Contractor Challenge - Week 6¶
Having a plan is key to success, sometimes the best plans are made more difficult by access issues.
Develop a plan of attack¶
Over the next 30 minutes, convert this plan into what can be done being that we do not have access to their network. Feel free to flush out things into more detail on what can be done, since that will be done sooner.
The initial goal: Create a DNS automation process that will ensure entries for every IP in the network that fits into:
- Physical, logical (SVI, loopbacks, etc) interfaces
- NAT IP addresses
- Load Balancer VIP IPs
- What the DNS names format should be
- The continuous synchronization of all entries (to remove IPs no longer used)
Initial Plan:
- Deploy Nautobot to their infrastructure
- We are using an Ansible playbook, since they do not have K8s
- Develop an SSoT from the backup configurations in RANCID to Nautobot IPAM
- Develop process to scrub configs returning dictionary of {"device_name":
, "interface": , "ip": } - One for each OS, Cisco IOS, Cisco NXOS, F5, and Panos
- Develop ETL process for those configurations
- Develop process to scrub configs returning dictionary of {"device_name":
- Develop Nautobot job to check on AWX job that sends out email
- Get access to email creds
- Work with team to get access to their Ansible AWX in QA lane
- Deploy our NTC standard roles
- Develop an Ansible module to publish to their powerdns service
- There is no current Ansible module
- Note: All automation that touches infra must go through Ansible
- Work with team to get access to their Ansible AWX in Production lane
- Deploy our NTC standard roles
- Get access tokens and setup access
- Work with team on initial deployment
- Troubleshoot, fix, rinse, and repeat
- Schedule nightly job
You will present your solution at the end, given 5 minutes to present.