配置指导：基于ansible自动化工具的部署

• 1 目标
• 2 环境部署
  • 2.1 在服务器上部署 ansible
    • 1. 安装ansible
    • 2.所需要的文件如下，可直接编辑文件或解压附件，相关文件结构如下
    • 3.ansible.cfg 
    • 4.inventory
    • 5.group_vars/sonic.yml
    • 6. host_vars/sonic1.yml
    • 7. library/sonic_klish.py
    • 8.设置用例
    • 9.用例执行

1 前言

本文档详细介绍了 ansible自动化工具部署方法和配置指南。

读者对象

本手册主要适用于如下工程师：

• 方案规划和实施人员
• 负责网络配置和维护的网络管理员
• 测试人员

相关人员应具备以下能力：

• 熟悉 Asterfusion PacketBroker网络交换机产品
• 熟悉计算机网络的相关原理

2 环境部署

ansible是一个自动化工具，可以通过调用sonic-cli来对设备进行配置，注意该方法仅适用于调用命令行，不保证命令行/控制器/WEB UI之间的配置同步。

2.1 在服务器上部署 ansible

本章节以虚拟机上运行Rocky Linux 9.6 (Blue Onyx)为例

1. 安装ansible

pip3 install ansible

2.所需要的文件如下，可直接编辑文件或解压附件，相关文件结构如下

eric@mypc:~$ tree
.
├── ansible.cfg
├── group_vars
│   └── sonic.yml
├── host_vars
│   └── sonic1.yml
├── inventory
├── library
│   └── sonic_klish.py
└── site.yml

3.ansible.cfg   指定设备信息文件为inventory

[defaults]
inventory = inventory
host_key_checking = False
retry_files_enabled = False
gathering = explicit
stdout_callback = yaml

4.inventory 指定远程设备的IP，用户名及密码

[sonic]
sonic1 ansible_host=192.168.1.103 ansible_user=admin ansible_password=asteros

5.group_vars/sonic.yml  不需要改动

# group_vars/sonic.yml
host: "{{ ansible_host }}"
user: "{{ ansible_user }}"
password: "{{ ansible_password }}"

6. host_vars/sonic1.yml 要下发的配置，以下为两组命令行配置

config_vlan_cmd: |
  configure
  vlan 3003
  end
  exit
 
config_acl_test_cmd: |
  configure
  access-list L3 test1 ingress priority 500000
  rule 1 packet-action permit redirect-action ethernet 11
  exit
  interface ethernet 11
  acl test1
  end
  exit
 

7. library/sonic_klish.py 不需要改动，调用cli命令

#!/usr/bin/env python3
import tempfile, subprocess, os
from ansible.module_utils.basic import AnsibleModule
 
def main():
    mod = AnsibleModule(
        argument_spec=dict(commands=dict(required=True, type='str'),
                            host=dict(required=True,  type='str'),
                            user=dict(required=True,  type='str'),
                            password=dict(required=True, type='str', no_log=True)),
        supports_check_mode=False
    )
    cmds = mod.params['commands']
 
    host   = mod.params.get('host')
    user   = mod.params.get('user')
    passwd = mod.params.get('password')
 
    tmpfile = tempfile.mktemp()
    with open(tmpfile, 'w') as f:
        f.write(cmds)
 
    ssh_opts = "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
    try:
        cp = ["sshpass", "-p", passwd, "scp"] + ssh_opts.split() + [tmpfile, "{}@{}:/tmp/klish.cmds".format(user, host)]
        subprocess.check_call(cp, stdout=subprocess.DEVNULL)
        exe = ["sshpass", "-p", passwd, "ssh"] + ssh_opts.split() + \
              ["{}@{}".format(user, host), "sonic-cli", "<", "/tmp/klish.cmds"]
        out = subprocess.check_output(exe, stderr=subprocess.STDOUT)
    except subprocess.CalledProcessError as e:
        mod.fail_json(msg=e.output)
 
    finally:
        os.unlink(tmpfile)
    mod.exit_json(changed=True, stdout=out)
 
if __name__ == '__main__':
    main()
 

8.设置用例，新增两个task分别调用config_acl_test_cmd和config_vlan_cmd

---
- hosts: sonic
  gather_facts: no
  tasks:
    - name: Push klish commands
      sonic_klish:
        commands: "{{ config_acl_test_cmd }}"
        host:     "{{ host }}"
        user:     "{{ user }}"
        password: "{{ password }}"
      delegate_to: localhost
      register: result
      
    - name: Push klish commands 1
      sonic_klish:
        commands: "{{ config_vlan_cmd }}"
        host:     "{{ host }}"
        user:     "{{ user }}"
        password: "{{ password }}"
      delegate_to: localhost
      register: result
 
    - debug: var=result.stdout
 

9.用例执行

[root@localhost ansible]# ansible-playbook -v site.yml
Using /home/ryan/ansible/ansible.cfg as config file
 
PLAY [sonic] ******************************************************************************************************************************************************************************************************
 
TASK [Push klish commands] ****************************************************************************************************************************************************************************************
changed: [sonic1 -> localhost] => changed=true 
  stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
    stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# access-list L3 test1 ingress priority 500000
    sonic(config-L3-acl-test1)# rule 1 packet-action permit redirect-action ethernet 13
    sonic(config-L3-acl-test1)# exit[J
    sonic(config)# interface ethernet 13
    sonic(config-if-13)# acl test1[J
    sonic(config-if-13)# end[J
    sonic# exit
  stdout_lines: <omitted>
 
TASK [debug] ******************************************************************************************************************************************************************************************************
ok: [sonic1] => 
  result.stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
     stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# access-list L3 test1 ingress priority 500000
    sonic(config-L3-acl-test1)# rule 1 packet-action permit redirect-action ethernet 13
    sonic(config-L3-acl-test1)# exit[J
    sonic(config)# interface ethernet 13
    sonic(config-if-13)# acl test1[J
    sonic(config-if-13)# end[J
    sonic# exit
 
TASK [Push klish commands] ****************************************************************************************************************************************************************************************
changed: [sonic1 -> localhost] => changed=true 
  stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
    stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# vlan 3003
    sonic(config-vlan-3003)# end[J
    sonic# exit
  stdout_lines: <omitted>
 
TASK [debug] ******************************************************************************************************************************************************************************************************
ok: [sonic1] => 
  result.stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
    stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# vlan 3003
    sonic(config-vlan-3003)# end[J
    sonic# exit
 
PLAY RECAP ********************************************************************************************************************************************************************************************************
onic1                     : ok=4    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

如有其它问题，请填写右侧需求表单联系我们。www.asterfusion.com