Process

Let's learn about the new process involved when handling tactical playbooks.

We'll cover the following

NDLC process
Gather information
Execute check mode with verbosity
Execute playbook
Regather information

NDLC process

The NDLC process remains the same for making changes to the network:

Create a working branch from the master branch for every change.
Develop and test code.
Commit often.
Comment code where applicable.
Execute playbook.
Perform pull requests to merge approved code changes into the master branch.

Now that there could potentially be an impact on the network because of changes, there is a need to incorporate more traditional network administration personas to evaluate the required Cisco commands. How, where, and in what order commands should be executed, as well as the impact, if any, of the change to the network needs to be assessed. Other considerations such as outage planning for impactful changes or all test plans are required. An example of outage planning is to consider possible fail-overs, notifications to impacted users and services, change management, and approvals. . Updates to out of repository information should be included in the approval process such as NMS, diagrams, and legacy documentation. The process should also include evidence of the new automated documentation and testing that will be performed. Some CLI validation may be required as part of an automated change.

Orchestrate the playbook to gather information about the pre-change state of the network, execute the changes, and recollect the new post-change state of the network.

Gather information

Here, execute some of the pre-canned network reconnaissance code. Or, craft new, playbook-specific, information-gathering code that runs before changing anything. Output these files for use in validating the change, or roll back if we must back out of a change.

Execute check mode with verbosity

The most powerful aspect of Ansible is the ability to run playbooks in check mode. Since changes are being made to the network and that always holds a potentially negative impact, the playbook can be executed in check mode with verbosity enabled. This lets the playbook identify what is changing, in what order, and on what devices.

ansible-playbook network_change.yml --check –v

Execute playbook

After performing a dry run in check mode and validating that the intent is reflected in the output, execute the playbook and automate the network changes. Remove the check mode option and re-run the playbook. Verbosity can be enabled to provide a similar view as check mode, with the detailed output of each task in the playbook and how it is executed.

ansible-playbook network_change.yml -v

Regather information

Recollect the information about the new state of the network post-change. This output can be compared to the pre-change output to validate the success of the change, and the impact the change may have on routing tables or other information on the network.

Get hands-on with 1200+ tech skills courses.

Introduction

What Is Network Automation?

Why Automate the Network?

How to Automate the Network

Where to Start with Network Automation

Repository Structure

Network Reconnaissance

Tactical Playbooks

Data Models and Dynamic Templates

Dynamic Intent-Based Documentation

Configuration Management

Continuous Integration/Continuous Delivery

Conclusion