netdevops developer environments with vagrant - ons2018 developer... · • simple configuration...

Hank Preston, ccie 38336 R/SNetDevOps Evangelist@hfpreston

Do it like they do on the Developer Channel!

NetDevOps Developer Environments with Vagrant

OPEN NETWORKING //Integrate, Automate, Accelerate

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

• Vagrant 101• Our first network vagrant up!• Vagrant + Ansible Provisioning• Multi-Node Topologies• The right tool for the right job…• How to do it yourself!

Agenda

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Preparation Steps to Follow Along (or after)


• Python• 2.7.10 or higher• 3.6.2 or higher• pip & virtual environment

• ”git” command line tools• Vagrant• VirtualBox• Homebrew (Apple OS X)

Windows Workstation Caveats

• Vagrant & VirtualBox work great

• Ansible not supported on Windows (controlstation)

• Python scripts to create Vagrant boxes require Linux or OS X

Workstation Requirements


• Clone the Repository

• Setup Python Virtual Environment

# From your “code” directory$ git clone https://github.com/hpreston/vagrant_net_prog$ cd vagrant_net_prog/labs

$ ls –l README.md iosxr_examplehands_on_1 nxos_examplehands_on_2 requirements.txthands_on_3 venv

$ virtualenv venv --python=python3.6$ source venv/bin/activate$ pip install –r requirements.txt

Setup your Workstation


Vagrant 101


• Open Source Develop Tooling by HashiCorpwww.vagrantup.com

• Simple configuration file stored with code

• “easy to configure, reproducible, and portable work environments”

• Multi-Platform for both guest and host

lab\ $ vagrant init iosxe/16.6.1

lab\ $ vagrant upBringing machine 'default' up with 'virtualbox' provider...==> default: Importing box 'iosxe/16.6.1'...==> default: Forwarding ports...

default: 830 (guest) => 2223 (host)default: 80 (guest) => 2224 (host) default: 443 (guest) => 2225 (host)default: 22 (guest) => 2222 (host)

lab\ $ vagrant sshcsr1kv#

Development Environments Made Easy


• Vagrantfile• Configuration file for vagrant

• Box• Base images for different individual environments

• Provider • Virtualization technology used by vagrant

• Default is VirtualBox, many other supported

(venv) lab\ $ ls hands_on_2/Vagrantfile

(venv) lab\ $ vagrant box listcentos/7 (virtualbox, 1611.01)iosxe/16.06.02 (virtualbox, 0)iosxr/6.1.2 (virtualbox, 0)nxos/7.0.3.I7.3 (virtualbox, 0)ubuntu/trusty64 (virtualbox, 20160323.0.0)

(venv) lab\ $ vagrant global-statusid name provider state directory-------------------------------------------------------8d1eaec default virtualbox saved ~/coding/BRKDEV-1368

Key Terms and Concepts


• vagrant init box name• Initialize a new Vagrantfile in a directory

• vagrant up / halt / destroy• Start, stop, and delete an environment

• vagrant resume / suspend• Pause and restart an environment

• vagrant ssh [machine]• Connect via SSH to a running environment

• vagrant port• View the nat’d ports for the environment

lab\ $ vagrant suspend==> default: Saving VM state and suspending

lab\ $ vagrant resume==> default: Resuming suspended VM...

lab\ $ vagrant port830 (guest) => 2223 (host)22 (guest) => 2222 (host)

lab\ $ vagrant sshcsr1kv#

Vagrant Commands• vagrant provision• Re-run configured provisioner (eg Ansible)

• vagrant box list• Display list of available boxes

• vagrant status / global-status• Display current status of environments


• Create new project directory

• Initialize a new Vagrant environment

• Bring it up

lab\ $ mkdir vagrant_explorelab\ $ cd vagrant_explore

vagrant_explore\ $ vagrant init hashicorp/precise64

vagrant_explore\ $ vagrant up

Explore Vagrant with Basic Linux VMs


• Connect to your environment with SSH

• Explore lifecycleoperations of Vagrant

vagrant_explore\ $ vagrant ssh

# Now you’re inside the Vagrant VMvagrant@precise64:~$vagrant@precise64:~$ pwdvagrant@precise64:~$ exit

# Back on your local workstationvagrant_explore\ $ vagrant statusvagrant_explore\ $ vagrant suspendvagrant_explore\ $ vagrant resumevagrant_explore\ $ vagrant reloadvagrant_explore\ $ vagrant destroy

Explore Vagrant with Basic Linux VMs


Vagrantfile Basics# -*- mode: ruby -*-# vi: set ft=ruby :

# All Vagrant configuration is done below. The "2" in Vagrant.configure# configures the configuration version (we support older styles for# backwards compatibility). Please don't change it unless you know what# you're doing.Vagrant.configure("2") do |config|

# Every Vagrant development environment requires a box. # You can search for boxes at https://vagrantcloud.com/search.config.vm.box = "hashicorp/precise64"

end

* Simplified and edited sample

Majority of default Vagrantfile is comments

Vagrant is a Ruby application

Start Configuration Block

Identify the box to use

Note: Vagrant Boxes can include default settings* Partial file output displayed for presentation

End Configuration Block


Our first network vagrant up!


• View available boxes

• Initialize new Vagrant File

lab\ $ cd hands_on_1/

hands_on_1\ $ vagrant box list

hands_on_1\ $ vagrant init iosxe/16.06.02

hands_on_1\ $ open Vagrantfile

Initialize your Vagrantfile


Vagrantfile Basics (for Network Devices)# -*- mode: ruby -*-# vi: set ft=ruby :

Vagrant.configure("2") do |config|# Every Vagrant development environment requires a box. You can search for# boxes at https://atlas.hashicorp.com/search.config.vm.box = "iosxe/16.6.1"config.ssh.insert_key = false

# Create a forwarded port mapping which allows access to a specific port# within the machine from a port on the host machine. config.vm.network "forwarded_port", guest: 830, host: 2223, id: "netconf"config.vm.network "forwarded_port", guest: 80, host: 2224, id: ”http"config.vm.network "forwarded_port", guest: 443, host: 2225, id: "restconf-ssl"

# Create a private network, which allows host-only access to the machine# using a specific IP.config.vm.network :private_network, virtualbox__intnet: "link1", auto_config: falseconfig.vm.network :private_network, virtualbox__intnet: "link2", auto_config: false

end

Box Name

Don’t insert Vagrant public key. Recommended

Forward local ports for API/App access. SSH is forwarded by default

Create environment networks.”eth1” connected to host by default

Note: Vagrant Boxes can include default settings * Simplified and edited sample


• Open Vagrantfile• Add 2 Interfaces to Configuration

• Specific positioning in file is irrelevant • * Must be within |config| block

Vagrant.configure("2") do |config|config.vm.box = "iosxe/16.6.1"

# Create a private networksconfig.vm.network :private_network, virtualbox__intnet: "link1", auto_config: falseconfig.vm.network :private_network, virtualbox__intnet: "link2", auto_config: false

end

Let’s add more interfaces!


cp Vagrantfile.solution Vagrantfileor


• Start environment

• View NAT’d ports for APIs

• Connect to running switch

hands_on_1\ $ vagrant up

hands_on_1\ $ vagrant port

hands_on_1\ $ vagrant ssh

Start a Vagrant Environment


• Baseline Configurations • Logins – User / Cert • APIs• Interfaces

• Make an API Call

# Run from Vagrant Environment (ie vagrant ssh)csr1kv#sh run aaa

csr1kv#sh run | sec pubkey-chain

csr1kv#show run int Gig1

csr1kv#sh run | inc conf

# Exit from Vagrant Environmenthands_on_1\ $ python netconf_example1.py

Explore the Vagrant Environment


• Configure interface details on GigabitEthernet2 using NETCONF

• Verify

hands_on_1\ $ python netconf_example3.py

.

.

<?xml version="1.0" encoding="UTF-8"?><rpc-reply

xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:6e622605-29d8-=" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">

<ok/></rpc-reply>

hands_on_1\ $ vagrant ssh

csr1kv#sh ip int briInterface IP-Address GigabitEthernet2 10.255.255.1

Do some configuration


• vagrant up and customize

• vagrant halt -f to shut down

• vagrant package to build new box• Include default Vagrantfile to ease use

• vagrant box add to make available

hands_on_1\ $ vagrant halt -f

hands_on_1\ $ vagrant package \--output Custom_IOS_XE.box \--vagrantfile embedded_vagrantfile_xe

hands_on_1\ $ vagrant box add iosxe/custom1 \Custom_IOS_XE.box

hands_on_1\ $ mkdir custom_boxhands_on_1\ $ cd custom_boxhands_on_1\ $ vagrant init iosxe/custom1

Build a new Base Box Template

Discuss


Review Sample Embedded VagrantfileVagrant.configure(2) do |config|config.vm.synced_folder '.', '/vagrant', disabled: true

# Give IOS XE 400 seconds to come upconfig.vm.boot_timeout = 400

# Port 830 is XE NETCONFconfig.vm.network :forwarded_port, guest: 830, host: 2223, id: 'netconf', auto_correct: true# Port 80 is XE HTTPconfig.vm.network :forwarded_port, guest: 80, host: 2224, id: 'http', auto_correct: true# Port 443 is XE RESTCONF / SSLconfig.vm.network :forwarded_port, guest: 443, host: 2225, id: 'restconf-ssl', auto_correct: trueconfig.ssh.forward_agent = trueconfig.ssh.guest_port = 22config.ssh.insert_key = falseconfig.vm.guest = :other

# turn off the check if the plugin is installedif Vagrant.has_plugin?("vagrant-vbguest")config.vbguest.auto_update = false

end.

end


Discuss


• Destroy this environment hands_on_1\ $ vagrant destroy

Destroy Hands on Demo 1


Vagrant + Ansible Provisioning


• “Infrastructure as Code” dictates entire configuration in code

• Building multiple box versions for variations = template sprawl

• Human error in manual configurations

• There has to be a better way…

Come on... Really “vagrant ssh” and “config t”?!?


• Run with vagrant up

• Install software

• Alter configurations

• Run commands/code

• Types• Shell, Ansible, Puppet, Chef, Docker, Salt, CFEngine…

Vagrant.configure("2") do |config|# ... other configuration

config.vm.provision "shell" do |s|s.inline = "echo hello"

endend

Vagrant Provisioners


• Move to Hands On 3

• Start the “vagrant up” process now so it runs while we discuss

hands_on_1\ $ cd ../


hands_on_3\ $ ls

Vagrantfilehost_varshostsansible_provision.yamlnetconf_interface_template.j2


hands_on_3\ $ vagrant up

Provisioning Lab


• Specify provisioning details in the file

• For Ansible, specify hosts file• Used for configdetails

hands_on_3/VagrantfileVagrant.configure("2") do |config|

# Every Vagrant development environment requires a box. You can search for# boxes at https://atlas.hashicorp.com/search.config.vm.box = "iosxe/16.06.02"

# Create a private network, which allows host-only access to the machine# using a specific IP.# config.vm.network "private_network", ip: "192.168.33.10"config.vm.network :private_network, virtualbox__intnet: "link1", config.vm.network :private_network, virtualbox__intnet: "link2",

# Enable provisioning with Ansible shell script. config.vm.provision "ansible" do |ansible|

ansible.playbook = "ansible_provision.yaml"ansible.inventory_path = "./hosts"

end

end

* Partial file output for screen display


• Ansible inventory file

• Specify interpreter to link to Python Virtual Environment

hands_on_3/hosts[vagrant] default ansible_python_interpreter="/usr/bin/env python"



hands_on_3/ansible_provision.yaml---- name: Provision IOS XE Devices

hosts: allconnection: local

tasks: - name: Pause to complete boot

pause: seconds: 5

- name: Configure NETCONF and RESTCONFios_config:

provider: host: "{{mgmt_ip}}"port: "{{ssh_port}}"username: "{{username}}"password: "{{password}}"

lines: - netconf-yang- restconf

• Ansible Playbook defines configuration

• Several options to use • ios_config, ios_command,

etc• netconf_config



hands_on_3/host_vars/default.yaml---mgmt_ip: 127.0.0.1netconf_port: 2223ssh_port: 2222username: vagrantpassword: vagrantinterfaces:

- interface_type: GigabitEthernetinterface_id: 2description: Link 2 - Configured by Ansible with Vagrantip_address: 192.168.100.20subnet_mask: 255.255.255.0

- interface_type: GigabitEthernetinterface_id: 3description: Link 3 - Configured by Ansible with Vagrantip_address: 192.168.101.20subnet_mask: 255.255.255.0

•Host specific details•Vagrant network intricacies require explicit ip and port info



Vagrant Uphands_on_3\ $ vagrant upBringing machine 'default' up with 'virtualbox' provider...==> default: Machine booted and ready!==> default: Running provisioner: ansible...

default: Running ansible-playbook...

PLAY [Provision IOS XE Devices] ************************************************

TASK [Configure NETCONF and RESTCONF] ******************************************ok: [default]

TASK [Configure Interfaces] ****************************************************changed: [default] => (item={u'subnet_mask': u'255.255.255.0', u'interface_typeu'ip_address': u'192.168.100.20', u'description': u'Link 2 - Configured by Ansible with Vagrant', u'interface_id': 2})changed: [default] => (item={u'subnet_mask': u'255.255.255.0', u'interface_typeu'ip_address': u'192.168.101.20', u'description': u'Link 3 - Configured by Ansible with Vagrant', u'interface_id': 3})

PLAY RECAP *********************************************************************default : ok=5 changed=1 unreachable=0 failed=0

•After device fully “up” provisioning runs

* Partial output for screen display


Verify device provisioned properly

hands_on_3\ $ vagrant ssh csr1kv#show ip int bri Interface IP-Address OK? Method Status Protocol GigabitEthernet1 10.0.2.15 YES DHCP up up GigabitEthernet2 192.168.100.20 YES other up up GigabitEthernet3 192.168.101.20 YES other up up

• Trust, but verify



• Destroy this environment hands_on_3\ $ vagrant destroy

Destroy Hands on Demo 3


Multi-Node Topologies


• Move to Hands on 2 hands_on_1\ $ cd ../


hands_on_2\ $ ls

Vagrantfile


Multi-Node Lab

Discuss


DiscussMulti-Node VagrantfileVagrant.configure("2") do |config|

# Node 1: IOS XE Deviceconfig.vm.define "iosxe1" do |node|

node.vm.box = "iosxe/16.06.02"

# Gig2 connected to link1# Gig3 connected to hosts1# auto-config not supported.node.vm.network :private_network, virtualbox__intnet: "link1", auto_confignode.vm.network :private_network, virtualbox__intnet: ”hosts1", auto_config

end

# Node 2: IOS XE Deviceconfig.vm.define "iosxe2" do |node|

node.vm.box = "iosxe/16.06.02"

# Gig2 connected to link1# Gig3 connected to hosts2# auto-config not supported.node.vm.network :private_network, virtualbox__intnet: "link1", auto_confignode.vm.network :private_network, virtualbox__intnet: ”hosts2", auto_config

endend

•Configuration for multiple nodes •Different boxes supported •Network them together!



Vagrant Up$ vagrant up

Bringing machine 'iosxe1' up with 'virtualbox' provider...Bringing machine 'iosxe2' up with 'virtualbox' provider...==> iosxe1: Preparing network interfaces based on configuration...

iosxe1: Adapter 1: natiosxe1: Adapter 2: intnetiosxe1: Adapter 3: intnet

==> iosxe1: Forwarding ports...iosxe1: 830 (guest) => 2223 (host) (adapter 1)iosxe1: 80 (guest) => 2224 (host) (adapter 1)iosxe1: 443 (guest) => 2225 (host) (adapter 1)iosxe1: 22 (guest) => 2222 (host) (adapter 1)

==> iosxe1: Machine booted and ready!==> iosxe2: Importing base box 'iosxe/16.6.1'...==> iosxe2: Fixed port collision for 830 => 2223. Now on port 2200.==> iosxe2: Fixed port collision for 80 => 2224. Now on port 2201.==> iosxe2: Fixed port collision for 443 => 2225. Now on port 2202.==> iosxe2: Fixed port collision for 22 => 2222. Now on port 2203.

iosxe2: Adapter 1: natiosxe2: Adapter 2: intnetiosxe2: Adapter 3: intnet

==> iosxe2: Forwarding ports...==> iosxe2: Machine booted and ready!

Discuss


Port collisions auto-fixedCan manually specifyin Vagrantfile

VMs boot one at a time


• Check status of machines• vagrant ssh name

(venv2) hands_on_2\ $ vagrant statusCurrent machine states:

iosxe1 running (virtualbox)iosxe2 running (virtualbox)

This environment represents multiple VMs. The VMs are all listed above with their current state. For more information about a specific VM, run `vagrant status NAME`.

(venv2) hands_on_2\ $ vagrant ssh iosxe1

csr1kv#exit

(venv2) hands_on_2\ $ vagrant ssh iosxe2

csr1kv#exit

Checkout the Vagrant Environment

Discuss


• Each node takes resources

• Switches/Routers aren’t small VMs

• Monitor Memory Usage

Impact on host system

Discuss


The right tool for the right job…


Network Testing and Dev Options


• Modern Development Tool

• Run everything local

• Few dependencies

• Independent Environments

• Ship with Code Samples

• Test and experiment with APIs

When and Why to Use Vagrant


• Large topologies • Data Plane important • Multiple simultaneous developers

• Long running tests

When NOT to use Vagrant


How to do it yourself!


• Install Vagrant www.vagrantup.com/downloads.html

• DevNet Learning Lab Modulelearninglabs.cisco.com/modules/vagrant_up

• Create Your Own Boxes for Cisco IOS XE, IOS XR, and Open NX-OS• github.com/hpreston/vagrant_net_prog• Go to box_building/README.md

• Instructions and scripts to create Boxes from available resources (ie from CCO)**Some downloads require entitlements

• Many other network vendors offering Vagrant support as well

Getting Started with Vagrant On Your Own


Got more questions? Stay in touch!

[email protected]@hfprestonhttp://github.com/hpreston

@CiscoDevNetfacebook.com/ciscodevnet/ http://github.com/CiscoDevNet

Hank Preston developer.cisco.com

netdevops developer environments with vagrant - ons2018 developer... · • simple configuration...

Documents