Professional Documents
Culture Documents
ClickOps to GitOps
Cisco DNA Center Infrastructure-as-Code Use Cases
Gabi Zapodeanu,
Technical Marketing Engineer github.com/cisco-en-programmability
@zapodeanu https://YouTube.com/c/CiscoENProgrammability
DEVNET-2739
#CiscoLive
Cisco Webex App
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
3 Install the Webex App or go directly to the Webex space Enter your personal notes here
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
• Cisco DNA Center Platform
• Inventory Collection – Python
SDK
• Templates Sync - Terraform
• Device Configuration – Ansible
DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
• Cisco DNA Center Platform
• Inventory Collection – Python
SDK
• Templates Sync - Terraform
• Device Configuration – Ansible
DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Cisco DNA Center Platform
Healthcare Education Hospitality Workplaces Retail Manufacturing
Custom Integrations
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Cisco DNA Center Platform
Infrastructure as Code
DevOps
Tools
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Cisco DNA Center Platform Overview
Event Notifications Northbound REST APIs
• Assurance Issues • Webhooks • Network Inventory • Assurance
• AI/ML Insights • PagerDuty • Network Topology • SDA
• System Health • Webex • Network Design • Templates
• Integration Connectivity • Syslog • Provisioning • RMA
• License Management • SNMP • SWIM, PnP • Config Archive
• Path Trace • Sensors
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
DNA Center Platform – Overview
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
DNA Center Platform – Developer Toolkit
Review API docs, configure integration
workflows and subscribe to events
Try
Call an API
without writing
any code
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Try an API Call
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Code Preview
Code Preview
Generate code in
few programming
languages
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Cisco DNA Center and DevOps Journey
Business Process
Business-level intent,
executive dashboards,
Service fully customizable
Orchestration integrations with ITSM,
Intent-based asset management and
Re-usable networks, automation business applications
Frameworks in one place, across
Centrally managed multiple domains, out-
of-box integrations
Scale
Business
repos and templates Apps
to accelerate service
Ad-hoc Scripting delivery, and workflow
Engineers run scripts automations
and tools using Cisco
DNA Center APIs and
device APIs
Value
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
GitOps for Cisco DNA Center?
• GitOps uses Git repositories as a single source of
truth to deliver Infrastructure-as-Code:
• Automations and integrations apps
• Intent-based configurations documented as code
• Inventories: clients, devices, sites, fabrics
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Git Configurations + Inventories
• Custom events
notifications and
subscriptions
• Reports and inventory
• Compliance
Notes: ✓ Simplified at-scale network
Configurations may be CLI templates, profiles, or management
YAML/JSON intent configurations ✓ Consistent and efficient service
Inventory files enable time travel, changes, reporting delivery across clusters
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
GitHub Diffs – Configuration and Inventory State
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Cisco DNA Center GitOps
Inventory Collection Templates Sync Device Configuration
Ansible Playbook: • Always up-to-date
Python SDK: Terraform Plan: inventory and Apps
• Git pull, or clone, the repos with code, hosted on
• Collect and parse the • Pull GitHub repo with GitHub
device inventory and deployment
device inventory from CLI templates, create • Network engineers
template
Cisco DNA Center or update them on run the same
• Apply filter to select devices to
• Create these files: Cisco DNA Center automations written
be configured
Devices and AP lists, • Identify when • Identify if devices are managed using Python SDK,
non-compliant devices templates changes or and reachable Ansible and
• Files saved in JSON, new/removed • Deploys existing CLI Templates, Terraform
YAML formats templates checks status • Consistent
• Pushed to GitHub and • Terraform plan pulled • Creates deployment status outcomes, validated
saved locally from GitHub report and secure
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
• Cisco DNA Center Platform
• Inventory Collection – Python
SDK
• Templates Sync - Terraform
• Device Configuration – Ansible
DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Automation Workflow: Inventory Collection
Inventory Collection
Inventory Files
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Python SDK
Cisco DNA Center Version Support 1.2.10 to 2.3.5.x
• Includes all Cisco DNA Center REST APIs
• Support for Cisco DNA Center version 2.3.5.x
• First SDK version August 2019
• Downloads last month 3,500+
https://dnacentersdk.readthedocs.io
https://github.com/cisco-en-programmability/dnacentersdk
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Calling Cisco DNA Center REST APIs
#CiscoLive DEVNET-2739
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Calling Cisco DNA Center REST APIs – Python SDK
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
How to Use the Python SDK
Integrated Development Environment (IDE)
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Inventory Collection
Specify the Cisco DNA Center
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Notes:
Sample Inventory Files • Data format - JSON, YAML, …
• Files saved locally
• GitHub push – create or update inventory files
“device_inventory.json” “non_compliant_devices.yaml”
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Demo
Inventory Collection
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
• Cisco DNA Center Platform
• Inventory Collection – Python
SDK
• Templates Sync - Terraform
• Device Configuration – Ansible
DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Automation Workflow: GitHub Sync
Terraform Plan
GitHub Repo - Templates
• Pull from GitHub the desired state for Cisco DNA Center
configured templates
• Identify if templates are new, exist, or changed
• Update or create templates
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Terraform Use Cases
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Terraform One Slide
• HCL (HashiCorp Configuration Language) - • Init - The command is used to initialize a
Establishes the syntax Terraform uses for working directory containing Terraform
things like arguments, blocks, literal values, configuration files. This is the first command
and expressions, and writing plans. that should be run, and it is safe to run this
command multiple times. It will install the
• Provider – Plugins responsible for required providers and modules.
understanding API interactions with other
platforms and exposing resources based on • Plan - compares the managed infrastructure
their APIs. state to the configuration, and it determines
which changes are necessary. It presents a
• Data Source – Allows Terraform to use human-readable summary to the user.
(read) information defined outside of
Terraform. Example: providers, local-only. • Apply – Makes changes to real infrastructure
in order to make it match the desired state. It
• Resource - Are the most important element may use saved plans or creates a new plan
in the Terraform language. Each resource and asks for approval.
block describes one or more infrastructure
objects – devices, interfaces, operations. Ref: https://www.terraform.io/docs
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Terraform Provider and Go SDK
https://registry.terraform.io/providers/cisco-en-programmability/dnacenter
https://github.com/cisco-en-programmability/terraform-provider-dnacenter
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Terraform Installation of the Open-Source Edition
https://learn.hashicorp.com/tutorials/terraform/install-cli
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Cisco DNA Center Terraform Provider Installation
Run command:
“terraform init”
It will download the latest
Cisco DNA Center
Start creating a plan
provider version
Note: Instructions to get started with Cisco DNA Center Terraform Provider
https://github.com/cisco-en-programmability/terraform-provider-dnacenter/blob/main/README.md
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Cisco DNA Center Terraform Provider Docs
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Calling Cisco DNA Center REST APIs – Terraform
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
GitHub Desired State - Project Info and Templates
switches_aaa
project_info.json
switches_logging
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Template Sync Plan – Providers
Define variables
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Template Sync Plan – Git Pull
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Template Sync Plan – Create/Update Cisco DNA Center Templates
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Terraform Modules and Meta-Arguments
A resource or data A module block includes
main.tf resource configures all module’s configuration
or reads one object main.tf tasks one time
module
main.tf
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Template Sync Plan – Create Template Module
Call the ”create_template” module for
each template to be created or updated
Provide the input params to the module
Module create_template
• Input params
• Create or update template
Note:
Records to be created, updated or destroyed are different, not similar.
Use “for_each”, not “count” meta-argument to call the module.
Ref.: https://developer.hashicorp.com/terraform/language/meta-
arguments/for_each
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Initialize the Terraform Working Directory
Terraform Steps:
• Initialize the code and download providers
• Review the proposed changes
• Apply changes if approved
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Create Execution Plan
Terraform Plan Command
• Reads existing state
• Creates execution plan
• Allows the preview of changes
Outputs:
Templates to be created or updated
Terraform Steps :
• Initialize the code and download providers
• Review the proposed changes
• Apply changes if approved
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Plan Execution
Terraform Apply Command
• Creates execution plan
• May used saved plan, or use
“auto-approve”
• Parameters could be provided
• Will return outputs with what was
changed
Terraform Steps:
• Initialize the code and download providers
• Review the proposed changes
• Apply changes if approved
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Outputs
Templates:
• Created if new in GitHub repo
GitHub Project Info • Updated when CLI commands changes
• Removed after deleted from GitHub
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Demo
Templates Sync
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
• Cisco DNA Center Platform
• Inventory Collection – Python
SDK
• Templates Sync - Terraform
• Device Configuration – Ansible
DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Automation Workflow: Device Configuration
Ansible Playbook Templates configured by
Terraform
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Ansible Automation Use Cases
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Ansible One Slide
• Play – Execution of a set of tasks to a host or
• YAML - Yet Another Markup Language or group of hosts – lab Cisco DNA Center vs
YAML Ain’t Markup Language. Ansible uses production Cisco DNA Centers
YAML to define playbook configurations and
variable files. It is human readable and may • Task – Execute a module with specific
be used with many programming languages. arguments. When a task has executed on all
target machines, Ansible moves on to the
• Collection - A packaging format for bundling next task.
and distributing Ansible content, including
plugins, roles, modules, and more. • Playbook - Repeatable, re-usable, simple
configuration management that will push a
• Module/Plugin - Code, typically written in new configuration or confirm the existing
Python, that will perform some action on a configuration. They are composed of plays
host. Cisco DNA Center modules provide the and tasks.
documentation, the plugins execute the
actions • Task Lists and Blocks – re-usable groups of
tasks that are executed based on specific
conditions or counts
Ref: https://docs.ansible.com
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Cisco DNA Center Ansible Modules
https://galaxy.ansible.com/cisco/dnac
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Ansible Collection – Community Certification
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Intent Modules - Cisco Developed and Supported
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Cisco DNA Center Ansible Modules Docs
https://galaxy.ansible.com/cisco/dnac
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Ansible Installation
Install Ansible
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Python SDK Installation
Note: Instructions to get started with Cisco DNA Center Ansible modules
https://github.com/cisco-en-programmability/dnacenter-ansible
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Cisco DNA Center Ansible Collection Update
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Device List API + Ansible Module
https://github.com/cisco-en-programmability/dnacenter-ansible/tree/main/plugins/modules
Note:
Verify the API endpoint called by the Ansible module
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Deploy Template + Ansible Module
https://github.com/cisco-en-programmability/dnacenter-ansible/tree/main/plugins/modules
Note:
Verify the API endpoint called by the Ansible module
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Calling Cisco DNA Center REST APIs – Ansible
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Template Deployment Ansible Playbook
Resources:
Ansible Playbook: • Cisco DNA Center
Network engineer • Git pull, or clone, the repos with device
creates
• Ansible environment
inventory and deployment template
Deployment Template • Checks if template project exists
• Cisco DNA Center
• Apply filter to select devices to be configured Ansible Library
• Identify if devices are managed and reachable
• Deploys existing CLI Templates, checks status
• Creates deployment status report
REST
APIs
Deployment Template
pushed to Git Server or
GitHub Cisco DNA Center Notes:
Inventory Ansible Playbook created by
Templates developer + network engineer
Tasks Network Engineer runs the playbook
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Deployment Templates – Intent Configuration
Notes:
Create a data model to represent your intent.
Cisco DNA Center project and templates already
by the Terraform plan
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Ansible Playbook
Note:
Developer + Network Engineer created
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Ansible Task Lists and Loops
Ansible playbook Ansible task list
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Ansible Blocks and Conditionals
Execute the block of tasks when the
deploy_template_tasks.yaml device is managed by Cisco DNA Center
Simplify Ansible Playbooks by using the
conditional once, not for every task
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Run the Ansible Playbook
Specify deployment template as a parameter
Template deployment
Select the template and report
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Demo
Device Configuration
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
• Cisco DNA Center Platform
• Inventory Collection – Python
SDK
• Templates Sync - Terraform
• Device Configuration – Ansible
DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Role Based Access to Configurations and Apps
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Manage Platform Credentials
• .env file
• Environment variables
• HashiCorp Vault
• Jenkins credentials
• Be careful not to commit
any files with sensitive
information
• If you did, this may help:
Removing sensitive data
from a repository
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
GitHub Security
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
GitHub Security – Dependencies Alerts
Note:
3 years old repo, not maintained
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
GitHub Security – Code Scanning
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
• Cisco DNA Center Platform
• Inventory Collection – Python
SDK
• Templates Sync - Terraform
• Device Configuration – Ansible
DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
DNA Center GitOps
https://github.com/cisco-en-programmability/dnacenter_gitops
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Cisco DNA Center - DevNet Resources
• API Documentation
• User Guides
• Learning Labs
• Sandboxes
• Code Exchange
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Cisco DNA Center Jenkins Automations
https://github.com/zapodeanu/dnacenter_jenkins_automations_public
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Cisco DNA Center GitHub/GitLab Integrations
https://github.com/cisco-en-programmability/dnacenter_git_integrations
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Cisco DNA Center Apps – Splunkbase
https://splunkbase.splunk.com/
Certified
• Two Apps:
• Add-on – data collection
• Visualizations
• Support via GitHub issues
• Fully customizable
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Cisco DNA Center ServiceNow Custom Workflows
https://github.com/zapodeanu/dna_custom_workflows
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Cisco EN Programmability GitHub Org
https://github.com/cisco-en-programmability
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Cisco DNA Center – Developer Resources
https://developer.cisco.com/dnacenter/
https://github.com/cisco-en-programmability
http://cs.co/EN-Programmability-Videos
https://galaxy.ansible.com/cisco/dnac
https://registry.terraform.io/providers/cisco-en-programmability/dnacenter
https://dnacentersdk.readthedocs.io/en/latest/
https://github.com/cisco-en-programmability/dnacenter-go-sdk
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
• Cisco DNA Center Platform
• Inventory Collection – Python
SDK
• Templates Sync - Terraform
• Device Configuration – Ansible
DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Cisco DNA Center Libraries
• All network automation use cases may be implemented with every
Cisco DNA Center library
• Python SDK is very versatile, excellent choice for complex use
cases, and integrations, easy to get started with
• Ansible and Terraform are great options for:
• Simple use cases, or end-to-end automations with Data Center and
Cloud
• When DevOps engineers use these automation tools
These points help you get on the leaderboard and increase your chances of winning daily and grand prizes
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Other Cisco DNA Center Sessions:
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
• Visit the Cisco Showcase
for related demos
DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Thank you
#CiscoLive
Gamify your Cisco Live experience!
Get points for attending this session!
How:
1 Open the Cisco Events App.
4 Click the + at the bottom of the screen and scan the QR code:
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
#CiscoLive