[우아하게 앤서블] Chapter 5 - 네트워크 운영체제를 앤서블을 통해서 관리하기
카테고리 없음2022. 8. 7. 18:40
4장까지는 Hyper-V 환경에서 구성을 진행하였으나 Vagrant 자체에서 Hyper-V용 Box를 지원하지 않는 부분이 발견되면서 결국은 VirtualBOX로 전환하였습니다. 5장의 실습 OS인 VyOS도 지원하지 않음 ㅠㅠ
VyOS로 검색 시 HyperV한건 나오나 다운로드 수가 많지 않아서 리스크를 가지고 실습하기엔 사실 귀찮은 면이 있어서..
결국 설치 진행...
공부를 하면서 다른 환경에서 구성을 맞춰가는게 나름 재미있는 요소중 하나였는데 좀 아쉽네요.
환경은 데탑에서 원래 Hyper-V를 활용중이었던 터라 날릴수가 없어서 노트북 환경으로 변경 진행
장 초반인 NX-OS는 물리장비로 진행하는 부분이 어서 패스
VyOS설치를 위한 셋팅
Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
#============#
# VyOS Nodes #
#============#
#Ansible-VyOS01
config.vm.define "ansible-vyos01" do |vy|
vy.vm.box = "sysnet4admin/VyOS"
vy.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-VyOS01(github_SysNet4Admin)"
end
vy.vm.host_name = "ansible-vyos01"
vy.vm.network "public_network", ip: "192.168.1.51"
vy.vm.network "forwarded_port", guest: 22, host: 60051, auto_correct: true, id: "ssh"
vy.vm.network "private_network", virtualbox__intnet: "eth2", auto_config: false
vy.vm.network "private_network", virtualbox__intnet: "eth3", auto_config: false
vy.vm.synced_folder "../data", "/vagrant", disabled: true
vy.vbguest.auto_update = false
end
#Ansible-VyOS02
config.vm.define "ansible-vyos02" do |vy|
vy.vm.box = "sysnet4admin/VyOS"
vy.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-VyOS02(github_SysNet4Admin)"
end
vy.vm.host_name = "ansible-vyos02"
vy.vm.network "public_network", ip: "192.168.1.52"
vy.vm.network "forwarded_port", guest: 22, host: 60052, auto_correct: true, id: "ssh"
vy.vm.network "private_network", virtualbox__intnet: "eth2", auto_config: false
vy.vm.network "private_network", virtualbox__intnet: "eth3", auto_config: false
vy.vm.synced_folder "../data", "/vagrant", disabled: true
vy.vbguest.auto_update = false
end
#================#
# Ansible Server #
#================#
config.vm.define "ansible-server" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Server(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-server"
cfg.vm.network "public_network", ip: "192.168.1.10"
cfg.vm.network "forwarded_port", guest: 22, host: 60010, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", inline: "yum install epel-release -y"
cfg.vm.provision "shell", inline: "yum install ansible -y"
cfg.vm.provision "file", source: "ansible_env_ready.yml",
destination: "ansible_env_ready.yml"
cfg.vm.provision "shell", inline: "ansible-playbook ansible_env_ready.yml"
end
endansible_env_ready.yml
---
- name: Setup for the Ansible's Environment
hosts: localhost
gather_facts: no
tasks:
- name: Add "/etc/ansible/hosts"
blockinfile:
path: /etc/ansible/hosts
block: |
[vyos]
192.168.1.51 ansible_connection=network_cli ansible_network_os=vyos
192.168.1.52 ansible_connection=network_cli ansible_network_os=vyos
- name: Generate sshkey
become: yes
become_user: vagrant
shell: "{{ item }}"
with_items:
- "ssh-keyscan 192.168.1.51 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.1.52 >> ~/.ssh/known_hosts"
- name: Create vim env's directories & files
shell: "{{ item }}"
with_items:
- "mkdir -p /home/vagrant/.vim/autoload /home/vagrant/.vim/bundle"
- "touch /home/vagrant/.vimrc"
- "touch /home/vagrant/.bashrc"
- name: Install vim-enhanced
yum:
name: vim-enhanced
state: present
- name: Install git
yum:
name: git
state: present
- name: Download pathogen.vim
shell: "curl -fLo /home/vagrant/.vim/autoload/pathogen.vim
https://tpo.pe/pathogen.vim"
- name: Git clone vim-ansible-yaml
git:
repo: https://github.com/chase/vim-ansible-yaml.git
dest: /home/vagrant/.vim/bundle/vim-ansible-yaml
- name: Configure vimrc
lineinfile:
path: /home/vagrant/.vimrc
line: "{{ item }}"
with_items:
- "set number"
- "execute pathogen#infect()"
- "syntax on"
- name: Configure Bashrc
lineinfile:
path: /home/vagrant/.bashrc
line: "{{ item }}"
with_items:
- "alias ans='ansible'"
- "alias anp='ansible-playbook'"초반에 게스트 관련된 뭔가를 설치 해야된다고 본거 같은데...
플러그인 설치 후 재시도
vagrant plugin install vagrant-vbguest
vagrant ssh ansible-server
핑체크
ans vyos -m ping -k
uname -r
show lldp neighbors
lldp 설정
vyos_lldp.yml -k
---
- name: Config lldp service
hosts: vyos
gather_facts: no
tasks:
- name: enable lldp service
vyos_lldp:
state: present
- name: save running-config
vyos_config:
save: yesanp vyos_lldp.yml -k
설치 후 show lldp neighbors 정상 실행
호스트 네임 변경
리붓 후 호스트 네임 초기화
vyos_hostname.yml
---
- name: Change&set the hostname
hosts: vyos
gather_facts: no
tasks:
- name: hostname for ansible-vyos01
delegate_to: 192.168.1.51
run_once: true
vyos_system:
host_name: ansible-vyosA
- name: hostname for ansible-vyos02
delegate_to: 192.168.1.52
run_once: true
vyos_system:
host_name: ansible-vyosB
- name: save running-config
vyos_config:
save: yesanp vyos_hostname.yml -k적용 후 재부팅 후에도 정상적으로 호스트 네임 유지 확인
컨피그 확인시에도 적용
show configuration
링크 어그리게이션 설정
vyos_bond.yml
---
- name: Config link Aggregation
hosts: vyos
gather_facts: no
tasks:
- name: make a bond interface
vyos_linkagg:
name: bond0
members:
- eth2
- eth3
mode: 802.3ad
- name: save running-config
vyos_config:
save: yes실행
anp vyos_bond.yml -k
본딩확인
show interfaces bonding bond0
어그리게이션 확인
monitor interfaces ethernet eth2 traffic
맥어드레스확인 / 위에 통신하는 맥주소
show interfaces ethernet eth2
본딩확인
show conf
Cumulus를 다루기
앤서블을 통해서 다룰 수 있는 네트워크 운영체제
vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
#===============#
# Cumulus nodes #
#===============#
#Ansible-Cumulus01
config.vm.define "ansible-cl01" do |cl|
cl.vm.box = "CumulusCommunity/cumulus-vx"
cl.vm.box_version = "3.6.0"
cl.vm.box_check_update = false
cl.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Cumulus01(github_SysNet4Admin)"
vb.customize ['modifyvm', :id, '--macaddress1', '080027000061']
vb.customize ['modifyvm', :id, '--natnet1', '10.0.61.0/24']
end
cl.vm.host_name = "ansible-cl01"
cl.vm.network "public_network", ip: "192.168.0.61"
cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
cl.vm.network "forwarded_port", guest: 22, host: 60061, auto_correct: true, id: "ssh"
cl.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Cumulus02
config.vm.define "ansible-cl02" do |cl|
cl.vm.box = "CumulusCommunity/cumulus-vx"
cl.vm.box_version = "3.6.0"
cl.vm.box_check_update = false
cl.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Cumulus02(github_SysNet4Admin)"
vb.customize ['modifyvm', :id, '--macaddress1', '080027000062']
vb.customize ['modifyvm', :id, '--natnet1', '10.0.62.0/24']
end
cl.vm.host_name = "ansible-cl02"
cl.vm.network "public_network", ip: "192.168.0.62"
cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
cl.vm.network "forwarded_port", guest: 22, host: 60062, auto_correct: true, id: "ssh"
cl.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Cumulus03
config.vm.define "ansible-cl03" do |cl|
cl.vm.box = "CumulusCommunity/cumulus-vx"
cl.vm.box_version = "3.6.0"
cl.vm.box_check_update = false
cl.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Cumulus03(github_SysNet4Admin)"
vb.customize ['modifyvm', :id, '--macaddress1', '080027000063']
vb.customize ['modifyvm', :id, '--natnet1', '10.0.63.0/24']
end
cl.vm.host_name = "ansible-cl03"
cl.vm.network "public_network", ip: "192.168.0.63"
cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
cl.vm.network "forwarded_port", guest: 22, host: 60063, auto_correct: true, id: "ssh"
cl.vm.synced_folder "../data", "/vagrant", disabled: true
end
#Ansible-Cumulus04
config.vm.define "ansible-cl04" do |cl|
cl.vm.box = "CumulusCommunity/cumulus-vx"
cl.vm.box_version = "3.6.0"
cl.vm.box_check_update = false
cl.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Cumulus04(github_SysNet4Admin)"
vb.customize ['modifyvm', :id, '--macaddress1', '080027000064']
vb.customize ['modifyvm', :id, '--natnet1', '10.0.64.0/24']
end
cl.vm.host_name = "ansible-cl04"
cl.vm.network "public_network", ip: "192.168.0.64"
cl.vm.network "private_network", virtualbox__intnet: "swp2", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp3", auto_config: false
cl.vm.network "private_network", virtualbox__intnet: "swp4", auto_config: false
cl.vm.network "forwarded_port", guest: 22, host: 60064, auto_correct: true, id: "ssh"
cl.vm.synced_folder "../data", "/vagrant", disabled: true
end
#================#
# Ansible Server #
#================#
config.vm.define "ansible-server" do |cfg|
cfg.vm.box = "centos/7"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "Ansible-Server(github_SysNet4Admin)"
end
cfg.vm.host_name = "ansible-server"
cfg.vm.network "public_network", ip: "192.168.0.60"
cfg.vm.network "forwarded_port", guest: 22, host: 60010, auto_correct: true, id: "ssh"
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
cfg.vm.provision "shell", inline: "yum install epel-release -y"
cfg.vm.provision "shell", inline: "yum install ansible -y"
cfg.vm.provision "file", source: "ansible_env_ready.yml",
destination: "ansible_env_ready.yml"
cfg.vm.provision "shell", inline: "ansible-playbook ansible_env_ready.yml"
end
endansible_env_ready.yml
---
- name: Setup for the Ansible's Environment
hosts: localhost
gather_facts: no
tasks:
- name: Add "/etc/ansible/hosts"
blockinfile:
path: /etc/ansible/hosts
block: |
[spine]
192.168.1.61
192.168.1.62
[leaf]
192.168.1.63
192.168.1.64
[cl:children]
spine
leaf
- name: Generate sshkey
become: yes
become_user: vagrant
shell: "{{ item }}"
with_items:
- "ssh-keyscan 192.168.1.61 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.1.62 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.1.63 >> ~/.ssh/known_hosts"
- "ssh-keyscan 192.168.1.64 >> ~/.ssh/known_hosts"
- name: Create vim env's directories & files
shell: "{{ item }}"
with_items:
- "mkdir -p /home/vagrant/.vim/autoload /home/vagrant/.vim/bundle"
- "touch /home/vagrant/.vimrc"
- "touch /home/vagrant/.bashrc"
- name: Install vim-enhanced
yum:
name: vim-enhanced
state: present
- name: Install git
yum:
name: git
state: present
- name: Download pathogen.vim
shell: "curl -fLo /home/vagrant/.vim/autoload/pathogen.vim
https://tpo.pe/pathogen.vim"
- name: Git clone vim-ansible-yaml
git:
repo: https://github.com/chase/vim-ansible-yaml.git
dest: /home/vagrant/.vim/bundle/vim-ansible-yaml
- name: Configure vimrc
lineinfile:
path: /home/vagrant/.vimrc
line: "{{ item }}"
with_items:
- "set number"
- "execute pathogen#infect()"
- "syntax on"
- name: Configure Bashrc
lineinfile:
path: /home/vagrant/.bashrc
line: "{{ item }}"
with_items:
- "alias ans='ansible'"
- "alias anp='ansible-playbook'"ans cl -m ping -k
호스트 네임 변경
cl_hostname.yml
---
- name: Change the hostname
hosts: cl
gather_facts: no
become: yes
tasks:
- name: hostname for ansible-cl01
delegate_to: 192.168.0.61
run_once: true
nclu:
commands:
- add hostname ansible-spineA
atomic: true
- name: hostname for ansible-cl02
delegate_to: 192.168.0.62
run_once: true
nclu:
commands:
- add hostname ansible-spineB
atomic: true
- name: hostname for ansible-cl03
delegate_to: 192.168.0.63
run_once: true
nclu:
commands:
- add hostname ansible-leafA
atomic: true
- name: hostname for ansible-cl04
delegate_to: 192.168.0.64
run_once: true
nclu:
commands:
- add hostname ansible-leafB
atomic: true
- name: lldp service restart
service:
name: lldpd
state: restartedLLDP 확인
net show lldp
anp cl_hostname.yml -k
기존 정보는 남아있으나 곧 사라짐...(240초)
Cumulus의 spine 노드간 peer-link 구성하기
cl_peerlink.yml
---
- name: Config switch virtual interface(SVI) with bonding
hosts: spine
gather_facts: no
become: yes
tasks:
- name: put in config
nclu:
commands:
- add bond bond0 bond slaves swp2,3
- add bridge
- add bridge bridge ports bond0
- add bridge bridge vids 10
- add bridge bridge pvid 1
atomic: true
- name: setup ip for spineA's SVI
delegate_to: 192.168.0.61
run_once: true
nclu:
commands:
- add vlan 10 ip address 10.0.10.61/24
atomic: true
- name: setup ip for spineB's SVI
delegate_to: 192.168.0.62
run_once: true
nclu:
commands:
- add vlan 10 ip address 10.0.10.62/24
atomic: true아이피 오류로 수정했다가 적용
ping 10.0.10.62
arp
net show configuration
구성변경 및 팬딩 확인
net del bridge bridge vids 10
net add bridge birdge vids 100
net pending
적용
net commit
vlan 변경에 따른 전송 불가
Cumulus 노드 간에 OSPF를 구성 하기
OSPF = 최단 우선 경로 (Open Shortest Path First)
cl_int.yml
---
- name: Config interface for spineA
hosts: 192.168.0.61
gather_facts: no
become: yes
tasks:
- name: put in config
nclu:
commands:
- add interface swp4 ip address 10.0.101.61/24
atomic: true
- name: Config interface for spineB
hosts: 192.168.0.62
gather_facts: no
become: yes
tasks:
- name: put in config
nclu:
commands:
- add interface swp4 ip address 10.0.102.62/24
atomic: true
- name: Config interface for leafA
hosts: 192.168.0.63
gather_facts: no
become: yes
tasks:
- name: put in config
nclu:
commands:
- add interface swp4 ip address 10.0.101.63/24
atomic: true
- name: Config interface for leafB
hosts: 192.168.0.64
gather_facts: no
become: yes
tasks:
- name: put in config
nclu:
commands:
- add interface swp4 ip address 10.0.102.64/24
atomic: truecl_ospf.yml
---
- name: Config OSPF for spineA
hosts: 192.168.0.61
gather_facts: no
become: yes
tasks:
- name: put in config
nclu:
commands:
- add ospf router-id 0.0.0.61
- add ospf network 10.0.0.0/16 area 0.0.0.0
atomic: true
- name: Config OSPF for spineB
hosts: 192.168.0.62
gather_facts: no
become: yes
tasks:
- name: put in config
nclu:
commands:
- add ospf router-id 0.0.0.62
- add ospf network 10.0.0.0/16 area 0.0.0.0
atomic: true
- name: Config OSPF for leafA
hosts: 192.168.0.63
gather_facts: no
become: yes
tasks:
- name: put in config
nclu:
commands:
- add ospf router-id 0.0.0.63
- add ospf network 10.0.0.0/16 area 0.0.0.0
atomic: true
- name: Config OSPF for leafB
hosts: 192.168.0.64
gather_facts: no
become: yes
tasks:
- name: put in config
nclu:
commands:
- add ospf router-id 0.0.0.64
- add ospf network 10.0.0.0/16 area 0.0.0.0
atomic: trueanp cl_int.yml -k
net show interface
ping 10.0.101.61
ping 10.0.102.64
net show route ipv4
OSPF
anp cl_ospf.yml -k
