netdevops developer environments with vagrant - ons2018 developer... · • simple configuration...
TRANSCRIPT
Hank Preston, ccie 38336 R/SNetDevOps Evangelist@hfpreston
Do it like they do on the Developer Channel!
NetDevOps Developer Environments with Vagrant
OPEN NETWORKING //Integrate, Automate, Accelerate
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Vagrant 101• Our first network vagrant up!• Vagrant + Ansible Provisioning• Multi-Node Topologies• The right tool for the right job…• How to do it yourself!
Agenda
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Preparation Steps to Follow Along (or after)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Python• 2.7.10 or higher• 3.6.2 or higher• pip & virtual environment
• ”git” command line tools• Vagrant• VirtualBox• Homebrew (Apple OS X)
Windows Workstation Caveats
• Vagrant & VirtualBox work great
• Ansible not supported on Windows (controlstation)
• Python scripts to create Vagrant boxes require Linux or OS X
Workstation Requirements
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Clone the Repository
• Setup Python Virtual Environment
# From your “code” directory$ git clone https://github.com/hpreston/vagrant_net_prog$ cd vagrant_net_prog/labs
$ ls –l README.md iosxr_examplehands_on_1 nxos_examplehands_on_2 requirements.txthands_on_3 venv
$ virtualenv venv --python=python3.6$ source venv/bin/activate$ pip install –r requirements.txt
Setup your Workstation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Vagrant 101
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Open Source Develop Tooling by HashiCorpwww.vagrantup.com
• Simple configuration file stored with code
• “easy to configure, reproducible, and portable work environments”
• Multi-Platform for both guest and host
lab\ $ vagrant init iosxe/16.6.1
lab\ $ vagrant upBringing machine 'default' up with 'virtualbox' provider...==> default: Importing box 'iosxe/16.6.1'...==> default: Forwarding ports...
default: 830 (guest) => 2223 (host)default: 80 (guest) => 2224 (host) default: 443 (guest) => 2225 (host)default: 22 (guest) => 2222 (host)
lab\ $ vagrant sshcsr1kv#
Development Environments Made Easy
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Vagrantfile• Configuration file for vagrant
• Box• Base images for different individual environments
• Provider • Virtualization technology used by vagrant
• Default is VirtualBox, many other supported
(venv) lab\ $ ls hands_on_2/Vagrantfile
(venv) lab\ $ vagrant box listcentos/7 (virtualbox, 1611.01)iosxe/16.06.02 (virtualbox, 0)iosxr/6.1.2 (virtualbox, 0)nxos/7.0.3.I7.3 (virtualbox, 0)ubuntu/trusty64 (virtualbox, 20160323.0.0)
(venv) lab\ $ vagrant global-statusid name provider state directory-------------------------------------------------------8d1eaec default virtualbox saved ~/coding/BRKDEV-1368
Key Terms and Concepts
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• vagrant init box name• Initialize a new Vagrantfile in a directory
• vagrant up / halt / destroy• Start, stop, and delete an environment
• vagrant resume / suspend• Pause and restart an environment
• vagrant ssh [machine]• Connect via SSH to a running environment
• vagrant port• View the nat’d ports for the environment
lab\ $ vagrant suspend==> default: Saving VM state and suspending
lab\ $ vagrant resume==> default: Resuming suspended VM...
lab\ $ vagrant port830 (guest) => 2223 (host)22 (guest) => 2222 (host)
lab\ $ vagrant sshcsr1kv#
Vagrant Commands• vagrant provision• Re-run configured provisioner (eg Ansible)
• vagrant box list• Display list of available boxes
• vagrant status / global-status• Display current status of environments
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Create new project directory
• Initialize a new Vagrant environment
• Bring it up
lab\ $ mkdir vagrant_explorelab\ $ cd vagrant_explore
vagrant_explore\ $ vagrant init hashicorp/precise64
vagrant_explore\ $ vagrant up
Explore Vagrant with Basic Linux VMs
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Connect to your environment with SSH
• Explore lifecycleoperations of Vagrant
vagrant_explore\ $ vagrant ssh
# Now you’re inside the Vagrant VMvagrant@precise64:~$vagrant@precise64:~$ pwdvagrant@precise64:~$ exit
# Back on your local workstationvagrant_explore\ $ vagrant statusvagrant_explore\ $ vagrant suspendvagrant_explore\ $ vagrant resumevagrant_explore\ $ vagrant reloadvagrant_explore\ $ vagrant destroy
Explore Vagrant with Basic Linux VMs
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Vagrantfile Basics# -*- mode: ruby -*-# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure# configures the configuration version (we support older styles for# backwards compatibility). Please don't change it unless you know what# you're doing.Vagrant.configure("2") do |config|
# Every Vagrant development environment requires a box. # You can search for boxes at https://vagrantcloud.com/search.config.vm.box = "hashicorp/precise64"
end
* Simplified and edited sample
Majority of default Vagrantfile is comments
Vagrant is a Ruby application
Start Configuration Block
Identify the box to use
Note: Vagrant Boxes can include default settings* Partial file output displayed for presentation
End Configuration Block
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Our first network vagrant up!
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• View available boxes
• Initialize new Vagrant File
lab\ $ cd hands_on_1/
hands_on_1\ $ vagrant box list
hands_on_1\ $ vagrant init iosxe/16.06.02
hands_on_1\ $ open Vagrantfile
Initialize your Vagrantfile
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Vagrantfile Basics (for Network Devices)# -*- mode: ruby -*-# vi: set ft=ruby :
Vagrant.configure("2") do |config|# Every Vagrant development environment requires a box. You can search for# boxes at https://atlas.hashicorp.com/search.config.vm.box = "iosxe/16.6.1"config.ssh.insert_key = false
# Create a forwarded port mapping which allows access to a specific port# within the machine from a port on the host machine. config.vm.network "forwarded_port", guest: 830, host: 2223, id: "netconf"config.vm.network "forwarded_port", guest: 80, host: 2224, id: ”http"config.vm.network "forwarded_port", guest: 443, host: 2225, id: "restconf-ssl"
# Create a private network, which allows host-only access to the machine# using a specific IP.config.vm.network :private_network, virtualbox__intnet: "link1", auto_config: falseconfig.vm.network :private_network, virtualbox__intnet: "link2", auto_config: false
end
Box Name
Don’t insert Vagrant public key. Recommended
Forward local ports for API/App access. SSH is forwarded by default
Create environment networks.”eth1” connected to host by default
Note: Vagrant Boxes can include default settings * Simplified and edited sample
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Open Vagrantfile• Add 2 Interfaces to Configuration
• Specific positioning in file is irrelevant • * Must be within |config| block
Vagrant.configure("2") do |config|config.vm.box = "iosxe/16.6.1"
# Create a private networksconfig.vm.network :private_network, virtualbox__intnet: "link1", auto_config: falseconfig.vm.network :private_network, virtualbox__intnet: "link2", auto_config: false
end
Let’s add more interfaces!
* Simplified and edited sample
cp Vagrantfile.solution Vagrantfileor
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Start environment
• View NAT’d ports for APIs
• Connect to running switch
hands_on_1\ $ vagrant up
hands_on_1\ $ vagrant port
hands_on_1\ $ vagrant ssh
Start a Vagrant Environment
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Baseline Configurations • Logins – User / Cert • APIs• Interfaces
• Make an API Call
# Run from Vagrant Environment (ie vagrant ssh)csr1kv#sh run aaa
csr1kv#sh run | sec pubkey-chain
csr1kv#show run int Gig1
csr1kv#sh run | inc conf
# Exit from Vagrant Environmenthands_on_1\ $ python netconf_example1.py
Explore the Vagrant Environment
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Configure interface details on GigabitEthernet2 using NETCONF
• Verify
hands_on_1\ $ python netconf_example3.py
.
.
<?xml version="1.0" encoding="UTF-8"?><rpc-reply
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:6e622605-29d8-=" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/></rpc-reply>
hands_on_1\ $ vagrant ssh
csr1kv#sh ip int briInterface IP-Address GigabitEthernet2 10.255.255.1
Do some configuration
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• vagrant up and customize
• vagrant halt -f to shut down
• vagrant package to build new box• Include default Vagrantfile to ease use
• vagrant box add to make available
hands_on_1\ $ vagrant halt -f
hands_on_1\ $ vagrant package \--output Custom_IOS_XE.box \--vagrantfile embedded_vagrantfile_xe
hands_on_1\ $ vagrant box add iosxe/custom1 \Custom_IOS_XE.box
hands_on_1\ $ mkdir custom_boxhands_on_1\ $ cd custom_boxhands_on_1\ $ vagrant init iosxe/custom1
Build a new Base Box Template
Discuss
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Review Sample Embedded VagrantfileVagrant.configure(2) do |config|config.vm.synced_folder '.', '/vagrant', disabled: true
# Give IOS XE 400 seconds to come upconfig.vm.boot_timeout = 400
# Port 830 is XE NETCONFconfig.vm.network :forwarded_port, guest: 830, host: 2223, id: 'netconf', auto_correct: true# Port 80 is XE HTTPconfig.vm.network :forwarded_port, guest: 80, host: 2224, id: 'http', auto_correct: true# Port 443 is XE RESTCONF / SSLconfig.vm.network :forwarded_port, guest: 443, host: 2225, id: 'restconf-ssl', auto_correct: trueconfig.ssh.forward_agent = trueconfig.ssh.guest_port = 22config.ssh.insert_key = falseconfig.vm.guest = :other
# turn off the check if the plugin is installedif Vagrant.has_plugin?("vagrant-vbguest")config.vbguest.auto_update = false
end.
end
* Simplified and edited sample
Discuss
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Destroy this environment hands_on_1\ $ vagrant destroy
Destroy Hands on Demo 1
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Vagrant + Ansible Provisioning
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• “Infrastructure as Code” dictates entire configuration in code
• Building multiple box versions for variations = template sprawl
• Human error in manual configurations
• There has to be a better way…
Come on... Really “vagrant ssh” and “config t”?!?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Run with vagrant up
• Install software
• Alter configurations
• Run commands/code
• Types• Shell, Ansible, Puppet, Chef, Docker, Salt, CFEngine…
Vagrant.configure("2") do |config|# ... other configuration
config.vm.provision "shell" do |s|s.inline = "echo hello"
endend
Vagrant Provisioners
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Move to Hands On 3
• Start the “vagrant up” process now so it runs while we discuss
hands_on_1\ $ cd ../
lab\ $ cd hands_on_3/
hands_on_3\ $ ls
Vagrantfilehost_varshostsansible_provision.yamlnetconf_interface_template.j2
hands_on_3\ $ open Vagrantfile
hands_on_3\ $ vagrant up
Provisioning Lab
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Specify provisioning details in the file
• For Ansible, specify hosts file• Used for configdetails
hands_on_3/VagrantfileVagrant.configure("2") do |config|
# Every Vagrant development environment requires a box. You can search for# boxes at https://atlas.hashicorp.com/search.config.vm.box = "iosxe/16.06.02"
# Create a private network, which allows host-only access to the machine# using a specific IP.# config.vm.network "private_network", ip: "192.168.33.10"config.vm.network :private_network, virtualbox__intnet: "link1", config.vm.network :private_network, virtualbox__intnet: "link2",
# Enable provisioning with Ansible shell script. config.vm.provision "ansible" do |ansible|
ansible.playbook = "ansible_provision.yaml"ansible.inventory_path = "./hosts"
end
end
* Partial file output for screen display
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Ansible inventory file
• Specify interpreter to link to Python Virtual Environment
hands_on_3/hosts[vagrant] default ansible_python_interpreter="/usr/bin/env python"
* Partial file output for screen display
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
hands_on_3/ansible_provision.yaml---- name: Provision IOS XE Devices
hosts: allconnection: local
tasks: - name: Pause to complete boot
pause: seconds: 5
- name: Configure NETCONF and RESTCONFios_config:
provider: host: "{{mgmt_ip}}"port: "{{ssh_port}}"username: "{{username}}"password: "{{password}}"
lines: - netconf-yang- restconf
• Ansible Playbook defines configuration
• Several options to use • ios_config, ios_command,
etc• netconf_config
* Partial file output for screen display
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
hands_on_3/host_vars/default.yaml---mgmt_ip: 127.0.0.1netconf_port: 2223ssh_port: 2222username: vagrantpassword: vagrantinterfaces:
- interface_type: GigabitEthernetinterface_id: 2description: Link 2 - Configured by Ansible with Vagrantip_address: 192.168.100.20subnet_mask: 255.255.255.0
- interface_type: GigabitEthernetinterface_id: 3description: Link 3 - Configured by Ansible with Vagrantip_address: 192.168.101.20subnet_mask: 255.255.255.0
•Host specific details•Vagrant network intricacies require explicit ip and port info
* Partial file output for screen display
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Vagrant Uphands_on_3\ $ vagrant upBringing machine 'default' up with 'virtualbox' provider...==> default: Machine booted and ready!==> default: Running provisioner: ansible...
default: Running ansible-playbook...
PLAY [Provision IOS XE Devices] ************************************************
TASK [Configure NETCONF and RESTCONF] ******************************************ok: [default]
TASK [Configure Interfaces] ****************************************************changed: [default] => (item={u'subnet_mask': u'255.255.255.0', u'interface_typeu'ip_address': u'192.168.100.20', u'description': u'Link 2 - Configured by Ansible with Vagrant', u'interface_id': 2})changed: [default] => (item={u'subnet_mask': u'255.255.255.0', u'interface_typeu'ip_address': u'192.168.101.20', u'description': u'Link 3 - Configured by Ansible with Vagrant', u'interface_id': 3})
PLAY RECAP *********************************************************************default : ok=5 changed=1 unreachable=0 failed=0
•After device fully “up” provisioning runs
* Partial output for screen display
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Verify device provisioned properly
hands_on_3\ $ vagrant ssh csr1kv#show ip int bri Interface IP-Address OK? Method Status Protocol GigabitEthernet1 10.0.2.15 YES DHCP up up GigabitEthernet2 192.168.100.20 YES other up up GigabitEthernet3 192.168.101.20 YES other up up
• Trust, but verify
* Partial output for screen display
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Destroy this environment hands_on_3\ $ vagrant destroy
Destroy Hands on Demo 3
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multi-Node Topologies
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Move to Hands on 2 hands_on_1\ $ cd ../
lab\ $ cd hands_on_2/
hands_on_2\ $ ls
Vagrantfile
hands_on_2\ $ open Vagrantfile
Multi-Node Lab
Discuss
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
DiscussMulti-Node VagrantfileVagrant.configure("2") do |config|
# Node 1: IOS XE Deviceconfig.vm.define "iosxe1" do |node|
node.vm.box = "iosxe/16.06.02"
# Gig2 connected to link1# Gig3 connected to hosts1# auto-config not supported.node.vm.network :private_network, virtualbox__intnet: "link1", auto_confignode.vm.network :private_network, virtualbox__intnet: ”hosts1", auto_config
end
# Node 2: IOS XE Deviceconfig.vm.define "iosxe2" do |node|
node.vm.box = "iosxe/16.06.02"
# Gig2 connected to link1# Gig3 connected to hosts2# auto-config not supported.node.vm.network :private_network, virtualbox__intnet: "link1", auto_confignode.vm.network :private_network, virtualbox__intnet: ”hosts2", auto_config
endend
•Configuration for multiple nodes •Different boxes supported •Network them together!
* Partial file output for screen display
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Vagrant Up$ vagrant up
Bringing machine 'iosxe1' up with 'virtualbox' provider...Bringing machine 'iosxe2' up with 'virtualbox' provider...==> iosxe1: Preparing network interfaces based on configuration...
iosxe1: Adapter 1: natiosxe1: Adapter 2: intnetiosxe1: Adapter 3: intnet
==> iosxe1: Forwarding ports...iosxe1: 830 (guest) => 2223 (host) (adapter 1)iosxe1: 80 (guest) => 2224 (host) (adapter 1)iosxe1: 443 (guest) => 2225 (host) (adapter 1)iosxe1: 22 (guest) => 2222 (host) (adapter 1)
==> iosxe1: Machine booted and ready!==> iosxe2: Importing base box 'iosxe/16.6.1'...==> iosxe2: Fixed port collision for 830 => 2223. Now on port 2200.==> iosxe2: Fixed port collision for 80 => 2224. Now on port 2201.==> iosxe2: Fixed port collision for 443 => 2225. Now on port 2202.==> iosxe2: Fixed port collision for 22 => 2222. Now on port 2203.
iosxe2: Adapter 1: natiosxe2: Adapter 2: intnetiosxe2: Adapter 3: intnet
==> iosxe2: Forwarding ports...==> iosxe2: Machine booted and ready!
Discuss
* Partial output for screen display
Port collisions auto-fixedCan manually specifyin Vagrantfile
VMs boot one at a time
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Check status of machines• vagrant ssh name
(venv2) hands_on_2\ $ vagrant statusCurrent machine states:
iosxe1 running (virtualbox)iosxe2 running (virtualbox)
This environment represents multiple VMs. The VMs are all listed above with their current state. For more information about a specific VM, run `vagrant status NAME`.
(venv2) hands_on_2\ $ vagrant ssh iosxe1
csr1kv#exit
(venv2) hands_on_2\ $ vagrant ssh iosxe2
csr1kv#exit
Checkout the Vagrant Environment
Discuss
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Each node takes resources
• Switches/Routers aren’t small VMs
• Monitor Memory Usage
Impact on host system
Discuss
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
The right tool for the right job…
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Testing and Dev Options
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Modern Development Tool
• Run everything local
• Few dependencies
• Independent Environments
• Ship with Code Samples
• Test and experiment with APIs
When and Why to Use Vagrant
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Large topologies • Data Plane important • Multiple simultaneous developers
• Long running tests
When NOT to use Vagrant
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
How to do it yourself!
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Install Vagrant www.vagrantup.com/downloads.html
• DevNet Learning Lab Modulelearninglabs.cisco.com/modules/vagrant_up
• Create Your Own Boxes for Cisco IOS XE, IOS XR, and Open NX-OS• github.com/hpreston/vagrant_net_prog• Go to box_building/README.md
• Instructions and scripts to create Boxes from available resources (ie from CCO)**Some downloads require entitlements
• Many other network vendors offering Vagrant support as well
Getting Started with Vagrant On Your Own
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Got more questions? Stay in touch!
[email protected]@hfprestonhttp://github.com/hpreston
@CiscoDevNetfacebook.com/ciscodevnet/ http://github.com/CiscoDevNet
Hank Preston developer.cisco.com