Skip to content

automation#

Services First - A Reminder of Strong Growth

Recently, a discussion on the internal Slack at Network to Code highlighted the "Amazon API Mandate" from 2002β€”a directive widely seen as transformative for Amazon. In the post (which can be found here), the core tenet is clear: All teams will henceforth expose their data and functionality through service interfaces. Upon rereading this mandate, I was immediately reminded of why I am such a strong believer in this strategy. Let's take a deeper dive. First, the mandate included the following requirements:

  1. All teams will henceforth expose their data and functionality through service interfaces.
  2. Teams must communicate with each other through these interfaces.
  3. There will be no other form of interprocess communication allowed: no direct linking, no direct reads of another team’s data store, no shared-memory model, no back-doors whatsoever. The only communication allowed is via service interface calls over the network.
  4. It doesn’t matter what technology they use. HTTP, Corba, Pubsub, custom protocols β€” doesn’t matter.
  5. All service interfaces, without exception, must be designed from the ground up to be externalizable. That is to say, the team must plan and design to be able to expose the interface to developers in the outside world. No exceptions.
  6. Anyone who doesn’t do this will be fired.
  7. Thank you; have a nice day!

Autocon4 Viewpoint

AutoCon4 and NautoCon@AutoCon are in the books. It was quite the day, and I have to say that it ranks among my best days of the year in Network Automation β€” right up there with being able to meet up with the Network to Code team earlier in the year. It was great to see many friends from across the community. Hopefully we’ll be able to keep the conversation going in Slack and maintain the momentum.

Network Design with NTP

It’s been a while since my last post β€” life and work have both been full. Today, I’m diving into one of the most quietly critical aspects of network design: time synchronization. Specifically, how to design NTP within an enterprise network and how to think about time zones when correlating logs.

We'll look at two main topics in this post: designing NTP (Network Time Protocol) and managing time zone display in logs.

Fueling Network AI: The Critical Role of Source of Truth Data

As the AI movement continues to expand its reach into the networking space, the need for an appropriate source of truth for network data becomes more critical than ever. What I have been seeing so far in the industry for networking and AI has been a lot of working on the individual devices one by one. But when looking at leveraging AI for the network, I believe it is best to look at the network as a whole. And that is where the Source of Truth data being stored in Nautobot is going to provide the right information about the network and the relationships between pieces of information - AI thrives on context, and relationships provide that context for more accurate insights and actions.

Redux: Stadium Automation

At a previous position to joining Network to Code I was asked to help to build automation to help with the configuration of switches going into a MLS stadium. The stadium was under construction and the network build out would take place at the same time as the stadium was being built out. It was definitely a first and maybe only opportunity that I would have to build out a new stadium.

Scenario

The task at hand is that each of the ports would need to be configured leveraging a good L2/L3 separation with each of the service providers that provide a service to the stadium their own network segment to work through. A large number of ports were going to need to be configured.

Nornir Transform Function

Nornir includes a function that allows for the transformation of inventory data, a feature integrated within the Nornir platform itself. The documentation for Nornir 3.0 is somewhat sparse regarding the usage of Transform functions, so I often refer to the more comprehensive 2.5 documentation. According to the Nornir documentation:

A transform function is a plugin that manipulates the inventory independently from the inventory plugin used. Useful to extend data using the environment, a secret store or similar.

Automation Redux: Firewall Tables

Today I'm going to dive into my getting started with network automation, and perhaps my first successful automation. There are definitely some things that I would re-do and complete differently, and some things that I consider a success.

I'm working on a new series within my blog, about how I would look to have done things differently than I had done before, with the tooling and knowledge that I now have, years later. This is the first in the series.

2023 Automation Review: Top 3

The year of 2023 I think may have had some of the biggest leaps in the Network Automation capabilities that are being delivered by some of the best in the business. With Nautobot's Golden Config App adding the ability to complete configuration remediation and Ansible release Event Driven Ansible, there are a couple of powerful tools to help you with your Network Automation. And all with a great new conference addition specific to Network Automation.

Nautobot: How I Use Tags For VMs

In my home environment I am leveraging Nautobot as my source of truth. This is for the network, which is probably not all that interesting in my home environment, and my virtual machines. Why am I tracking my virtual machines in Nautobot? Simple, to help automate them. I think that this is a clever methodology to help use tags and to get automation working within the environment. This same type of thing may be applicable to your network environment as well.

DevNet Expert Workstation On Debian

As part of my journey of using my Debian based Dev Workstation, as well as my studies towards completion of the DevNet Expert, I wanted to get up and running with the DevNet Workstation example that would help to become familiar with the environment that would be found at the live exam. There were a few small quirks along the way, so I thought I would go ahead and create a post about how to get started.

Nautobot Environment File

Within Nautobot there are many ways to be able to get the Nautobot environment running. Environment variables are used quite a bit in the Docker environment following best practice principles set forth in the 12 Factor App. The use of environment variables is helpful for working through the various stages of an application to production. The installation instructions leverage a single environment variable NAUTOBOT_ROOT and that is set in the SystemD files shown below.

Upgrade Nautobot Python Version in Virtual Machine

One observation lately is that Python is moving along quickly with new versions and new EOLs. Along with needing to make these updates, the applications that Python uses will also need to be moving along. Nautobot is my favorite, and in my opinion the best SOT platform available in the open source ecosystem today. So let's dive into the updating of the Python version.

For this post, I've created a new Rocky 8 Virtual Machine to be the host. See the note below for the reasoning. This will start off with a Nautobot install from the Nautobot docs. I won't dive into all of that, assume that is the starting point with a fresh Nautobot application.

Workstation Troubleshooting 2023

In my previous post I wrote about a workstation that I was working on building. It took an incredibly long time to get up and into a stable environment. But I have finally accomplished stability (hoping to not jinx it here with the post). I went through a fair bit of troubleshooting to get to this point.

Desktop Build 2023

Here I'm going to dive into what I'm planning to build out for my next desktop here in 2023. Prime Day is nearly upon us, and I'm anticipating (but do not know for sure) that prices on some of the gear that I'm looking for will be available at a good price. I'm also looking to build out a bigger system in order to run some intense VMs up coming.

My goals: - Build a system that will last for 3-4 years at a minimum - Max out the RAM, that is my most limiting factor in my environments - Give Linux a try as the desktop OS, still a bit of debate in this, considering options: - Debian 12 - POP OS - Linux Mint

Nautobot: Get IP Addresses From Nautobot

One of Nautobot's primary functions is to serve as an IPAM solution. Within that realm, the application needs to provide a method to get at IP address data for a device, quickly and easily. In this post I will review three prominent methods to get an IP address from Nautobot. It will demonstrate getting the address via:

  • Nautobot REST API
  • curl
  • Python Requests
  • GoLang HTTP
  • pynautobot
  • Ansible Lookup
  • Nautobot GraphQL API
  • curl
  • Python Requests
  • GoLang HTTP
  • pynautobot
  • Ansible Lookup

Nautobot Remote Validation

In this post I'm going to dive into a bit more on the Nautobot custom validators. This is a powerful validation tool that will allow for you to write your own validation capability, including in this demonstration on how to complete a validation against a remote API endpoint. The custom validators are a part of the Nautobot App extension capability. This allows for custom code to be written to validate data upon the clean() method being called, which is used in the majority of API calls and form inputs of Nautobot.

Nautobot Secrets - Hashicorp Vault

With Nautobot, one of the things that came up was how to work with secrets. Nautobot itself is not the place to maintain secrets, as it is not a vault. There may be some good cryptographic libraries out to handle this, but by its nature, that is not the intent. So Nautobot has written methods to be able to retrieve secrets from proper vault sources and be able to leverage them. These can be tricky to get set up however. I had struggled for a while myself. So now that I have it working, I thought it would be a good time to have a quick personal blog about it.

Nautobot Jobs in Jobs Root

Today I was working to demonstrate how to get started with Nautobot Jobs within the Jobs root of Nautobot. This is not a pattern that I develop often, as I am typically developing Jobs within a plugin as my development standard. More to come on that later. During this case, the ask was to build a Job that would connect to a network device. I had a few troubles that I didn't want to have to work through on a call that had limited time and that was a screen share. So I am taking to working on this via a blog post to share, and hopefully will be helpful for others as well.

Nautobot IP Provisioning

One of the great things about building an enterprise system, is being able to get systems to work cohesively amongst themselves to bring a complete solution. One of the workflows that is often required in a static IP address environment is the need to provide static IP addresses to hosts on a network segment. When using an IPAM (IP Address Management) solution such as Nautobot, the APIs and SDKs/modules made available for use in automation workflows is paramount to having the cohesion to make a seamless IT system.

In this post I will be diving into the use of Nautobot as the IPAM. Using Ansible and the Nautobot modules, I will then show how you can get the next available IP address and assign it for use to the next VM. There will likely need to be some minor tweaks for use in your system.

GraphQL - Aliasing

One of the features that I find myself using periodically that I think is underrated as far as using GraphQL is its ability to alias return keys in the response. This can be extremely helpful for developers writing applications, as it allows them to have the API response with the keys they are looking for. I have found this feature particularly useful when working on applications like Meraki and Nautobot together. In Nautobot a place is typically defined as the key site. In the Meraki world this is commonly set up as a network. Without GraphQL's alias feature, the developer would need to translate this data over.

Let's explore two scenarios where a developer might choose to alias the response from GraphQL:

  • Quick translation between systems
  • Response from multiple queries

I will demonstrate the capabilities of these scenarios using the Nautobot demo instance at https://demo.nautobot.com. For each of these, make sure that you have logged in already before going to the GraphiQL page.