Devnet 2739

#CiscoLive
ClickOps to GitOps
Cisco DNA Center Infrastructure-as-Code Use Cases
Gabi Zapodeanu,
Technical Marketing Engineer github.com/cisco-en-programmability
@zapodeanu https://YouTube.com/c/CiscoENProgrammability
DEVNET-2739
#CiscoLive
Cisco Webex App
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install the Webex App or go directly to the Webex space Enter your personal notes here
4 Enter messages/questions in the Webex space
Webex spaces will be moderated

by the speaker until June 9, 2023. https://ciscolive.ciscoevents.com/ciscolivebot/#DEVNET-2739
#CiscoLive DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
• Cisco DNA Center Platform
• Inventory Collection – Python
SDK
• Templates Sync - Terraform
• Device Configuration – Ansible
Agenda • GitHub Security

• Developer Resources
• Lessons Learned
DEVNET-2739 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
SDK

• Lessons Learned
Cisco DNA Center Platform
Healthcare Education Hospitality Workplaces Retail Manufacturing
Network Insights Infrastructure-as-Code Integrations

Managed Infrastructure provisioning, workflow
Services automation and network management
DevOps Tools Cisco Spaces
Custom Integrations
Reports REST APIs Events
Cisco Physical and Virtual Infrastructure
Infrastructure as Code
DevOps
Tools
REST APIs Webhooks
Cisco Integrations Custom Integrations
Third Party Integrations
Cisco Physical and Virtual Infrastructure
Cisco DNA Center Platform Overview
Event Notifications Northbound REST APIs
• Assurance Issues • Webhooks • Network Inventory • Assurance
• AI/ML Insights • PagerDuty • Network Topology • SDA
• System Health • Webex • Network Design • Templates
• Integration Connectivity • Syslog • Provisioning • RMA
• License Management • SNMP • SWIM, PnP • Config Archive
• Path Trace • Sensors
IT Ecosystem Integrations Developer Resources

• IT Service Management • Sample Code, Videos
• IP Address Management • Python SDK, Ansible, Terraform
• Reporting • Cisco DevNet
• Wireless Planning • Sandboxes, Learning Labs
• Incident Response • Developer Guides
• SIEM, Splunk • Sample Code
DNA Center Platform – Overview
DNA Center Platform – Developer Toolkit
Review API docs, configure integration
workflows and subscribe to events
Try
Call an API
without writing
any code
Try an API Call
Code Preview
Code Preview
Generate code in
few programming
languages
Cisco DNA Center and DevOps Journey
Business Process
Business-level intent,
executive dashboards,
Service fully customizable
Orchestration integrations with ITSM,
Intent-based asset management and
Re-usable networks, automation business applications
Frameworks in one place, across
Centrally managed multiple domains, out-
of-box integrations
Scale
Business
repos and templates Apps
to accelerate service
Ad-hoc Scripting delivery, and workflow
Engineers run scripts automations
and tools using Cisco
DNA Center APIs and
device APIs
Value
GitOps for Cisco DNA Center?
• GitOps uses Git repositories as a single source of
truth to deliver Infrastructure-as-Code:
• Automations and integrations apps
• Intent-based configurations documented as code
• Inventories: clients, devices, sites, fabrics
• Code changes, intent configurations, and network

state are tracked, and version controlled
• Consistency across Cisco DNA Center clusters and
IT teams
• Enhanced security and visibility, robust role-based
access
Git Configurations + Inventories
• CLI templates and profiles

• Network settings
• SDA-as-Code Services
configurations Layer
• Custom events
notifications and
subscriptions
• Reports and inventory
• Compliance
Notes: ✓ Simplified at-scale network
Configurations may be CLI templates, profiles, or management
YAML/JSON intent configurations ✓ Consistent and efficient service
Inventory files enable time travel, changes, reporting delivery across clusters
GitHub Diffs – Configuration and Inventory State
Devices deleted from Cisco DNA

Center Inventory:
NYC-ACCESS
NYC-RO
CLI Templates changes:

• csr_logging - logging buffered
command changed
• Intent changed – template
removed
Cisco DNA Center GitOps
Inventory Collection Templates Sync Device Configuration
Ansible Playbook: • Always up-to-date
Python SDK: Terraform Plan: inventory and Apps
• Git pull, or clone, the repos with code, hosted on
• Collect and parse the • Pull GitHub repo with GitHub
device inventory and deployment
device inventory from CLI templates, create • Network engineers
template
Cisco DNA Center or update them on run the same
• Apply filter to select devices to
• Create these files: Cisco DNA Center automations written
be configured
Devices and AP lists, • Identify when • Identify if devices are managed using Python SDK,
non-compliant devices templates changes or and reachable Ansible and
• Files saved in JSON, new/removed • Deploys existing CLI Templates, Terraform
YAML formats templates checks status • Consistent
• Pushed to GitHub and • Terraform plan pulled • Creates deployment status outcomes, validated
saved locally from GitHub report and secure
Network Engineer + DevOps

create automation workflows:
• Device inventory
• Ansible playbooks
• Terraform plans
• Intent configurations
All workflows are pushed to
GitHub
SDK

• Lessons Learned
Automation Workflow: Inventory Collection
Inventory Collection
Inventory Files
• Will collect rich device information and

topology
• May run on-demand, or scheduled
• Inventory files:
• Pushed to GitHub
• Saved locally
• Formatted: JSON, YAML, CSV, …
• Always up-to-date inventory
Python SDK
Cisco DNA Center Version Support 1.2.10 to 2.3.5.x
• Includes all Cisco DNA Center REST APIs
• Support for Cisco DNA Center version 2.3.5.x
• First SDK version August 2019
• Downloads last month 3,500+
https://dnacentersdk.readthedocs.io
https://github.com/cisco-en-programmability/dnacentersdk
Calling Cisco DNA Center REST APIs
Obtain the auth token:

URL, headers request/response,
params, parsing info
Get the device list using the API

pagination
#CiscoLive DEVNET-2739
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Calling Cisco DNA Center REST APIs – Python SDK
Cisco DNA Center + credentials
Get the device count
Get the device list using

API pagination
• Accelerates and simplifies

apps development
• Developer focus on the use
case, and not each API call
How to Use the Python SDK
Integrated Development Environment (IDE)
Specify the Cisco DNA Center
Get the device count
Get the device list
Parse the device information
YAML and JSON formatted files saved

locally and pushed to GitHub
Notes:
Sample Inventory Files • Data format - JSON, YAML, …
• Files saved locally
• GitHub push – create or update inventory files
“device_inventory.json” “non_compliant_devices.yaml”
Demo
SDK

• Lessons Learned
Automation Workflow: GitHub Sync
Terraform Plan
GitHub Repo - Templates
• Pull from GitHub the desired state for Cisco DNA Center
configured templates
• Identify if templates are new, exist, or changed
• Update or create templates
Terraform Use Cases
This presentation will focus on a manage

network infrastructure use case, calling the
Cisco DNA Center REST APIs
Terraform One Slide
• HCL (HashiCorp Configuration Language) - • Init - The command is used to initialize a
Establishes the syntax Terraform uses for working directory containing Terraform
things like arguments, blocks, literal values, configuration files. This is the first command
and expressions, and writing plans. that should be run, and it is safe to run this
command multiple times. It will install the
• Provider – Plugins responsible for required providers and modules.
understanding API interactions with other
platforms and exposing resources based on • Plan - compares the managed infrastructure
their APIs. state to the configuration, and it determines
which changes are necessary. It presents a
• Data Source – Allows Terraform to use human-readable summary to the user.
(read) information defined outside of
Terraform. Example: providers, local-only. • Apply – Makes changes to real infrastructure
in order to make it match the desired state. It
• Resource - Are the most important element may use saved plans or creates a new plan
in the Terraform language. Each resource and asks for approval.
block describes one or more infrastructure
objects – devices, interfaces, operations. Ref: https://www.terraform.io/docs
Terraform Provider and Go SDK
https://registry.terraform.io/providers/cisco-en-programmability/dnacenter
• Extended coverage of Cisco

DNA Center REST APIs
• Support for Cisco DNA Center
version 2.3.5.3
• Released January 2021
• 19,600+ downloads
https://github.com/cisco-en-programmability/terraform-provider-dnacenter
Terraform Installation of the Open-Source Edition
https://learn.hashicorp.com/tutorials/terraform/install-cli
Cisco DNA Center Terraform Provider Installation
Run command:
“terraform init”
It will download the latest
Cisco DNA Center
Start creating a plan
provider version
Note: Instructions to get started with Cisco DNA Center Terraform Provider
https://github.com/cisco-en-programmability/terraform-provider-dnacenter/blob/main/README.md
Cisco DNA Center Terraform Provider Docs
• Select the data-source

or resource
• Search for API resource
• Use the sample code
Calling Cisco DNA Center REST APIs – Terraform
Select the provider version and

source
Cisco DNA Center and

credentials
Call the data source to

retrieve the project id for
specified project
GitHub Desired State - Project Info and Templates
switches_aaa
project_info.json
switches_logging
• Cisco DNA Center Project Name

• Templates details – data structure map
• Keys – no significance, must be unique.
Used only for looping in Terraform. Note:
I used a “t” + number. The Plan will configure/update Cisco DNA Center CLI
• Values – repo file names, matching the templates in the project “GitOps_Project”.
Cisco DNA Center template names Design a data model that will support the tools using the
data, in this case Terraform
Template Sync Plan – Providers
Specify the Cisco DNA Center and

GitHub Providers
Define variables
Template Sync Plan – Git Pull
Git pull CLI templates repo and save

files locally
Parse the info and select project

name
Template Sync Plan – Create/Update Cisco DNA Center Templates
Configure Cisco DNA Center

access
Retrieve the Cisco DNA Center project

Id for the project with the name
Use a “for_each” meta-argument to

call the ”create_template” module.
It will create, update, or delete Cisco
DNA Center templates.
Terraform Modules and Meta-Arguments
A resource or data A module block includes
main.tf resource configures all module’s configuration
or reads one object main.tf tasks one time
module
main.tf
A for_each meta-argument executes all module’s

tasks for each member in the map.
Most of Cisco DNA Center automations are better
suited to use for_each, not count meta-argument
project_info_json
Template Sync Plan – Create Template Module
Call the ”create_template” module for
each template to be created or updated
Provide the input params to the module
Module create_template
• Input params
• Create or update template
Note:
Records to be created, updated or destroyed are different, not similar.
Use “for_each”, not “count” meta-argument to call the module.
Ref.: https://developer.hashicorp.com/terraform/language/meta-
arguments/for_each
Initialize the Terraform Working Directory
Terraform Init Command

• The first command to run after writing the plan
• Initialize the working directory
• Safe to run the command multiple times
Terraform Steps:
• Initialize the code and download providers
• Review the proposed changes
• Apply changes if approved
Create Execution Plan
Terraform Plan Command
• Reads existing state
• Creates execution plan
• Allows the preview of changes
Outputs:
Templates to be created or updated
Terraform Steps :
Plan Execution
Terraform Apply Command
• Creates execution plan
• May used saved plan, or use
“auto-approve”
• Parameters could be provided
• Will return outputs with what was
changed
Terraform Steps:
Outputs
Templates:
• Created if new in GitHub repo
GitHub Project Info • Updated when CLI commands changes
• Removed after deleted from GitHub
Demo
Templates Sync
SDK

• Lessons Learned
Automation Workflow: Device Configuration
Ansible Playbook Templates configured by
Terraform
• Automate the deployment of CLI templates to network devices

• May run on-demand, or scheduled
• Pulls from GitHub the device inventory published by the Python SDK app
• Deploys the Cisco DNA Center CLI templates configured by Terraform
• Defines intent of network devices to be configured, for example:
• Configure all devices with role “CORE” at a specific location Inventory collected by
the Python SDK app
Ansible Automation Use Cases
This presentation will showcase an

Ansible network automation workflow
calling the Cisco DNA Center REST
APIs
Ansible One Slide
• Play – Execution of a set of tasks to a host or
• YAML - Yet Another Markup Language or group of hosts – lab Cisco DNA Center vs
YAML Ain’t Markup Language. Ansible uses production Cisco DNA Centers
YAML to define playbook configurations and
variable files. It is human readable and may • Task – Execute a module with specific
be used with many programming languages. arguments. When a task has executed on all
target machines, Ansible moves on to the
• Collection - A packaging format for bundling next task.
and distributing Ansible content, including
plugins, roles, modules, and more. • Playbook - Repeatable, re-usable, simple
configuration management that will push a
• Module/Plugin - Code, typically written in new configuration or confirm the existing
Python, that will perform some action on a configuration. They are composed of plays
host. Cisco DNA Center modules provide the and tasks.
documentation, the plugins execute the
actions • Task Lists and Blocks – re-usable groups of
tasks that are executed based on specific
conditions or counts
Ref: https://docs.ansible.com
Cisco DNA Center Ansible Modules
https://galaxy.ansible.com/cisco/dnac
• Complete set of Ansible modules for all Cisco

DNA Center REST APIs
• First library version Dec 2020
• Certified by RedHat v 2.9 – 04/2021
• Community certified - 05/2022 https://github.com/cisco-en-programmability/dnacenter-ansible
• Support for Cisco DNA Center version 2.3.5.3
• 12,600 + downloads
Ansible Collection – Community Certification
• Cisco DNA Center Collection Community

Certified – 05/19/2022
• Modules are included with every Ansible
installation
• Will not require additional collection
installation steps
Intent Modules - Cisco Developed and Supported
• Provide Ansible automations for Cisco DNA

Center workflows
• Simplify developer experience
• Significantly reduce customer and partner
development effort
• Accelerate the adoption of Cisco DNA Center
Ansible collection
• Published Intent Modules:
PnP, Site, Template, SWIM
Cisco DNA Center Ansible Modules Docs
Ansible Installation
Install Ansible
Python SDK Installation
Install the Python SDK
Note: Instructions to get started with Cisco DNA Center Ansible modules
https://github.com/cisco-en-programmability/dnacenter-ansible
Cisco DNA Center Ansible Collection Update
Verify the collection is installed
Upgrade collection, if needed
Device List API + Ansible Module
https://github.com/cisco-en-programmability/dnacenter-ansible/tree/main/plugins/modules
Note:
Verify the API endpoint called by the Ansible module
Deploy Template + Ansible Module
https://github.com/cisco-en-programmability/dnacenter-ansible/tree/main/plugins/modules
Note:
Verify the API endpoint called by the Ansible module
Calling Cisco DNA Center REST APIs – Ansible
Select the Ansible module
Cisco DNA Center host,

credentials, collection version
and required params
• Simplifies playbooks and

modules development
• Developers focus on the use
case, and not each API call
Verify the task execution
Template Deployment Ansible Playbook
Resources:
Ansible Playbook: • Cisco DNA Center
Network engineer • Git pull, or clone, the repos with device
creates
• Ansible environment
inventory and deployment template
Deployment Template • Checks if template project exists
• Cisco DNA Center
• Apply filter to select devices to be configured Ansible Library
• Identify if devices are managed and reachable
• Deploys existing CLI Templates, checks status
• Creates deployment status report
REST
APIs
Deployment Template
pushed to Git Server or
GitHub Cisco DNA Center Notes:
Inventory Ansible Playbook created by
Templates developer + network engineer
Tasks Network Engineer runs the playbook
Deployment Templates – Intent Configuration
Select Project and Template Name

Filter Options:
• hostname
• device family
Define Filter and Value • role
• site
• software version
This playbook will deploy the template • device IP address
“switches_aaa” only to the switches with • other params or
“role” “CORE” and/or logic
Deploy existing Cisco DNA Center

CLI Templates
Notes:
Create a data model to represent your intent.
Cisco DNA Center project and templates already
by the Terraform plan
Ansible Playbook
Note:
Developer + Network Engineer created
• Git pull, or clone, the repos with

device inventory and deployment
template
• Checks if CLI template configured
on Cisco DNA Center
• Versions (commits) template
• Applies filter to select devices to be
configured
• Verifies if devices are managed and
reachable
• Deploys CLI Templates
• Retrieves deployment status
Ansible Task Lists and Loops
Ansible playbook Ansible task list
Execute all steps in the task list for every device,

using a loop.
Simplify Ansible Playbooks by using tasks lists
Re-use of task lists with future playbooks
Ansible Blocks and Conditionals
Execute the block of tasks when the
deploy_template_tasks.yaml device is managed by Cisco DNA Center
Simplify Ansible Playbooks by using the
conditional once, not for every task
Group several tasks using Ansible Blocks
Execute the Block when condition is True
Run the Ansible Playbook
Specify deployment template as a parameter
Template deployment
Select the template and report
Demo
Device Configuration
SDK

• Lessons Learned
Role Based Access to Configurations and Apps
• Use Enterprise Git

servers
• Private repos
• Restrict user access to
read only, disable write
access
Manage Platform Credentials
• .env file
• Environment variables
• HashiCorp Vault
• Jenkins credentials
• Be careful not to commit
any files with sensitive
information
• If you did, this may help:
Removing sensitive data
from a repository
GitHub Security
Enable the GitHub security

tooling to identify coding and
dependencies vulnerabilities
GitHub Security – Dependencies Alerts
Note:
3 years old repo, not maintained
GitHub Security – Code Scanning
SDK

• Lessons Learned
DNA Center GitOps
https://github.com/cisco-en-programmability/dnacenter_gitops
Cisco DNA Center - DevNet Resources
• API Documentation
• User Guides
• Learning Labs
• Sandboxes
• Code Exchange
Cisco DNA Center Jenkins Automations
https://github.com/zapodeanu/dnacenter_jenkins_automations_public
Cisco DNA Center GitHub/GitLab Integrations
https://github.com/cisco-en-programmability/dnacenter_git_integrations
Cisco DNA Center Apps – Splunkbase
https://splunkbase.splunk.com/
Certified
• Two Apps:
• Add-on – data collection
• Visualizations
• Support via GitHub issues
• Fully customizable
Cisco DNA Center ServiceNow Custom Workflows
https://github.com/zapodeanu/dna_custom_workflows
The open-source code is for demos and

proof-of-concepts only.
Cisco EN Programmability GitHub Org
https://github.com/cisco-en-programmability
• DevOps DNA Center use cases

• Python SDK
• Ansible modules
• Go SDK and Terraform provider
• Splunk Integration Apps
• SDA-as-Code
• Report Operations
• Day N use cases – Python SDK, Ansible,
Terraform
• Jenkins open-source Integration and
pipelines
• GitHub/GitLab open-source Integrations
• Compliance Use Case
• Custom Integration App
• Webhook Receiver
• Other sample code
Cisco DNA Center – Developer Resources
https://developer.cisco.com/dnacenter/
https://github.com/cisco-en-programmability
http://cs.co/EN-Programmability-Videos
https://registry.terraform.io/providers/cisco-en-programmability/dnacenter
https://dnacentersdk.readthedocs.io/en/latest/
https://github.com/cisco-en-programmability/dnacenter-go-sdk
SDK

• Lessons Learned
Cisco DNA Center Libraries
• All network automation use cases may be implemented with every
Cisco DNA Center library
• Python SDK is very versatile, excellent choice for complex use
cases, and integrations, easy to get started with
• Ansible and Terraform are great options for:
• Simple use cases, or end-to-end automations with Data Center and
Cloud
• When DevOps engineers use these automation tools
• Partner with developers to create your automations workflows

• Code re-use - build your team’s library: modules, tasks lists, plans
Fill out your session surveys!
Attendees who fill out a minimum of four session

surveys and the overall event survey will get
Cisco Live-branded socks (while supplies last)!
Attendees will also earn 100 points in the

Cisco Live Game for every survey completed.
These points help you get on the leaderboard and increase your chances of winning daily and grand prizes
Other Cisco DNA Center Sessions:
Day Time Room Session
On BRKOPS-2854 Version Control Tools Integrations –

demand Cisco DNA Center Infrastructure-as-Code Use Cases
June 5 9:30 - 10:30 AM Level 2, Mandalay Bay D BRKOPS-2032 3 Cisco DNA Center and ITSM Workflows:
CMDB, Incident Management and SWIM
June 6 2:30 – 3:30 PM Lower Level, BRKOPS-2471 Custom Workflows for the Cisco DNA Center
Tradewinds ABC Integration with ServiceNow
June 7 10:00 – 10:45 AM DevNet Theater DEVNET-2739 ClickOps to GitOps - Cisco DNA Center
Infrastructure-as-Code Use Cases
June 7 2:00 – 2:45 PM DevNet Classroom 2 DEVNET-2151 Jenkins Automations for Cisco DNA Center
• Visit the Cisco Showcase
for related demos
• Book your one-on-one

Meet the Engineer meeting
• Attend the interactive education

with DevNet, Capture the Flag,
Continue and Walk-in Labs
your education • Visit the On-Demand Library

for more sessions at
www.CiscoLive.com/on-demand
Thank you
#CiscoLive
Gamify your Cisco Live experience!
Get points for attending this session!
How:
1 Open the Cisco Events App.
2 Click on 'Cisco Live Challenge’ in the side menu.
3 Click on View Your Badges at the top.
4 Click the + at the bottom of the screen and scan the QR code:
#CiscoLive

Devnet 2739

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Devnet 2739

Uploaded by

Copyright:

Available Formats

#CiscoLive

2 Click “Join the Discussion”

4 Enter messages/questions in the Webex space

Webex spaces will be moderated

Agenda • GitHub Security

Agenda • GitHub Security

Network Insights Infrastructure-as-Code Integrations

DevOps Tools Cisco Spaces

Reports REST APIs Events

Cisco DNA Center Platform

Cisco Physical and Virtual Infrastructure

REST APIs Webhooks

Cisco Integrations Custom Integrations

Third Party Integrations

Cisco Physical and Virtual Infrastructure

IT Ecosystem Integrations Developer Resources

• Code changes, intent configurations, and network

• CLI templates and profiles

Devices deleted from Cisco DNA

CLI Templates changes:

Network Engineer + DevOps

Agenda • GitHub Security

• Will collect rich device information and

Obtain the auth token:

Get the device list using the API

Cisco DNA Center + credentials

Get the device count

Get the device list using

• Accelerates and simplifies

Get the device count

Get the device list

Parse the device information

YAML and JSON formatted files saved

Agenda • GitHub Security

This presentation will focus on a manage

• Extended coverage of Cisco

• Select the data-source

Select the provider version and

Cisco DNA Center and

Call the data source to

• Cisco DNA Center Project Name

Specify the Cisco DNA Center and

Git pull CLI templates repo and save

Parse the info and select project

Configure Cisco DNA Center

Retrieve the Cisco DNA Center project

Use a “for_each” meta-argument to

A for_each meta-argument executes all module’s

Terraform Init Command

Agenda • GitHub Security

• Automate the deployment of CLI templates to network devices

This presentation will showcase an

• Complete set of Ansible modules for all Cisco

• Cisco DNA Center Collection Community

• Provide Ansible automations for Cisco DNA

Install the Python SDK

Verify the collection is installed

Upgrade collection, if needed

Select the Ansible module

Cisco DNA Center host,

• Simplifies playbooks and

Verify the task execution

Select Project and Template Name