Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
2611
Views
9
Helpful
5
Comments

NSO Modules for Ansible - Manage All Your Networks

camoberg
Cisco Employee
Cisco Employee
‎10-24-2017 02:07 AM

A couple of weeks I presented work we have done on NSO and Ansible integration to a great audience at Ansiblefest 2017 in San Francisco. The videos are available here. The presentation consisted of an introduction to NSO, and introduced three new Ansible modules for interacting with NSO. This was our first time presenting the solution to this audience and based on the healthy-sized number of people that wanted to chat after the presentation (which is a great way of measuring the impact of your content) it seems like it went well.

To me, this validates our understanding that giving software tools like Ansible access to managing multi-vendor hybrid networks is the way to go about opening up for radical change in the industry. If nothing else, I believe by giving Ansible-users access to the network through a database-like API, and thereby making it significantly more manageable entity, we will see lots of interesting outcomes over time.


We had a couple of ideas that we wanted to include in the design of the modules, including:

  • Normalize the access to the configuration across vendors - use YAML in playbooks for all data encoding
  • Reduce the amount of configuration changes in the network to the bare minimum - only change what you intend to do and avoid side-effects
  • Provide a full create-read-update-delete interface to avoid exploding the number of vendor-specific modules - modules should express operations on data, not protocol details

So, we built three modules to allow ansible to access data in NSO, one for each type of operation you are likely to perform on configuration and operational data:

  • nso_configure - allows for updating (creating, changing, deleting) configuration data
  • nso_verify - allows for verifying configuration and/or operational data is the same as expected
  • nso_action - allows for triggering actions, i.e. operations with side-effects like 'reboot' or 'ping'

The key here is that these three modules act on a common set of data, namely the data that resides in NSO according to the YANG modules loaded into the system. Think of NSO as exposing a large tree-representation of all your configuration and operational data, across all your network devices and services under management. The modules then allow you to operate on that data with NSO taking care of the details of robustly getting and setting configuration and operational data on devices and in services in a distributed and transaction-safe manner.

By doing this we have removed:

  • vendor-specific modules and proprietary encoding
  • opaque configuration blobs that unnecessarily upsets your network
  • separate modules for all activities you are allowed to do on the device

And as an added bonus, we have also made sure that there is consistent roundtripping of data between NSO and playbooks. This means that you can reliably fetch configuration and operational data from NSO using the NSO RESTCONF interface or CLI, translate the resulting JSON to YAML that can be included (or simply pasted into) NSO module tasks. This literally removes (or radically reduces) the need for manual work when creating module content.


The example I used during the presentation used curl(1) to fetch the running configuration of a device called jnpr0 and convert from the NSO RESTCONF interface JSON output and convert the response into YAML using the following command:

$ curl -H "Accept: application/yang-data+json" http://localhost:8080/restconf/data/devices/device/jnpr0/config | ../json2yaml.py

The YAML output can then be used in e.g. the nso_verify module to verify that the configuration stays the same. As an obvious next step for the more ansible-savvy; you can now apply a handler to the verify-task and on change, call an nso_config task with the content to revert back to the intended configuration.


We are currently in process of upstreaming the modules into ansible core, you can track the progress of the pull request here.The demo files that I used during the presentation and referenced above is available from our developer hub github here.


Feel free to reach out directly to me with any feedback or questions.

5 Comments
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the NSO Developer community:

Popular Articles
Customers Also Viewed These Support Documents