Netdevops Developer Environments with Vagrant Do It Like They Do on the Developer Channel! Stuart Clark Netdevops Evangelist DEVNET-1365

#CLUS NetDevOps Developer Environments with Vagrant Do it like they do on the Developer Channel! Stuart Clark NetDevOps Evangelist DEVNET-1365

#CLUS Agenda

• Vagrant 101

• Our first network vagrant up!

• Vagrant + Ansible Provisioning

• Multi-Node Topologies

• The right tool for the right job…

• How to do it yourself!

Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Find this session in the Cisco Events App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#DEVNET-1365 by the speaker until June 18, 2018.

• Python Windows Workstation Caveats

• 2.7.10 or higher • Vagrant & VirtualBox work great

• 3.6.2 or higher • Ansible not supported on Windows (control station) • pip & virtual environment • Python scripts to create Vagrant boxes • ”git” command line tools require Linux or OS X

• Vagrant

• VirtualBox

• Homebrew (Apple OS X)

• Clone the Repository

• Setup Python Virtual Environment

• Get Vagrant Box

# From your “code” directory $ https://github.com/CiscoDevNet/learning_lab_vagrant_netprog_code $ cd learning_lab_vagrant_netprog_code

$ ls –l README.md lab01 lab02 lab03

$ virtualenv venv --python=python3.6 $ source venv/bin/activate $ pip install –r lab03/requirements.txt

• Open Source Develop Tooling by lab\ $ vagrant init nxos/7.0.3.I7.3 lab\ $ vagrant up HashiCorp Bringing machine 'default' up with 'virtualbox' www.vagrantup.com provider... ==> default: Importing box ‘nxos/7.0.3.I7.3'... ==> default: Forwarding ports... • Simple configuration file stored default: 830 (guest) => 2223 (host) with code default: 80 (guest) => 2224 (host) default: 443 (guest) => 2225 (host) • “easy to configure, reproducible, default: 22 (guest) => 2222 (host) and portable work environments” lab\ $ vagrant ssh Nexus9000v# • Multi-Platform for both guest and host

• Vagrantfile (venv) lab\ $ ls lab02/ Vagrantfile • Configuration file for vagrant (venv) lab\ $ vagrant box list • centos/7 (virtualbox, 1611.01) Box iosxe/16.06.02 (virtualbox, 0) • Base images for different iosxr/6.1.2 (virtualbox, 0) nxos/7.0.3.I7.3 (virtualbox, 0) individual environments ubuntu/trusty64 (virtualbox, 20160323.0.0)

• Provider (venv) lab\ $ vagrant box add nxos/7.0.3.I7.3 n9000v.box

• Virtualization technology (venv) lab\ $ vagrant global-status used by vagrant id name provider state directory ------• Default is VirtualBox, many 8d1eaec default virtualbox saved ~/coding/BRKDEV-1368 other supported

• vagrant init box name • vagrant provision • Initialize a new Vagrantfile in a • Re-run configured provisioner (eg Ansible) directory • vagrant box list • vagrant up / halt / destroy • Display list of available boxes • Start, stop, and delete an environment • vagrant status / global-status • Display current status of environments • Vagrant suspend / resume lab\ $ vagrant suspend • Pause and restart an environment ==> default: Saving VM state and suspending • vagrant ssh [machine] lab\ $ vagrant resume ==> default: Resuming suspended VM... • Connect via SSH to a running environment lab\ $ vagrant port 830 (guest) => 2223 (host) • vagrant port 22 (guest) => 2222 (host)

• View the nat’d ports for the lab\ $ vagrant ssh environment Nexus9000v#

• Create new project directory lab\ $ mkdir vagrant_explore lab\ $ cd vagrant_explore • Initialize a new Vagrant environment vagrant_explore\ $ vagrant init hashicorp/precise64 • Bring it up vagrant_explore\ $ vagrant up

• Connect to your environment vagrant_explore\ $ vagrant ssh with SSH # Now you’re inside the Vagrant VM • vagrant@precise64:~$ Explore lifecycle operations of vagrant@precise64:~$ pwd Vagrant vagrant@precise64:~$ exit

# Back on your local workstation vagrant_explore\ $ vagrant status vagrant_explore\ $ vagrant suspend vagrant_explore\ $ vagrant resume vagrant_explore\ $ vagrant reload vagrant_explore\ $ vagrant destroy

# -*- mode: ruby -*- # vi: set ft=ruby : Vagrant is a Ruby application # All Vagrant configuration is done below. The "2" in Vagrant.configure # configures the configuration version (we support older styles for Majority of default # backwards compatibility). Please don't change it unless you know what Vagrantfile is comments # you're doing. Vagrant.configure("2") do |config| Start Configuration Block # Every Vagrant development environment requires a box. # You can search for boxes at https://vagrantcloud.com/search. config.vm.box = "hashicorp/precise64" Identify the box to use end End Configuration Block

Note: Vagrant Boxes can include default settings* Partial* fileSimplified output displayed and editedfor presentation sample

lab\ $ cd lab01/ • View available boxes hands_on_1\ $ vagrant box list • Initialize new Vagrant File hands_on_1\ $ vagrant box add nxos/7.0.3.I7.3 ~/Downloads/nxosv-final.7.0.3.I7.3.box –force

hands_on_1\ $ vagrant init nxos/7.0.3.I7.3

hands_on_1\ $ open Vagrantfile

# -*- mode: ruby -*- # vi: set ft=ruby :

Vagrant.configure("2") do |config| # Every Vagrant development environment requires a box. You can search for Box Name # boxes at https://atlas.hashicorp.com/search. config.vm.box = ”nxos/7.0.3.I7.3" config.ssh.insert_key = false Don’t insert Vagrant public key. Recommended # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine. config.vm.network "forwarded_port", guest: 830, host: 2223, id: "netconf" Forward local ports for config.vm.network "forwarded_port", guest: 80, host: 2224, id: ”http" API/App access. config.vm.network "forwarded_port", guest: 443, host: 2225, id: "restconf-ssl" SSH is forwarded by default # Create a private network, which allows host-only access to the machine # using a specific IP. config.vm.network :private_network, virtualbox__intnet: "link1", auto_config: false Create environment config.vm.network :private_network, virtualbox__intnet: "link2", auto_config: false networks. end ”eth1” connected to host by default Note: Vagrant Boxes can include default settings * Simplified and edited sample

• Open Vagrantfile

• Add port forwarding

• Add 2 Interfaces to Configuration

• Specific positioning in file is irrelevant * Simplified and edited sample

• * Must be within |config| block

Vagrant.configure("2") do |config| config.vm.box = "nxos/7.0.3.I7.3" # Forward API Port config.vm.network :forwarded_port, guest: 80, host: 2224, id: 'http' # Create a private networks config.vm.network :private_network, virtualbox__intnet: "link1", auto_config: false config.vm.network :private_network, virtualbox__intnet: "link2", auto_config: false end or cp Vagrantfile.solution Vagrantfile

lab01\ $ vagrant up • Start environment # Known ssh bug • View NAT’d ports for APIs # vagrant up 2nd time

lab01\ $ vagrant up • Connect to running switch lab01\ $ vagrant port

lab01\ $ vagrant ssh Note: Due to the nature of the Nexus 9000v shell, vagrant will report an error after starting the VM. This is expected, and does not indicate a problem. Simply enter vagrant up again to complete the setup successfully.

# Run from Vagrant Environment (ie vagrant ssh) • Baseline Configurations n9kv1# sh run | inc "username vagrant" • Logins – User / Cert Nexus9000v# sh run int mgmt0 • APIs Nexus9000v# sh run | inc feature • Interfaces Nexus900v# conf t

• Open NX-API Developer Nexus9000v(config)# feature nxapi

Sandbox # Exit from Vagrant Environment http://127.0.0.1:2224

• Make an API Call

lab01\ $ vagrant destroy • Destroy this environment

• “Infrastructure as Code” dictates entire configuration in code

• Building multiple box versions for variations = template sprawl

• Human error in manual configurations

• There has to be a better way…

Vagrant.configure("2") do |config| • Run with vagrant up # ... other configuration

• Install software config.vm.provision "shell" do |s| s.inline = "echo hello" end • Alter configurations end

• Run commands/code

• Types

• Shell, Ansible, Puppet, Chef, Docker, Salt, CFEngine…

lab01\ $ cd ../ • Move to lab03 ..._code\ $ cd lab03/

lab03\ $ ls • Start the “vagrant up” process Vagrantfile now so it runs while we discuss host_vars hosts ansible_provision.yaml Requrements.txt

hands_on_3\ $ open Vagrantfile

hands_on_3\ $ vagrant up

#CLUS DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 hands_on_3/Vagrantfile Vagrant.configure("2") do |config| config.vm.define "nxos1" do |node| • Specify provisioning node.vm.box = "nxos/7.0.3.I7.3"

details in the file # Statically set the SSH and HTTP ports config.vm.network :forwarded_port, guest: 22, host: 2222, id: ' • For Ansible, specify config.vm.network :forwarded_port, guest: 80, host: 2224, id: 'http' hosts file end # Setup Ansible Provisioning • Used for config config.vm.provision "ansible" do |ansible| details ansible.playbook = "ansible_provision.yaml" ansible.inventory_path = "./hosts" ansible.raw_arguments = ["--connection=paramiko"] end end

* Partial file output for screen display

#CLUS DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 lab03/hosts [all:vars] ansible_python_interpreter="/usr/bin/env python" • Ansible inventory file [vagrant] • Specify interpreter nxos1 to link to Python Virtual Environment

* Partial file output for screen display

#CLUS DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 lab03/ansible_provision.yaml --- • - name: Provision NX-OS Devices Ansible Playbook defines hosts: vagrant configuration connection: local gather_facts: false • Several options to use • ios_config, ios_command, tasks: etc - name: Pause to complete boot pause: • netconf_config seconds: 5

- name: Enable NX-API nxos_feature: provider: "{{provider_ssh}}" feature: nxapi state: enabled

- name: Configure System Settings nxos_system: provider: "{{provider_nxapi}}" * Partial file output for screen display

#CLUS DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 lab03/host_vars/default.yaml --- provider_nxapi: • Host specific details host: 127.0.0.1 port: 2224 • Vagrant network username: vagrant password: vagrant intricacies require transport: nxapi

explicit ip and port interfaces: info - name: Loopback11 desc: Sample Network Route Injection ip_address: 172.21.1.1 prefix: 24 - name: Loopback12 desc: Sample Network Route Injection ip_address: 172.21.2.1 prefix: 24 - name: Loopback13 desc: Sample Network Route Injection ip_address: 172.21.3.1 * Partial file output for screen display

PLAY [Provision NX-OS Devices] ************************************************* • Run 2nd “vagrant up” TASK [Enable NX-API] *********************************************************** • After device fully ok: [nxos1] “up” provisioning TASK [Configure System Settings] *********************************************** runs changed: [nxos1] TASK [Configure Interfaces] **************************************************** changed: [nxos1] => (item={'name': 'Loopback11', 'desc': 'Sample Network Route Injection', ' '172.21.1.1', 'prefix': 24}) • If provisioning fails, changed: [nxos1] => (item={'name': 'Loopback12', 'desc': 'Sample Network Route Injection', ' '172.21.2.1', 'prefix': 24}) retry with . vagrant provision . PLAY RECAP ********************************************************************* nxos1 : ok=5 changed=3 unreachable=0 failed=0

* Partial output for screen display

• Trust, but verify lab03\ $ vagrant ssh n9kv#show ip int bri Interface IP Address Interface Status Lo11 172.21.1.1 protocol-up/link-up/admin-up Lo12 172.21.2.1 protocol-up/link-up/admin-up Lo13 172.21.3.1 protocol-up/link-up/admin-up Lo14 172.21.4.1 protocol-up/link-up/admin-up Eth1/1 172.20.0.1 protocol-down/link-down/admin-up

* Partial output for screen display

lab03\ $ vagrant destroy • Destroy this environment

lab01\ $ cd ../ • Move to lab02 ...code\ $ cd lab02/

lab02\ $ ls

Vagrantfile

lab02\ $ open Vagrantfile

#CLUS DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Multi-Node Vagrantfile Vagrant.configure("2") do |config| config.vm.define "nxos1" do |node| • Configuration node.vm.box = "nxos/7.0.3.I7.3" for multiple # eth1/1 connected to link2, nodes node.vm.network :private_network, virtualbox__intnet: "link2", auto_config # Explicity set SSH Port to avoid conflict and for provisioning • Different boxes config.vm.network :forwarded_port, guest: 22, host: 3122, id: 'ssh supported end config.vm.define "nxos2" do |node| • Network them node.vm.box = "nxos/7.0.3.I7.3"

together! # eth1/1 connected to link2, node.vm.network :private_network, virtualbox__intnet: "link2", auto_config

# Explicity set SSH Port to avoid conflict and for provisioning config.vm.network :forwarded_port, guest: 22, host: 3222, id: 'ssh end end * Partial file output for screen display

#CLUS DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Vagrant Up $ vagrant up Bringing machine 'nxos1' up with 'virtualbox' provider... Bringing machine 'nxos2' up with 'virtualbox' provider... . ==> nxos1: Preparing network interfaces based on configuration... nxos1: Adapter 1: nat VMs boot one at a nxos1: Adapter 2: intnet time ==> nxos1: Forwarding ports... nxos1: 22 (guest) => 3122 (host) (adapter 1) Avoid port collisions nxos1: 80 (guest) => 3180 (host) (adapter 1) manually or rely on . auto-fixing The configured shell (config.ssh.shell) is invalid and unable <-- Expected error

# 2nd `vagrant up` after 1st error vagrant up ”vagrant up” after error Bringing machine 'nxos1' up with 'virtualbox' provider... Bringing machine 'nxos2' up with 'virtualbox' provider... ==> nxos1: Machine already provisioned. Run `vagrant provision` or use the `--provision` ==> nxos1: flag to force provisioning. Provisioners marked to run always will still run. ==> nxos2: Importing base box 'nxos/7.0.3.I7.3'...

* Partial output for screen display

(venv2) lab02\ $ vagrant status • Check status of machines Current machine states:

• vagrant ssh name nxos1 running (virtualbox) nxos2 running (virtualbox)

This environment represents multiple VMs. The VMs are all listed above with their current state. For more information about a specific VM, run `vagrant status NAME`.

(venv2) lab02\ $ vagrant ssh nxos1

n9kv#exit

(venv2) lab02\ $ vagrant ssh nxos2

n9kv#exit

• Each node takes resources

• Switches/Routers aren’t small VMs

• Monitor Memory Usage

• Modern Development Tool

• Run everything local

• Few dependencies

• Independent Environments

• Ship with Code Samples

• Test and experiment with APIs

• Large topologies

• Data Plane important

• Multiple simultaneous developers

• Long running tests

• Install Vagrant www.vagrantup.com/downloads.html

• DevNet Learning Lab Module learninglabs.cisco.com/modules/vagrant_up

• Create Your Own Boxes for Cisco IOS XE, IOS XR, and Open NX-OS

• github.com/hpreston/vagrant_net_prog

• Go to box_building/README.md

• Instructions and scripts to create Boxes from available resources (ie from CCO) **Some downloads require entitlements

• Many other network vendors offering Vagrant support as well

Give us your feedback to be entered into a Daily Survey Drawing. Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.

#CLUS DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 Continue Demos in Walk-in Meet the Related your the Cisco self-paced engineer sessions education campus labs 1:1 meetings

Stuart Clark developer.cisco.com [email protected] @CiscoDevNet @bigevilbeard facebook.com/ciscodevnet/ http://github.com/bigevilbeard http://github.com/CiscoDevNet

#CLUS #CLUS