Network Automation and Undifferentiated Heavy Lifting

I got this tweet after publishing the “use Ansible to execute a single command on all routers” blog post (and a few similar comments on the blog post itself)

Or use Python, Netmiko and a simple For loop

I never cease to be amazed by the urge to do undifferentiated heavy lifting in the IT industry.

Of course you can solve the “execute one command on a few boxes” problem with Python and Netmiko (assuming you’re willing to invest your time in learning Python or wasting it with google-and-throw spaghetti wall approach).

You can also improve your script and switch into enable mode (or use authorize and auth_pass parameters in ios_command Ansible module).

You can add support for configuration commands, or you could use ios_config Ansible module or NAPALM library.

You can invest time in building a multi-threaded solution once you figure out that write memory (or show running) command executed on 100 high-end PE-routers takes too much time.

You can also figure out all the challenges of multi-threaded programming once you start stomping on your threads’ toes.

Or you could find the right tool for the job and focus on getting the job done instead of reinventing the tool… and the more tools you’re familiar with, the more likely you’ll choose the right tool for the job.

Do I have to mention that it’s easiest to get familiar with the tools if you use them in a low-risk environment like a lab?

You can also solve the next problem with another for loop (or deploy OSPF NSSA areas).

Some of you might know that I wrote quite a few “yeah, it’s just a for loop” scripts in my life, and saw them blossom into a spaghetti mess. I’ve also seen what happens when such a script grows organically to cover more platforms. Everything I wrote above is unfortunately based on my personal experience (and learning from my own mistakes). Try not to repeat them.

3 comments:

  1. Not to mention the improved readability of a YAML-formatted playbook over homegrown scripts and actually using shared tooling with our systems engineering counterparts vs insisting on being unique.
  2. IMO, the "run this command on all devices" is the easy part. It always has been. What is a little more tricky and much more interesting are things like:

    "Enable dhcp snooping on every switch that has vlan 123 or 456 on it and automatically trust any uplink trunk port"

    "Add vlan 789 to any trunk port on the network that currently has 456"

    "Migrate to HSRP by swapping out current $ip with $ip+1 and making $ip the standby address but only after verifying that $ip+1 is not already in use. And do the same thing on the other device but use $ip+2 instead."
  3. Even in the context of Netmiko, there is a better choice (i.e. Netmiko tools).

    Netmiko tools are command line utilities I built with a simple YAML inventory (loosely modeled on Ansible's inventory). They allow you to do show and simple config commands with threading built-in.

    Here is a command to perform 'write mem' on the Arista group (which consists of four devices)

    $ netmiko-show --cmd "write mem" arista
    arista_sw1.txt:Copy completed successfully.
    arista_sw2.txt:Copy completed successfully.
    arista_sw3.txt:Copy completed successfully.
    arista_sw4.txt:Copy completed successfully.
Add comment
Sidebar