容器化NPB + Ansible:自动化运维方案

NPB 2.0:架构革新与自动化赋能

从专用硬件设备到容器化部署,从手工配置到自动化下发,NPB技术正经历着从"功能实现"到"运维友好"的深刻转型。在NPB 2.0架构中,星融元将NPB组件容器化运行于交换机之上,并深度融合Ansible自动化工具,实现了网络策略的快速、标准化部署。

什么是Ansible?

Ansible作为一款开源自动化工具,以其无代理、声明式的特点,成为跨平台配置管理的理想选择。结合星融元开发的Ansible Collection for AsterNOS,用户可直接通过Playbook调用SONiC设备的CLI接口,完成复杂的网络策略配置,极大提升了运维的一致性与可靠性。

本文将通过具体操作流程,展示如何利用Ansible实现NPB设备的自动化配置。

实施流程概要

1.在服务器上安装 Ansible

复制代码
pip3 install ansible

我们所提供的demo文件结构如下:

复制代码
eric@mypc:~$ tree
.
├── ansible.cfg
├── group_vars
│   └── sonic.yml
├── host_vars
│   └── sonic1.yml
├── inventory
├── library
│   └── sonic_klish.py
└── site.yml

2.在 ansible.cfg 中指定设备信息文件

复制代码
[defaults]
inventory = inventory #指定为'inventory'文件
host_key_checking = False
retry_files_enabled = False
gathering = explicit
stdout_callback = yaml

3.在 inventory 文件中指定设备的登录信息

复制代码
[sonic]
sonic1 ansible_host=192.168.1.x ansible_user=x ansible_password=x

4.group_vars/sonic.yml 文件不需要改动

复制代码
# group_vars/sonic.yml
host: "{{ ansible_host }}"
user: "{{ ansible_user }}"
password: "{{ ansible_password }}"

5.host_vars/sonic1.yml 中编写要下发的配置

以下为两组示例的命令行配置

复制代码
config_vlan_cmd: |
  configure
  vlan 3003
  end
exit

config_acl_test_cmd: |
  configure
  access-list L3 test1 ingress priority 500000
  rule 1 packet-action permit redirect-action ethernet 11
exit
  interface ethernet 11
  acl test1
  end
exit

6、library/sonic_klish.py (不需要改动,用来调用设备的 CLI(代码略)

7、site.yml 设置用例

新增两个task分别调用config_acl_test_cmd和config_vlan_cmd

复制代码
---
- hosts: sonic
  gather_facts: no
  tasks:
    - name: Push klish commands
      sonic_klish:
        commands: "{{ config_acl_test_cmd }}"
        host:     "{{ host }}"
        user:     "{{ user }}"
        password: "{{ password }}"
      delegate_to: localhost
      register: result
      
    - name: Push klish commands 1
      sonic_klish:
        commands: "{{ config_vlan_cmd }}"
        host:     "{{ host }}"
        user:     "{{ user }}"
        password: "{{ password }}"
      delegate_to: localhost
      register: result

    - debug: var=result.stdout

8.执行用例

复制代码
[root@localhost ansible]# ansible-playbook -v site.yml
Using /home/ryan/ansible/ansible.cfg as config file

打印如下,则执行完毕:

复制代码
PLAY [sonic] *********************
 
TASK [Push klish commands] ****************
changed: [sonic1 -> localhost] => changed=true
  stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
    stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# access-list L3 test1 ingress priority 500000
    sonic(config-L3-acl-test1)# rule 1 packet-action permit redirect-action ethernet 13
    sonic(config-L3-acl-test1)# exit[J
    sonic(config)# interface ethernet 13
    sonic(config-if-13)# acl test1[J
    sonic(config-if-13)# end[J
    sonic# exit
  stdout_lines: <omitted>

TASK [debug] ***********************
ok: [sonic1] => 
  result.stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
    stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# access-list L3 test1 ingress priority 500000
    sonic(config-L3-acl-test1)# rule 1 packet-action permit redirect-action ethernet 13
    sonic(config-L3-acl-test1)# exit[J
    sonic(config)# interface ethernet 13
    sonic(config-if-13)# acl test1[J
    sonic(config-if-13)# end[J
    sonic# exit

TASK [Push klish commands] *****************
changed: [sonic1 -> localhost] => changed=true
  stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
    stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# vlan 3003
    sonic(config-vlan-3003)# end[J
    sonic# exit
  stdout_lines: <omitted>

TASK [debug] *********************
ok: [sonic1] => 
  result.stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
    stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# vlan 3003
    sonic(config-vlan-3003)# end[J
    sonic# exit

PLAY RECAP ************************
sonic1                     : ok=4    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 
相关推荐
画中有画2 小时前
使用yolov8实现自动化脚本
运维·yolo·自动化
Piko6144 小时前
H3C IRF2 堆叠实战:打造高可靠核心交换网络
运维·网络·笔记
万联WANFLOW7 小时前
SD-WAN 控制平面高可用怎么做?SDWAN 控制器挂了,全网会发生什么
运维·网络·分布式·架构
SkyWalking中文站9 小时前
认识 Horizon UI · AI Assistant:用日常语言查询你的可观测性数据
运维·监控·自动化运维
崇山峻岭之间10 小时前
Keil5输出hex转换为bin的设置
linux·运维·服务器
Hoxy.R10 小时前
KingbaseES读写分离高可用集群扩容、备库重建与故障切换实战
运维·数据库
考虑考虑12 小时前
nginx配置ssl
运维·后端·nginx
着迷不白12 小时前
Linux 磁盘管理完全指南:分区、文件系统、挂载与 LVM 实战
linux·运维·服务器
山川而川-R12 小时前
LangChain
linux·运维·服务器
QH_ShareHub12 小时前
Linux 根目录结构详解
linux·运维·服务器