Cisco NSO and ANSIBLE – orchestration and automation.

ToC (NSO ANSIBLE):

This post includes simple introduction and gives links to facilitate the understanding of interoperation of NSO and ANSIBLE:

  •  Prerequisites for NSO and ANSIBLE
  •  NSO interoperation with ANSIBLE
  •  NSO configuration examples using ANSIBLE

Prerequisites for NSO and ANSIBLE

ANSIBLE – define and run a single task on a set of nodes

The basic knowledge of ANSIBLE will be required in this post.

To install Ansible in Ubuntu please execute the next commands:

for installation on other OS please check this link.

Normal setup installs ANSIBLE that on the machine called “Control Machine” and further ANSIBLE configures the “Managed nodes” machines.

Lets do the basic manipulation: the ping from “Control Machine” to “Managed node”. 

 Edit “/etc/ansible/hosts” and put addresses of “Managed nodes” 

Installed on Control Machine and Managed nodes ssh is requirement for ANSIBLE. Thus the next step is to configure the SSH keys.

execute the next commands on the Control Machine:

After it is required to add the information located in the ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys that is located on the Managed nodes. 

Lets ping all nodes in the “/etc/ansible/hosts” file

To override the default user, use -u flag

For additional details you may check the next link.

Ad-Hoc commands

You can create files in the same maner with Ad-Hoc command.
An ad-hoc command is something that you might type in to do something really quick, but don’t want to save for later.

For additinal details (File Transfer, Packages Managing, etc …) you may check the next link.

Playbooks

Different way to execute commands in ANSIBLE is Playbooks usage. 
Playbooks can declare configurations, but they can also orchestrate steps of any manual ordered process, even as different steps must bounce back and forth between sets of machines in particular orders. They can launch tasks synchronously or asynchronously [https://docs.ansible.com/].

Playbooks are written in YAML. Example is presented below

(c) [docs.ancible.com]

If you  are new to YAML, it is suggested to checkout the next tutorial:

GitHub LINK

For other information regarding playbooks be free to consult the ansible documentation.

NSO

Finally NSO is FREE for not comercial use !!! You may download this software by following the next link.

To learn NSO please follow the next link. Also you will find a lot of usefull information in the $NSO-DIR/doc/pdf after installation of the NSO package.

NSO interoperation with ANSIBLE

Picture below presents the way how ANSIBLE is communicating with NSO.
The JSON RPC is used for this purpose (request and responce examples are presented):

As presented in the figure there are multipe types of modules in ANSIBLE for NSO.

Details about modules are presented in the next manner [Module_name – external link]

  • Verify module – LINK
  • Query module – LINK
  • Show module – LINK
  • Config module – LINK
  • Action module – LINK

NSO configuration examples using ANSIBLE

This post presents several configuration examples of Playbooks based on the IETF draft for uCPE management model. The uCPE draft  (v0.1) contains the yang model should be extracted from draft (with rfcstrip), a bit modified, compiled and loaded into NSO RFS.

We will create multiple Playbooks: first with nso connection config, second with creating configuration in the uCPE, third is for deletion of configuration from uCPE, 4th to load config from the uCPE to the NSO RFS database, 5th for data validation and 6th to configure service chaining (vRouter+vFirewall).

Playbook#1 – nso connection parameters. [nso.yaml]

Playbook#2 Configure uCPE [config-ucpe.yaml]

Playbook#3 Delete config uCPE [del-conf-ucpe.yaml]

Playbook#4 action load config from uCPE [load-conf.yaml]

Playbook#5 uCPE config validation [validate.yaml]

Here the error will appear because in the device we have the vnfB but in the YAML we check for “vnfC”.

Playbook#6 Service chaining (vRouter+vFirewall).

There are two Virtual Network Functhions (VNFs): vRouter and vFirewall. vSwitch “WAN” connected to WAN physical port, vSwitch “LAN” connected to LAN physical port and vSwitch “ServiceChain” that is connecting 2 VNFs. 

Finally you may find usefull other links related to NSO and ANSIBLE:

Thank you for reading!