DMYTRO SHYTYI

Cisco NSO and ANSIBLE – orchestration and automation.

ToC (NSO ANSIBLE):

This post includes simple introduction and gives links to facilitate the understanding of interoperation of NSO and ANSIBLE:

  •  Prerequisites for NSO and ANSIBLE
  •  NSO interoperation with ANSIBLE
  •  NSO configuration examples using ANSIBLE

Prerequisites for NSO and ANSIBLE

ANSIBLE – define and run a single task on a set of nodes

The basic knowledge of ANSIBLE will be required in this post.

To install Ansible in Ubuntu please execute the next commands:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository --yes --update ppa:ansible/ansible
$ sudo apt-get install ansible

for installation on other OS please check this link.

Normal setup installs ANSIBLE that on the machine called “Control Machine” and further ANSIBLE configures the “Managed nodes” machines.

Lets do the basic manipulation: the ping from “Control Machine” to “Managed node”. 

 Edit “/etc/ansible/hosts” and put addresses of “Managed nodes” 

192.168.1.2
host1.org
host2.org

Installed on Control Machine and Managed nodes ssh is requirement for ANSIBLE. Thus the next step is to configure the SSH keys.


execute the next commands on the Control Machine:

ssh-add ~/.ssh/id_rsa

After it is required to add the information located in the ~/.ssh/id_rsa.pub to the ~/.ssh/authorized_keys that is located on the Managed nodes. 

Lets ping all nodes in the “/etc/ansible/hosts” file

ansible all -m ping

To override the default user, use -u flag

ansible all -m ping -u dmytro

For additional details you may check the next link.

Ad-Hoc commands

You can create files in the same maner with Ad-Hoc command.
An ad-hoc command is something that you might type in to do something really quick, but don’t want to save for later.

ansible host_ip -m shell -a 'touch hello.txt '

For additinal details (File Transfer, Packages Managing, etc …) you may check the next link.

Playbooks

Different way to execute commands in ANSIBLE is Playbooks usage. 
Playbooks can declare configurations, but they can also orchestrate steps of any manual ordered process, even as different steps must bounce back and forth between sets of machines in particular orders. They can launch tasks synchronously or asynchronously [https://docs.ansible.com/].

Playbooks are written in YAML. Example is presented below

- hosts: webservers
  vars:
    http_port: 80
    max_clients: 200
  remote_user: root
  tasks:
  - name: ensure apache is at the latest version
    yum:
      name: httpd
      state: latest
  - name: write the apache config file
    template:
      src: /srv/httpd.j2
      dest: /etc/httpd.conf
    notify:
    - restart apache
  - name: ensure apache is running
    service:
      name: httpd
      state: started
  handlers:
    - name: restart apache
      service:
        name: httpd
        state: restarted

(c) [docs.ancible.com]

If you  are new to YAML, it is suggested to checkout the next tutorial:

GitHub LINK

For other information regarding playbooks be free to consult the ansible documentation.

NSO

Finally NSO is FREE for not comercial use !!! You may download this software by following the next link.

To learn NSO please follow the next link. Also you will find a lot of usefull information in the $NSO-DIR/doc/pdf after installation of the NSO package.

NSO interoperation with ANSIBLE

Picture below presents the way how ANSIBLE is communicating with NSO.
The JSON RPC is used for this purpose (request and responce examples are presented):

request {"jsonrpc": "2.0", "method": "subtract", "params": {"minuend": 42, "subtrahend": 23}, "id": 3}
reply  {"jsonrpc": "2.0", "result": 19, "id": 3}

As presented in the figure there are multipe types of modules in ANSIBLE for NSO.

Details about modules are presented in the next manner [Module_name – external link]

  • Verify module – LINK
  • Query module – LINK
  • Show module – LINK
  • Config module – LINK
  • Action module – LINK

NSO configuration examples using ANSIBLE

This post presents several configuration examples of Playbooks based on the IETF draft for uCPE management model. The uCPE draft  (v0.1) contains the yang model should be extracted from draft (with rfcstrip), a bit modified, compiled and loaded into NSO RFS.

We will create multiple Playbooks: first with nso connection config, second with creating configuration in the uCPE, third is for deletion of configuration from uCPE, 4th to load config from the uCPE to the NSO RFS database, 5th for data validation and 6th to configure service chaining (vRouter+vFirewall).

Playbook#1 – nso connection parameters. [nso.yaml]

url: http://10.0.10.10:8080/jsonrpc
username: admin
password: admin

Playbook#2 Configure uCPE [config-ucpe.yaml]

- name: Configure uCPE via NSO RFS
  hosts: 10.0.10.10
  connection: local
  gather_facts: no

  tasks:
  - name: NSO global variables
    include_vars:
      file: nso.yaml
      name: nso

  - name: Device configuration
    nso_config:
      url: "{{ nso.url }}"
      username: "{{ nso.username }}"
      password: "{{ nso.password }}"
      data:
        ietf-vysm:virtualization:
          - device:
            - ovp0-1.0
            name: ovp0-1.0
            vms:
            - cpu: '2'
              ram: '2'
              vm: vnfA
            - cpu: '6'
              ram: '6'
              storages:
              - id: '1'
                location: https://dmytro.shytyi.net/ansible.iso
              vm: vnfAnsible
            - cpu: '3'
              ram: '3'
              storages:
              - id: '1'
                location: https://localhost/exmpl.iso
              vm: vnfB

Playbook#3 Delete config uCPE [del-conf-ucpe.yaml]

- name: Delete uCPE config via NSO RFS
  hosts: 10.0.10.10
  connection: local
  gather_facts: no

  tasks:
  - name: NSO global variables
    include_vars:
      file: nso.yaml
      name: nso

  - name: Delete uCPE configuration via RFS NSO
    nso_config:
      url: "{{ nso.url }}"
      username: "{{ nso.username }}"
      password: "{{ nso.password }}"
      data:
        ietf-vysm:virtualization:
         - name: ovp0-1.0
           __state: absent

Playbook#4 action load config from uCPE [load-conf.yaml]

- name: Sync-from
  hosts: 10.0.10.10
  connection: local
  gather_facts: no

  tasks:
  - name: Load variables
    include_vars:
      file: nso.yaml
      name: nso

  - name: Sync from
    nso_action:
      url: "{{ nso.url }}"
      username: "{{ nso.username }}"
      password: "{{ nso.password }}"
      path: /ncs:devices/device{ovp0-1.0}/sync-from
      input: {}

Playbook#5 uCPE config validation [validate.yaml]

Here the error will appear because in the device we have the vnfB but in the YAML we check for “vnfC”.

- name: Verify uCPE config via NSO RFS
  hosts: 10.0.10.10
  connection: local
  gather_facts: no

  tasks:
  - name: NSO global variables
    include_vars:
      file: nso.yaml
      name: nso

  - name: Device configuration
    nso_verify:
      url: "{{ nso.url }}"
      username: "{{ nso.username }}"
      password: "{{ nso.password }}"
      data:
        ietf-nfv-service:virtualization:
          - device:
            - ovp0-1.0
            name: ovp0-1.0
            vms:
            - cpu: '2'
              ram: '2'
              vm: vnfA
            - cpu: '6'
              ram: '6'
              storages:
              - id: '1'
                location: https://dmytro.shytyi.net/ansible.iso
              vm: vnfAnsible
            - cpu: '3'
              ram: '3'
              storages:
              - id: '1'
                location: https://localhost/exmpl.iso
              vm: vnfC

Playbook#6 Service chaining (vRouter+vFirewall).

There are two Virtual Network Functhions (VNFs): vRouter and vFirewall. vSwitch “WAN” connected to WAN physical port, vSwitch “LAN” connected to LAN physical port and vSwitch “ServiceChain” that is connecting 2 VNFs. 

- name: Configure device
  hosts: 10.0.10.1 
  connection: local
  gather_facts: no
 
  tasks:
  - name: NSO global variables
    include_vars:
      file: nso-cfs.yaml
      name: nso

  - name: Device configuration
    nso_config:
      url: "{{ nso.url }}"
      username: "{{ nso.username }}"
      password: "{{ nso.password }}"
      data:
        ietf-vysm:virtualization:
        - device:
          - ovp0-1.0
          name: uCPEservice
          links:
          - link: l1
          - link: l2
          - link: l3
          - link: l4
          switches:
          - switch: lan
            ports:
            - port: 10
              name: p1
              link: l4
          - switch: serviceChain
            ports:
            - port: 10
              name: p1
              link: l2
            - port: 11
              name: p2
              link: l3

          - switch: wan
            ports:
            - port: 10
              name: p1
              link: l1

          vms:
          - cpu: 2
            ram: 4
            ports:
            - port: 1
              name: p1
              link: l3
            - port: 2
              name: p2
              link: l4
            storages:
            - id: '1 '
              location: https://dmytro.shytyi.net/vrouter.iso
            vm: vrouter

          - cpu: 2
            ram: 4
            ports:
            - port: 1
              name: p1
              link: l1
            - port: 2
              name: p2
              link: l2
            storages:
            - id: '1 ' 
              location: https://dmytro.shytyi.net/firewall.iso
            vm: vfirewall

Finally you may find usefull other links related to NSO and ANSIBLE:

Thank you for reading!