Click here to load reader

Network Automation Tools

  • View
    34

  • Download
    8

Embed Size (px)

Text of Network Automation Tools

  1. 1. 1 Devops Day Amsterdam 2014 Network Automation Tools Chef and Zero Touch Provisioning/Replacement (ZTP/ZTR)
  2. 2. 2 Agenda Introduction (EB) ZTP (MA) - Boot three bare metal switches Chef (EB) - Orchestrate two switches with baseline interface configuration - Enforce configuration statements - Reject certain config lines VxLAN (MA) - Create a VxLAN tunnel between leaf 1 and leaf 2 using CVX Opendaylight (MA) - Start the Opendaylight controller on MadDog - Configure Openflow on the switches - Create a flow that ensure that all HTTP traffic from BigDog MadDog will use ethernet interface 1
  3. 3. 3 Prerequisites Experience: - Some experience with Virtualbox is a pre Hardware: - Notebook with at least 4GB of RAM - 10GB available hard drive storage Software: - Hypervisor installed: Virtualbox (www.virtualbox.org) - Virtualization solution supporting Note: The workshop will be held in english, native dutch speakers are around if needed
  4. 4. 4 Speaker Bios Michael Amstelveen, Consulting Engineer, Arista Networks Arista Networks: a leading supplier of cloud networking solutions that use software innovations to address the needs of large-scale Internet companies, cloud service providers and next-generation data centers for enterprises. Im passionate about computer networking, automation and innovation. Mail: [email protected] Edwin Beekman, Engineer, Schuberg Philis bv Working at Schuberg Philis bv, a company focused on Critical Application Outsourcing. My main focus is everything related to networking, from routing/switching/security to SDN, virtualization, programming and automation. BsC in Telematics and CISSP Certified. Mail: [email protected] and Twitter: FirebladeEd
  5. 5. 5 Audiance Why should you visit this workshop? - The workshop covers two network automation topics - - Zero Touch Provisioning and Replacement for bare metal switches - - Provisioning the switches through Chef Who should visit this workshop? - Devops engineers interested in the network site of devops
  6. 6. 6 Physical Setup eth1 eth1 eth2 vEOS1 MadDogBigDog spine01 leaf01 leaf02 eth2 eth1 eth1
  7. 7. 7 MGMT Network MadDogBigDog MGMT 172.16.0/24 .11 .10 spine01leaf01 leaf02 .12 .100 .101
  8. 8. 8 Logical Topology eth1.2 eth1.1 eth2 .9 eth3eth2.100 eth2.200 spine01 leaf01 lo0:99.99.99.2/32 lo0:99.99.99.3/32 lo0:99.99.99.1/32 10.10.10.0/30 10.10.10.8/30 802.1Q Trunk 802.1Q Trunk eth2.100, 100.100.100.10 eth2.200, 200.200.200.10 eth2.104, 100.100.100.40 eth2.204, 200.200.200.40 MadDogBigDog eth2.10 leaf02 eth3eth2.100 eth2.200
  9. 9. 9 Lab 0: Preparation Copy the files from USB to your local drive Copy the following files from the USB stick to your local workshop directory: - ztps-ubuntu-12.04_amd64-2014-06-16T11/49/05Z.ova (1.27GB) - veos-dc1-pod1-spine1.ova (652.5MB) - veos-dc1-pod1-tor1.ova (842.5MB) - veos-dc1-pod1-tor2.ova (842.5MB) - Aboot-veos-2.0.8.iso (4.2MB) VirtualBox pre-requisites IMPORTANT: Regarding VirtualBox networks. The default setup places eth1 on vboxnet2. This might not be created in your Virtual Box environment. Therefore, open Vbox and open the General Settings/Preferences menu. Click on the Network tab. Click on Host-only Networks. Add or Modify vboxnet2. Configure the IPv4 Address for 172.16.130.1, the Netmask 255.255.255.0 and ensure that DHCP server is turned off under the DHCP Server tab.
  10. 10. 10 Lab 0: Get all VMs up and running Import the copied .ova files in vBOX In this activity you will need to import the .ova files. Start vBOX and goto File>Import Appliance and select the .ova file. Repeat this for all four .ova files - Installed all VMs and have them up and running - Have management connectivity between all lab host Required Resources - As part of the installation above, sample files were copied from the ztpserver-demo repo and placed into the necessary locations (/etc/ztpserver/ and /usr/share/ztpserver). Follow the steps below to create a quick demo: - type cd /usr/share/ztpserver/nodes. - copy the default spine config to a new node that has the MAC address of your local vEOS instance. mv 005056761aae . - start ztpserver ztps.
  11. 11. 11 Lab 0: Get all VMs up and running Activity Objective In this activity you will meet these objectives: - Installed all VMs and have them up and running - Have management connectivity between all lab host Required Resources These are the resources and equipment required to complete this activity: - Two Ubuntu servers - Three Arista vEOS switches Command List - Ping - Ifconfig
  12. 12. 12 Task 0: Get your virtual lab prepared for this workshop Activity Procedure Complete these steps: Step 1 Step 2 Step 3 Step 4 Step 5
  13. 13. 13 Chef controlled network Chef is an automation platform that transforms infrastructure into code. Chef relies on reusable definitions known as cookbooks and recipes that are written using the Ruby programming language. Cookbooks and recipes automate common infrastructure tasks. Their definitions describe what your infrastructure consists of and how each part of your infrastructure should be deployed, configured and managed. Chef applies those definitions to servers to produce an automated infrastructure.
  14. 14. 14 Chef controlled network For coding the infrastructure we have chosen for Chef and rolled out our own private Chef infrastructure. We can automate an awful lot: roll-out new Hypervisors, applications, configurations, services. But coding the underlay is still something that is in development. Cisco has an integration with OnePK/Chef/Puppet or with an expect script. But what really intrigues me are the implementations that makes directly use of the network Operating System on the device itself. Integrations which allows for off-the-shelve installation of the Chef-client, with or without an additional plugin. Arista switches can easily be integrated in the Chef deployment and allows for easy central configuration. But actual any (Linux) network device can be used for automation.
  15. 15. 15 Chef controlled network server client Recipes Roles Nodes Attribbutes Templates
  16. 16. 16 Task 1: The Chef server Download the prepared VM from the USB stick and import the OVA file. Default installation of an Ubuntu 14.04 desktop Install Curl: sudo apt-get install curl Install a SSH server sudo apt-get install openssh-server Install chef server from the Opscode website sudo su - wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.1.1- 1_amd64.deb dpkg -i chef-server_11.1.1-1_amd64.deb chef-server-ctl reconfigure When you browse on the VM (password: arista) to https://172.16.0.100 you will get the Chef login page (admin/[email protected] or arista/arista). The prepared VM will show two configured nodes.
  17. 17. 17 Task 2: The Chef client The Chef client is already installed on the Chef server VM. Default installation of an Ubuntu 14.04 desktop Install chef client from the Opscode website: curl -L https://www.opscode.com/chef/install.sh sudo bash Install Git for version control: sudo apt-get install git cd ~ sudo git clone https://github.com/opscode/chef-repo.git sudo mkdir ~/chef-repo/.chef Copy admin.pem and validator.pem from the Chef server after creating them in the UI, which are located in /etc/chef-server to ~/.chef/ Initialize knife and answer the questions for IP addresses and folders knife configure initial Verify the Chef setup with for example knife node list
  18. 18. 18 Task 3: The Chef client on vEOS Create two new machines in VirtualBox by adding a new machine with the vmdk files from the USB stick (arista_sw1 (and 2), linux/other-linux, 2GB memory, select virtual disk: vEOS vmdk) Enable the network interfaces in the properties and select internal network with arista_sw1 Start the VM (userid: arista, password: arista) Set the correct time/date on the switch. Make sure the /opt/secrets.json configuration exists. This file is being used to authenticate against the switch API. { "username: api_access", "password: arista" } Make sure all the hosts can ping each other. Sometimes a VM reload is required or enable promiscuous mode on the interface (and remove it again).
  19. 19. 19 The Chef demo environment server client ubuntu-arista-vm1 eth1: .100 172.16.0.0/24 arista-sw1 eth2: .11 eth0: bridge or nat eth1 eth3 arista-sw2 eth2: .12 eth1 eth3
  20. 20. 20 Task 4: Automate the VEOS switch Check the arista_api cookbook on the Chef client server in /home/arista/cookbooks The attributes can be found in the recipe. In this case simple interface configuration # arista_api_interface "Ethernet[n]" do # description 'something' # interfaceForwardingModel '[bridged - routed]' # vlanId [n - 0] # interfaceMode '[bridged - trunk]' # vlanExplanation '[n - null]' # allowedtrunkvlanId [n - 0] # linkStatus '[enabled - disabled]' # end
  21. 21. 21 Task 4: Automate the VEOS switch The two switches are in this case controlled from roles in /home/arista/chef-repo/roles/ { "name": "arista_sw1", "description": "This roles configures the EOS sw1", "json_class": "Chef::Role", "default_attributes": { }, "override_attributes": { "arista": { "interfaces": [ { "name": "ethernet1", "description": "test", "interfaceForwardingModel": "routed", "vlanId": 15, "interfaceMode": "bridged", "vlanExplanation": "null", "linkStatus": "enabled" }, ] } }, "chef_type": "role", "run_list": ["recipe[arista_api]"], "env_run_lists": { } }
  22. 22. 22 Task 4: Automate the VEOS switch From the Chef client server: Edit the ~chef-repo/roles/arista_sw1.json (or arista_sw2.json) to change the interface configuration or add an extra interface Knife role from file arista_sw1.json (or arista_sw2.json) Now you can wait until the Chef client runs on the switch, or run from bash: chef-client v /persist/local/chef/client.rb Check the switch configuration if its chan

Search related