#CLUS Cisco UCS Agentless Configuration Management
John McDonough Technical Leader – Developer Evangelist BRKDEV-2006
#CLUS Agenda – DEVNET BRKDEV-2006
• Introduction – Cisco UCS Agentless Configuration Management - Ansible or Microsoft Desired State Configuration
• What is Agentless Configuration Management
• Ansible Overview
• UCS Configuration Management • Ansible - Who / What / Where / How / Install / Demo • Microsoft DSC - Who / What / Where / How / Install / Demo
• Conclusion
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Cisco Webex Teams
Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Find this session in the Cisco Event App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space
Webex Teams will be moderated cs.co/ciscolivebot#BRKDEV-2006 by the speaker until June 18, 2018.
#CLUS © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 What is Agentless Configuration Management What is Agentless Configuration Management
• Agentless Configuration Management • Managed devices do not have an agent listening for updates • Updates are pushed to managed devices • Scripts or API calls are executed on the managed devices • No timers are on the managed devices • Control is maintained by the configuration management master
Author Push Configuration Configuration
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 How does UCS Ansible work?
1. Engineers deploy
Ansible playbooks UCS-1 written in YAML to a UCS-2
control station UCS-3
UCS-4
UCS-5
UCS-6
2. Ansible modules written in Python execute tasks against UCS Manager Ansible Control Station
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Inside the Ansible Control Station
• Linux host with a Python and the Ansible installed
• Support transport to remote hosts
• Typically SSH but could use an API
• Ansible Components
• Ansible configuration file
• Inventory files
• Ansible modules
• Playbooks
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Ansible Configuration File
• Control operation of Ansible DevNet$ cat ansible.cfg # config file for ansible • Default configuration # override global certain global settings
/etc/ansible/ansible.cfg [defaults] # default to inventory file of ./hosts • Override default settings inventory = ./hosts
• ANSIBLE_CONFIG ENV # disable host checking to automatically add # hosts to known_hosts • ansible.cfg in current directory host_key_checking = False
• .ansible.cfg in home directory # set the roles path to the local directory roles_path = ./ • See Ansible documentation for all options
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Ansible Authentication Basics
DevNet$ ssh-keygen • Typically, Ansible uses SSH for Generating public/private rsa key pair. authentication and assumes keys are Enter file in which to save the key: Enter passphrase (empty for no passphrase): in place Enter same passphrase again: Your identification has been saved in • Setting up and transferring SSH keys ~/.ssh/id_rsa. Your public key has been saved in allows playbooks to be run ~/.ssh/id_rsa.pub.
automatically DevNet$ ssh-copy-id [email protected] . • Using passwords is possible Number of key(s) added: 1
• Network Devices often use passwords Now try logging into the machine, with: "ssh '[email protected]'"
DevNet$ ssh [email protected] Last login: Fri Jul 28 13:33:46 2017 from 10.10.20.7 (python2) [root@localhost sbx_nxos]#
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Ansible Inventory File
• Inventory file identifies hosts, and groups of hosts under management • Hosts can be IP or FQDN • Groups enclosed in []
• Can include host specific parameters as well • Example: Instructing Ansible to use the active Python Interpreter when using Python Virtual Environments DevNet$ cat hosts [dcloud-servers:children] datacenter-east datacenter-west
[datacenter-east] 198.18.134.49 ansible_python_interpreter="/usr/bin/env python”
[datacenter-west] 198.18.134.50 ansible_python_interpreter="/usr/bin/env python"
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Ansible CLI Tool Overview
Tool Description ansible Executes modules against targeted hosts without creating playbooks. ansible-playbook Run playbooks against targeted hosts. ansible-vault Encrypt sensitive data into an encrypted YAML file. ansible-pull Reverses the normal “push” model and lets clients "pull" from a centralized server for execution. ansible-docs Parses the docstrings of Ansible modules to see example syntax and the parameters modules require. ansible-galaxy Creates or downloads roles from the Ansible community.
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Using Ansible CLI for ad-hoc Commands
DevNet$ ansible -m setup -u root servers • Quickly run a command against a set 10.10.20.20 | SUCCESS => { of hosts "ansible_facts": { "ansible_all_ipv4_addresses": [ • Specify the module with –m module "10.10.20.20", "172.17.0.1" • Specfiy the username to use with ], –u user "ansible_all_ipv6_addresses": [ "fe80::250:56ff:febb:3a3f" • Default is to use local username ], "ansible_apparmor": { "status": "disabled" • Specify the server or group to target }, "ansible_architecture": "x86_64", • Provide module arguments with . –a argument .
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 YAML Overview YAML Overview
• What is YAML? • “YAML Ain’t Markup Language” • YAML is a human readable data serialization language • YAML files are easily parsed into software data structures • YAML is a common basis for a number of domain specific languages • Ansible • Heat • Saltstack • cloud-init • Many more!
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 YAML Overview
YAML YAML sequences mappings become Python become Python lists dictionaries Multiple YAML documents YAML uses separates by a spacing to nest --- data structures
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Ansible Playbooks Ansible Terms
Tool Description module Code, typically written in Python, that will perform some action on a host. Example: yum - Manages packages with the yum package manager task A single action that references a module to run along with any input arguments and actions play Matching a set of tasks to a host or group of hosts playbook A YAML file that includes one or more play role A pre-built set of playbooks designed to perform some standard configuration in a repeatable fashion. A play could leverage a role rather than tasks. Example: A role to configure a web server would install Apache, configure the firewall, and copy application files.
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Ansible Playbooks
• Written in YAML
• One or more plays that contain hosts and tasks
• Tasks have a name & module keys.
• Modules have parameters
• Variables referenced with {{name}}
• Ansible gathers “facts”
• Create your own by register-ing output from another task
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Ansible Playbooks
DevNet$ ansible-playbook -u root example1.yaml
PLAY [Report Hostname and Operating System Details] *********************************************************************************************** TASK [Gathering Facts] ***************************************************************************************************** ok: [10.10.20.20] TASK [Get hostname from server] ***************************************************************************************************** ok: [10.10.20.20] => { "msg": "localhost" } PLAY [Report Network Details of Servers] ***************************************************************************************************** TASK [Network routes installed] ***************************************************************************************************** ok: [10.10.20.20] => { "stdout_lines": [ "Kernel IP routing table", "Destination Gateway Genmask Flags MSS Window irtt Iface", "0.0.0.0 10.10.20.254 0.0.0.0 UG 0 0 0 ens160", "10.10.20.0 0.0.0.0 255.255.255.0 U 0 0 0 ens160", "172.16.30.0 10.10.20.160 255.255.255.0 UG 0 0 0 ens160", ] PLAY RECAP ********************************************************************************************************************* 10.10.20.20 : ok=7 changed=1 unreachable=0 failed=0
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Using Variable Files and Loops with Ansible
example2_vars.yaml
• Include external variable files using vars_files: filename.yaml
• Reference variables with {{name}}
• YAML supports lists and hashes (ie key/value)
• Loop to repeat actions with with_items: variable
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Using Variable Files and Loops with Ansible DevNet$ ansible-playbook -u root example2.yaml PLAY [Illustrate Variables] ************************** TASK [Print Company Name from Variable] ************** ok: [10.10.20.20] => { "msg": "Hello DevNet" } TASK [Loop over a List] ****************************** ok: [10.10.20.20] => (item=DevNet Rocks!) => { "item": "DevNet Rocks!", "msg": "DevNet Rocks!" } ok: [10.10.20.20] => (item=Programmability is amazing) => { "item": "Programmability is amazing", "msg": "Programmability is amazing" } ok: [10.10.20.20] => (item=Ansible is easy to use) => { "item": "Ansible is easy to use", "msg": "Ansible is easy to use" } ok: [10.10.20.20] => (item=Lists are fun!) => { "item": "Lists are fun!", "msg": "Lists are fun!" }
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Host and Group Variables
• Ansible allows for Group and Host ├── group_vars specific variables │ └── all.yaml • group_vars/groupname.yaml │ └── switches.yaml • host_vars/host.yaml ├── host_vars │ ├── 172.16.30.101.yaml • Variables automatically available │ ├── 172.16.30.102.yaml │ ├── 172.16.30.103.yaml │ └── 172.16.30.104.yaml
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 UCS Ansible Who / Where / What
• Who • UCS Ansible is currently maintained by UCS Engineering and some UCS TMEs, SEs, and DevNet DEs (Developer Evangelists) • Where • Github – ucsm-ansible – https://github.com/CiscoUcs/ucsm-ansible • Ansible 2.5 release • New UCS Ansible modules have been added directly to the Ansible 2.5 release • Pre Ansible 2.5 UCS modules will gradually be deprecated and moved to Ansible • What • Current requirements • Python 2.7 • ucsmsdk, ucsm-ansible, ucsm_apis
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 How – Module cisco_ucs_ntp.py
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 How – Playbook (yaml)
--- tasks: - hosts: localhost - name: enable ntp connection: local cisco_ucs_ntp: gather_facts: no name: "{{ntp_server}}" roles: descr: Ansible managed NTP - common state: present - hosts: ucs ucs_hostname: "{{ucs_ip}}" connection: local ucs_username: "{{ucs_username}}" gather_facts: no ucs_password: "{{ucs_password}}"
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 Install
1. Ansible 3. ucsm_apis – the latest sudo pip install ansible git clone https://github.com/ciscoucs/ucsm_apis cd ucsm_apis 2. ucsmsdk – the latest sudo make install git clone https://github.com/ciscoucs/ucsmsdk cd ucsmsdk 4. ucsm-ansible modules sudo make install git clone https://github.com/ciscoucs/ucsm- ansible cd ucsm-ansible sudo python install.py
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Demo UCS PowerTool Microsoft DSC Who / Where / What
• Who • UCS PowerTool is currently maintained by UCS Engineering • Where • cisco.com – UCS PowerTool Download, https://software.cisco.com/portal/pub/download/portal/select.html?&mdfid =286305108&flowid=79283&softwareid=284574017 • UCS PowerTool DSC module is packaged with UCS PowerTool as of version 2.X • What • Current requirements • Windows Desktop • PowerShell • UCS PowerTool
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 How – UCS PowerTool and MOF Files
• UCS PowerTool • Connect to UCS Manager perform Object Actions
• Managed Object Format MOF Files • Declare Object Actions
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 How $ConfigData= @{ ModifyPresent = $false AllNodes = @( ClassId= "fabricVlan" @{ Dn = "fabric/lan/net-vlan200" NodeName = "172.22.250.181" PropertyMap= "Id = 200 `nName = vlan200" PsDscAllowPlainTextPassword = $true UcsCredentials = $ucsCredential }; UcsConnectionString = $ucsConnectionString @{ Identifier = "vlan200" NodeName = "172.22.250.183" } PsDscAllowPlainTextPassword = $true Node "172.22.250.183" }; { ); UcsManagedObject vlan201 } { Ensure = "Present" Configuration AutoGeneratedDSCConfig ModifyPresent = $false { ClassId= "fabricVlan" param( Dn = "fabric/lan/net-vlan201" [Parameter(Mandatory=$true)] PropertyMap= "Id = 201 `nName = vlan201" [PsCredential] $ucsCredential, UcsCredentials = $ucsCredential [Parameter(Mandatory=$true) UcsConnectionString = $ucsConnectionString [string] $ucsConnectionString Identifier = "vlan201" ) } } Import-DSCResource -ModuleName Cisco.Ucs.DesiredStateConfiguration one line $connectionString = "Name=172.22.251.170" $credential = Get-Credential Node "172.22.250.181" { AutoGeneratedDSCConfig -UcsConnectionString UcsManagedObject vlan200 $connectionString -ConfigurationData $ConfigData { -ucsCredential $credential one line, creates Ensure = "Present" MOF files
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Install
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Demo Conclusion Got Questions? Come find me!
@johnamcdonough
http://github.com/movinalot
@CiscoDevNet
facebook.com/ciscodevnet
http://github.com/CiscoDevNet
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Complete your online session evaluation
Give us your feedback to be entered into a Daily Survey Drawing. Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Continue Demos in Walk-in Meet the Related your the Cisco self-paced engineer sessions education campus labs 1:1 meetings
DevNet: https://developer.cisco.com DevNet Learning Labs: https://learninglabs.cisco.com DevNet Sandboxes: https://devnetsandbox.cisco.com
#CLUS BRKDEV-2006 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Thank you
#CLUS #CLUS