Automation and Programmability
Yuvraj Singh
Network Engineer | Professional IT Trainer | Specialist in Routing and Switching | Wireless | SDN | Cyber Security | Penetration Testing
Traditionally device configurations is done mostly through Command Line Interface (CLI). Newly made changes/ issued commands are in running-config file (in RAM) which should be saved to startup-config file (in NVRAM). Managing the configurations of every network device create challenges.
?Suppose one of the engineer make changes which might leads the configuration to drift away from ideal one without the rest if staff knowing. The on-device configuration changes can be difficult to detect as in, what has changed, which lines have been modified, who made changes etc. External systems may be useful for management but requires frequent observation otherwise it would be hardly detectable as of what has changed, who made changes and why.
Centralized Configuration management tools e.g., Version Control Software (VCS) makes easier in noting who changes a file, what lines and specific characters changed, when the change occurred, and so on. The tools also allow you to compare the differences between versions of the files over time.
GitHub :
Automated Configuration Management tools
With this approach, engineers should make the desired changes by editing the associated configuration files in the centralized repository. The configuration management tool can be instructed to apply the configuration on selected devices. After that process completes, the central config file and the device’s running-config (and startup-config) should be identical. Although there's a catch which is as such, the network engineers should make changes by using the configuration management tools, but they still have the ability to log in to each device and make manual changes on each device leading to some configuration drift.
So, the configuration management tools can also monitor device configurations and whenever discovers the device configurations performed differs from intended ideal configuration, it may notify the engineer or even reconfigure the device. This is feature called configuration enforcement/ monitoring. The automated configuration management software asks for a copy of the device’s running-config file, the configuration management software compares the ideal config file with the just-arrived running-config file to check whether they have any differences.
Configuration Provisioning
This refers to the provisioning or deployment of the changes to the configuration made by configuration changes into the device after someone edited central configuration file.
???Templates and variables
Templates are the configuration files that may be useful when the devices running on similar roles can opt the same configuration template whereas, variable is the changed character on every device configuration. Also, configuration management tools can define logic steps in a file, schedule to execute such as to implement the changes through some automation tools.
Following is the configuration output from a device,
Now for configuration management tools this above mentioned configuration can be broken down into two distinct components which have been defined as templates and variables.
领英推è
?Hence, templates is the component of the configuration that will be similar to the devices and the variable is the unique component to any device. Anyone can edit the standard template file as per device's role and add variable to it. The configuration management tool can then process the template and variable to create the ideal configuration file for each device.
These configuration management tools have defined some language for template and for variable files respectively. Below is an example of Ansible tool that uses Jinja2 language for templates and YAML for variable.
Jinja2:
YAML:
Files that control the configuration management tools
By providing distinct methods to define some logic, configuration management tools then allows us to what changes to make, to which devices and when. That same logic could specify a subset of the devices. It could also detail steps to verify the change before and after the change is attempted, and how to notify the engineers if an issue occurs.
Each of the tools uses a language (some sort of domain specific language or DSL) used to define the action steps. These languages are much easier to learn compared to other programming languages.
Summarizing the files of configuration management tool,
Three configuration management tools: Ansible, Puppet and Chef
All three produce one or more configuration management software products that have become synonymous with their company names.
Differences between each: