Week 4 recap

Monday

Ansible Basics

• Founded in 2012, purchased by Red Hat in 2015
• Written in Python
• Agent-less architecture
• Terminology
  • Inventory
  • Playbooks
  • Plays
  • Tasks
  • Collections
  • Modules
  • Parameters
  • Variables

Inventory

• Static files ini-like files
• Can use IPs or FQDN
• Create groups with square bracket syntax, [group1]
• Variables can be group or host based
  • group_vars and host_vars folders respectively
  • Can be provided in ini file or folders

Playbook

• This is a list of plays
• Defines inventory in scope
• Uses YAML data format
• Each play is a list of dictionaries, generally include
  • name
  • hosts
  • connection (in networks, generally use networks_cli)
  • tasks
• Tasks
  • One or more tasks comprise a play
  • Executed on devices defined in inventory file
  • Executes a module using specified parameters (key/value pairs)
  • Module keywords (formally directives) are provided, loop, name when, etc.
• Modules are generally idempotent
• Moved to FQCN (Fully Qualified Collection Name)
• Can run single command via command line
• Running a playbook via cli
  • ansible-playbook -i <inventory-file> <playbook.yml>
  • -u for user
  • -k to ask for password
  • -e for extra variables
• Use debug module to print variables

Tuesday

Ansible Details

• User input can be added to a play
• ansible-doc show documents
• Ansible always returns JSON from a module
• Ansible vault is used to encrypt your secrets
  • Can be inline to your variable files
  • Can be it's own dedicate file
  • Can add --ask-vault-pass or --vault-password-file to populate secret password

Automation Architecture Overview

• Normally people get started with scripts and power tools
  • They tend to work well for the people who wrote them, less so for others
• Reference architecture is intended to be a mental model
• Major components
  • Source of Truth
  • Automation Engine
  • Telemetry and Analytics
  • Orchestration System
  • User Interaction
  • External Integrations
• At NTC, we take a component or function first approach, not a tool first approach
• Source of Truth
  • Store and organize the intended/desired state of the network
  • System of Record (SoR) is the one place to write data
    • Data should be federated from there
  • Different characteristics to consider
    • Guarantee accuracy of the data
    • Provide traceability, history of the SoT
    • Provide atomic changes
    • Ease of access to the data
    • Capture the relationship between the objects
• Automation Engine
  • Interact with the network, render and deploy configurations
  • Different characteristics to consider
    • Simplify interact with network devices
    • Abstract vendor specific APIs/Interface
    • Authentication
    • Performance
• Telemetry & Analytics
  • Provide visibility into the current and past state of the network, in a meaningful way.
  • Different characteristics to consider
    • Easily query all states from the network
    • Easily add new information to the collection pipeline
    • Insert business metadata to the data as needed
    • Scalable and Resilient
    • Support multiple types of data/interfaces (SNMP/ CLI / gNMI / Flows / Logs)
• Orchestration
  • Define & execute customer specific workflows
  • Different characteristics to consider
    • Ease to define all workflows, simple and advanced
    • Traceability & troubleshooting of past workflows execution
    • Integration with multiple data sources
• User Interactions
  • Provide the best UI to the users and integrate with existing tools
  • Not all workflows have to be delivered the same way
  • It’s best to examine the target user and find the best presentation layer for them so it’s an optimal user experience
• External Integrations
  • External integrations are meant to express the communication between systems

Wednesday

Ansible Network Modules

• Vendor Based Modules
  • ios_*, eos_*, junos_*, etc.
• Module types
  • *_command - run arbitrary commands
  • *_config - configure devices
  • *_facts - gather operational state on devices
• Capture data using the set_fact modules and register Task keyword
• ignore_errors keyword introduced
• Review creating files with ansible.builtin.file
• Can leverage the --diff option to see changed
• Reviewed strategies for declarative configurations

Jinja Syntax

• Already used somewhat in building Ansible
• Leverages curly bracket ({{ ansible_network_os }}) for variables
• Leverages curly percent for directives ({% set install = new %})
• Provides loops
• You have access Python construct on objects, such as {{ ansible_network_os.upper() }}
• You have access to Jinja template, such as {{ ansible_network_os | upper }}

URI Module

• Used when there is not an sdk or existing module
• Have to build your own idempotentcy

Thursday

Continuous Integration (CI)

Ansible Roles

• Reusable abstraction of code (tasks, variables, and handlers)
  • Think of functions in Python
• Can put in roles folder
• The default/main.yml variables are low precedence and vars/main.yml are high precedence
• Tasks go into tasks/main.yml
• Roles tend to carry business logic collections tend to be used for open source
  • Collections go on Ansible galaxy

Friday