Vagrant up for Network Engineers Do It Like They Do on the Developer Channel!

DEVNET-1365 vagrant up for Network Engineers Do it like they do on the Developer Channel!

Hank Preston, NetDevOps Evangelist ccie 38336, R/S @hfpreston Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

How 1. Find this session in the Cisco Live Mobile App 2. Click “Join the Discussion” 3. Install Spark or go directly to the space 4. Enter messages/questions in the space

cs.co/ciscolivebot#DEVNET-1365

• Vagrant 101

• Hands On: Your first vagrant up!

• Hands On: Vagrant + Ansible

• Discuss: Multi-Node Topologies

• How to do it yourself! Lab Preparation Setup your laptop

• $ cd ~/code/ciscolive_workshops/devnet-1364 Clone the Repository $ source labsetup.sh

• Setup Python Virtual Environment $ ls –l README.md iosxr_example hands_on_1 nxos_example hands_on_2 requirements.txt hands_on_3 venv

• Open Source Develop Tooling by lab\ $ vagrant init iosxe/16.6.1 HashiCorp lab\ $ vagrant up Bringing machine 'default' up with 'virtualbox' www.vagrantup.com provider... ==> default: Importing box 'iosxe/16.6.1'... • Simple configuration file stored with ==> default: Forwarding ports... code default: 830 (guest) => 2223 (host) default: 80 (guest) => 2224 (host) default: 443 (guest) => 2225 (host) • “easy to configure, reproducible, default: 22 (guest) => 2222 (host) and portable work environments” lab\ $ vagrant ssh csr1kv# • Multi-Platform for both guest and host

• lab\ $ ls Vagrantfile Vagrantfile • Configuration file for vagrant lab\ $ vagrant box list centos/7 (virtualbox, 1611.01) • Box ubuntu/trusty64 (virtualbox, 20160323.0.0) • Base images for different individual iosxe/16.6.1 (virtualbox, 0) iosxr/6.1.2 (virtualbox, 0) environments nxos/7.0.3.I6.1 (virtualbox, 0)

• Provider lab\ $ vagrant status Current machine states: • Virtualization technology used by vagrant default running (virtualbox) • Default is VirtualBox, many other supported

DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Vagrant Commands • vagrant init box name • vagrant box list • Initialize a new Vagrantfile in a directory • Display list of available boxes

• vagrant up / halt / destroy • vagrant status / global-status • Start, stop, and delete an environment • Display current status of environments

• vagrant resume / suspend lab\ $ vagrant suspend • Pause and restart an environment ==> default: Saving VM state and suspending

• vagrant ssh [machine] lab\ $ vagrant resume • Connect via SSH to a running environment ==> default: Resuming suspended VM...

• vagrant port lab\ $ vagrant port 830 (guest) => 2223 (host) • View the nat’d ports for the environment 22 (guest) => 2222 (host) • vagrant provision lab\ $ vagrant ssh • Re-run configured provisioner (eg Ansible) csr1kv#

# -*- mode: ruby -*- # vi: set ft=ruby :

Vagrant.configure("2") do |config| # Every Vagrant development environment requires a box. You can search for # boxes at https://atlas.hashicorp.com/search. Box Name config.vm.box = "iosxe/16.6.1" config.ssh.insert_key = false Don’t insert Vagrant public key. Recommended # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine. config.vm.network "forwarded_port", guest: 830, host: 2223, id: "netconf" Forward local ports for config.vm.network "forwarded_port", guest: 80, host: 2224, id: ”http" API/App access. config.vm.network "forwarded_port", guest: 443, host: 2225, id: "restconf-ssl" SSH is forwarded by default # Create a private network, which allows host-only access to the machine # using a specific IP. config.vm.network :private_network, virtualbox__intnet: "link1", auto_config: false Create environment config.vm.network :private_network, virtualbox__intnet: "link2", auto_config: false networks. end ”eth1” connected to host by default Note: Vagrant Boxes can include default settings * Simplified and edited sample

• View available boxes lab\ $ cd hands_on_1/

• Initialize new Vagrant File hands_on_1\ $ vagrant box list hands_on_1\ $ vagrant init iosxe/16.06.02

hands_on_1\ $ open Vagrantfile

• Open Vagrantfile

• Add 2 Interfaces to Configuration

• Specific positioning in file is irrelevant • * Must be within |config| block * Simplified and edited sample Vagrant.configure("2") do |config| config.vm.box = "iosxe/16.6.1"

# Create a private networks config.vm.network :private_network, virtualbox__intnet: "link1", auto_config: false config.vm.network :private_network, virtualbox__intnet: "link2", auto_config: false end

or cp Vagrantfile.solution Vagrantfile

• Start environment hands_on_1\ $ vagrant up hands_on_1\ $ vagrant ssh • Connect to running switch

• # Run from Vagrant Environment (ie vagrant ssh) Baseline Configurations csr1kv#sh run aaa • Logins – User / Cert csr1kv#sh run | sec pubkey-chain • APIs • Interfaces csr1kv#show run int Gig1 csr1kv#sh run | inc conf • Make an API Call # Exit from Vagrant Environment hands_on_1\ $ python netconf_example1.py

• Configure interface details on hands_on_1\ $ python netconf_example3.py GigabitEthernet2 using . NETCONF . • Verify

hands_on_1\ $ vagrant ssh

csr1kv#sh ip int bri Interface IP-Address GigabitEthernet2 10.255.255.1

• vagrant up and customize hands_on_1\ $ vagrant halt -f hands_on_1\ $ vagrant package \ • vagrant halt -f to shut down --output Custom_IOS_XE.box \ --vagrantfile embedded_vagrantfile_xe • vagrant package to build new hands_on_1\ $ vagrant box add iosxe/custom1 \ box Custom_IOS_XE.box • Include default Vagrantfile to ease use hands_on_1\ $ mkdir custom_box hands_on_1\ $ cd custom_box • vagrant box add to make hands_on_1\ $ vagrant init iosxe/custom1 available

DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Review Sample Embedded Vagrantfile Vagrant.configure(2) do |config| config.vm.synced_folder '.', '/vagrant', disabled: true

# Give IOS XE 400 seconds to come up config.vm.boot_timeout = 400

# Port 830 is XE NETCONF config.vm.network :forwarded_port, guest: 830, host: 2223, id: 'netconf', auto_correct: true # Port 80 is XE HTTP config.vm.network :forwarded_port, guest: 80, host: 2224, id: 'http', auto_correct: true # Port 443 is XE RESTCONF / SSL config.vm.network :forwarded_port, guest: 443, host: 2225, id: 'restconf-ssl', auto_correct: true config.ssh.forward_agent = true config.ssh.guest_port = 22 config.ssh.insert_key = false config.vm.guest = :other

# turn off the check if the plugin is installed if Vagrant.has_plugin?("vagrant-vbguest") config.vbguest.auto_update = false end . end

* Simplified and edited sample

• Destroy this environment hands_on_1\ $ vagrant destroy

• “Infrastructure as Code” dictates entire configuration in code

• Building multiple box versions for variations = template sprawl

• Human error in manual configurations

• There has to be a better way…

• Vagrant.configure("2") do |config| Run with vagrant up # ... other configuration

• Install software config.vm.provision "shell" do |s| s.inline = "echo hello" • Alter configurations end end • Run commands/code

• Types • Shell, Ansible, Puppet, Chef, Docker, Salt, CFEngine…

• Move to Hands On 3 hands_on_1\ $ cd ../ lab\ $ cd hands_on_3/

hands_on_3\ $ ls • Start the “vagrant up” process now Vagrantfile so it runs while we discuss host_vars hosts ansible_provision.yaml netconf_interface_template.j2

hands_on_3\ $ open Vagrantfile

hands_on_3\ $ vagrant up

DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 hands_on_3/Vagrantfile Vagrant.configure("2") do |config| # Every Vagrant development environment requires a box. You can search for • Specify provisioning details # boxes at https://atlas.hashicorp.com/search. in the file config.vm.box = "iosxe/16.06.02" # Create a private network, which allows host-only access to the machine • For Ansible, specify hosts # using a specific IP. file # config.vm.network "private_network", ip: "192.168.33.10" config.vm.network :private_network, virtualbox__intnet: "link1", auto_config • Used for config details config.vm.network :private_network, virtualbox__intnet: "link2", auto_config

# Enable provisioning with Ansible shell script. config.vm.provision "ansible" do |ansible| ansible.playbook = "ansible_provision.yaml" ansible.inventory_path = "./hosts" end

end

* Simplified and edited sample DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 hands_on_3/hosts [vagrant] default ansible_python_interpreter="/usr/bin/env python" • Ansible inventory file

• Specify interpreter to link to Python Virtual Environment

* Partial Playbook for screen display DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 hands_on_3/ansible_provision.yaml --- - name: Provision IOS XE Devices • Ansible Playbook defines hosts: all configuration connection: local tasks: • Several options to use - name: Pause to complete boot pause: • ios_config, ios_command, seconds: 5 etc - name: Configure NETCONF and RESTCONF • netconf_config ios_config: provider: host: "{{mgmt_ip}}" port: "{{ssh_port}}" username: "{{username}}" password: "{{password}}" lines: - netconf-yang - netconf-yang cisco-odm polling-enable - restconf - ip http server - ip http secure-server register: output_interfaces * Partial Playbook for screen display DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 hands_on_3/host_vars/default.yaml --- mgmt_ip: 127.0.0.1 • Host specific details netconf_port: 2223 ssh_port: 2222 • Vagrant network intricacies username: vagrant password: vagrant require explicit ip and port interfaces: info - interface_type: GigabitEthernet interface_id: 2 description: Link 2 - Configured by Ansible with Vagrant ip_address: 192.168.100.20 subnet_mask: 255.255.255.0 - interface_type: GigabitEthernet interface_id: 3 description: Link 3 - Configured by Ansible with Vagrant ip_address: 192.168.101.20 subnet_mask: 255.255.255.0

* Partial Playbook for screen display DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Vagrant Up hands_on_3\ $ vagrant up Bringing machine 'default' up with 'virtualbox' provider... • After device fully “up” ==> default: Machine booted and ready! provisioning runs ==> default: Running provisioner: ansible... default: Running ansible-playbook...

PLAY [Provision IOS XE Devices] ************************************************

TASK [Configure NETCONF and RESTCONF] ****************************************** ok: [default]

TASK [Configure Interfaces] **************************************************** changed: [default] => (item={u'subnet_mask': u'255.255.255.0', u'interface_type u'GigabitEthernet', u'ip_address': u'192.168.100.20', u'description': u'Link by Ansible with Vagrant', u'interface_id': 2}) changed: [default] => (item={u'subnet_mask': u'255.255.255.0', u'interface_type u'GigabitEthernet', u'ip_address': u'192.168.101.20', u'description': u'Link by Ansible with Vagrant', u'interface_id': 3})

PLAY RECAP ********************************************************************* default : ok=5 changed=1 unreachable=0 failed=0

• Trust, but verify csr1kv#show ip int bri Interface IP-Address OK? Method Status Protocol GigabitEthernet1 10.0.2.15 YES DHCP up up GigabitEthernet2 192.168.100.20 YES other up up GigabitEthernet3 192.168.101.20 YES other up up

• Destroy this environment hands_on_3\ $ vagrant destroy

• Move to Hands on 2 hands_on_1\ $ cd ../ lab\ $ cd hands_on_2/

hands_on_2\ $ ls

Vagrantfile

hands_on_2\ $ open Vagrantfile

DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Multi-Node Vagrantfile Vagrant.configure("2") do |config| # Node 1: IOS XE Device config.vm.define "iosxe1" do |node| • Configuration for multiple node.vm.box = "iosxe/16.06.02" nodes # Gig2 connected to link1 • Different boxes supported # Gig3 connected to hosts1 # auto-config not supported. node.vm.network :private_network, virtualbox__intnet: "link1", auto_config • Network them together! node.vm.network :private_network, virtualbox__intnet: ”hosts1", auto_config end

# Node 2: IOS XE Device config.vm.define "iosxe2" do |node| node.vm.box = "iosxe/16.06.02"

# Gig2 connected to link1 # Gig3 connected to hosts2 # auto-config not supported. node.vm.network :private_network, virtualbox__intnet: "link1", auto_config node.vm.network :private_network, virtualbox__intnet: ”hosts2", auto_config end end

Bringing machine 'iosxe1' up with 'virtualbox' provider... Bringing machine 'iosxe2' up with 'virtualbox' provider... ==> iosxe1: Preparing network interfaces based on configuration... iosxe1: Adapter 1: nat iosxe1: Adapter 2: intnet iosxe1: Adapter 3: intnet ==> iosxe1: Forwarding ports... iosxe1: 830 (guest) => 2223 (host) (adapter 1) iosxe1: 80 (guest) => 2224 (host) (adapter 1) iosxe1: 443 (guest) => 2225 (host) (adapter 1) iosxe1: 22 (guest) => 2222 (host) (adapter 1) ==> iosxe1: Machine booted and ready! ==> iosxe2: Importing base box 'iosxe/16.6.1'... ==> iosxe2: Fixed port collision for 830 => 2223. Now on port 2200. ==> iosxe2: Fixed port collision for 80 => 2224. Now on port 2201. ==> iosxe2: Fixed port collision for 443 => 2225. Now on port 2202. ==> iosxe2: Fixed port collision for 22 => 2222. Now on port 2203. iosxe2: Adapter 1: nat iosxe2: Adapter 2: intnet iosxe2: Adapter 3: intnet ==> iosxe2: Forwarding ports... ==> iosxe2: Machine booted and ready! * Simplified and edited sample DEVNET-1365 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Checkout the Vagrant Environment

• (venv2) hands_on_2\ $ vagrant status Check status of machines Current machine states:

• vagrant ssh name iosxe1 running (virtualbox) iosxe2 running (virtualbox)

This environment represents multiple VMs. The VMs are all listed above with their current state. For more information about a specific VM, run `vagrant status NAME`.

(venv2) hands_on_2\ $ vagrant ssh iosxe1

csr1kv#exit

(venv2) hands_on_2\ $ vagrant ssh iosxe2

csr1kv#exit

• Each node takes resources

• Switches/Routers aren’t small VMs

• Monitor Memory Usage

• Make sure all environments $ vagrant global-status destroyed # Move to the parent directory of lab $ cd ~/coding/temp

# Delete lab directory $ rm –Rf vagrant_net_prog

• Modern Development Tool

• Run everything local

• Few dependencies

• Independent Environments

• Ship with Code Samples

• Test and experiment with APIs

• Large topologies

• Data Plane important

• Multiple simultaneous developers

• Long running tests

• Install Vagrant https://www.vagrantup.com/downloads.html

• Create Your Own Boxes for Cisco IOS XE, IOS XR, and Open NX-OS • https://github.com/hpreston/vagrant_net_prog • Go to box_building/README.md • Simple instructions and scripts to create Boxes from available resources (ie from CCO) • **Some downloads require entitlements

[email protected] @hfpreston http://github.com/hpreston

@CiscoDevNet facebook.com/ciscodevnet/ http://github.com/CiscoDevNet

Questions? Use Cisco Spark to communicate with the speaker after the session

How 1. Find this session in the Cisco Live Mobile App 2. Click “Join the Discussion” 3. Install Spark or go directly to the space 4. Enter messages/questions in the space

cs.co/ciscolivebot#DEVNET-1365

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public • Please complete your Online Complete Your Online Session Evaluations after each session Session Evaluation • Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt • All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Tech Circle

• Meet the Engineer 1:1 meetings

• Related sessions