7E Setup
1. Spine/leaf in bowtie 2. All nodes in ZTP mode 3. Nodes statically +
dynamically identified by ZTPServer
4. Nodes get base config: a. hostname b. mgmt ip c. eAPI enabled
5. Nodes register themselves with Tower
6. Run Job Template in Tower to provision nodes.
Confidential. Copyright © Arista 2016. All rights reserved.
Alternate text color: Hex color# 112346
ARISTA color Palette
Getting Started
Main Ansible Documentation Ask about our Ravello Blueprint Arista + Ansible 2.1 Quickstart
YouTube Tutorials
Ask for Help - [email protected]
Confidential. Copyright © Arista 2016. All rights reserved. 27
Thanks!