Data Center Automation Solution from Cisco and Red Hat Ansible White Paper

Introduction: Cisco Red Hat partnership enables a true DevOps model

In many customer IT environments, network operations remain entrenched in error-prone manual processes. Historically, network policies have been implemented using a Command Line Interface (CLI) and more monolithic means on proprietary platforms. Only recently have server-side and DevOps practices begun to influence the networking world, with IT administrators forced to support both the compute and network resources. DevOps can help administrators achieve an agile operational model by enabling automation, innovation, and consistency.

The joint set of data center networking solutions from Cisco and Ansible (encompassing Cisco ACI^®, Cisco NX-OS, and Nexus^® Dashboard Orchestrator [NDO]) helps automate the most unproductive and repetitive administrative tasks within a Data Center.

Solution incorporating Cisco ACI and Red Hat Ansible

Cisco ACI’s Application Policy Infrastructure Controller (APIC) supports a robust and open API that Red Hat Ansible can seamlessly leverage. Ansible is open source, works with many different operating systems that run on Cisco^® networking platforms (including Cisco ACI, Cisco IOS^®, Cisco NX-OS, and Cisco IOS-XR), and supports the full range of ACI offerings. Together, Cisco ACI and Ansible provide a perfect combination, enabling customers to embrace the DevOps model and accelerate ACI deployment, monitoring, day-to-day management, and more. Ansible, with its unified configuration, provisioning, and application deployment, is built to address network automation challenges and create favorable business outcomes, such as accelerated DevOps and simplified IT environments.

Ansible brings numerous synergies to an ACI environment with its simple automation language; powerful features, such as application deployment, configuration management, and workflow orchestration; and an agentless architecture that makes the execution environment predictable and secure. In the latest Ansible release, there are more than 100 ACI and NDO modules in the Ansible core, including ones for specific objects, such as tenant and application profiles, as well as a module for interacting directly with the ACI REST API. This means that a broad set of ACI functionalities is available as soon as you install Ansible.

After installing Ansible only two things are required to start automating an ACI network fabric:

●      An Ansible playbook, which is a set of automation instructions

●      An inventory file, which lists the devices to be automated, in this case an APIC

The playbooks are written in YAML to define the tasks to execute against an ACI fabric. Here is an ACI playbook sample that configures a tenant on an APIC:

---

- name: ACI Tenant Management

  hosts: aci

  connection: local

  gather facts: no

  - name: CONFIGURE TENANT

    aci_tenant:

      hostname: "{{ hostname }}"

      username: admin

      password: adminpass

      validate_certs: false

      tenant: "{{ tenant_name }}"

      description: "{{ tenant_name }} created Using Ansible"

      state: present

Refer to the section “Related links,” below, for more detailed documentation on Ansible modules/playbooks, labs, and tutorials.

How integration of Ansible with Cisco ACI works

The picture below represents users creating inventory files (for the APIC that we want Ansible to manage), creating playbooks (what tasks we want to run and automate on the APIC, which is the target system), and leveraging the available ACI modules for the tasks that administrators want to configure and automate. Ansible then pushes those configuration tasks via the APIC REST API through HTTPS to the target system, the APIC.

Ansible modules simplify automation of deployment, configuration, and optimization

The ACI Ansible modules help cover a broad set of data-center use cases, including:

●      Day 0: Initial installation and deployment – Configuration of universal entities and policies; for example, switch registration, naming, user configuration, and firmware updates

●      Day 1: Configuration and operation – Initial tenant creation, along with all the tenant child configurations; for example, VRFs, APs, BDs, EPGs, etc.

●      Day 2: Additional configuration and optimization – Adding, updating, or removing policies, tenants, and/or applications (for example, adding a contract to support a new protocol in an existing EPG).

Automate VXLAN-EVPN fabric with Cisco DCNM provider for Ansible

For customers embracing Cisco DCNM, similar automation capabilities are enabled through the integrations with Red Hat Ansible. Cisco DCNM abstracts network detail and automates configuration of VXLAN EVPN, including underlay and overlay networks.

The Ansible integrations with DCNM provide customers with an agile DevOps environment to accelerate their NX-OS deployments. Customers can use Ansible to automate, manage, and monitor various components of the network infrastructure, such as addition and removal of switches and VRFs and the orchestration of interfaces using the open APIs of Cisco DCNM.

The DCNM integrations also cover a broad set of use-cases, such as fabric inventory management, overlay control, switch interface, and REST API modules to deliver Infrastructure as Code. Typically, tools are used to provision the compute resources in preparation for the applications to be deployed. This will set the stage for deployment of applications, capturing all the dependencies on the underlying platforms by using tools such as helm charts, Ansible, or bash scripts. With CI/CD pipeline workflows, customers can quickly test the DCNM network before they push to production, in a DevOps-friendly way, with speed, consistency, and minimized risk.

Ansible for Cisco NX-OS data centers

For companies with NX-OS-based data centers, there are multiple Cisco NX-OS modules and playbooks for Ansible. These modules allow administrators to make API calls to network nodes and apply configurations that are defined in the playbooks.

The Cisco Nexus platform allows administrators to easily integrate their applications into customers’ existing DevOps tool chains, flexibly install or deploy on switches whatever protocol package or customer applications are needed, and gain open and full access to switches’ resources and data. The feature richness in Cisco Nexus NX-OS, combined with its scaling and performance capabilities, enables customers to build efficient data centers.

The Ansible integration with Cisco Nexus platforms enables customers to take advantage of programming and automating the infrastructure at scale with speed. Ansible helps accelerate Day-0, -1, and -2 operations in the following ways:

●      Day 0 – automates bringing up of devices

●      Day 1 – pushes network configurations to maintain consistency across the infrastructure

●      Day 2 – optimizes network compliance and operation

In short, the combined Ansible and Cisco solution enables NX-OS data center administrators to accelerate IT transformation, leverage an open ecosystem, create efficient operational models, and become faster and more agile.

Key benefits of using Ansible for data center networking solutions

●      Helps automate installation and configuration of network devices and enables network management that is consistent across the entire NX-OS data center infrastructure.

●      Makes it easy, within an ACI environment, to create and configure tenants, apply consistent network policies, and provision resources efficiently and as needed by applications.

●      ACI-Ansible modules extend the trusted, secure interaction of the ACI CLI and GUI.

●      Enables a DevOps approach to DCNM network management – with CI/CD pipeline workflows, customers can quickly test the DCNM network before they push to production. This helps make administrators work faster and more agilely, all while minimizing risk.

●      No programming skills are required with Ansible modules.

Conclusion

Red Hat Ansible integrations with Cisco data center networking solutions enable the full power of automation. With the Ansible collections for Cisco DCNM, Cisco ACI, Cisco Nexus Dashboard Orchestrator, and Cisco NX-OS, customers can move from traditional scripting to robust, reusable automation.

The Cisco Red Hat Ansible set of solutions empowers network administrators to consistently manage and apply policies across their entire infrastructure. They enable NetOps to automate the configuration of new devices and provision network resources more efficiently and as needed by business applications. Finally, they apply a software development approach to networking and, through CI/CD pipelines and version control, enable large and dispersed teams of network administrators to work with more speed and agility, all the while eliminating risk.

Related links

●      Ansible: https://docs.ansible.com/ansible/latest/index.html

●      Cisco ACI: https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/index.html

●      ACI Ansible Modules Guide: https://docs.ansible.com/ansible/latest/scenario_guides/guide_aci.html

●      ACI Tenant Module: https://docs.ansible.com/ansible/latest/modules/aci_tenant_module.html

●      Developing Cisco ACI Ansible Modules: https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general_aci.html

●      DevNet Introduction to ACI and Ansible Learning Labs: https://developer.cisco.com/learning/modules/ansible-aci-intro

●      Cisco ACI Collection GitHub: https://github.com/CiscoDevNet/ansible-aci

●      Cisco Nexus 9000 Series NX-OS Programmability Guide, Release 7.x: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/programmability/guide/b_Cisco_Nexus_9000_Series_NX-OS_Programmability_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Programmability_Guide_7x_chapter_011001.html

●      Cisco DevNet Ansible-DCNM Repository GitHub: https://github.com/CiscoDevNet/ansible-dcnm

●      Cisco DevNet: https://developer.cisco.com/

●      Ansible Galaxy Cisco Nexus Dashboard Resources: https://galaxy.ansible.com/cisco/nd