从Ansible中操作Cisco DNA Center(第三方模块)
首先
在上一篇文章中,我们介绍了如何使用Ansible的uri模块来操作Cisco DNA Center。这次,我想要分享一下我尝试使用由World Wide Technology提供的DNA Center第三方模块的结果。
关于ansible-dnac-modules
GitHub – jandiorio/ansible-dnac-modules
GitHub – jandiorio / ansible-dnac-modules
截至2019年8月,以下模块已经公开发布。
-
- dnac_syslog
-
- dnac_snmpv2_credential
-
- dnac_snmp
-
- dnac_ntp
-
- dnac_ippool
-
- dnac_group
-
- dnac_dns
-
- dnac_discovery
-
- dnac_dhcp
-
- dnac_device_role
-
- dnac_device_assign_site
-
- dnac_cli_credential
-
- dnac_activate_credential
-
- dnac_banner
-
- dnac_archive_config
-
- dnac_del_archived_config
-
- dnac_netflow
- dnac_timezone
据说,在内部,通过Ansible通过REST API访问DNA Center并进行配置更改。
以下的Cisco博客文章中也提到了这个模块。
Ansible:由Cisco DNA Center提供支持。
自己设置的环境
Ansible以前使用的是2.8.3版本。
由于DNA Center上一次使用的是Cisco DNA Center 1.2.10(Always-On),没有设置更改权限,所以我们改用之前的Cisco DNA Center 1.2.6(Always-On)。
要使用此模块,必须进行一些额外的设置,如GitHub的README中所述。
以下是使用CentOS的Python3.x虚拟环境的示例。
①安装Python模块
在已安装Ansible(版本为2.8及以上,加上paramiko)的虚拟环境中,安装geopy、requests、timexonefinder模块。
(venv)$ pip install geopy
(venv)$ pip install requests
(venv)$ pip install timexonefinder==3.4.2
添加library目录用于存放第三方模块,并在ansible.cfg文件中添加路径。
[defaults]
library = /home/centos/venv/ansible/library
您可以通过运行”ansible –version”命令查找ansible.cfg的位置。
(venv)$ ansible --version
ansible 2.8.3
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/centos/venv/ansible/library']
ansible python module location = /home/centos/venv/lib64/python3.6/site-packages/ansible
executable location = /home/centos/venv/bin/ansible
python version = 3.6.8 (default, May 2 2019, 20:40:44) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
将GitHub上的第三方模块复制到本地环境中的GitHub仓库。
(venv)$ cd ~
(venv)$ git clone https://github.com/jandiorio/ansible-dnac-modules.git
请将Ansible库路径切换到特定的环境中,因为每个环境可能不同,请根据需要进行相应的修改。
(venv)$ cd venv/lib/python3.6/site-packages/ansible
在module_utils/network目录下,创建一个名为dnac的新目录。
(venv)$ mkdir module_utils/network/dnac
将从GitHub复制的dnac.py文件复制到dnac目录中。
(venv)$ cp ~/ansible-dnac-modules/dnac.py module_utils/network/dnac/.
把从GitHub复制的所有“.py”文件,复制到library目录中。
(venv)$ cp ~/ansible-dnac-modules/*.py /home/centos/venv/ansible/library
请运行以下命令,并确认模块说明是否显示。
(venv)$ ansible-doc dnac_dhcp
> DNAC_DHCP (/home/centos/venv/ansible/library/dnac_dhcp.py)
Add or delete DHCP Server(s) in the Cisco DNA Center Design
Workflow. The DHCP Severs can be different values \ at
different levels in the group hierarchy.
* This module is maintained by The Ansible Community
OPTIONS (= is mandatory):
= dhcp_servers
IP address of the DHCP Server to manipulate.
type: list
(省略)
虽然README中没有提及,但我已经将__ini__.py文件存储到dnac目录中。
库存
与之前相同,需提供DNA Center的登录信息。
[cisco]
DNA_Center ansible_host=sandboxdnac.cisco.com ansible_port=443
[cisco:vars]
username=[DNA Centerのユーザ名]
password=[DNA Centerのパスワード]
方案①:更改NTP服务器设置。
我们将尝试更改DNA Center设计要素之一的NTP服务器设置。
上一次我们首先进行了认证令牌的获取,但是这个模块似乎在后台自动获取认证令牌。
NTP服务器ntp_servers已经设置为192.168.200.100,可以使用列表形式进行多次指定。
DNA Center可以按照组进行设计设置。组名group_name的默认值为Global,将应用于所有组。这次我们将其限定在伦敦。
---
- hosts: cisco
gather_facts: no
connection: local
tasks:
- name: set the ntp server
dnac_ntp:
host: "{{ ansible_host }}"
port: "{{ ansible_port | int }}"
username: "{{ username }}"
password: "{{ password }}"
validate_certs: false
use_proxy: false
group_name: London
ntp_servers: 192.168.200.100
register: result
- name: Debug
debug:
msg: "{{ result }}"
选项 1: 更改NTP服务器设置之后的输出结果为
我们可以看到,原先设置为192.168.200.101的设定已经被提议更改为192.168.200.100。
(venv)$ ansible-playbook -i inventory_dnac2 playbook_dnac_ntp2.yml
PLAY [cisco] ****************************************************************************************************************
TASK [set the ntp server] ***************************************************************************************************
changed: [DNA_Center]
TASK [Debug] ****************************************************************************************************************
ok: [DNA_Center] => {
"msg": {
"changed": true,
"failed": false,
"message": "",
"msg": "Created object successfully.",
"original_message": {
"endTime": 1566711203409,
"id": "803f32c0-b3cb-46b3-b632-a0028a3433b1",
"instanceTenantId": "5bd3634ab2bea0004c3ebb58",
"isError": false,
"progress": "Created Common Settings successfully.",
"rootId": "803f32c0-b3cb-46b3-b632-a0028a3433b1",
"serviceType": "Common Settings Service",
"startTime": 1566711203329,
"version": 1566711203329
},
"previous": [
{
"groupUuid": "8be3e6af-04be-4086-94e4-15ad954b252d",
"inheritedGroupName": "",
"inheritedGroupUuid": "",
"instanceType": "ip",
"instanceUuid": "b7838dbb-192a-4f77-934f-d6d58435abae",
"key": "ntp.server",
"namespace": "global",
"type": "ip.address",
"value": [
"192.168.200.101"
],
"version": 9
}
],
"proprosed": [
{
"groupUuid": "8be3e6af-04be-4086-94e4-15ad954b252d",
"instanceType": "ip",
"key": "ntp.server",
"namespace": "global",
"type": "ip.address",
"value": [
"192.168.200.100"
]
}
]
}
}
PLAY RECAP ******************************************************************************************************************
DNA_Center : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
玩法②:删除NTP服务器设置。
在Always On环境中,由于原本未进行NTP服务器设置,因此我会删除并恢复成默认状态。
与Playbook①的不同之处在于删除ntp_servers,并将状态state更改为absent。
---
- hosts: cisco
gather_facts: no
connection: local
tasks:
- name: set the ntp server
dnac_ntp:
host: "{{ ansible_host }}"
port: "{{ ansible_port | int }}"
username: "{{ username }}"
password: "{{ password }}"
validate_certs: false
use_proxy: false
group_name: London
state: absent
register: result
- name: Debug
debug:
msg: "{{ result }}"
出力结果②:删除NTP服务器设置
这次提供的NTP服务器为空。
(venv)$ ansible-playbook -i inventory_dnac2 playbook_dnac_ntp2_del.yml
PLAY [cisco] ****************************************************************************************************************
TASK [set the ntp server] ***************************************************************************************************
changed: [DNA_Center]
TASK [Debug] ****************************************************************************************************************
ok: [DNA_Center] => {
"msg": {
"changed": true,
"failed": false,
"message": "",
"msg": "Created object successfully.",
"original_message": {
"endTime": 1566711890724,
"id": "625ab79a-fc65-409c-b6e6-8cc4f04d4704",
"instanceTenantId": "5bd3634ab2bea0004c3ebb58",
"isError": false,
"progress": "Created Common Settings successfully.",
"rootId": "625ab79a-fc65-409c-b6e6-8cc4f04d4704",
"serviceType": "Common Settings Service",
"startTime": 1566711890564,
"version": 1566711890564
},
"previous": [
{
"groupUuid": "8be3e6af-04be-4086-94e4-15ad954b252d",
"inheritedGroupName": "Global",
"inheritedGroupUuid": "-1",
"instanceType": "ip",
"instanceUuid": "acfb3424-2a5c-4d5d-8c52-daa774bcaa1d",
"key": "ntp.server",
"namespace": "global",
"type": "ip.address",
"value": [
"192.168.200.100"
],
"version": 6
}
],
"proprosed": [
{
"groupUuid": "8be3e6af-04be-4086-94e4-15ad954b252d",
"instanceType": "ip",
"key": "ntp.server",
"namespace": "global",
"type": "ip.address",
"value": []
}
]
}
}
PLAY RECAP ******************************************************************************************************************
DNA_Center : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
(仅供参考)验证幂等性
以下是执行两次Playbook①的结果。由于msg为“Already in desired state.”,并且changed=0,可以看出幂等性已经发挥了作用。
(venv)$ ansible-playbook -i inventory_dnac2 playbook_dnac_ntp2.yml
PLAY [cisco] ****************************************************************************************************************
TASK [set the ntp server] ***************************************************************************************************
ok: [DNA_Center]
TASK [Debug] ****************************************************************************************************************
ok: [DNA_Center] => {
"msg": {
"changed": false,
"failed": false,
"message": "",
"msg": "Already in desired state.",
"original_message": "",
"previous": [
{
"groupUuid": "8be3e6af-04be-4086-94e4-15ad954b252d",
"inheritedGroupName": "Global",
"inheritedGroupUuid": "-1",
"instanceType": "ip",
"instanceUuid": "acfb3424-2a5c-4d5d-8c52-daa774bcaa1d",
"key": "ntp.server",
"namespace": "global",
"type": "ip.address",
"value": [
"192.168.200.100"
],
"version": 6
}
],
"proprosed": [
{
"groupUuid": "8be3e6af-04be-4086-94e4-15ad954b252d",
"instanceType": "ip",
"key": "ntp.server",
"namespace": "global",
"type": "ip.address",
"value": [
"192.168.200.100"
]
}
]
}
}
PLAY RECAP ******************************************************************************************************************
DNA_Center : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
最终
正如在Cisco的博客中介绍的那样,这些仅仅是一个开始,接下来我们将继续在社区中进行开发和改良。我们期望能顺利推进开发,并将其作为官方模块纳入。
