帶有 Catalyst 9000 的基礎設施即代碼 （IAC）.pdf

《帶有 Catalyst 9000 的基礎設施即代碼 （IAC）.pdf》由會員分享，可在線閱讀，更多相關《帶有 Catalyst 9000 的基礎設施即代碼 （IAC）.pdf（34頁珍藏版）》請在三個皮匠報告上搜索。

1、#CiscoLive#CiscoLiveStory DeWeese,Technical Marketing EngineerStory DeWeeseDEVNET-2119with Catalyst 9000Infrastructure as Code(IAC)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 3Questions?Use Cisco Webex App to chat with the

2、speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its aff

3、iliates.All rights reserved.Cisco PublicDEVNET-2119Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIntroduction to IAC and TerraformUsing the IOS XE Terraform ProviderGetting StartedUse Cases&DemosResourcesDEVNET-21194Intro to AIC and Terraform 2023 Cisco and/or its affiliate

4、s.All rights reserved.Cisco Public#CiscoLiveWhats IaC?Learn more about IaC here:https:/ as Code(IaC)is the process of managing changes through code,rather than a manual processUserIaCInfraPrevious approachIaC ApproachUserInfraHope I dont make a mistake!Ive got this!DEVNET-21196 2023 Cisco and/or its

5、 affiliates.All rights reserved.Cisco Public#CiscoLiveHCLHCL(HashiCorp Configuration Language)-Establishes the syntax Terraform uses for things like arguments,blocks,literal values,and expressions,and writing plans.ProviderProvider Plugins responsible for understanding API interactions with other pl

6、atforms and exposing resources based on their APIs.Data Source Data Source Allows Terraform to use(read)information defined outside of Terraform.Example:providers,local-onlyResourceResource-Are the most important element in the Terraform language.Each resource block describes one or more infrastruct

7、ure objects devices,interfaces,operations.Terraform One Slide7InitInit-The command is used to initialize a working directory containing Terraform configuration files.This is the first command that should be run,and it is safe to run this command multiple times.It will install the required providers

8、and modules.PlanPlan-compares the managed infrastructure state to the configuration,and it determines which changes are necessary.It presents a human-readable summary to the user.ApplyApply Makes changes to real infrastructure in order to make it match the desired state.It may use saved plans or cre

9、ates a new plan and asks for approval.Ref:https:/www.terraform.io/docsDEVNET-2119 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhere can I use IaC?8DEVNET-2119 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTerraform is9DEVNET-2119Open-source

10、 Infrastructure as Code(IaC)Software Tool providing a consistent CLI workflow to manage hundreds of cloud services.Terraform codifies cloud APIs into declarative configuration files.Terraform uses the RESTCONF APICloud Native Tooling circa 2014 from HashiCorpAgentless,single binary fileZero server-s

11、ide dependenciesResources:Ask IOS XE Terraform Provider Webex space:https:/eurl.io/#PtsT8eJFlGitHub Provider Examples:https:/ Binary:https:/registry.terraform.io/search/providers?namespace=CiscoDevNetGo Client:https:/ at https:/ the IOS XE Terraform Provider 2023 Cisco and/or its affiliates.All righ

12、ts reserved.Cisco Public#CiscoLiveIOS XE Programmability integration with TerraformThis Terraform provider is a generic REST resource for IOS XE RESTCONF YANGHashicorp Config Language(HCL)support for management of IOS XE RESTCONF operations for PUT/PATCH/POST etc still must be followed for iterative

13、 managementExamples and JSON mappings for top features are shared in GitHubAny feature supported by RESTCONF/YANG is supported iteratively by this Terraform providerResources:GitHub Provider Examples:https:/ Binary:https:/registry.terraform.io/search/providers?namespace=CiscoDevNetGo Client:https:/

14、at https:/ I:imperative for 100%feature coverage(available today)The following features are delivered:Terraform is supported on all IOS XE Terraform is supported on all IOS XE platformsPhase II:Phase II:new declarative featuresL3 subinterfaceVLANVoice VLAN TrunkVTPLineACLRADIUSAccounting AAAAuthoriz

15、ation AAAAuthentication AAAMDTSPAN and RSPANSNMPCDPEtherChannelOSPFBGPIGMP ProxyIGMPIPsecNATNTPHSRPDHCPEthernet Management PortPOEDEVNET-211911 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePhase 2Phase 1Evolution of Terraform ProviderMarch 2022Imperative RESTCONF suppor

16、thttps:/registry.terraform.io/providers/CiscoDevNet/iosxe/latestAugust 2022BGP EVPN ProvidersOctober 2022App Hosting ProviderComing SoonModel Driven Telemetry ProviderPhase 3Coming SoonProviders you recommendCurrentDeclarative Feature Providershttps:/registry.terraform.io/providers/robertcsapo/cisco

17、evpn/1.0.1Declarative providers leverage the SDK from the Phase 1 imperative providerhttps:/registry.terraform.io/providers/netascode/iosxe/latest/docshttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTerraform Terminology13DEVNET-2119Execution Plan FileExecution Pla

18、n File:terraform.tfResourceResource:vlan_getProvider:iosxeResourceResource:vlan_putRESTCONF PayloadDevice to ConfigureAn execution plan fileexecution plan file defines the provider and resources.It is written in HashiCorp Configuration Language(HCL),similar to JSON,and stored with a.tf extensionA pr

19、oviderprovider is a plugin to make a collection of resources accessibleA resourceresource(or infrastructure resource)describes one or more infrastructure objects managed by Terraform.With the IOS XE Terraform provider,resources can be considered the same as a configurable featureTerraform uses an ex

20、ecution plan file with a provider and resource definitions.Getting Started 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrerequisites:Enable AAA,NETCONF&RESTCONFCat9k-1#conf tEnter configuration commands,one per line.End with CNTL/Z.Cat9k-1(config)#aaa new-modelCat9k-1(

21、config)#aaa authentication login default localCat9k-1(config)#aaa authorization exec default localCat9k-1(config)#username admin privilege 15 password ciscoCat9k-1(config)#netconf-yangCat9k-1(config)#restconfEnable AAAEnable NETCONFEnable RESTCONFDEVNET-211915 2023 Cisco and/or its affiliates.All ri

22、ghts reserved.Cisco Public#CiscoLiveGetting Started with Terraform+IOS XE Provider16DEVNET-21191.Enabling the RESTCONF API on the switch2.Install Terraform3.Clone the IOS XE Terraform Provider GitHub repository4.Apply Terraform VLAN example$git clone https:/ install terraformSwitch#conf tSwitch(conf

23、ig)#restconf$terraform apply acl_and_vlan.tf 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCLI to YANGshow run|format netconf-xmlshow run|format restconf-jsonThis new CLI addition to“show run|format”brings additional visibility into the YANG modelled configuration,either

24、 for NETCONF with XML or JSON with RESTCONFEasily convert CLI into YANG to re-use in tooling,scripts,and automation and orchestration systemsRequires netconf-yang Data Model Interfaces to be enabledCLIs with corresponding native YANG and modeled in show run are returnedDEVNET-21191717DEVNET-2119Use

25、Cases&Demos 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfigure ACL&VLANhttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat can Terraform do?TerraformCisco Catalyst 9300X IOS XERESTCONF/YANGIPsec TunnelCisco DNA CenterCiscovManageD

26、EVNET-211920 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTerraform+Crypto IPsec DemoDEVNET-211921 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTerraform ThousandEyes lifecycle management1.Deploy TE agent on switch Catalyst 90002.Pass varia

27、bles including the the Agent ID to the ThousandEyes API3.Create test and attach the Catalyst 9000 TE Agent ID to the test4.Trigger test to runterraform required_providers ciscoapphosting=source =robertcsapo/ciscoapphostingversion=1.0.0provider ciscoapphosting username=var.usernamepassword=var.passwo

28、rdinsecure=var.insecuretimeout =var.timeoutresource ciscoapphosting_app app host=127.0.0.1image=https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTerraform+ThousandEyes DemoSteps:1.Test App Hosting Terraform Provider 2.Apply App Hosting Terraform Provider on C9300 sw

29、itches3.Verify new Enterprise Agents has been added in ThousandEyes Dashboard4.Run the current test5.Destroy Terraform to delete the Enterprise Agents and Test Multihost example:https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTerraform+ThousandEyes Demo#2DEVNET-211

30、924 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeclarative EVPN management with TerraformBoth Declarative providers leverage the ios-xe-go client that was developed in Terraform Phase 1:Robert:https:/ OSPF Underlay Module:https:/registry.terraform.io/modules/netascode

31、/evpn-ospf-underlay/iosxe/latestEVPN Overlay Module:https:/registry.terraform.io/modules/netascode/evpn-overlay/iosxe/latestDEVNET-211925 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEVPN with Terraform DemoDEVNET-211926Resources 2023 Cisco and/or its affiliates.All rig

32、hts reserved.Cisco Public#CiscoLiveTerraform Blog and Resources28DEVNET-2119https:/ the Ask IOS XE Terraform Provider Webex space:https:/eurl.io/#PtsT8eJFlDemo Create a Crypto Tunnel Video:https:/ to IOS XE Terraform Provider Video:https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco P

33、ublic#CiscoLiveCisco IOS XE Programmability Sessions This week&on demand29DEVNET-2119https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco L

34、ive-branded socks(while supplies last)!30DEVNET-2119These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.

35、Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affi

36、liates.All rights reserved.Cisco Public#CiscoLive33Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123433 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicDEVNET-2119#CiscoLive