Ansible Network Automation

Introduction to Ansible for network engineers and operators

Mauricio Santacruz Delgado

Senior Solution Architect
Red Hat
 AGENDA CONFIDENTIAL Designator

What are we going to talk about

Automatización Ansible Dev/Net/Sec Ops

Silos Networking Tower

Playbooks Playbooks etc

2
 Automation happens when one person meets a
problem they never want to solve again

3
 Ansible Network Automation Workshop

Introduction
Topics Covered:

● Why Network Automation?

● How Ansible Network Automation works

4
71%
of networks are still
driven manually via CLI

Source: Gartner, Look Beyond Network Vendors for Innovation. January 2018
THE WORLD IS AUTOMATING
Those who succeed in automation will win
 ACCELERATE INTEGRATE COLLABORATE

7
NOT AS SIMPLE ANYMORE
 What do you need to automate today?

Laptop Mainframe Network equipment Linux An old UNIX system Cloud

 What do you need to automate today?

Laptop Mainframe Network equipment Linux An old UNIX system Cloud

System A System B System C System D System E System F

Language Z Language Y Language X Language W Language V Language U
 What do you need to automate today?

Laptop Mainframe Network equipment Linux An old UNIX system Cloud

 Who do you need to collaborate with today?

El mundo es Jorden er flat.

Världen är platt. redondo.

Die Welt ist rund. Verden er trekantet. Maa on pannukakku.

 What do you need to learn today?

Laptop Mainframe Network equipment Linux An old UNIX system Cloud

 What do you need to learn today?

Laptop Mainframe Network equipment Linux An old UNIX system Cloud

Who do you need to collaborate with today?
What is Ansible Automation?
Ansible Automation is the enterprise
framework for automating across IT
operations.
RED HAT ANSIBLE TOWER
Operationalize your automation
Ansible Engine runs Ansible
Playbooks, the automation language
CONTROL DELEGATION SCALE
that can perfectly describe an IT
application infrastructure.
RED HAT ANSIBLE ENGINE
Simple command line automation
Ansible Tower allows you scale IT
automation, manage complex SIMPLE POWERFUL AGENTLESS
deployments and speed
productivity.
FUELED BY AN INNOVATIVE OPEN SOURCE COMMUNITY
 WHY ANSIBLE?
(for networks)

SIMPLE POWERFUL AGENTLESS

For operators, not Connect via Plugins Ideal for network gear
developers
Easy platform enablement No agents to exploit or update
Download and go
Leverage Linux tools Standards-based SSH
Existing knowledge reuse

17
 ANSIBLE NETWORK AUTOMATION

65+ 1000+ 15*

Network Network Galaxy
Platforms Modules Network Roles

ansible.com/for/networks
galaxy.ansible.com/ansible-network

*Roles developed and maintained by Ansible Network Engineering

18
“Ansible for Network Automation” Documentation

http://bit.ly/AnsibleNetwork
 What can I do using Ansible?
Automate the deployment and management of your entire IT footprint.

Do this...

Configuration Application Continuous Security and

Orchestration Provisioning
Management Deployment Delivery Compliance

On these...

Firewalls Load Balancers Applications Containers Clouds

Servers Infrastructure Storage Network Devices And more...

 Common use cases
✓

✓ ✓ ✓

Backup and Restore Configuration Compliance Dynamic Documentation

● Schedule backups ● Check configuration ● Build reports

● Restore from any standards ● Grab software versions,
timestamp ● Track configuration drift MTU, interfaces status
● Build workflows that ● Enforce configuration ● Audit system services and
rollback policy other common config
 How Ansible Network Automation works

Module code is
executed locally NETWORKING
on the control
node
DEVICES

Module code is
copied to the
managed node,
LINUX/WINDOWS
executed, then HOSTS
removed
 Ansible automates technologies you use
Time to automate is measured in minutes

Cloud Virt & Container Windows Network Devops Monitoring

AWS Docker ACLs Arista Jira Dynatrace

Azure VMware Files A10 GitHub Airbrake
Digital Ocean RHV Packages Cumulus Vagrant BigPanda
Google OpenStack IIS Bigswitch Jenkins Datadog
OpenStack OpenShift Regedits Cisco Bamboo LogicMonitor
Rackspace +more Shares Cumulus Atlassian Nagios
+more Services Dell Subversion New Relic
Configs F5 Slack PagerDuty
Operating Storage Users Juniper Hipchat Sensu
Systems Netapp Domains Palo Alto +more StackDriver
Rhel And Linux Red Hat Storage +more OpenSwitch Zabbix
Unix Infinidat +more +more
Windows +more
+more
 ANSIBLE IS THE UNIVERSAL LANGUAGE

BUSINESS DEV QA/SECURITY IT OPERATIONS

 PUBLIC / PRIVATE
CLOUD PUBLIC / PRIVATE
CLOUD
CMDB

ANSIBLE AUTOMATION ENGINE

PLAYBOOKS ARE WRITTEN IN YAML

Tasks are executed sequentially
USERS
Invoke Ansible modules
HOSTS
INVENTORY CLI

MODULES PLUGINS
NETWORK
ANSIBLE DEVICES
PLAYBOOK
 PUBLIC / PRIVATE
CLOUD PUBLIC / PRIVATE
CMDB CLOUD

ANSIBLE AUTOMATION ENGINE

USERS

HOSTS
INVENTORY CLI

MODULES PLUGINS
NETWORK
ANSIBLE DEVICES
PLAYBOOK
---
- name: install and start apache
hosts: web
become: yes
vars:
http_port: 80

tasks:
- name: httpd package is present
yum:
name: httpd
state: latest

- name: latest index.html file is present

copy:
src: files/index.html
dest: /var/www/html/

- name: httpd is started

service:
name: httpd
state: started
 PUBLIC / PRIVATE
CLOUD PUBLIC / PRIVATE
CLOUD
CMDB

ANSIBLE AUTOMATION
MODULESENGINE
ARE “TOOLS IN THE TOOLKIT”
Python, Powershell, or any language
Extend Ansible simplicity to the entire stack
USERS

HOSTS
INVENTORY CLI

MODULES PLUGINS
NETWORK
ANSIBLE DEVICES
PLAYBOOK

CORE NETWORK COMMUNITY

 PUBLIC / PRIVATE
CLOUD PUBLIC / PRIVATE
CLOUD
CMDB

PLUGINS ARE “GEARS IN THE ENGINE”

Code that plugs into the core engine
Adaptability
ANSIBLE forENGINE
AUTOMATION various uses & platforms

USERS

HOSTS
INVENTORY CLI

MODULES PLUGINS
NETWORK
ANSIBLE DEVICES
PLAYBOOK
 PUBLIC / PRIVATE
CLOUD PUBLIC / PRIVATE
CLOUD
CMDB
INVENTORY

[web]
webserver1.example.com
ANSIBLE AUTOMATION ENGINE
webserver2.example.com

USERS
[db]
dbserver1.example.com
HOSTS
INVENTORY CLI
[switches]
leaf01.internal.com
leaf02.internal.com

MODULES PLUGINS
[firewalls] NETWORK
ANSIBLE checkpoint01.internal.com
DEVICES
PLAYBOOK

[lb]
f5-01.internal.com
 PUBLIC / PRIVATE
CLOUD PUBLIC / PRIVATE
CLOUD
CMDB

ANSIBLE AUTOMATION ENGINE

USERS

HOSTS
INVENTORY CLI

Dynamic MODULES
Inventory PLUGINS
NETWORK
ANSIBLE Openstack, Satellite, VMware, AWS EC2, Azure, DEVICES
PLAYBOOK SerivceNow, InfoBlox, Custom Source
 PUBLIC / PRIVATE
CLOUD PUBLIC / PRIVATE
CLOUD
CMDB

ANSIBLE AUTOMATION ENGINE

USERS

HOSTS
INVENTORY CLI

MODULES PLUGINS
AUTOMATE EVERYTHING NETWORK
ANSIBLE DEVICES
Red Hat Enterprise Linux, Ubuntu, Debian,
PLAYBOOK
Cisco routers, Arista switches, Juniper routers,
Windows hosts, Checkpoint firewalls and more
 AUTOMATION FOR EVERYONE: NETWORK ENGINEERS

---
- hosts: cisco
gather_facts: false
connection: network_cli

tasks:
- name: show command for cisco
cli_command:
command: show ip int br
register: result

- name: display result to terminal window

debug:
var: result.stdout_lines
AUTOMATION FOR EVERYONE: PLAYBOOK RESULTS
 AUTOMATION FOR EVERYONE: NETWORK ENGINEERS

---
- hosts: juniper
gather_facts: false
connection: network_cli

tasks:
- name: show command for juniper
cli_command:
command: show interfaces terse em1
register: result

- name: display result to terminal window

debug:
var: result.stdout_lines
AUTOMATION FOR EVERYONE: PLAYBOOK RESULTS
 A Sample Ansible Playbook
---
- name: deploy vlans ● Playbook is a list of plays.
hosts: cisco
gather_facts: no ● Each play is a list of tasks.
● Tasks invoke modules.
tasks:
- name: ensure vlans exist ● A playbook can contain more than
nxos_vlan: one play.
vlan_id: 100
admin_state: up
name: WEB
USE CASE:

Cloud automation
PLAYBOOK EXAMPLE: RED HAT OPENSTACK
---
- name: openstack playbook
hosts: localhost
connection: local

tasks:
- name: launch an instance
os_server:
name: vm1
cloud: mordred
region_name: ams01
image: Red Hat Enterprise Linux 7.4
flavor_ram: 4096
 Ansible Network Automation Workshop

Tower Introduction
Topics Covered:

● What is Ansible Tower?

● Job Templates

○ Inventory
○ Credentials
○ Projects
40
What is Ansible Tower?
Ansible Tower is a UI and RESTful API allowing
you to scale IT automation, manage complex
deployments and speed productivity.

• Role-based access control

• Deploy entire applications with

push-button deployment access

• All automations are centrally logged

• Powerful workflows match your IT processes

 Red Hat Ansible Tower
RBAC
Allow restricting playbook access to
authorized users. One team can use
playbooks in check mode (read-only)
while others have full administrative
abilities.
Workflows
Ansible Tower’s multi-playbook
workflows chain any number of
playbooks, regardless of whether they
use different inventories, run as
different users, run at once or utilize
different credentials.
Push button
An intuitive user interface experience
makes it easy for novice users to
execute playbooks you allow them
access to.
Enterprise integrations
Integrate with enterprise
authentication like TACACS+, RADIUS,
Azure AD. Setup token authentication
with OAuth 2. Setup notifications with
PagerDuty, Slack and Twilio.
RESTful API
With an API first mentality every
feature and function of Tower can be
API driven. Allow seamless integration
with other tools like ServiceNow and
Infoblox.
Centralized logging
All automation activity is securely
logged. Who ran it, how they
customized it, what it did, where it
happened - all securely stored and
viewable later, or exported through
Ansible Tower’s API.
 …. ANSIBLE CLI & CI SYSTEMS
ANSIBLE PLAYBOOKS
ADMINS
ROLE-BASED KNOWLEDGE SCHEDULED &
ANSIBLE ACCESS CONTROL & VISIBILITY CENTRALIZED JOBS
TOWER
SIMPLE USER INTERFACE TOWER API

USERS

OPEN SOURCE MODULE LIBRARY

ANSIBLE
ENGINE PLUGINS PYTHON CODEBASE

TRANSPORT

SSH, WINRM, ETC.

INFRASTRUCTURE NETWORKS CONTAINERS CLOUD SERVICES

AUTOMATE LINUX, ARISTA, DOCKER, AWS, DATABASES,
YOUR WINDOWS, CISCO, LXC … GOOGLE CLOUD, LOGGING,
ENTERPRISE UNIX … JUNIPER … AZURE … SOURCE CONTROL
MANAGEMENT…

USE
CASES
PROVISIONING CONFIGURATION APP CONTINUOUS SECURITY & ORCHESTRATION
MANAGEMENT DEPLOYMENT DELIVERY COMPLIANCE
FEATURE OVERVIEW:

Control
ANSIBLE TOWER FEATURES: YOUR ANSIBLE DASHBOARD
ANSIBLE TOWER FEATURES: JOB STATUS UPDATE
ANSIBLE TOWER FEATURES: ACTIVITY STREAM
ANSIBLE TOWER FEATURES: MANAGE AND TRACK YOUR INVENTORY
ANSIBLE TOWER FEATURES: SCHEDULE JOBS
ANSIBLE TOWER FEATURES: EXTERNAL LOGGING
ANSIBLE TOWER FEATURES: ROLE BASED ACCESS CONTROL
ANSIBLE TOWER FEATURES: INTEGRATED NOTIFICATIONS
FEATURE OVERVIEW:

Delegation
ANSIBLE TOWER FEATURES: ROLE BASED ACCESS CONTROL
USERS TEAMS
ANSIBLE TOWER FEATURES: SELF-SERVICE I.T.
ANSIBLE TOWER FEATURES: REMOTE COMMAND EXECUTION
FEATURE OVERVIEW:

Scale
ANSIBLE TOWER FEATURES: CREATE AUTOMATION WORKFLOWS
ANSIBLE TOWER FEATURES: SCALE OUT CLUSTERING
 Red Hat Ansible Tower

Multi-Tenancy Self Service Workflow Surveys Documentation

Remote Execution Callbacks Credential Storage Logging Clustering

RED HAT
Isolated Nodes GUI Scheduler Source Control Integration Notifications
ANSIBLE
TOWER
Dynamic Inventory RBAC Activity Stream Fact Cache Job History

REST API Enterprise Support

ANSIBLE Modules Plugins Galaxy Command Line Playbooks

CORE
 CONFIDENTIAL Designator

Thank you! linkedin.com/company/red-hat

youtube.com/user/RedHatVideos
Red Hat is the world’s leading provider of enterprise

open source software solutions. Award-winning

facebook.com/redhatinc
support, training, and consulting services make

Red Hat a trusted adviser to the Fortune 500.

twitter.com/RedHat

61