Automating Infrastructure with Cisco

Questions and Answers

What is the definition of automation, according to this content?

Automation is using code to configure, deploy, and manage applications together with the compute, storage, and network infrastructures and services on which they run.

Which of the following are common tools used for automation with Cisco infrastructure? (Select all that apply.)

Ansible (correct)

Chef (correct)

Python

Puppet (correct)

What are the three stages in the walk-run-fly progression of network automation?

Walk: Read only automation, Run: Activate policies and provide self-service across multiple domains, Fly: Deploy applications, network configurations, and more through CI/CD

One disadvantage of manual operations is that they are prone to human error.

True

What are the three key events that shaped the evolution of the DevOps discipline?

Site Reliability Engineering (SRE), Debois and Agile Infrastructure, Allspaw and Hammond

What are three core principles of the DevOps/SRE culture?

A focus on automation, the idea that "failure is normal", A reframing of "availability" in terms of what a business can tolerate

What are the two linked ideas that underpin the DevOps/SRE culture?

DevOps must deliver measurable, agreed upon business value and the statistical reality of doing so perfectly is impossible.

What is the definition of idempotency in the context of automation?

An Idempotent software produces the same desirable result each time that it is run.

What is the primary function of a declarative in infrastructure management?

A declarative is a static model and is used by middleware that incorporates deployment-specific details, examines present circumstances, and brings real infrastructure into alignment with the model, and usually least time consuming path.

What does provisioning in the context of automation refer to?

This refers to obtaining compute, storage, and network infrastructure (real or virtual), enabling communications, putting it into service, and making it ready for use by operators and developers.

Which of the following are benefits offered by automation tools compared to ad-hoc scripting? (Select all that apply.)

Handle Scale

The unit test framework is useful in test-driven development (TDD) environments.

True

What are the two main components of a typical GitOps setup?

A repository with several branches, a deployment server.

What is the defining characteristic of a blue/green deployment?

It is required to maintain two identical production environments.

What is the main benefit of using network simulation?

Network simulation provides a means to test network configurations, debug configuration code, and to work with and learn Cisco infrastructure and APIs in a safe, convenient, and non-cost-prohibitive way.

VIRL can only be run on bare metal.

False

What is the name of the native configuration format used by VIRL?

.virl file

The .virl file provides a method for determining if configuration drift has occurred on the simulation.

True

Immutability refers to maintaining systems entirely as code, performing no manual operations on them at all.

True

What are the primary benefits of pyATS?

pyATS framework and libraries can be leveraged within any Python code, It is modular and includes components such as AEtest and Easypy, A CLI enables rapid interrogation of live networks, extraction of facts, and helps automate running of test scripts and other forensics, pyATS provides an enormous interface library to Cisco and other infrastructure via a range of interfaces, pyATS can consume, parse, and implement topologies described in JSON, as YANG models, and from other sources, pyATS can also be  integrated with automation tools for building, provisioning, and teardown.

What are the two main components of pyATS?

pyATS framework and libraries, Genie

A Python virtual environment (venv) is a separate isolated environment that prevents changes from affecting the main system.

True

Virtual environments exist only in memory and do not have physical representations on the filesystem.

False

Ubuntu 18.04 always has the python3-venv package preinstalled.

False

What is the key benefit of using a testbed file in pyATS?

The testbed file is an essential input to the rest of pyATS library and ecosystem as it provides information to the framework for loading the right set of library APIs for each device, and how to effectively communicate to them.

The pyATS test declaration syntax is inspired by Python unit-testing frameworks like pytest.

True

What is the primary function of the Genie library in pyATS?

Genie is the pyATS higher-level library system that provides APIs for interacting with devices, and a powerful CLI for topology and device management and interrogation.

What are the key benefits of using Ansible?

Available as open source, and in a version with added features, from IBM/Red Hat, called Ansible Tower, Substantially managed from the Bash command line, with automation code developed and maintained using any standard text editor.

What is the primary method for managing Ansible?

The Bash command line

What are two key features of Ansible's architecture?

It runs on any Linux machine running Python 2 or 3, It connects to managed resources over SSH and enables Ansible to run shell commands on a remote server, Inject Python scripts into targets and remove them after they run, Install Python on target machines if required.

How are tasks organized in Ansible?

Ansible code structure, Work is separated into YAML (.yml) files that contain a sequence of tasks, executed in top-down order, Ansible has hundreds of pre-built Python modules that wrap operating-system-level functions and meta functions, Playbooks and roles, An Ansible playbook can be written as a monolithic document with a series of modular, named tasks, Developers build a model of a complex DevOps task out of low-level playbook task sequences called roles and then reference these in higher-level playbooks, sometimes adding additional tasks at the playbook level, This segregation of concerns ensures clarity, reusability and shareability of roles.

Ansible projects are typically organized in a flat directory structure, without any nested folders.

False

What are the two control-plane solutions available for managing Ansible at scale?

Red Hat Ansible Tower and AWX project

What is the purpose of Ansible Vault?

It enables the encryption of passwords and other sensitive information.

What is the primary purpose of Ansible modules?

Automating Cisco compute and network hardware.

What is the primary method used by Ansible to connect to remote hosts and execute commands?

SSH

What is the name of the file used to define the top-level playbook in Ansible?

site.yml

What is the name of the directory that contains the Ansible role's task definitions?

tasks directory

What is the name of the command used to run an Ansible playbook?

ansible-playbook

What is the purpose of the -i argument in the ansible-playbook command?

It names the inventory file.

What is the primary purpose of the index.html file in the Ansible example?

To create a simple website on a remote host.

What are the two primary ways that Puppet is offered?

Open source, Puppet Enterprise.

What is the recommended approach for installing the Puppet Server?

A monolithic installation.

How does Puppet handle scaling beyond a single server?

Create additional "compile masters" and place them behind a load balancer.

What is the name of the file that is used to configure the Puppet agent's communication with the Puppet Server?

puppet.conf

What is the name of the directory used to store Puppet's configuration files?

/etc/puppetlabs/code/environments

What is the purpose of the "modules" subdirectory in the Puppet environment?

To store subsidiary projects and manifests for things we need to build and configure.

What is the name of the command used to install the Puppet agent on a Debian-based Linux system?

sudo apt-get install puppet-agent

What is the name of the file that is modified to configure the Puppet agent's communication with the Puppet server?

puppet.conf

What is the name of the command used to start the Puppet service on the client?

sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

What is the name of the command used to list pending certificates on the Puppet Server?

ca list

What is the name of the command used to sign a certificate on the Puppet Server?

sudo /opt/puppetlabs/bin/puppetserver ca sign --certname puppetclient

What is the name of the file that is created to store the Puppet agent's configuration on a host?

puppet.conf

What is the primary purpose of the "modules" subdirectory in the Puppet environment?

To store subsidiary projects and manifests for things we need to build and configure

What is the name of the command used to restart the Puppet Server?

systemctl restart puppetserver.service

What are the two primary ways to deploy configuration changes in Puppet?

Restarting the Puppet Server, invoking Puppet agent on a target machine.

What are the two primary products offered by Chef?

Chef Workstation, Chef Infra Server

Chef products are entirely open source, with no licensing restrictions.

False

What are the three main components of the Chef architecture?

Chef Workstation, Chef Infra Client, Chef Infra Server

What is the name of the command used to make configuration changes with Chef?

chef-run

What package is installed in the initial Chef configuration exercise?

ntp package

What is the name of the utility used to preinstall Chef Infra Client on a target node?

Omnitruck

What two packages or services need to be installed before installing Chef Infra Server?

openssh-server, NTP

What command is used to turn off the default timedatectl synchronization service on an Ubuntu system?

sudo timedatectl set-ntp 0

What is the command used to initialize and start all services after installing Chef Infra Server?

sudo chef-server-ctl reconfigure

What is the name of the command used to install the Chef Manage web interface?

sudo chef-server-ctl install chef-manage

How are keys retrieved and stored during the Chef configuration process?

Keys are stored in the .chef folder after Server configuration, and keys are retrieved from the Server and stored in the .chef folder after Workstation installation.

What is the primary function of Knife in Chef?

Knife is a tool for managing cookbooks, recipes, nodes, and other assets, and for interacting with the Chef Infra Server.

What file is edited in the .chef folder and contains configuration settings forKnife?

config.rb

What is the purpose of the knife ssl fetch command?

It retrieves the Chef server's certificate and stores it in the .chef directory.

What is the name of the command used to bootstrap a target node using Knife?

knife bootstrap

What are the two primary functionalities of the recipe[apache2] expression in Chef?

Install the Apache2 web server and copy the index.html file to the target server.

What is the name of the command used to execute a Chef client application from a remote host using Knife?

knife ssh chef-client

Study Notes

Automating Infrastructure with Cisco

• Automation uses code to configure, deploy, and manage applications and their supporting infrastructure (compute, storage, and network)
• Cisco infrastructure platforms integrate with common tools like Ansible, Puppet, and Chef, or offer direct API access to programmable infrastructure.
• Several automation use cases exist, depending on the operational model to be followed. These include "walk" (read-only automation), "run" (activating policies and self-service), and "fly" (deploying applications and handling more complex scenarios via CI/CD)

Why Do We Need Automation?

• Speed and agility enable businesses to explore, experiment, and exploit market opportunities more quickly.
• Developers need to accelerate software building phases (coding, testing, staging).
• DevOps practices require developers to deploy and manage applications in production, so automation is necessary.
• Manual operations are costly, time consuming, prone to human error, and often incomplete or ambiguous.

Dependency Risks

• Today's software ecosystem is decentralized. Developers often build individual components according to their needs, mixing and matching components.
• Components need to work together with many other components.
• Component developers may abandon support for obsolete features. This disrupts processes.
• Dependency-ridden application setups often become locked into fragile and insecure deployment stacks.

Why do we need Full-Stack automation?

• Self-service: Automation offers self-service for infrastructure on-demand.
• Scalability on demand: Applications and platforms can scale up or down based on workload demands.
• Observability: Allows users to observe the internal state of complex systems from outputs.
• Automated problem mitigation: Enables applications and platforms to self-heal and decrease the effects of issues, preventing downtime.

Software-Defined Infrastructure: A Case for Automation

• Software-defined infrastructure (often cloud-based) allows developers and operators to use software to manage bare-metal and virtualized resources.
• Benefits of cloud paradigms include self-service, detailed specifications, consistency and repeatability, and platform abstraction.
• Challenges in cloud paradigms include ensuring secure developer access control and calculating precise costs.

Distributed and Dynamic Applications: Another Case for Automation

• Modern application architectures are increasingly distributed.
• They consist of small, light components (microservices).
• Components are isolated in containers, communicated via discovery and messaging services.
• They are backed by resilient, scalable databases.

Benefits of Microservices

• Scalability: Microservices can be scaled and load-balanced as needed across numerous servers or regions.
• Infrastructure automation: Tools automate on-demand scaling, self-healing, and more with microservice-based applications.

Challenges of Microservices

• Increased complexity: Management and deployment of numerous moving parts.
• Automation is a requirement: Manual methods are not effective for managing complex deployments.

Automating Infrastructure Summary

• Automation is necessary for managing all phases of application development (app building, configuration, deployment, and lifecycle management).
• Tools automate management of software-defined infrastructure on behalf of applications
• Automation code is treated as a single work product.

DevOps and SRE

• Full-stack automation requires organizational cultural shifts to eliminate historical divides between Development (Dev) and Operations (Ops).
• Traditionally, creating apps fell under the Dev remit while maintaining the apps was under Ops.
• Dev and Ops differences include resource management, responsibilities, and priorities.

Evolution of DevOps

• Key moments include the institutionalization of Site Reliability Engineering (SRE) at Google, Patrick Debois' work of automating virtual and physical resources using version control and agile methods, and John Allspaw and Paul Hammond's presentation of DevOps best practices.

Core Principles of DevOps

• Focus on automation
• The idea of failure as normal
• The reframing of availability - how much error/downtime can be tolerated

SLOs, SLIs and Error Budgets

• DevOps/SRE cultures demand deliverable, measurable, agreed upon business value.
• Defining metrics in terms of real Service Level Indicators (SLIs).
• SLOs help deliver business values more rapidly.
• Error budgets guide development- and operational tasks.

DevOps and SRE Summary

• DevOps/SRE is evolving alongside virtualization, containerization, and unified toolsets for application and infrastructure engineering.

Basic Automation Scripting

• Powerful automation tools simplify, ease, and increase predictability for DevOps tasks.
• Automation tools like Ansible, Puppet, and Chef wrap shell functionality, operating system utilities, and other control plane elements to achieve operational goals of simplicity, uniformity, and enrichment.
• Basic automation scripting is essential.

Basic Tools for Automation Scripting

• Shells (e.g., Bash) are ubiquitous and the foundation for much automation.
  • Commands are similar to command lines, useful to script AWS CLI access.
  • High-level languages make scripting more complex, parallel operations, and error handling easier.
• Programming languages beyond Bash handle complexity and scale requirements well.
  • Useful for controlling actions in virtualized cloud environments.

Procedural Automation

• An ordered sequence of commands to achieve a goal.
• Instructions may include flow control, conditions, functions, classes.
• To improve efficiency, standardize ordering with parameters, flags, and errors.
• Dividing tasks creates modular, reusable, configurable code in scripts.
• Separating deployment-specific data from code makes code generic and reusable.

Executing Scripts Locally and Remotely

• Automate with shell utilities or copy/transmit scripts.
• Pipe commands to remote machines for execution.

Cloud Automation

• Cloud providers often offer specialized tools for managing cloud resources.
• Popular deployment tools extract resource inventories from cloud frameworks during automation.

Cloud CLIs and SDKs

• Cloud Infrastructure as a Service (IaaS) and other infrastructure clouds often provide CLIs and SDKs for easy connectivity.
• REST-based interfaces are common. (Cisco UCS - a bare metal cloud, VMware, and OpenStack each have toolkits/APIs of their own.)

Ansible

• Ansible is an open-source automation tool.
• Ansible is commonly managed via the Bash command line with automation code from standard text editors.
• Ansible's architecture is simple and lightweight.
  • Control node runs Python (2 or 3).
  • SSH-based connection.
  • Executes shell and python commands/scripts on remote hosts.
  • Enables installing Python on target machines.

Ansible (Contd.)

• Ansible code structures use YAML files (with code) describing task sequences run in (top-down order).
• Playbooks and roles enable modular organization for tasks into maintainable units.

Ansible (Contd.)

• Ansible projects are organized in a nested directory structure for version control or GitOps-style infrastructure as code.
• Scaling challenges for larger organizations can be addressed by centralized solutions (Red Hat Ansible Tower; AWX project)
• Ansible Vault enables encryption of sensitive information.

Cisco Ansible Resources

• Extensive libraries of Ansible modules for automating many different Cisco products.
• Automate configurations on Cisco Application-Centric Infrastructure (ACI) enabled devices (using APIC).
• Automate device configurations with IOS-XR and NETCONF/REST interface support.
• Automate Cisco UCS configurations via Intersight REST interface.

Ansible Example

• Ansible uses SSH to connect and execute commands (on remote hosts).

Ansible Example (Setup)

• Preparing project directory and files.
  • Create folders for roles, and create a site.yaml inventory file, and main.yaml playbook.

Ansible Example (running)

• Run commands using Ansible.
• Check for success and failures of deployment.

Ansible Example (Contd.)

• Create an index.html file with a basic website, save the changes.
• Execute Ansible playbook and note the changes on the remote target.

Ansible Example (CI/CD)

• Simulating CI/CD pipeline: a step for developers, tests, and moving changes to Production (ansible-playbook -vv).

Lab — Use Ansible to Backup and Configure a Device

• Instructions to launch VMs, configure Ansible, back up configurations, and configure devices.

Lab — Use Ansible to Automate Installing a Web Server

• Instructions to automate web server installations.

Puppet

• Puppet was introduced in 2005 as open source and later commercialized.
• Puppet uses a server and clients.
• Components include a server to hold main components, a secure client(Puppet Agent), and modules that support connections and hardware.
• A proxy agent offloads connection tasks (to handle large-scale deployments).

Puppet (Installing the Server)

• Puppet server needs powerful hardware (or a Virtual Machine.)
• It requires network time protocol (NTP).
• The Puppet puppet.conf file configures communication.
• The client will receive a signed certificate.

Puppet Code Structure

• Puppet components are structured into a tree folder.
• Additional resources can be downloaded/installed from Puppet Forge (by using a command).

Puppet at Scale

• A monolithic installation is recommended.
• Additional compile masters provide compilation for larger numbers of client agents and place them behind a load balancer to distribute work.
• Enterprise customers use PE-PostgreSQL for a stand-alone instance of PuppetDB to further improve capacity.

Cisco Puppet Resources

• Extensive libraries of Puppet modules for automating Cisco compute and network hardware, including modules for IOS infrastructure, and UCS management via Cisco UCS Manager.

Puppet Example

• Describes how to install Puppet and configure Apache2 remotely on a target device.
• Includes how to install the Puppet agent, run commands and establish the certificate (needed for the agent to communicate).

Puppet Example (Config)

• Configuring puppet.conf to define the Server, authentication certificates, the locations of code.

Puppet Example (Client Installation)

• Installing Puppet agent (a client) on the target machine.

Puppet Example (Starting Puppet Service)

• This will initiate Puppet's service on the target machine.

Puppet Example (Certificate)

• This stage will verify that the certificate has been signed and that communication is possible between the server and the target machine.

Puppet Example (Creating Configuration)

• This stage describes how to create the necessary files to configure the target machine.

Puppet Example (Deploying Configuration)

• This stage describes how to apply the configuration to the target machine via the server.
  • systemctl restart puppetserver.service (used for deploying the configuration.)

Chef

• Chef is a complete system for treating infrastructure as code.
• Features include infra-as-code creation, testing, organization, and repository storage.
• Execution on remote targets from a stand-alone Chef Workstation or a central server.

Chef Architecture Components

• Chef Workstation (a host agent).
• Chef Infra Client.
• Chef Infra Server.

Chef Installation on a Workstation

• Install Chef Workstation on a Linux based VM or Ubuntu.

Chef Example to Install and Use Chef

• Install necessary software. (NTP and OpenSSH)
• Use commands such as chef-run to deploy configurations.

Chef Infra Server Prerequisites

• Install openssh-server and enable keywise access.
• Install NTP for time synchronization.

Chef Example: Installing Chef Server

• Install via commands, obtain the .deb package and install it using dpkg -i.
• Initialize and configure the server sudo chef-server-ctl reconfigure

Chef Example: Starting and Enabling Chef-Manage

• Run sudo chef-server-ctl install chef-manage command.

Chef Example: Configuring a Workstation

• Retrieve keys, put them in a folder, like /home/username/.chef (using the scp command).

Chef Example: Prepare to use Knife

• Create a config.rb file in the .chef folder.

Chef Example: Bootstrap a target node

• Using Knife to bootstrap a target node with parameters such as <name-for-your-node>

Chef Example: Verify Knife Success

• Verify successful installation.

Chef Example: Putting It All Together

• Example to demonstrate an end to end setup including creating a cookbook, configuring files, deploying the configuration using Chef.

Network Simulation and VIRL

• VIRL is a powerful tool for network simulation.
• It allows users to test configuration, troubleshoot bugs in configuration code.
• It supports various topologies, including a two router IOS network.

VIRL Files

• The virl files describe a simulation's components (routers, configurations, connections) in a YAML format.
• These files can be used for managing and configuring simulations in various software platforms.

Infrastructure as Code

• The approach to maintain systems by treating configuration as code.
• GitOps is a workflow for using Git to manage and automate deployments.
• Blue/Green deployment is a strategy to reduce downtime in production environments by swapping environments between operational use.

Canary Testing

• Canary testing provides a method of implementing new code or deployments in a controlled way on a subset of users.

Automating Testing

• Automated testing is beneficial to identify bugs and failures in applications quicker.
• PyATS enables code review and testing with unit tests, providing a means to validate and improve network configurations by checking code behavior based on developer commits, or pull requests, in a QA or Production environments.

PyATS Tools

• Python Automated Test System (pyATS).
  • Provides automated testing and validation capabilities.
• Genie - a higher-level library in pyATS;
  • Facilitates interaction with various devices using APIs.

pyATS Example

• Describes how to install pyATS, configure, and use virtual machine environments for testing.
• It involves creating Virtual Environments, install the python3-venv package.

Lab — Automated Testing using pyATS

• Describes steps for setting up automated tests.
  • Launch virtual machines (VMs).
  • Setting up the Python Virtual Environment.
  • Using the pyATS Testing Library.
  • Using Genie to compare configurations.

Network Simulation

• Using VIRL tools to simulate network environments is useful in validating configurations before implementing changes, troubleshooting configurations/code bugs, or just experimenting with different configurations safely.
• VIRL supports a CLI for managing systems locally, a REST interface for automation integration, and a UI for configuration.

Description

Explore the fundamentals of automating infrastructure using Cisco technologies. This quiz delves into concepts like speed, agility, and the importance of automation in modern development and operations. Test your knowledge on the integration of Cisco platforms with tools like Ansible and the various operational models of automation.