Introduction to Event-Driven Ansible

Instructions

This exercise uses a container image that runs both Telegraf and Apache Kafka. Telegraf queries the status of the Ethernet1 interface on the arista1 managed node and sends this information to Apache Kafka in the network topic.

1. View some resources created by the lab command.

   1. Navigate to https://controller.lab.example.com and log in as admin using redhat as the password.

      If necessary, click the main menu icon at the upper left of the page to display the main menu.

   2. Go to Resources → Projects and then click the link for the NetOps project. This project uses the git@git.lab.example.com:student/netops Git repository.

      The Update revision on job launch option indicates that automation controller automatically synchronizes the project any time a job launches that uses a playbook from the project.

   3. Go to Resources → Templates and click the link for the Manage Arista network interfaces job template. This job template uses the configure_interface.yml playbook from the NetOps project.

   4. In a new browser tab, navigate to https://eda-controller.lab.example.com and log in as admin using redhat as the password.

      If necessary, click the main menu icon at the upper left of the page to display the main menu.

   5. Go to Projects and click the link for the NetOps project. This project uses the same Git repository as the automation controller NetOps project.

   6. Go to Rulebook Activations and notice that the Monitor Arista port status rulebook activation displays a status of Running. This rulebook activation launches an automation controller job template if it receives an event indicating that the Ethernet1 interface is down for any of the Arista managed nodes.

2. Connect to the arista1 managed node and then shut down the Ethernet1 interface.

   1. In a terminal window, connect to the arista1 managed node:

      [student@workstation ~]$ ssh arista1
      ...output omitted...
      arista1.lab.example.com>

   2. Shut down the Ethernet1 interface:

      arista1.lab.example.com>enable 
      arista1.lab.example.com#conf t 
      arista1.lab.example.com(config)#int eth 1 
      arista1.lab.example.com(config-if-Et1)#shut 
      arista1.lab.example.com(config-if-Et1)#show running-config 
      ...output omitted...
      interface Ethernet1
         shutdown 
      !
      ...output omitted...

      	Enable privilege escalation on the managed node.
      	Switch to configuration mode.
      	Select the Ethernet1 interface.
      	Shut down (or disable) the selected interface. You can also run the no shut command to bring up (or enable) the selected interface.
      	Display the current state of the managed node.
      	The Ethernet1 interface is down and does not have any additional configuration settings.

      If necessary, press q to exit the command.

3. Verify that EDA controller acted upon the shutdown event and that the automation controller job enabled the interface.

   1. On the EDA controller web browser tab, go to Rule Audit.

   2. You might have to wait a minute, but you should see the Port is down rule in the rule audit list. Click the Port is down link from the list. If you see more than one link, then click the most recent link at the top of the list.

   3. Click the Events tab for the Port is down rule and then click the Collect events from Apache Kafka link.

      Examine the event log and then click Close to close the Event details window. The following table lists some relevant event information:

      Event key	Value
      body.tags.name	Ethernet1
      body.tags.source	arista1.lab.example.com
      body.fields.admin_status	DOWN

   4. Click the Actions tab for the Port is down rule, right-click the link for the run_job_template action, and then select Open Link in New Tab.

   5. Click the Output tab. The page displays a status of Successful and the output of the playbook.

      ...output omitted...
      PLAY [Configure Arista managed nodes] ******************************************
      TASK [Enable interface] ********************************************************
      changed: [arista1.lab.example.com]
      PLAY RECAP *********************************************************************
      arista1.lab.example.com    : ok=1    changed=1    unreachable=0    failed=0  ...

   6. In the terminal window connected to the arista1 managed node, display the state of the Ethernet1 interface:

      arista1.lab.example.com(config-if-Et1)#show running-config
      ...output omitted...
      interface Ethernet1
      !
      ...output omitted...

      The interface no longer displays the shutdown status, which indicates that the interface is up. If necessary, then press q to exit the command.

4. Ensure that the Manage Arista network interfaces job template only runs on the affected host rather than on the entire host group targeted by the playbook. Additionally, use files from a Git repository to configure the Ethernet1 interface before bringing the interface up.

   1. In a new terminal window, change to the /home/student/git-repos/netops directory. This directory is a clone of the git@git.lab.example.com:student/netops Git repository.

      This repository provides a playbook for the NetOps automation controller project and a rulebook for the NetOps EDA controller project:

      [student@workstation ~]$ cd ~/git-repos/netops

   2. Use a text editor, such as VS Code, to update the rulebooks/port_status.yml rulebook. The existing ruleset uses the ansible.eda.kafka event source plug-in to collect network events from the utility.lab.example.com host (or rather a container running on that host).

      The single rule in the ruleset is triggered if the admin_status key in the event has a value of DOWN.

      Add the highlighted line so that the rule sends event information to the job template:

      ---
      - name: Arista events
        hosts: all
        sources:
          - name: Collect events from Apache Kafka
            ansible.eda.kafka:
              host: utility.lab.example.com
              port: 9092
              topic: network
      
        rules:
          - name: Port is down
            condition: event.body.fields.admin_status == "DOWN"
            action:
              run_job_template:
                name: Manage Arista network interfaces
                organization: Default
                post_events: true

   3. Update the hosts key in the playbooks/configure_interface.yml playbook so that the play only targets the host defined by the event. You can also use the default filter to define the existing eos inventory group name. By doing this, you can run the playbook even if the ansible_eda['event']['body']['tags']['source'] variable has not been defined.

      Note

      The ~/example-netops/configure_interface.yml file contains the correct updates. You can use that file for comparison or copy it to the ~/git-repos/netops/playbooks directory.

      ---
      - name: Configure Arista managed nodes
        hosts: "{{ ansible_eda['event']['body']['tags']['source'] | default('eos') }}"
        become: true
        gather_facts: false
        tasks:
          - name: Enable interface
            arista.eos.eos_interfaces:
              config:
                - name: Ethernet1
                  enabled: true

      Note

      Although this step does not change the result of the exercise (the eos inventory host group contains a single host), restricting the hosts targeted by the play might be useful for large inventory host groups.

   4. Add three tasks to the top of the list of tasks in the configure_interface.yml playbook.

      ---
      - name: Configure Arista interface
        hosts: "{{ ansible_eda['event']['body']['tags']['source'] | default('eos') }}"
        become: true
        gather_facts: false
        tasks:
          - name: Download network configuration from Git 
            ansible.builtin.git:
              repo: https://git.lab.example.com/student/arista-configuration.git
              dest: /tmp/srv
              clone: true
      
          - name: Include neworking configuration variables 
            ansible.builtin.include_vars: /tmp/srv/switch_desired_conf.yml
      
          - name: Merge layer 2 interface configuration 
            arista.eos.eos_l2_interfaces:
              config: "{{ l2_interface_config }}"
              state: merged
      
          - name: Enable interface
            arista.eos.eos_interfaces:
              config:
                - name: Ethernet1
                  enabled: true

      	This task downloads configuration information from a Git repository and then uses this information as a source of truth.
      	This task loads variables from the /tmp/srv/switch_desired_conf.yml file.
      	This task merges the existing node configuration with the information defined by the l2_interface_config variable.

      Note

      The ~/example-netops/configure_interface.yml file contains the correct updates. You can use that file for comparison or copy it to the ~/git-repos/netops/playbooks directory.

   5. Add and commit the local changes, and then push the changes to the remote Git repository:

      [student@workstation netops]$ git commit -a -m 'Improve rulebook activation'
      [main 97e410e] Improve rulebook activation
       2 files changed, 16 insertions(+), 1 deletion(-)
      [student@workstation netops]$ git push
      ...output omitted...

5. Update automation controller and EDA controller resources to use the Git repository changes.

   1. On any automation controller web browser tab, go to Resources → Templates and then click the Edit Template icon for the Manage Arista network interfaces job template.

   2. Select the Prompt on launch checkbox for the Varibles field and then click Save.

      Figure 3.10: Prompt on launch for job template variables

      This change and the post_events: true line added to the rulebooks/port_status.yml rulebook work together. The rulebook sends the event, and selecting this checkbox dynamically imports the event as the ansible_eda variable that the job template can use. In this exercise, the playbook uses the ansible_eda['event']['body']['tags']['source'] variable.

   3. On the EDA controller web browser tab, go to Projects and then click the Sync project icon for the NetOps project. Wait until the project displays a status of Completed.

   4. Go to Rulebook Activations. Click the vertical ellipsis icon for the Monitor Arista port status rulebook activation and click Restart rulebook activation.

   5. Select the Yes, I confirm that I want to restart these 1 rulebook activations checkbox and click Restart rulebook activations.

   6. After the status changes to Success, click Close to close the Restart rulebook activations window.

6. Shut down the Ethernet1 interface on the arista1 managed node and then verify that EDA controller triggers an action that configures the interface and brings the interface up.

   1. From the terminal window connected to the arista1 managed node, shut down the Ethernet1 interface:

      arista1.lab.example.com(config-if-Et1)#shut

   2. On the EDA controller web browser tab, go to Rule Audit.

   3. You might have to wait a minute, but you should see a new Port is down rule in the rule audit list. Wait until the rule displays a status of Success.

      Note

      In this exercise, Telegraf performs a check every 30 seconds. If the automation controller job launched by the rulebook activation does not complete before the next check, then you see an additional Port is down rule in the rule audit list.

   4. In the terminal window connected to the arista1 managed node, display the state of the Ethernet1 interface:

      arista1.lab.example.com(config-if-Et1)#show running-config
      ...output omitted...
      interface Ethernet1
         switchport access vlan 30
      !
      ...output omitted...

      In addition to enabling the interface, the automation controller job configured a VLAN for the interface. If necessary, then press q to exit the command.

   5. Disconnect from the arista1 managed node:

      arista1.lab.example.com(config-if-Et1)#logout
      Connection to arista1 closed.
      [student@workstation ~]$