Ask an Expert: Ansible Network Automation Sean Cavanaugh Iftikhar - - PowerPoint PPT Presentation
Ask an Expert: Ansible Network Automation Sean Cavanaugh Iftikhar Khan Technical Marketing Manager Senior Manager, Engineering Team Red Hat Ansible Automation Red Hat Ansible Automation seanc@redhat.com ikhan@redhat.com @IPvSean @ifty_k
Sean Cavanaugh Technical Marketing Manager Red Hat Ansible Automation seanc@redhat.com @IPvSean
Ask an Expert: Ansible Network Automation
Iftikhar Khan Senior Manager, Engineering Team Red Hat Ansible Automation ikhan@redhat.com @ifty_k
For more information or to register visit: ansible.com/automates
Tampa, FL November 14, 2018 New York, NY December 4, 2018 Nashville, TN October 25, 2018
For more information or to register visit: ansible.com/workshops
Portland, OR November 6, 2018 Houston, TX November 7, 2018 Rochester November 7, 2018
NETWORKING WORKSHOP NETWORKING WORKSHOP NETWORKING WORKSHOP
WHAT WE’RE TALKING ABOUT TODAY
httpapi net_get and net_put new netconf modules cli_command and cli_config New Tower 3.3 UI Improvements Tower Credential Management for Network Devices Custom Ansible Environment Support for Ansible Tower Ansible Network Roles Q/A with Ifty and Sean
httpapi connection plugin
○ Cisco Nexus NX-API for the NX-OS platform ○ Arista eAPI for the EOS platform
Networking Platform ansible_network_os httpapi method Arista EOS ansible_network_os=eos eAPI Cisco NX-OS ansible_network_os=nxos NX-API
httpapi connection plugin example
hosts: leaf01 connection: httpapi gather_facts: false tasks:
eos_command: commands:
register: command_output
debug: var: command_output.stdout[0]["version"]
net_get and net_put
net_get and net_put example
hosts: leaf01 connection: network_cli gather_facts: false tasks:
net_get: src: running_cfg_eos1.txt
net_put: src: temp.txt
netconf
○ netconfg_get - fetch configuration/state data from NETCONF enabled network devices ○ netconf_rpc - execute operations on NETCONF enabled network devices ○ netconf_config - netconf device configuration, module allows the user to send a configuration XML file to a netconf device, and detects if there was a configuration change.
netconf - converting RPC to a Playbook
<rpc> <get-interface-information> <interface-name>ge-2/3/0</interface-name> <detail/> </get-interface-information> </rpc> ]]>]]>
netconf_rpc: display: json rpc: get-interface-information content: interface-name: "em1.0"
hosts: juniper gather_facts: no connection: netconf tasks:
netconf_rpc: display: json rpc: get-interface-information content: interface-name: "em1.0" register: netconf_info
netconf - full example
cli_command and cli_config
[cisco] rtr1 ansible_host=54.201.149.175 rtr2 ansible_host=34.222.129.140 rtr3 ansible_host=34.219.120.71 [cisco:vars] ansible_user=admin ansible_network_os=ios [arista] leaf01 ansible_host=34.217.176.5 leaf02 ansible_host=34.217.176.6 [arista:vars] ansible_user=admin ansible_network_os=eos ansible_network_os identifies
Networking Inventory
hosts: cisco gather_facts: no connection: network_cli tasks:
cli_config: config: ip name-server 8.8.8.8
cli_command: command: show run | i ip name-server register: cisco_output
cli_* - full example
What is Tower? Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and RESTful API.
Red Hat Ansible Tower
https://www.ansible.com/tower
Red Hat Ansible Tower
○ When 2 or more people start using the same Playbooks in their
○ When I need a central point of execution ○ When I need an API to control my Playbooks ○ When I need integrations with TACACS+, RADIUS, SAML, AD ○ When I am doing more than just networks
○ Free Workshops, Free Trials (Linux, Vagrant, AWS EC2) ○ Red Hat Global Learning Services: https://red.ht/2jVOvNg
New Tower 3.3 UI Improvements
Credentials Orgs, Users and Teams Notifications
Get more things done, with less clicks!
More Top Level Info under Jobs
Who launched this job When the job was launched What the job was launched against
Network Credential Management
just like servers!
username/pass
CBC mode alongside a SHA-256 HMAC.
Ansible Environment
Ansible on a per-Job basis
specific Engine release
https://galaxy.ansible.com/ansible-network
Ansible Network Roles
Network Activities for Operators
Galaxy
performing network operator tasks
any platform, any device
Red Hat Subscription
cloud_vpn - Network Role
Purpose Providers Ansible Version Agnostic role for creating IPSEC VPN tunnels between two clouds or endpoints. Cloud: AWS, Azure, OpenStack EndPoints: AWS VPN, VyOS, Cisco CSR, RHEL, CentOS 2.6+ Functions Example
name: ansible-network.cloud_vpn
name: ansible-network.cloud_vpn tasks_from: delete_vpn
https://galaxy.ansible.com/ansible-network/cloud_vpn
Cisco CSR on AWS RHEL on Azure VPN
config_manager - Network Role
Purpose Providers Ansible Version platform agnostic approach to managing the active (running) configuration file on network devices VyOS, Junos OS, Arista EOS, Cisco IOS, IOS-XR, IOS-XE, NX-OS 2.6+ Functions Example
gather_facts: false roles:
function: get
https://galaxy.ansible.com/ansible-network/config_manager
Cisco IOS-XE Juniper Junos Arista EOS
yang - Network Role
Purpose Providers Ansible Version platform agnostic approach to managing the active (running) configuration file on network devices Cisco IOS-XR and Juniper Junos 2.6.2+ Functions Example
connection: netconf gather_facts: false tasks:
include_role: name: ansible-network.yang tasks_from: fetch
https://galaxy.ansible.com/ansible-network/yang
Cisco IOS-XE Juniper Junos
25
ansible-network@redhat.com github.com/network-automation facebook.com/ansibleautomation twitter.com/ansible