ToC (NSO ANSIBLE):
This post includes simple introduction and gives links to facilitate the understanding of interoperation of NSO and ANSIBLE:
- Prerequisites for NSO and ANSIBLE
- NSO interoperation with ANSIBLE
- NSO configuration examples using ANSIBLE
Prerequisites for NSO and ANSIBLE
ANSIBLE – define and run a single task on a set of nodes
The basic knowledge of ANSIBLE will be required in this post.
To install Ansible in Ubuntu please execute the next commands:
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository --yes --update ppa:ansible/ansible
$ sudo apt-get install ansible
for installation on other OS please check this link.
Normal setup installs ANSIBLE that on the machine called “Control Machine” and further ANSIBLE configures the “Managed nodes” machines.
Lets do the basic manipulation: the ping from “Control Machine” to “Managed node”.
Edit “/etc/ansible/hosts” and put addresses of “Managed nodes”
192.168.1.2
host1.org
host2.org
Installed on Control Machine and Managed nodes ssh is requirement for ANSIBLE. Thus the next step is to configure the SSH keys.
execute the next commands on the Control Machine:
ssh-add ~/.ssh/id_rsa
After it is required to add the information located in the ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys that is located on the Managed nodes.
Lets ping all nodes in the “/etc/ansible/hosts” file
ansible all -m ping
To override the default user, use -u flag
ansible all -m ping -u dmytro
For additional details you may check the next link.
Ad-Hoc commands
You can create files in the same maner with Ad-Hoc command.
An ad-hoc command is something that you might type in to do something really quick, but don’t want to save for later.
ansible host_ip -m shell -a 'touch hello.txt '
For additinal details (File Transfer, Packages Managing, etc …) you may check the next link.
Playbooks
Different way to execute commands in ANSIBLE is Playbooks usage.
Playbooks can declare configurations, but they can also orchestrate steps of any manual ordered process, even as different steps must bounce back and forth between sets of machines in particular orders. They can launch tasks synchronously or asynchronously [https://docs.ansible.com/].
Playbooks are written in YAML. Example is presented below
- hosts: webservers
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum:
name: httpd
state: latest
- name: write the apache config file
template:
src: /srv/httpd.j2
dest: /etc/httpd.conf
notify:
- restart apache
- name: ensure apache is running
service:
name: httpd
state: started
handlers:
- name: restart apache
service:
name: httpd
state: restarted
(c) [docs.ancible.com]
If you are new to YAML, it is suggested to checkout the next tutorial:
For other information regarding playbooks be free to consult the ansible documentation.
NSO
Finally NSO is FREE for not comercial use !!! You may download this software by following the next link.
To learn NSO please follow the next link. Also you will find a lot of usefull information in the $NSO-DIR/doc/pdf after installation of the NSO package.
NSO interoperation with ANSIBLE
Picture below presents the way how ANSIBLE is communicating with NSO.
The JSON RPC is used for this purpose (request and responce examples are presented):
request {"jsonrpc": "2.0", "method": "subtract", "params": {"minuend": 42, "subtrahend": 23}, "id": 3}
reply {"jsonrpc": "2.0", "result": 19, "id": 3}
As presented in the figure there are multipe types of modules in ANSIBLE for NSO.
Details about modules are presented in the next manner [Module_name – external link]
- Verify module – LINK
- Query module – LINK
- Show module – LINK
- Config module – LINK
- Action module – LINK
NSO configuration examples using ANSIBLE
This post presents several configuration examples of Playbooks based on the IETF draft for uCPE management model. The uCPE draft (v0.1) contains the yang model should be extracted from draft (with rfcstrip), a bit modified, compiled and loaded into NSO RFS.
We will create multiple Playbooks: first with nso connection config, second with creating configuration in the uCPE, third is for deletion of configuration from uCPE, 4th to load config from the uCPE to the NSO RFS database, 5th for data validation and 6th to configure service chaining (vRouter+vFirewall).
Playbook#1 – nso connection parameters. [nso.yaml]
url: http://10.0.10.10:8080/jsonrpc
username: admin
password: admin
Playbook#2 Configure uCPE [config-ucpe.yaml]
- name: Configure uCPE via NSO RFS
hosts: 10.0.10.10
connection: local
gather_facts: no
tasks:
- name: NSO global variables
include_vars:
file: nso.yaml
name: nso
- name: Device configuration
nso_config:
url: "{{ nso.url }}"
username: "{{ nso.username }}"
password: "{{ nso.password }}"
data:
ietf-vysm:virtualization:
- device:
- ovp0-1.0
name: ovp0-1.0
vms:
- cpu: '2'
ram: '2'
vm: vnfA
- cpu: '6'
ram: '6'
storages:
- id: '1'
location: https://dmytro.shytyi.net/ansible.iso
vm: vnfAnsible
- cpu: '3'
ram: '3'
storages:
- id: '1'
location: https://localhost/exmpl.iso
vm: vnfB
Playbook#3 Delete config uCPE [del-conf-ucpe.yaml]
- name: Delete uCPE config via NSO RFS
hosts: 10.0.10.10
connection: local
gather_facts: no
tasks:
- name: NSO global variables
include_vars:
file: nso.yaml
name: nso
- name: Delete uCPE configuration via RFS NSO
nso_config:
url: "{{ nso.url }}"
username: "{{ nso.username }}"
password: "{{ nso.password }}"
data:
ietf-vysm:virtualization:
- name: ovp0-1.0
__state: absent
Playbook#4 action load config from uCPE [load-conf.yaml]
- name: Sync-from
hosts: 10.0.10.10
connection: local
gather_facts: no
tasks:
- name: Load variables
include_vars:
file: nso.yaml
name: nso
- name: Sync from
nso_action:
url: "{{ nso.url }}"
username: "{{ nso.username }}"
password: "{{ nso.password }}"
path: /ncs:devices/device{ovp0-1.0}/sync-from
input: {}
Playbook#5 uCPE config validation [validate.yaml]
Here the error will appear because in the device we have the vnfB but in the YAML we check for “vnfC”.
- name: Verify uCPE config via NSO RFS
hosts: 10.0.10.10
connection: local
gather_facts: no
tasks:
- name: NSO global variables
include_vars:
file: nso.yaml
name: nso
- name: Device configuration
nso_verify:
url: "{{ nso.url }}"
username: "{{ nso.username }}"
password: "{{ nso.password }}"
data:
ietf-nfv-service:virtualization:
- device:
- ovp0-1.0
name: ovp0-1.0
vms:
- cpu: '2'
ram: '2'
vm: vnfA
- cpu: '6'
ram: '6'
storages:
- id: '1'
location: https://dmytro.shytyi.net/ansible.iso
vm: vnfAnsible
- cpu: '3'
ram: '3'
storages:
- id: '1'
location: https://localhost/exmpl.iso
vm: vnfC
Playbook#6 Service chaining (vRouter+vFirewall).
There are two Virtual Network Functhions (VNFs): vRouter and vFirewall. vSwitch “WAN” connected to WAN physical port, vSwitch “LAN” connected to LAN physical port and vSwitch “ServiceChain” that is connecting 2 VNFs.
- name: Configure device
hosts: 10.0.10.1
connection: local
gather_facts: no
tasks:
- name: NSO global variables
include_vars:
file: nso-cfs.yaml
name: nso
- name: Device configuration
nso_config:
url: "{{ nso.url }}"
username: "{{ nso.username }}"
password: "{{ nso.password }}"
data:
ietf-vysm:virtualization:
- device:
- ovp0-1.0
name: uCPEservice
links:
- link: l1
- link: l2
- link: l3
- link: l4
switches:
- switch: lan
ports:
- port: 10
name: p1
link: l4
- switch: serviceChain
ports:
- port: 10
name: p1
link: l2
- port: 11
name: p2
link: l3
- switch: wan
ports:
- port: 10
name: p1
link: l1
vms:
- cpu: 2
ram: 4
ports:
- port: 1
name: p1
link: l3
- port: 2
name: p2
link: l4
storages:
- id: '1 '
location: https://dmytro.shytyi.net/vrouter.iso
vm: vrouter
- cpu: 2
ram: 4
ports:
- port: 1
name: p1
link: l1
- port: 2
name: p2
link: l2
storages:
- id: '1 '
location: https://dmytro.shytyi.net/firewall.iso
vm: vfirewall
Finally you may find usefull other links related to NSO and ANSIBLE:
Thank you for reading!