NPB 2.0:架构革新与自动化赋能
从专用硬件设备到容器化部署,从手工配置到自动化下发,NPB技术正经历着从"功能实现"到"运维友好"的深刻转型。在NPB 2.0架构中,星融元将NPB组件容器化运行于交换机之上,并深度融合Ansible自动化工具,实现了网络策略的快速、标准化部署。
什么是Ansible?
Ansible作为一款开源自动化工具,以其无代理、声明式的特点,成为跨平台配置管理的理想选择。结合星融元开发的Ansible Collection for AsterNOS,用户可直接通过Playbook调用SONiC设备的CLI接口,完成复杂的网络策略配置,极大提升了运维的一致性与可靠性。
本文将通过具体操作流程,展示如何利用Ansible实现NPB设备的自动化配置。
实施流程概要
1.在服务器上安装 Ansible
pip3 install ansible我们所提供的demo文件结构如下:
eric@mypc:~$ tree
.
├── ansible.cfg
├── group_vars
│ └── sonic.yml
├── host_vars
│ └── sonic1.yml
├── inventory
├── library
│ └── sonic_klish.py
└── site.yml2.在 ansible.cfg 中指定设备信息文件
[defaults]
inventory = inventory #指定为'inventory'文件
host_key_checking = False
retry_files_enabled = False
gathering = explicit
stdout_callback = yaml3.在 inventory 文件中指定设备的登录信息
[sonic]
sonic1 ansible_host=192.168.1.x ansible_user=x ansible_password=x4.group_vars/sonic.yml 文件不需要改动
# group_vars/sonic.yml
host: "{{ ansible_host }}"
user: "{{ ansible_user }}"
password: "{{ ansible_password }}"5.host_vars/sonic1.yml 中编写要下发的配置
以下为两组示例的命令行配置
config_vlan_cmd: |
configure
vlan 3003
end
exit
config_acl_test_cmd: |
configure
access-list L3 test1 ingress priority 500000
rule 1 packet-action permit redirect-action ethernet 11
exit
interface ethernet 11
acl test1
end
exit6、library/sonic_klish.py (不需要改动,用来调用设备的 CLI(代码略)
7、site.yml 设置用例
新增两个task分别调用config_acl_test_cmd和config_vlan_cmd
---
- hosts: sonic
gather_facts: no
tasks:
- name: Push klish commands
sonic_klish:
commands: "{{ config_acl_test_cmd }}"
host: "{{ host }}"
user: "{{ user }}"
password: "{{ password }}"
delegate_to: localhost
register: result
- name: Push klish commands 1
sonic_klish:
commands: "{{ config_vlan_cmd }}"
host: "{{ host }}"
user: "{{ user }}"
password: "{{ password }}"
delegate_to: localhost
register: result
- debug: var=result.stdout8.执行用例
[root@localhost ansible]# ansible-playbook -v site.yml
Using /home/ryan/ansible/ansible.cfg as config file打印如下,则执行完毕:
PLAY [sonic] *********************
TASK [Push klish commands] ****************
changed: [sonic1 -> localhost] => changed=true
stdout: |-
Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
...Entering cli view, please wait...
stty: 'standard input': Inappropriate ioctl for device
stty: 'standard input': Inappropriate ioctl for device
sonic# configure
sonic(config)# access-list L3 test1 ingress priority 500000
sonic(config-L3-acl-test1)# rule 1 packet-action permit redirect-action ethernet 13
sonic(config-L3-acl-test1)# exit[J
sonic(config)# interface ethernet 13
sonic(config-if-13)# acl test1[J
sonic(config-if-13)# end[J
sonic# exit
stdout_lines: <omitted>
TASK [debug] ***********************
ok: [sonic1] =>
result.stdout: |-
Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
...Entering cli view, please wait...
stty: 'standard input': Inappropriate ioctl for device
stty: 'standard input': Inappropriate ioctl for device
sonic# configure
sonic(config)# access-list L3 test1 ingress priority 500000
sonic(config-L3-acl-test1)# rule 1 packet-action permit redirect-action ethernet 13
sonic(config-L3-acl-test1)# exit[J
sonic(config)# interface ethernet 13
sonic(config-if-13)# acl test1[J
sonic(config-if-13)# end[J
sonic# exit
TASK [Push klish commands] *****************
changed: [sonic1 -> localhost] => changed=true
stdout: |-
Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
...Entering cli view, please wait...
stty: 'standard input': Inappropriate ioctl for device
stty: 'standard input': Inappropriate ioctl for device
sonic# configure
sonic(config)# vlan 3003
sonic(config-vlan-3003)# end[J
sonic# exit
stdout_lines: <omitted>
TASK [debug] *********************
ok: [sonic1] =>
result.stdout: |-
Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
...Entering cli view, please wait...
stty: 'standard input': Inappropriate ioctl for device
stty: 'standard input': Inappropriate ioctl for device
sonic# configure
sonic(config)# vlan 3003
sonic(config-vlan-3003)# end[J
sonic# exit
PLAY RECAP ************************
sonic1 : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0