Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

Implementing Infrastructure as Code- How NDFC works with Ansible and Terraform

[ad_1]

Automation has been the main target of curiosity within the business for fairly a while now. Out of the highest instruments accessible, Ansible and Terraform have been popularly used amongst automation lovers like me. Whereas Ansible and Terraform are completely different of their implementation, they’re equally supported by merchandise from the Cloud Networking Enterprise Unit at Cisco (Cisco ACI, DCNM/NDFC, NDO, NXOS). Right here, we’ll talk about how Terraform and Ansible work with Nexus Dashboard Material Controller (NDFC). 

First, I’ll clarify how Ansible and Terraform works, together with their workflow. We are going to then have a look at the use circumstances. Lastly, we’ll talk about implementing Infrastructure as Code (IaC).

Ansible – Playbooks and Modules:

For these of you which are new to automation, Ansible has two predominant components – the stock file and playbooks. The stock file offers details about the gadgets we’re automating together with any sandbox environments arrange. The playbook acts because the instruction handbook for performing duties on the gadgets declared within the stock file. 

Ansible turns into a system of documentation as soon as the duties are written in a playbook. The playbook leverages REST API modules to explain the schema of the information that may be manipulated utilizing Relaxation API calls. As soon as written, the playbook will be executed utilizing the ansible-playbook command line.

Ansible Workflow


Terraform – Terraform Init, Plan and Apply:

Terraform has one predominant half – the TF template. The template will include the supplier particulars, the gadgets to be automated in addition to the directions to be executed. The next are the three details about terraform:

  1. Terraform defines infrastructure as code and handle the complete lifecycle. Creates new assets, manages current ones, and destroys ones now not essential. 

  2. Terraform provides a chic person expertise for operators to predictably make adjustments to infrastructure.

  3. Terraform makes it simple to re-use configurations for related infrastructure designs.

Whereas Ansible makes use of one command to execute a playbook, Terraform makes use of three to 4 instructions to execute a template. Terraform Init checks the configuration recordsdata and downloads required supplier plugins. Terraform Plan permits the person to create an execution plan and test if the execution plan matches the specified intent of the plan. Terraform Apply applies the adjustments, whereas Terraform Destroy permits the person to delete the Terraform managed infrastructure.

As soon as a template is executed for the primary time, Terraform creates a file referred to as terraform.state to retailer the state of the infrastructure after execution. This file is helpful when making mutable adjustments to the infrastructure. The execution of the duties can be achieved in a declarative technique. In different phrases, the course of stream doesn’t matter. 

Terraform Open Source workflow
Terraform Workflow


 

Use Instances of Ansible and Terraform for NDFC:

Ansible executes instructions in a prime to backside method. Whereas utilizing the NDFC GUI, it will get a bit tedious to handle all of the required configuration when there are lots of switches in a material. For instance, to configure a number of vPCs or to cope with community attachments for every of those switches, it will possibly get a bit tiring and takes up lots of time. Ansible makes use of a variable within the playbook referred to as states to carry out numerous actions reminiscent of creation, modification and deletion which simplifies making these adjustments. The playbook makes use of the modules we now have relying on the duty at hand to execute the required configuration modifications. 

Terraform follows an infrastructure as code method for executing duties. We now have one predominant.tf file which comprises all of the duties that are executed with a terraform plan and apply command. We are able to use the terraform plan command for the supplier to confirm the duties, test for errors and a terraform apply executes the automation. With the intention to work together with software particular APIs, Terraform makes use of suppliers. All Terraform configurations should declare a supplier discipline which will probably be put in and used to execute the duties. Suppliers energy all of Terraform’s useful resource sorts and discover modules for shortly deploying widespread infrastructure configurations. The supplier section has a discipline the place we specify whether or not the assets are offered by DCNM or NDFC.

Ansible Code Instance


Terraform Code Instance


Beneath are a couple of examples of how Ansible and Terraform works with NDFC. Utilizing the ansible-playbook command we will execute our playbook to create a VRF and community. 

Beneath is a pattern of how a Terraform code execution seems: 

Infrastructure as Code Workflow (IaC):

Infrastructure as a Code – CI/CD Workflow


One standard means to make use of Ansible and Terraform is by constructing it from a steady integration (CI) course of after which merging it from a steady supply (CD) system upon a profitable software construct:

  • The CI asks Ansible or Terraform to run a script that deploys a staging atmosphere with the applying.

  • When the stage checks go, CD then proceeds to run a manufacturing deployment.

  • Ansible/Terraform can then take a look at the historical past from model management on every machine or pull assets from the CI server.

An essential profit that’s highlighted via IaC is the simplification of testing and verification. CI guidelines out lots of widespread points if we now have sufficient take a look at circumstances after deploying on the staging community. CD mechanically deploys these adjustments onto manufacturing with only a easy click on of a button. 

Whereas Ansible and Terraform have their variations, NDFC helps the automation via each software program equally and prospects are given the choice to decide on both one and even each.

Terraform and Ansible complement one another within the sense that they each are nice at dealing with IaC and the CI/CD pipeline. The virtualized infrastructure configuration stays in sync with adjustments as they happen within the automation scripts. 

There are a number of DevOps software program alternate options on the market to deal with the runner jobs. Gitlab, Jenkins, AWS and GCP to call a couple of. 

Within the instance under, we’ll see how GitLab and Ansible work collectively to create a CI/CD pipeline.  For every change in code that’s pushed, CI triggers an automatic construct and confirm sequence on the staging atmosphere for the given undertaking, which supplies suggestions to the undertaking builders. With CD, infrastructure provisioning and manufacturing deployment is ensured as soon as the confirm sequence via CI has been efficiently confirmed. 

As we now have seen above, Ansible works in related method to a typical line interpreter, we outline a set of instructions to run in opposition to our hosts in a easy and declarative means. We even have a reset yaml file which we will use to revert all adjustments we make to the configuration.  

NDFC works together with Ansible and the Gitlab Runner to perform a CI/CD Pipeline. 

Gitlab Runner is an software that works with Gitlab CI/CD to run jobs in a pipeline. Our CI/CD job pipeline runs in a Docker container. We set up GitLab Runner onto a Linux server and register a runner that makes use of the Docker executor. We are able to additionally restrict the variety of individuals with entry to the runner so Pull Requests (PRs) of the merge will be raised and authorised of the merge by a choose variety of individuals. 

Step 1: Create a Repository for the staging and manufacturing atmosphere and an Ansible file to maintain credentials secure. On this, I’ve used the ansible vault command to retailer the credentials file for NDFC.

Step 2: Create an Ansible file for useful resource creation. In our case, we now have one predominant file for staging and manufacturing individually adopted by a group_vars folder to have all of the details about the assets. The principle file pulls the small print from the group_vars folder when executed. 

Step 3: Create a workflow file and test the output.

As above, our hosts.prod.yml and hosts.stage.yml stock recordsdata act as the principle file for implementing useful resource allocation to each manufacturing and staging respectively. Our group_vars folder comprises all of the useful resource info together with material particulars, swap info in addition to overlay community particulars. 

For the above instance, we will probably be exhibiting how including a community to the overlay.yml file after which committing this modification will invoke a CI/CD pipeline for the above structure. 

Optionally available Step 4: Create a password file (Optionally available). Create a brand new file referred to as password.txt containing the ansible vault password to encrypt and decrypt the Ansible vault file.

Our overlay.yml file at the moment has 2 networks. Our staging and manufacturing atmosphere has been reset to this stage.   We are going to now add our new community network_db to the yaml file as under:

First, we make this modification to the staging by elevating a PR and as soon as it has been verified, the admin of the repo can then approve this PR merge which is able to make the adjustments to manufacturing. 

As soon as we make these adjustments to the Ansible file, we create a department below this repo to which we commit the adjustments.

After this department has been created, we elevate a PR request. It will mechanically begin the CI pipeline.

As soon as the staging verification has handed, the admin/supervisor of the repo can go forward and approve of the merge which kicks within the CD pipeline for the manufacturing atmosphere.

If we test the NDFC GUI, we will discover each staging and manufacturing include the brand new community network_db. 

Conclusion:

All of our Cloud Networking merchandise assist automation utilizing each Ansible and Terraform. Automating infrastructure provisioning and CI/CD deployment helps in some ways. It lets us preserve a log of adjustments within the infrastructure whereas in the long run saving lots of time (testing configuration adjustments, creating a totally new material consisting of many assets, modifying current assets to call a couple of). Fallouts requiring handbook intervention are considerably decreased as we will revert any adjustments by a easy command. Automating the workflow helps us preserve observe of adjustments made and we gained’t come throughout conditions of outages or failures the place we face a configuration change made a couple of months in the past and don’t know what or why it was made. 

View the recordsdata for this IaC implementation.

 

Associated Hyperlinks:

Cisco DevNet Ansible Modules

Terraform DCNM Registry

Cisco Studying Lab for automation utilizing Terraform

Ansible CICD Pipeline Code Instance

Working Terraform for A number of groups and Purposes

 

Share:

[ad_2]

Leave a Reply