Chap 29 - Introduction to Automation Tools Flashcards
What is EEM?
Embedded Event Manager
What are 2 building blocks of EEM?
- Events
- Actions
What are 3 EEM debug commands?
- debug event manager action cli
- debug event manager all
- debug event manager action mail
What is the EEM keyword used so that the output will include the output of any CLI commands that were issued in the applet?
$_cli_result
In EEM what does “file prompt quiet” do?
It disables the IOS confirmation mechanism that asks to confirm a user’s actions.
What are 4 common EEM email variables?
- _email_server
- _email_to
- _email_from
- _email_cc
What is the EEM command that causes an EEM applet to require manual execution?
event none
What is the command to manually run an EEM applet?
R1# event manager run
What is the command to manually run a TCL script?
tclsh flash:/ping.tcl
What is the command to view any text file?
more flash:ping.tcl
What are 6 configuration changes for which network operators leverage automation for?
- Device name/IP address
- QOS
- ACLs
- Usernames/passwords
- SNMP settings
- Compliance
What are 3 agent-based automation tools?
- Puppet
- Chef
- Saltstack
What is Puppet?
Server/Client functions:
Language:
Push or Pull:
Collection of code or files:
Code deployed as:
Admin interaction:
Service installed on nodes:
Communication Server/Client:
- Server/Client functions: Puppet Master / Puppet Agents
- Language: Ruby-based Domain Specific Language
- Push or Pull: Pull
- Collection of code or files: Modules in PuppetDB
- Code deployed as: Manifests
- Admin interaction: Puppet console
- Service installed on nodes: Puppet agent
- Communication Server/Client: TCP SSL req. certificates
What 3 types of Cisco devices can Puppet be used with?
- Catalyst switches
- Nexus switches
- UCS servers
What does Puppet do to helps an organization standardize its device configurations?
It can periodically verify the configuration on devices. If a configuration on a device has changed it can be alerted on as well as automatically put back to the previous configuration.
How do Puppet agents communicate with the Puppet master?
By using different TCP connections. Each TCP port uniquely represents a communications path from an agent running on a device or node.
What does Puppet allow for?
Puppet allows for the management and configuration of multiple device types at the same time.
What are the 3 installation types of Puppet?
- Monolithic - up to 4000 nodes
- Monolithic with compile masters - 4000 to 20,000
- Monolithic with compile masters and standalone PostgreSQL - more than 20,000 nodes
What 2 things might operations staff need in large-scale Puppet deployments
- Master of Masters (MoM) that manages the distributed Puppet masters and their associated databases
- Compile Masters that are load-balanced Puppet servers that help scale the number of agents that can be managed.
What advantage is there in having a Puppet MoM?
It greatly simplifies the management of the Puppet environments.
What is the hierarchy of Puppet configuration?
- Modules contain manifests
- Manifests contain classes
- Classes contain resources
What 3 things do Puppet modules contain?
- Manifests
- Templates
- Files
What are Puppet Manifests, how are they sent to clients, and what is required to do that?
- They contain the code that configures the clients or nodes running the puppet agent
- Pushed to devices using SSL
- Require certificates to be installed to ensure the security of the communications between master and agents
What is a Puppet Module?
A collection of files and directories that can contain Puppet manifests, as well as other objects such as files and templates
What is a Puppet Module and what does it leverage for communication to devices? called cisco_ios?
- It contains multiple manifests
- Leverages SSH to connect to devices
- Each of these manifests are used to modify the running configuration on Cisco Catalyst devices in some fashion
How are Manifests saved?
They are saved as individual files that have a file extension .pp.
What does Puppet use as its programming language?
Domain-specific Language (DSL) as its “programming language.”
What is Puppet Forge?
Puppet Forge is a free of charge community where puppet modules, manifests, and code can be shared.
What is Chef?
- Server/Client functions:
- Language:
- Push or Pull:
- Collection of code or files:
- Code deployed as:
- Admin interaction:
- Service installed on nodes:
- Communication workstation to Server:
- Communication Server/Client:
- Server/Client functions: Chef Server / Chef Clients
- Language: Ruby DSL
- Push or Pull: Pull
- Collection of code or files: Cookbooks
- Code deployed as: recipes
- Admin interaction: workstation
- Service installed on nodes: OHAI
- Communication workstation to Chef Server: Knife cli
- Communication Server/Client:
What code is Chef written in?
in Ruby and Erlang, but when it comes to actually writing code within Chef, Ruby is the language used
What is the Push model used by configuration management tools?
Push models push configuration from a centralized tool or management server,
What is the Pull model used by configuration management tools?
Pull models check in with the server to see if there is any change in the configuration, and if there is, the remote devices pull the updated configuration files down to the end device.
What are 6 ways Chef is similar to Puppet?
- Both have free open-source versions
- Both also have paid enterprise versions
- Both manage code that needs to be updated/stored
- Both manage devices that need to be configured
- Both are ‘Pull’ models * Both function as a client-server model
How is Chef different from Puppet?
Chef’s structure, terminology, and core components are different from those of Puppet.
Compare the difference in terminology between Puppet and Chef.
- Puppet Master = Chef server
- Puppet agent = Chef client
- Puppet module = Chef Cookbook
- Puppet Manifest = Chef Recipe
- Puppet console = Chef workstation
What is Knife in Chef?
The name of the command-line tool used to upload cookbooks to the Chef server.
What is the command to upload a cookbook to the Chef server?
knife upload (cookbookname)
Where can the Chef server be hosted?
- Locally on the workstation
- Remotely on a server
- Hosted in the cloud.
What happens to create Chef code?
- Created on the Chef workstation
- Stored in a file called a recipe
- Uploaded to the Chef server in order to be used in the environment.
What are the four types of Chef server deployments?
- Chef Solo - server hosted on workstation
- Chef Client and Server - distributed components
- Hosted Chef - in the cloud
- Private Chef - all components within the same enterprise
What is OHAI?
A service that is installed on the nodes that is used to collect the current state of a node and to send the information back to the Chef server through the Chef client service.
In Chef where are cookbooks stored?
On the Chef server.
What is a Chef Cookbook and what is it comparable to in Puppet?
- A collection of recipes
- Comparable to a module in Puppet
What is a Chef Recipe and what is it comparable to in Puppet?
- Code being deployed to make configuration changes
- Comparable to a manifest in Puppet
Which Chef component is responsible for all communications btw client and server?
The Chef client service that runs on the nodes is responsible for all communications to the Chef server.
What happens when a Chef node needs a recipe?
When a node needs a recipe, the Chef client service handles the communication back to the Chef server to signify the node’s need for the updated configuration or recipe.
What is the Kitchen in Chef?
It is a place where all recipes and cookbooks can automatically be executed and tested prior to hitting any production nodes.
What 4 testing frameworks does the Kitchen support?
- Bash Automated Testing System (BATS)
- Minitest
- Rspec
- ServerSpec
How do you know whether to choose Puppet or Chef?
It depends on the skillset and adoption processes of your network operations.
What is SaltStack?
Server/Client functions:
Language:
Push or Pull:
Servers Collection of client info:
Code deployed as:
Config Mgmt method:
Admin interaction:
Service installed on nodes:
Communication workstation to Server:
Communication Server/Client:
- Server/Client functions: Masters/minions
- Language: Python
- Push or Pull: Push using SSH
- Servers collection of client info: Pillars
- Code deployed as: Salt Formulas in YAML or DSL
- Configuration Mgmt: Reactors and Beacons Remote Execution System
- Admin interaction: Python or Syndic GUI
- Service installed on nodes: SaltStack Grains
- Communication workstation to Server:
- Communication Server/Client: 0MQ (Zero MQ), AES encryption
What is SaltStack built on?
Python
What is one advantage of SaltStack being built on Python?
Since it is built on Python, and has a Python interface a user can program directly to SaltStack by using Python code.
What are Salt formulas?
the instructions or states that get sent out to the nodes that are written in YAML or a DSL.
What Distributed Messaging Platform does SaltStack use?
0MQ (ZeroMQ)
In general how is the SaltStack architecture different from Puppet and Chef?
SaltStack uses a concept of Systems which are divided into various categories.
Why is SaltStacks performance very fast?
SaltStack can run remote commands to systems in a parallel fashion.
Where is the SaltStack reactor and what does it do?
- Sits on the Master
- Listens for a minion’s beacon signifying there has been a change on the host that differ from the desired state or configuration
What is a SaltStack Beacon?
- Lives in Minions
- If a configuration changes on a node it tells the Reactor on the Master
What are 3 types of changes does the SaltStack Reactor listen for?
- Command-line configuration
- Disk/memory/processor utilization
- Status of services
What are SaltStack minions?
- The SaltStack agent
What is the Remote Execution System?
The process of the Beacon notifying the Reactor of any configuration changes.
What are SaltStack Grains?
The Grains interface derives information about the underlying system. It’s called Grains because it presents Salt with Grains of information.
How are the SaltStack Grains of information gathered?
This information is typically gathered by the salt-minion daemon.
What are SaltStack Pillars?
Pillars are tree-like structures of data defined on the Salt Master and passed through to minions. They allow confidential, targeted data to be securely sent only to the relevant minion. Pillar is information about a minion or many minions stored or generated on the Salt Master
What is the name of the SaltStack GUI?
SynDic
What does SynDic make possible?
It makes it possible to leverage the master of masters.
What are 3 components that are contained in Salt’s command structure?
* Targets * Commands * Arguments
What is a Target in Salt’s command structure?
The target is the desired system that the command should run on.
How are minions targeted?
It is possible to target the system by using the MinionID of a minion.
When targeting what happens if an asterisk * is used instead of minion ID?
The asterisk * is a wildcard indicating all systems that are currently managed by SaltStack would be targeted.
What is Globbing?
When targeting you use a combination of the minion ID and the asterisk; for example, Minion* would grab any system that has a MinionID that starts with the word Minion.
What is an Argument in Salt’s command structure?
An argument provides detail to the module and function that is being called on in the command.
What syntax does the Salt command structure use?
It uses the module.function syntax followed by the argument.
What would the Salt command be to run the ‘ls -l/etc’ on all systems?
salt ‘*’ cmd.run ‘ls -l/etc’
What does the ‘network.interfaces’ command do?
It gathers network information from all the disparate systems, such as the MAC address, interface names, state, and IPv4 and IPv6 addresses assigned to those interfaces.
What are 3 Agent-less Automation Tools?
* Ansible * Puppet Bolt * SaltStack SSH (Server-only mode)
What is Ansible?
* Owned by Redhat * An automation tool that is capable of automating cloud provisioning, deployment of applications, and configuration management.
What were the 4 concepts in mind when Ansible was created?
* Consistent * Secure * Highly reliable * Minimal learning curve
How does Ansible communicate with the devices it manages?
Ansible communicates using SSH for a majority of devices, and it can support Windows Remote Management (WinRM) and other transport methods to the clients it manages.
Does Ansible need an administrative account?
No, Ansible doesn’t need an administrative account on the client. It can use built-in authorization escalation such as sudo when it needs to raise the level of administrative control.
What is the Ansible control station?
* It could be a laptop or a server sitting in a data center * The control station is the computer used to run Ansible and issue changes and send requests to the remote hosts * All Ansible requests come from the control station
Why do people like to use Ansible?
* It allows for easy ramp-up for users who aim to create new projects * It sets the stage for long-term automation initiatives and processes to further benefit the business.
What is Lifecycle methodology known as PPDIOO?
* Prepare * Plan * Design * Implement * Observe * Optimize
What is an Ansible Playbook?
* structured sets of instructions * A set of plays for remote systems * For example, Enforcing configuration and/ or deployment steps
What is an Ansible Play?
A set of tasks applied to a single host or a group of hosts
What is an Ansible Task?
A call to an Ansible module
What are Ansible Playbooks written with?
YAML (Yet Another Markup Language)
How can you recognize an Ansible YAML file?
Ansible YAML files usually begin with a series of three dashes (—) and end with a series of three periods (…).
How are comments added in Ansible YAML?
Add comments in YAML by beginning lines with a pound sign (#).
In an Ansible YAML list how are items added to the list?
Indent and begin each item with a dash and a space ( - )
How is a YAML key/value pair different from those in JSON?
YAML key/value pairs don’t need quotes.
What is YAML Lint?
YAML Lint is a free online tool you can use to check the format of YAML files to make sure they have valid syntax.
What are 5 Ansible CLI Commands?
* ansible - runs modules against targeted hosts * ansible-playbook - runs Playbook * ansible-docs - Provides docs on syntax and parameters in the CLI * ansible-pull - Changes Ansible clients from the default push model to the pull model * ansible-vault - Encrypts YAML files that contain sensitive data
How does Ansible keep track of the hosts it manages?
Ansible uses an inventory file to keep track of the hosts it manages.
In the output from a Ansible playbook what is important to look at?
* PLAY * TASK * PLAY RECAP
What Ansible module is used to make changes on Cisco devices?
ios_command module
What is Puppet Bolt?
Puppet Bolt allows you to leverage the power of Puppet without an Agent * Connects with SSH or WinRM connections * Open source tool * based on Ruby language
What are Puppet Bolt tasks?
* Used for pushing configuration, installing apps and for managing services * Tasks are sharable * allows you to execute a change or configuration immediately and then validate it.
What are the 2 ways to use Puppet Bolt?
* Orchestrator-driven tasks * Standalone Tasks
What are Puppet Bolt Orchestrator-driven tasks?
Orchestrator-driven tasks can leverage the Puppet architecture to use services to connect to devices. This design is meant for large-scale environments.
What are Puppet Bolt Standalone tasks?
Standalone tasks are for connecting directly to devices or nodes to execute tasks and do not require any Puppet environment or components to be set up in order to realize the benefits and value of Puppet Bolt.
How are individual Bolt commands run from the CLI ?
By using the command ‘bolt command run’ (command_name) followed by the list of devices to run the command against.
What is the CLI command to run a Bolt script?
bolt script run (script_name)
What happens when Puppet Bolt runs a script?
* It copies the script into a temporary directory on the remote device * Executes the script * Captures the results * Removes the script from the remote system
What do Puppet Bolt tasks use to retrieve data from the remote device?
An API
What is the Puppet Bolt command to run tasks from the CLI?
bolt task run (modulename:: taskfilename)
What allows Puppet Bolt tasks to be shared in Puppet Forge?
Standard file naming convention “modulename:: taskfilename”
What command is used to view JSON documentation that accompanies a task?
bolt task show (modulename:: taskfilename)
What is SaltStack SSH (Server-only mode)
* Agentless * Remote systems need SSH and Python installed *
What happens when Saltstack SSH connects to a remote device?
* Connects to remote system * Installs a lightweight version of SaltStack in a temp directory * Then optionally delete the temporary directory and all files upon completion, leaving the remote system clean.
When is leaving the files in the temp directory on the machine a good idea?
* When time is of the essence * When some users use Salt frequently
Can Salt SSH work in conjunction with the master/ minion environment?
Yes
What are the 2 most important factors when choosing an Automation tool?
* How the tools are used * The skills of the operations staff who are adopting them.
