Puppet day v1.1
0 likes587 views
Puppet is an automation tool that uses a master-agent architecture to configure and report on nodes. The Puppet master stores configuration templates (manifests) and compiles them into a catalog for each agent based on facts collected from the node. The agent downloads the catalog and any plugins and uses local methods to apply the configuration. Cisco's onePK provides a manageability layer that allows Puppet to configure Cisco devices by running as an agent inside a Linux container on the device OS, avoiding direct CLI access.
Puppet day v1.1
- 1. Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved. Puppet Agent for Cisco devices Wojciech Dec – wdec@cisco.com April 12, 2013
- 2. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 • Puppet is client (node agent) – server (master) software & framework designed to automate node configuration and reporting. • Puppet master stores target high level resource “intent” (manifest) for nodes. Manifest is compiled into a node’s list of dependent resource into catalog at puppet run time based on “facts” collected from the node • Puppet client downloads the “catalog”, and any Puppet code (plugin) from Master. • Puppet client uses local methods to realize catalog into config
- 3. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 • onePK provides manageability abstraction. Avoids CLI scraping Consistent across cisco OSes Exposes dynamic device state + device configuration • Linux Container Runs distro on OS kernel Fitted with cisco onepk libs Isolates app failures from Network Element Superior flexibility for application developers (compared to SDK enforced walled garden)Device Components Management Agents Manageability Abstraction Device Management Infrastructure OS-specific Management Infrastructure XOS and Component APIs Traditional Management Agents (CLI, syslog, SNMP, XML) Next Generation Management Agents (Puppet, ..) onePK PL Transport/Marshaling onePK AL OS Shim LinuxContainerNXOS
- 4. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Master Device Proxy Agent SSH, OnePK Device Proxy AgentDevice Agent Master Agent OnePK Linux container(s) on NXOS Agent OnePK
- 5. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Master Device Proxy Agent SSH, OnePK Device Proxy AgentDevice Agent Master Agent OnePK Linux container(s) on NXOS Agent OnePK Pros: - Each Agent maps directly to managed device - machine’s characteristics (facts) exposed as own - Easily extensible. Does not require core puppet code changes - Automated agent plugin code download from master - Better Scale Cons: - Requires LXC container + OnePK capability on device Pros: - No specific device requirements - One agent can proxy for multiple machines Cons: - CLI Scraping method - More complicated Puppet agent (device proxy). - Requires extensions in puppet core “device” mode code - Scale and authentication management
- 6. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 (Demo) Sample Manifest node ”cisco-switch" { include onepk_module onepk_vlan { "1000": description => "Green_Vlan", ensure => present } onepk_interface { "Ethernet 1/2": mode => "access", vlan => "1000", ensure => present } $patch_f = "sysinfo_patch.tar.gz” onepk_patch { ”sysinfo_patch": patch => ” ${patch_f}", server_type => ”bootflash", ensure => present, } }
- 7. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Puppet Master Infra 1 2 3 1. Based on push or pull trigger, agent runs facter to obtain device configuration information 2. Agent sends facter data to master along with a catalog request + plugin (if needed) 3. Master sends agent catalog response (subset of manifest based on agent’s facter data) 4. Agent processes catalog - Provider applies necessary configuration changes 5. After provider execution report sent to master ProviderFacter Puppet Agent 4 5 onePK API Cisco plugin Cisco plugin
- 8. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 • Demo Flow: • Show on N7k device • A puppet agent run Agent run triggered. Facts/Catalog exchanged with master Agent uses OnePK to communicate with switch OS Applies VLAN + switch port configuration Downloads & applies NXOS patch • Show on N7k device Note: A “bare-metal” version of this demonstration is also available for virgin switch provisioning using PoAP + Puppet: Includes image and container download & install.
- 9. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9Cisco Confidential 9Cisco Confidential 9© 2010 Cisco and/or its affiliates. All rights reserved. Thank you