Chapter 48 - Understanding Ansible, Puppet, and Chef Flashcards
1
Q
What is Configuration Drift?
A
- The effect by which configuration drifts away from an organisation’s defined standardised configuration for that device type over time.
2
Q
Downsides of relying on manual tools to avoid Configuration Drift
A
- The device may not store change history
- External systems can be used to compile logs of changes but these can have human error and require analysis to confirm what the change is.
- Referring to historical data in change management systems works poorly if a device has gone through many config changes over a period of time
3
Q
What is Configuration Enforcement?
A
- Also known as Configuration Monitoring
- A function that allows a device to know when its config changed from the standardised configuration (when Configuration Drift has occurred) and either reconfigure itsself or notify an engineer to.
4
Q
Functions of Configuration Provisioning
A
- Implement config changes in one device after the change has been made to the standardised config file on the management system
- Choose which subset of devices to configure
- Determine if a change was accepted or rejected and react accordingly
- Revert a change if any of the config is rejected
- Validate the change before making the change to ensure it will work
- Check the config after the change completes to confirm that the new config on the management system matches the new config on the device
- Determine whether to save running-config to startup-config or not
- Represent config files as templates with variables so devices can use the same template but with different values
- Store logic steps in a file and schedule them to be executed so that an engineer does not need to be present
5
Q
Benefits of using Templates
A
- Increase the focus on having standardised config for different device roles to avoid snowflakes (uniquely configured devices)
- New devices with an existing role can be deployed easily
- Makes troubleshooting easier as a config issue on one device can be fixed on others
- Tracking files for the template and variable files makes it easier to find configuration issues
6
Q
Name configuration management systems
A
- Ansible
- Puppet
- Chef
7
Q
Name different Ansible text file types
A
- Playbooks - Provide actions and logic about what Ansible should do. Blueprints of automation tasks. Written in YAML.
- Inventory - Provide device hostnames along with information about each device so Ansible can perform functions on one/all/a subset of these devices. Written in INI, YAML, etc.
- Templates - Using Jinja2 language, the templates represent a device’s configuration without variables
- Variables - Using YAML, lists variables that Ansible can substitute into Templates
8
Q
What is Ansible?
A
- Configuration Management System written in Python
- Agentless Architecture - does not run on a networking device itsself, instead it uses a protocol normally used as SBIs such as NETCONF or SSH
- Uses a push model - Pushes configuration changes from the server to the client
- More used for Configuration Provisioning than Configuration Monitoring but can do both
- Can be installed on Mac or Linux
- Uses an Imperative language (tells the system the steps it needs to complete to configure a device)
- When using SSH, uses port 22 for communication (SSH port)
9
Q
What is Puppet?
A
- Configuration Management System written in Ruby
- Agent Based Architecture or Agentless - Can be an add on configured on the networking device. Can also be agentless where Puppet installs a proxy agent on another host and this host uses SSH to communicate with the networking device.
- Uses a pull model - Pulls configuration changes from the Puppet Master server to the client
- Can be installed on Linux. In production environments the Linux host is known as a Puppet Master
- Uses a Declarative language (tells the system what the end state of the device should be and the Puppet Master works on getting there)
- Uses HTTP to contact networking devices
- Clients use TCP port 8140 to communicate with the Puppet Master
10
Q
Name different Puppet text file types
A
- Manifest - Human readable text file on the Puppet master, using a language defined by Puppet, used to define the desired configuration of a device
- Resource, Class, Module - Components of the Manifest. The largest component is the Module which is made up of Classes, which are made up of Resources
- Templates - Using a Puppet domain-specific language, these allow Puppte to generate Manifest and the components by substituting variables into the Template.
- Files are written in a proprietary language
11
Q
What is Chef?
A
- Configuration Management System written in Ruby
- Agent Based Architecture - Requires client side code that isn’t supported on many Cisco devices
- Uses a pull model - Pulls configuration changes from the server to the client
- Can be run as a server or in standalone mode
- Uses HTTP to contact networking devices
- Servers use TCP port 10002 to send config to clients
12
Q
Name different Chef text file types
A
- Resource - Configuration objects whose state is managed by Chef (e.g. A set of configuration commands for a network device)
- Recipe - The chef logic applied to resources to determine the details of how it uses the resources
- Cookbooks - A set of recipes about the same kind of work grouped together
- Runlist - An ordered list of recipes that should be run against a given device
- Files are written in a proprietary language
13
Q
What are Configuration Management Systems?
A
- Network automation tools that centralise the control and configuration of networking devices
14
Q
Puppet Domain Specific Language syntax example (Ruby)
A
sudo::conf { ‘coadmins’:
ensure => present,
content => ‘%admin ALL=(ALL) ALL’,
}
15
Q
Chef syntax example (Ruby)
A
sudo “CoAdmins”
group “CoAdmins
nopasswd true
