Zero Code Multi-Cloud Automation with Ansible and Terraform

Zero Code Multi-Cloud Automation with
Ansible and Terraform
Gaurav Rastogi, Architect – Avi Networks
Lei Yang, Director of Product Marketing

Agenda
Automation Challenges
Introduction to Avi Networks
Ansible / Terraform Primer
Integration with Avi
Demos

Does your automation journey feel like this?

Poll: Where are you on your
automation journey?

• Automation is hard
– Complicated
– Fragile
• Full lifecycle automation
– Day 0
– Day 1+
– Multi-cloud
• Ecosystem integration
– 100% vs. 99% RESTful APIs
– Least amount of friction to
leading platforms integration
Top 3 Challenges

Intent-based Application Services
Declare desired outcomes and Avi does the heavy lifting
AVI VANTAGE PLATFORM
Software Load Balancers
Intelligent
Web Application Firewall Elastic Service Mesh

BARE METAL VIRTUALIZED CONTAINERSON PREMISES PUBLIC CLOUDVIRTUALIZED CONTAINERS
Avi Vantage Platform
CONTROLLER
SERVICE
ENGINE
SEPARATE CONTROL
& DATA PLANE
ELASTICITY
INTELLIGENCE AUTOMATIONMULTI-CLOUD

Automation Operationalizes Digital Transformation
Day 1+
• Use case driven
• Full lifecycle management
• Recurring savings
• Adaptive to changes
Intent-based
 Adaptive and learning based
 Dynamic & continuous monitoring
 Automatically program network, cloud,
and app environments
CLI/Scripting
/Excel
GUI/Workflow/
Tools
API/Orchestration
Framework
Day 0
• Configuration focused
• Self-service provisioning
• One time saving
• Static

Poll: Do you plan to use the
following automation tools?

Ansible - IT automation and orchestration platform
• Now acquired by Redhat
• It can streamline operations such as:
– Configuration of servers
– Application deployment
– Continuous testing of already installed applications
– Provisioning
– Orchestration
– Automation of tasks
• YAML based configuration which is easy to read and write till one has to use
JinJa!

Why Ansible?
• Shell / Perl scripts rock in the beginning – then they turn into a rock!
– Unmanageable and difficult to maintain
– Cannot skip N steps and start shell script from N+1th step
– Does not provide feedback on what has been done and what it is doing!
– Not easy to add option to simply skip some steps
– It does not provide feedback on what steps did not change vs what changed?
– Audit and debug logs
– Need to be a developer!
• Ansible can invoke modular shell scripts - very common practice!
“I can write a shell script to do everything! why not Python?”

Terraform - Write, Plan, and Create Infrastructure as Code
• HashiCorp Terraform enables you to safely and predictably create, change, and improve
infrastructure. It is an open source tool that codifies APIs into declarative configuration files that
can be shared amongst team members, treated as code, edited, reviewed, and versioned.
• Like Ansible it can be used for full application automation
• It is declarative by design - Manages dependency of resources implicitly
• HCL based “plans” for infrastructure

Poll: What are your top challenges
with automation integration?

Avi Ansible Integration Landscape
Avi Controller / SE Roles
avicontroller
(linux server)
avicontroller-csp
avicontroller-azure
avicontroller-vmware
avicontroller-k8s
Avi Ansible modules (Avi within top 50 contributors)
avisdk role - packages all Avi Ansible modules
avise-csp
Ansible Modules (104) - one / REST resource + others
Ansible Utilities
Avi Migration output as Ansible
Avi Config (JSON) to Ansible Converter
aviconfig role - Declarative Model
Avi Ansible Examples - Devops Github
Avi Docker Role

Avi Ansible Special Modules in addition to the REST modules
• avi_api_session: Proxy to any AVI API
• avi_useraccount: Module to change password on controller
• avi_gslb_service_patch_member: Helper moule to do smart deep level PATCH
not possible via API
• avi_api_version (PaddyPower): Fetch controller version
• avi_api_file_service: Fetch and upload files to Avi Controller: supports check
mode and idempotency

Avi Terraform Integration
https://github.com/avinetworks/terraform-provider-avi
• Full featured Avi Terraform provider
• Resources: CRUD for Avi REST resources.
• Data Sources: Expose Read-only Avi REST resources.
• Import Avi REST resources
• Special handling for System objects that are not created by Terraform but can
still be managed via Avi provider

Goal – Path to Zero Code Application Automation
Automation with different levels of abstraction based on your preference
API SDK
JSON
Swagger Spec
Python
Go, etc.
Ansible
Modules
Ansible
Role
Playbook as Code
Custom, in-house orchestration
(Dev teams)
Focus on automation, not code
(DevOps, ITOps, NetOps)
Terraform Provider
ZeroCode
YAM / HCL
Config

Avi Ansible Modules - Proxy+ to REST API
check mode, idempotent, single connection to Avi Controller across tasks...
Avi Module Common Params
● name- Name of the object
● tenant- Tenant context for operation
● tenant_ref- tenant of object
● avi_credentials- API credentials
● state- present or absent
● cloud_ref- Reference to cloud when using non
default cloud
● api_context- re-use existing login CSRFToken and
sessionid
● avi_api_update_method- PUT vs PATCH
● avi_api_patch_op: Patch operation
● Mostly Auto-generated
● Documentation at Ansible
---
- hosts: localhost
connection: local
vars:
avi_credentials:
controller: "{{ controller }}"
username: admin
password: "{{ password }}"
api_version: 17.2.1
tenant: admin
tasks:
- name: Avi Pool
avi_pool:
name: test-pool
avi_credentials: "{{avi_credentials}}"
state: "{{ state | default('present')}}"
health_monitor_refs:
- '/api/healthmonitor?name=System-HTTP'

Demo #1
Basic Avi / Ansible Demo – create a virtual service (VS)

Avi Ansible Config Role – Zero code!
avi_config:
pool:
- name: app1-pool
#state: absent
lb_algorithm: LB_ALGORITHM_ROUND_ROBIN
servers:
- ip:
addr: "{{ pool_server1 }}"
type: 'V4'
- ip:
addr: "{{ pool_server2 }}"
type: 'V4'
virtualservice:
- name: app1
services:
- port: 80
pool_ref: '/api/pool?name=app1-pool'
#pool_ref:
# state: absent
vip:
- ip_address:
addr: "{{ app1_vip }}"
type: 'V4'
vip_id: '1'
 YAML based declarative configuration
 Handles resource dependency internally
 Preserves all benefits of Ansible Modules
 Idempotent
 Check mode
 Audit trail
 Repeatability
 Easy iteration – pick where it stopped
- name: Avi Application | Setup App1
include_role:
name: avinetworks.aviconfig
vars:
avi_config_file: "avi_config.yml"

Demo #2
1. Create a new avi_config.yml
2. Perform deployment using Ansible
3. Confirm Deployment is successful
4. There should not be any change reported for second run

Demo #3
Basic Avi / Terraform demo

Next Steps
• FREE trial
– avinetworks.com/try
• Avi Ansible Modules
– https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html#avi
• Avi / Ansible Modules examples
– https://github.com/avinetworks/devops/tree/master/ansible
• Avi Ansible Galaxy for all the roles - https://galaxy.ansible.com/avinetworks
– Aviconfig
– Avisdk
– Avicontroller, avicontroller-csp, avicontroller-vmware
• Avi /Terraform examples
– https://github.com/avinetworks/terraform-provider-avi
• Avi tools Docker
– Docker pull avinetworks/avitools:latest

Questions
https://avinetworks.com/contact-us/
grastogi@avinetworks.com
https://www.linkedin.com/in/grrastogi/

Zero Code Multi-Cloud Automation with Ansible and Terraform

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Zero Code Multi-Cloud Automation with Ansible and Terraform

Similaire à Zero Code Multi-Cloud Automation with Ansible and Terraform (20)

Plus de Avi Networks

Plus de Avi Networks (20)

Dernier

Dernier (20)

Zero Code Multi-Cloud Automation with Ansible and Terraform