《使用 Ansible、Python 和 Meraki API 实现云网络自动化.pdf》由会员分享,可在线阅读,更多相关《使用 Ansible、Python 和 Meraki API 实现云网络自动化.pdf(59页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveJohn Shea Meraki TSACCIE 51399,DevNet ProBRKOPS-2243Automating Cloud Networking with Ansible,Python and the Meraki API 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat wi
2、th the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or
3、its affiliates.All rights reserved.Cisco PublicBRKOPS-22433Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIntroduction Automation in Multi Platform Deployments The Power of Normalized Data and APIsMulti-Platform automation with AnsibleMulti-Platform automation with PythonMon
4、itoring our Meraki Networks ProgrammaticallyQ&ABRKOPS-22434The Power of Normalized Config Data and APIs 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive“A Multi Domain/Platform network can be complex to design and manage,and requires careful planning and coordination to en
5、sure that each domain is properly secured and isolated”BRKOPS-22436 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicThe Challenges of Multi Domain/Platform EnvironmentsSkillset and knowledge gapsComplexityIntegration issuesChange managementBRKOPS-22437 2023 Cisco and/or its affiliat
6、es.All rights reserved.Cisco Public#CiscoLiveThe Challenges of Multi Domain EnvironmentsSkillset and knowledge gaps:Managing a multi-domain environment often requires a diverse set of skills and knowledge.Complexity:Multi-domain environments are often complex,with many different types of devices and
7、 configurations to manageIntegration issues:Multi-domain environments may use different tools and technologies.This can lead to gaps in visibility and increase the risk of errors.Change management:Changes to configurations or policies can have a significant impact on the network,especially in multi-
8、domain environments.8BRKOPS-2243 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAutomate the Network Lifecycle Day 0Day 0InstallDay 1Day 1Configure&OperateDay 2Day 2OptimizeDay NDay NUpgradeGOAL:GOAL:Get device/s into an operational stateProvisioning Automation Provisioni
9、ng Automation Tools:Tools:ZTP,PnP,Python ScriptingGOALGOAL:Continuously upgrade network,incrementally and safelyToolsTools:Patching,Config/ReplaceGOALGOAL:Add dynamic services,optimize behavior and trouble shootingToolsTools:REST/RESTCONF,TelemetryGOALGOAL:Apply configuration to the deviceTools:Tool
10、s:Orchestration Tools/PythonBRKOPS-22439 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive“An API is simply a way for 2 or more applications to talk to each other”BRKOPS-224310 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveP O W E R E D B Y M E
11、R A K ID I G I T A L B U S I N E S SO U T-O F-T H E-B O XM A N A G E M E N T&A N A L Y T I C SThe Meraki Cloud PlatformAPIBRKOPS-224311 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe Value Prop for Automation Via APIsrequestresponse do(“repetitious do(“repetitious wor
12、k”)work”)done.done.do it over,and over do it over,and over and over again and over again Request actions be performed Get information Store information Modify Information Submit informationBRKOPS-224312 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhy do we work with St
13、ructured Data?Its easy to load into and process in memory.Machines have trouble interpreting formatted textAllows us to separate our data from our code.BRKOPS-224313 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFormatted TextMerakiIOS-XECatalyst(config)Interface Gigabit
14、Ethernet1/0/16switchport access vlan 817switchport mode accessspeed autoduplex autono shutdownBRKOPS-224314 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveStructured Data15BRKOPS-2243id:device-1,”network_name:”CLUS-2023,”template_name:RemoteBranch,device_name:MX68,serial_
15、no:XXXX-XXXX-XXXX,vlan_id:1,ip_address”:“10.168.1.1”,“subnet_mask”:“255.255.255.0”“gateway_ip”:n/a,“dns_server1”:“208.67.222.222”“dns_server2”:“208.67.220.220”device-1:network_name:CLUS-2023template_name:RemoteBranchdevice_name:MX68serial_no:XXXX-XXXX-XXXXvlan_id:1ip_address:10.168.1.1subnet_mask:25
16、5.255.255.0gateway_ip:n/adns_server1:208.67.222.222dns_server2:208.67.220.220JSONYAML 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicWhat Can We do to Normalize Config Data and Why should I?Choose a standard formatConsistent StructureAutomate configuration deploymentCentralize mana
17、gementTest and validate configurationsBRKOPS-224316 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat Can We do to Normalize Config Data?Choose a standard format:NetOps teams should choose a standard format for normalizing configurations,such as YAML or JSON.The format
18、should be easy to read,write,and parse,and should be compatible with the tools and technologies used in the environment.Use templates:Templates are pre-configured files that contain configuration data for specific devices or domains.Using templates helps to ensure that configurations are consistent
19、and reduces the risk of errors.Automate configuration deployment:Automating configuration deployment helps to ensure that configurations are applied consistently and accurately across all domains in the network.17BRKOPS-2243 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicExpressed
20、in YAML Common elements standardized as a templateConsumable by common automation tools and deployable to multiple platformsEasy to read and validateNormalized ConfigBRKOPS-2243-interfaces:interface:16description:access-templatemode:accessvlan:997portstate:enabledspeed:speedduplex:duplex18Multi-Doma
21、in/Platform Automation with Ansible,Meraki and Catalyst 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicWhy Ansible?AgentlessPush ModelModularOpen-Source Community and Vendor Commercial SupportMulti Platform/DomainMeraki Catalyst Many OthersIdempotentBRKOPS-224320DemoAnsible Documen
22、tation 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAnsible ComponentsPlaybooksPlaybooks where you define the steps required to achieve a particular configuration or state.Each playbook consists of one or more plays.A Play Play is a set of tasks to be performed against
23、a targets.A TaskTask consists of a module and its parameters.Ansible modules are pre-defined units of code that perform specific actions on the target.BRKOPS-224322 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUse Prompts to Get API Key and Network NameLoad our variable
24、s from our YAML config data and assign to a variableBreaking down our PlaybookBRKOPS-224323 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTask NameModule NameAuthenticationRegister VariableIgnore ErrorsLoop through dictionary VarsDebug Output(register)Breaking down a Pla
25、ybookBRKOPS-224324 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMulti Platform Orchestration with AnsibleMeraki Full Stack+Monitored Catalyst1.Ansible parses and executes the Playbook2.Executes the Tasks against specific Endpoints3.Push Config to Meraki and Monitored Ca
26、talyst4.Dashboard Telemetry Updated5.Communicate Changes/Modifications123344BRKOPS-224325C 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInstall Ansible and Meraki CollectionsBRKOPS-2243Ansible*installation:With Python PIP-”pip install ansible-core”from the command line,
27、verify with ansible versionFor more information:https:/ Meraki Collection:From the CLI“ansible-galaxy collection install cisco.meraki”For more information:https:/ can be run on any Unix-like host machine,this includes Red Hat,Debian,Ubuntu,macOS.For Windows it must be run under the Windows Subsystem
28、 for Linux(WSL).26 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfigure RESTCONF on IOS-XEBRKOPS-2243AuthenticationRESTCONF connections should be authenticated using AAA credentials.RADIUS,TACACS+or local users defined with privilege level 15 access are allowed.AAA im
29、pacts other systems,such as administrator access to the CLI.Here is a lab configuration example from an ISR-4451 using local credentials(without any AAA enabled):username admin privilege 15 secret cisco123HTTP/HTTPSRESTCONF runs over HTTPS.The following commands must be enabled to support RESTCONF o
30、ver port 443:ip http secure-server27DemoAutomation with Ansible Playbooks 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVisible Success!BRKOPS-224329 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVisible Success!BRKOPS-224330 2023 Cisco and/o
31、r its affiliates.All rights reserved.Cisco Public#CiscoLiveVisible Success!BRKOPS-224331 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVisible Success!BRKOPS-224332Runs through each task.Lets you know how many tasks were ok,changed,failed,etc.To see more output use“-v”,“
32、vvv”,or“-vvvv”2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeploy-Net Playbook with Verbose Output33BRKOPS-2243%ansible-playbook deploy-net.yaml-vvv 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAnsible Tags for Running Specific PB Tasks34BR
33、KOPS-2243If you have a comprehensive playbook and only want to execute a specific task in a run,you can use tags.Format:-name:Configure-Add devices to Networkcisco.meraki.meraki_device:auth_key:auth_key org_name:org_name net_name:network_name serial:item.value.serial_no”tags:-meraki-devicesAnsible-p
34、laybook deploy-net.yaml-tags“meraki,devices”Multi-Domain/Platform Automation with Python,Meraki and Catalyst 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicWhy Python?Easy to learn and useWide range of libraries and frameworksCross-platform compatibilityIntegration with other tools
35、ScalabilityCommunity SupportBRKOPS-224336 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicUsing Dashboard Tags to Deploy Config to Meraki and Monitored Catalyst EndpointsBRKOPS-224337 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicPython Libraries Meraki SDKNetmiko
36、PathLibJinja2BRKOPS-224338 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMulti Platform Orchestration with PythonMeraki Full Stack+Monitored Catalyst1.GET ORG Devices(Meraki&Catalyst)2.Get data and parse for Tags3.PUT Meraki configs based on Tag12344.PUT Catalyst config
37、based on Tags5.Dashboard Telemetry Updated355BRKOPS-224339CNetmikoSDK 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicLet The Meraki SDK do the work for you!The SDKs are built from the Meraki API OpenAPI specificationThe library can take care of error handling,logging,retries,and ot
38、her convenient processes and options for you automatically.To install pip install meraki and then simply import it as any other python library.BRKOPS-224340 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicConnect to Catalyst with Netmiko#Instantiate netmiko connectorfrom netmiko imp
39、ort ConnectHandler#Create connection objectIosxe_17=device_type:cisco_iosip:username:password:connect=ConnectionHandler(*iosxe17)connect.enable()BRKOPS-224341 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicConfigure Catalyst with Jinja2%for loopback in loopbacks%set address=loopbac
40、k.address%set netmask=mask%set ipaddress=address netmask%interface loopback.int description loopback.description ip address ipaddress%endfor%BRKOPS-224342DemoPython AutomationMonitoring our Network Programmatically(NO CODE)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveKe
41、y features of the Meraki Dashboard for monitoring include:45BRKOPS-2243Device-specific dashboards:You can view the performance and statistics of each individual device,such as access points,switches,and security appliances.Real-time data:The dashboard provides real-time information on network traffi
42、c,bandwidth usage,and device status.Alerts and notifications:You can set up alerts and notifications to be notified when certain events occur,such as when a device goes offline or when there is a security threat.2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveReporting wit
43、h Meraki Tools and Google SheetsBRKOPS-2243https:/ Tools&Google Sheets 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUse predefined templates to send alert data to Webex(and others)Customizable with Liquid TemplatesSecureDeploy in MinutesProactive Alerting with WebexBRKO
44、PS-224348 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSetting up Webex for WebhooksRead the Webex Incoming Webhooks Guide to enable the service on your Webex account and receive an HTTP POST URL.BRKOPS-224349 2023 Cisco and/or its affiliates.All rights reserved.Cisco P
45、ublic#CiscoLiveSetting up Webex for WebhooksSet Dashboard to use your Webex RecieverBRKOPS-224350DemoDashboard Webhooks 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe Power of the PlatformIntegrations,Ready for Your Data52BRKOPS-2243WebexEcosystemDashboard APICaptive
46、Portal APIScanning APISense APICommunity CreatedCisco XDR 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSession RecapDuring this session we discussed the operational challenges of Multi Platform/Multi domain environments Normalizing our configurations into a common langu
47、age allows you to consume it universally across your footprintUsing Automation tools,we can consume our normalized configurations to deploy them evenly,minimizing administrative touch,and reducing risk of errorWith Meraki APIs we can export our Meraki and Catalyst telemetry and alerts for consumptio
48、n and enrichment in other platforms and tools.BRKOPS-224353 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveResourcesSession Source Code-https:/ SDK-https:/ Modules-https:/ Tools for Google Sheets-https:/ Integrations-https:/ 2023 Cisco and/or its affiliates.All rights res
49、erved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!55BRKOPS-2243These points help you get on the leaderboard and increase your chances of winning daily
50、and grand prizesAttendees will also earn 100 points in theCisco Live Challenge for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interact
51、ive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive58Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123458 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKOPS-2243#CiscoLive