Downloaded 111 times
![ANSIBLE Introduction Hosts file sample
[ios-routers]
R_2691 ansible_host=192.168.45.3
R_3745 ansible_host=192.168.45.4
[v6-router]
R_7200 ansible_host=2001:db8::1001::1](https://image.slidesharecdn.com/1-171124014238/75/Network-automation-NetDevOps-with-Ansible-15-2048.jpg)
![---
- hosts: all-ios
gather_facts: no
connection: local
tasks:
- name: OBTAIN LOGIN INFORMATION
include_vars: secrets.yml
- name: DEFINE PROVIDER
set_fact:
provider:
host: "{{ ansible_host }}"
username: "{{ creds['username'] }}"
password: "{{ creds['password'] }}"
auth_pass: "{{ creds['auth_pass'] }}"
- name: ADD BANNER
ios_config:
provider: "{{ provider }}"
authorize: yes
lines:
- banner motd ^Welcom to BDNOG7^
Ansible Language Basics
Play
task
Module
task
Module
task
Module
1
2
3
Playbook](https://image.slidesharecdn.com/1-171124014238/75/Network-automation-NetDevOps-with-Ansible-28-2048.jpg)
Uploaded byBangladesh Network Operators Group
Network automation (NetDevOps) with Ansible
This document provides an overview of network automation using Ansible. It discusses: 1. What DevOps and NetDevOps are and why automation is important for avoiding repeated tasks and errors. 2. Ansible is introduced as an open source automation tool that is agentless, uses a push model, and has a simple architecture based on YAML files. 3. A case study is presented on how SBAC Bank used Ansible to automatically generate router configurations for new branches and manage routing policies across their network.
More Related Content
![[오픈소스컨설팅]클라우드기반U2L마이그레이션 전략 및 고려사항](https://cdn.slidesharecdn.com/ss_thumbnails/u2l-171114134117-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Network automation (NetDevOps) with Ansible
More from Bangladesh Network Operators Group
![Automating ISP Networks Using Ansible and IPAM as a Source of Truth [SoT]](https://cdn.slidesharecdn.com/ss_thumbnails/automatingispnetworksusingansibleandipamasasourceoftruthsot-v25-1-251124105117-d7d4ca24-thumbnail.jpg?width=640&height=640&fit=bounds)
Network automation (NetDevOps) with Ansible
- 1. Imtiaz Rahman SBAC BankLimited NETWORK AUTOMATION (NetDevOps) with ANSIBLE writeimtiaz@gmail.com https://imtiazrahman.com BDNOG 7 18 November 2017 Lakeshore Hotel Dhaka
- 2. Today’s Talk 1. Devops/NetDevOps? 2. Why automation ? 3. Tools for automation 4. Why Ansible ? 5. Ansible introduction 6. Ansible Security 7. Ansible Language Basics 8. How to run 9. SBAC Case (case study) 10. Demo time
- 3.
- 4.
- 5. DevOps integrates developersand operations teams In order to improve collaboration and productivity by automating infrastructure, automating workflows and continuously measuring application performance Dev + Ops = DevOps DevOps
- 6. NetDevOps = Networking+ DevOps infrastructure as code NetDevOps
- 7. • Avoid repeatedtask • Avoid typographical error (Typos) • Faster deployment • Identical configuration Why automation ?
- 8.
- 9. • Open sourceIT automation tool • Red hat Enterprise Linux, CentOS, Debian, OS X, Ubuntu etc. • Need python What is ANSIBLE?
- 10. Why ANSIBLE? • Simple •Agentless • Push model
- 11.
- 12.
- 13. • Start with- - - • File extention .yml/.yaml • Easy for a human to read ANSIBLE Introduction YAML --- - hosts: ios-routers gather_facts: no connection: local tasks: - name: Save Configuration ios_command: commands: - write memory host: "{{ ansible_host }}"
- 14. Hosts ANSIBLE Introduction • Listof devices or group of devices where ansible push configuration • Name and variable assign • Default location /etc/ansible/hosts • Can make your own
- 15. ANSIBLE Introduction Hostsfile sample [ios-routers] R_2691 ansible_host=192.168.45.3 R_3745 ansible_host=192.168.45.4 [v6-router] R_7200 ansible_host=2001:db8::1001::1
- 16. Inventory ANSIBLE Introduction • Staticlines of devices • Can be accessed across multiple roles
- 17. Module ANSIBLE Introduction • Modulescontrol system resources, packages, files. • Can be executed directly on remote hosts or through Playbooks • Over 450 ships with Ansible • User can also write their own modules
- 18. ANSIBLE Introduction (Networkmodules) • asa_acl - Manage access-lists on a Cisco ASA • asa_command - Run arbitrary commands on Cisco ASA devices • eos_banner - Manage multiline banners on Arista EOS devices • eos_config - Manage Arista EOS configuration sections • bigip_command - Run arbitrary command on F5 devices. • bigip_hostname - Manage the hostname of a BIG-IP. • ios_banner - Manage multiline banners on Cisco IOS devices • ios_command - Run commands on remote devices running Cisco IOS • ios_config - Manage Cisco IOS configuration sections • iosxr_command - Run commands on remote devices running Cisco IOS XR • iosxr_config - Manage Cisco IOS XR configuration sections • junos_command - Run arbitrary commands on an Juniper JUNOS device • junos_config - Manage configuration on devices running Juniper JUNOS http://docs.ansible.com/ansible/list_of_network_modules.html
- 19. Task ANSIBLE Introduction • Ata basic level, a task is nothing more than a call to an ansible module • Task run sequentially
- 20. ANSIBLE Introduction tasksample - name: configure interface settings ios_config: lines: - description test interface - ip address 172.31.1.1 255.255.255.0 parents: interface Ethernet1 - name: load new acl into device ios_config: lines: - 10 permit ip host 1.1.1.1 any log - 20 permit ip host 2.2.2.2 any log parents: ip access-list extended test before: no ip access-list extended test match: exact
- 21. Roles ANSIBLE Introduction • Ansibleroles are a special kind of playbook that are fully self-contained with tasks, variables, configuration templates and other supporting files • Has it’s own directory structure
- 22. ANSIBLE Introduction rolessample ├── router_config │ ├── inventory │ │ └── hosts │ ├── output │ │ └── SOUTH.cfg │ ├── playbook.yml │ └── roles │ └── router │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── router_config.j2 │ └── vars │ └── main.yml
- 23. Jinja2 ANSIBLE Introduction • templateengine for the Python programming language • File extension .j2 • Support conditions, loops • Variable declaration
- 24. ANSIBLE Introduction jinja2sample {% for interface in cisco_1921_interfaces %} interface {{ interface }} {% if interface == 'GigabitEthernet0/0' %} description {{ item.int_descp }} ip address {{ item.ipv4_addp }} {{ item.ipv4_mus }} {% elif interface == 'GigabitEthernet0/1' %} description {{ item.int_descs }} ip address {{ item.ipv4_adds }} {{ item.ipv4_mus }} {% endif %} no shutdown exit {% endfor %} ip route {{ item.static_route1 }} {{ item.static_gw1 }} ip route {{ item.static_route2 }} {{ item.static_gw1 }}
- 25. Playbook ANSIBLE Introduction • Playbooksare a way to send commands to remote devices • Plain text YAML file • Each playbook contains one or more plays
- 26. ANSIBLE Introduction playbooksample --- - name: PLAY START hosts: ios-routers gather_facts: no connection: local tasks: - name: LOGIN INFORMATION include_vars: secrets.yml - name: ADD BANNER ios_config: provider: "{{ provider }}" lines: - banner motd ^Welcome to bdNOG7^
- 27. Ansible Language Basics TaskTask Task ModuleModule Module Play Play Play 1 2 3 Playbook
- 28. --- - hosts: all-ios gather_facts:no connection: local tasks: - name: OBTAIN LOGIN INFORMATION include_vars: secrets.yml - name: DEFINE PROVIDER set_fact: provider: host: "{{ ansible_host }}" username: "{{ creds['username'] }}" password: "{{ creds['password'] }}" auth_pass: "{{ creds['auth_pass'] }}" - name: ADD BANNER ios_config: provider: "{{ provider }}" authorize: yes lines: - banner motd ^Welcom to BDNOG7^ Ansible Language Basics Play task Module task Module task Module 1 2 3 Playbook
- 29. ANSIBLE Security Ansible Vault •It keeps sensitive data such as password, keys, variable name in encrypted format • Need a password while encrypting, decrypting and running • ansible-vault is the keyword along with encrypt, decrypt, view, etc. parameter
- 30. ANSIBLE Security Ansible Vault --- ---creds: username:"imtiaz" password: ”password" auth_pass: ”password” $ANSIBLE_VAULT;1.1;AES256 643364643164623266393365366 561613566303362303933343662 30653866373635386261643432 ansible-vault encrypt secretfile.yml
- 31. Installing Ansible yum, rpm,apt-get, emerge, pkg, brew, github Python 2.6 or above for the control machine and python 2.X or later for managed node http://docs.ansible.com/ansible/latest/intro_installation.html
- 32. How to run •ansible <inventory> -m • ansible-playbook • Ansible tower
- 33. SBAC Case • Country:Bangladesh • Organization: SBAC Bank Limited • Branch: 61 • Customer: 80K • Journey start: April, 2013
- 34. SBAC Case DC DR ISP1 ISP2 BRANCH/ ATM OSPF(DC <->Branch) STATIC (DR <-> Branch/ATM) ANSIBLE HOST CBS SWIFT RTGS ACH Mail RTGS ACH CBS SWIFT
- 35. SBAC Case • Generaterouter configuration for new branch or ATM • Manage static route, access list, ospf cost etc.
- 36.
- 37.