SDN/SDWAN lab on-premises within 60min #Nuage

Create your SDWAN lab on-premises with ansible is a nicer experience.
I have this new playbook that will help you. So far, it works on just one KVM host. Nuage instances will be accessed via ssh using other KVM Host’s ports with DNAT (iptables). Just check the “hosts” inventory file after build it.

We’ll do the following:
* yum update of your KVM host
* Install libvirt and plain openvswitch (using ovs instead linux bridge just in case you need to use more than one server)
* Create pat rules at your KVM Hosts (VMs will be accessed thru NAT ports. You can change that if you want… be my guest 🙂
* Create libvirt domains (remember modify image locations if you access to internet is not one of the best)
* Configure your NTP/DNS server (using 8.8.8.8 as forward servers, you can change that on the playbook)
* Configure every VM (VSD, VSC…)

NOTE: Before go ahead you need to get a Eval license from your Nuage rep and ask me about the AWS access key for the files. You can also register yourself at nuagex.io and get the NUage experience off-premises and much faster

You will get something like this

More details about the architecture at: https://pinrojas.com/2017/04/03/your-own-sdwan-demo-at-packet-net-60min/

Elements on the inventory can be configurable. You can have many options on releases and use cases. Servers will need unrestricted direct internet access.

KVM Host should have at least 64GB (using over-subscription) and Centos7

Build and run your nuage-ansible container

Prepare your ansible container to run your playbooks. It can’t be the same KVM hosts where you want to run all the VMs.

###Install docker.
If you have CentOS should be done as follow:
NOTE: Use any other device besides the KVM server with docker with fully remote access to those servers.

yum -y update
yum -y install docker
systemctl start docker
systemctl enable docker

Build your nuage-ansible container

Create a Folder and download Dockerfile and other files

mkdir ~/nuage-ansible
cd ~/nuage-ansible
curl -o Dockerfile https://raw.githubusercontent.com/p1nrojas/pk-nuage-multi/master/install/onpremises/Dockerfile
curl -o bash_profile https://raw.githubusercontent.com/p1nrojas/pk-nuage-multi/master/install/onpremises/bash_profile
curl -o vimrc https://raw.githubusercontent.com/p1nrojas/pk-nuage-multi/master/install/onpremises/vimrc
curl -o setup.sh https://raw.githubusercontent.com/p1nrojas/pk-nuage-multi/master/install/onpremises/setup.sh

Get you Nuage license

Contact your Nuage/Nokia rep to get your Eval license and copy the key at ~/nuage-ansible/.nuage_license_key

Build your docker image

Do the follow and wait for about 10min depending on your internet access. Check at the bottom to see what sort of output you should expect:

cd ~/nuage-ansible
docker build -t pinrojas/nuage-ansible:v1.0 .

Create your data and app container

I’m using a data container to avoid issues with permissions on the host system. Then you should run the following

docker run -d --name nuage-ansible01-data-only01 pinrojas/nuage-ansible:v1.0 true
docker run -d -i -t --volumes-from nuage-ansible01-data-only01 --name nuage-ansible-app01 pinrojas/nuage-ansible:v1.0

Getting access to your app container

Now, Get access thru the following command and check if the following was created:

docker exec -ti nuage-ansible-app01 /bin/bash

You should see something like this:

mroja001@usmovnmroja001:~/$ docker exec -ti nuage-ansible-app01 /bin/bash
[dev@f1fb5a3d07da ~]$ ls
ansible  images  pk-nuage-multi  setup.sh
[dev@f1fb5a3d07da ~]$ cd pk-nuage-multi/
[dev@f1fb5a3d07da pk-nuage-multi]$ ls
LICENSE      build-packet-reset.yml  cheat_sheet.md  library                   packet-bmetal-reset.yml      pk-create-40r10.sh  roles
README.md    build-packet.yml        files           onprem-create.yml         packet-inventory-create.yml  pk-create-40r9.sh   templates
ansible.cfg  cfg                     install         packet-bmetal-create.yml  packet-inventory-reset.yml   plugins
[dev@f1fb5a3d07da pk-nuage-multi]$ ls ~/.ssh/
id_rsa  id_rsa.pub

Preparing and running your your playbook to install Nuage VCS/VNS

If your internet access is not good enough, you should download all your VM images and files in advance and change the location on the YML files

Prepare your installation

You’re into the container. You should go to cd ~/pk-nuage-multi/cfg folder
You will see many options to se your env depending on the use case.
Will take the most simple that’s ~/pk-nuage-multi/cfg/5.1.1u1-docker-sdwan
You will install only VSD, VSC, ES and NTP/DNS servers.

Check the location of the files into ~/pk-nuage-multi/cfg/5.1.1u1-docker-sdwan/files_location.yml
And you will see something like:

#files release dependant
url_base_location: "https://nuage-secure-files.s3.amazonaws.com/5.1.1u1-files/"
url_elasticsearch_qcow2: "elastic5.1.1.qcow2?Signature=6fsjqVo22rB66PS8i3j59Lg%2Fx7E%3D&Expires=1510002581&AWSAccessKeyId={{ aws_access_key }}"
url_libnetwork_rpm: "libnetwork5.1.1.rpm?Signature=5%2Ftbd8p7RmKgcDEYeMjBprF123g%3D&Expires=1510002582&AWSAccessKeyId={{ aws_access_key }}"
url_newton_openstack_nova_esxi_rpm: "newton-el7/nuage-nova-esxi-14.0.0-5.1.1_21_nuage.noarch.rpm?Signature=gQtUTiDNjBhv4V1Ci32PdevCOg4%3D&Expires=1510002582&AWSAccessKeyId={{ aws_access_key }}"

And instead you would like something like. Your KVM host has to have to access to that uri.

url_base_location: "https://intranet.sdn/"
url_elasticsearch_qcow2: "elastic5.1.1.qcow2"
url_libnetwork_rpm: "libnetwork5.1.1.rpm"
url_newton_openstack_nova_esxi_rpm: "newton-el7/nuage-nova-esxi-14.0.0-5.1.1_21_nuage.noarch.rpm"

Now, get the public key at /home/dev/.ssh/id_rsa.pub and copy it into your /root/.ssh/authorization_keys file at the KVM Host.

Building your inventory

When your are ok with the preparation, you can run the playbook as follow:

cd ~/pk-nuage-multi
ansible-playbook -e nuage_release=40r9-core -e lab_domain=nuage.lab -e lab_network_prefix=172.16.1 -e host_ip=192.168.2.24 onprem-create-inventory.yml

The variables are the following:
* nuage_release: it’s the nuage release and configuration option inside cfg folder
* lab_domain: the domain to be set on the DNS and for all servers
* lab_network_prefix: the /24 network to use on the lab (you should use anyone can’t conflict on your site)
* host_ip: The KVM host where the servers will be running

If everything goes well, you should have a file called hosts in the playbook folder like this:

[dev@c4af69b09e6a pk-nuage-multi]$ cat hosts
---
# *** WARNING ***
# This file is automatically generated by build.yml.
# Changes made to this file may be overwritten.
#

[bmetal]
core ansible_host=192.168.2.24 ansible_user=root


[nserver]
ns1.nuage.lab ansible_host=192.168.2.24 ansible_user=centos ansible_port=2012

[vsd]
vsd1.nuage.lab ansible_host=192.168.2.24 ansible_user=root ansible_port=2020

[vsc]
vsc1.nuage.lab ansible_host=192.168.2.24 ansible_user=root ansible_port=2031

[stat]
stat.nuage.lab ansible_host=192.168.2.24 ansible_user=root ansible_port=2024

[webvirtmgr]
virt.nuage.lab ansible_host=192.168.2.24 ansible_user=centos ansible_port=2030

Building your lab

The next playbook will do the following:
* yum update of your KVM host
* Install libvirt and plain openvswitch
* Create pat rules at your KVM Hosts
* Create libvirt domains (VMs)
* Configure your NTP/DNS server
* Configure every VM (VSD, VSC…)

Run the installation as follow

cd ~/pk-nuage-multi
ansible-playbook -i hosts deploy-all.yml

deploy-all.yml will run all the playbooks.

Optionally you can use ovs-reset.yml and reset-all-domains.yml to reset your installation in case of any mistake.

See ya!

ADDITIONAL INFO:

Docker image building process

The following is the output you should get when you build your container image:

root@box01:~/nuage-ansible$ docker build -t pinrojas/nuage-ansible:v1.0 .
Sending build context to Docker daemon 10.24 kB
Step 1/38 : FROM centos:7.3.1611
 ---> 262f7381844c
Step 2/38 : RUN yum -y install epel-release && yum clean all
 ---> Using cache
 ---> 644fd82dae24
Step 3/38 : RUN curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
 ---> Using cache
 ---> b7e768df6f6c
Step 4/38 : RUN python get-pip.py
 ---> Using cache
 ---> 9b719fdf621b
Step 5/38 : RUN yum -y install ansible && yum clean all
 ---> Using cache
 ---> f24e0adf79f3
Step 6/38 : RUN yum -y install vim && yum clean all
 ---> Using cache
 ---> 1bb819ba75bd
Step 7/38 : RUN yum -y install curl && yum clean all
 ---> Using cache
 ---> d27b86305924
Step 8/38 : RUN yum -y install git && yum clean all
 ---> Using cache
 ---> 8a72a851696d
Step 9/38 : RUN rm -rf /usr/lib/python2.7/site-packages/chardet*
 ---> Using cache
 ---> 365efd7fa825
Step 10/38 : RUN pip install vspk
 ---> Using cache
 ---> 97e702309870
Step 11/38 : RUN pip install pexpect
 ---> Using cache
 ---> a141c3b9185d
Step 12/38 : RUN pip install packet-python
 ---> Using cache
 ---> 17dcb0ff39e9
Step 13/38 : RUN pip install django
 ---> Using cache
 ---> 68c70d14a5a7
Step 14/38 : RUN useradd dev
 ---> Using cache
 ---> 9eea619e87d5
Step 15/38 : RUN mkdir -p /home/dev/.ssh
 ---> Using cache
 ---> cf9c95c6f843
Step 16/38 : RUN mkdir -p /home/dev/images
 ---> Using cache
 ---> d9a997faf4e6
Step 17/38 : RUN mkdir -p /home/dev/pk-nuage-multi
 ---> Using cache
 ---> ab79724a79bb
Step 18/38 : RUN mkdir -p /var/log/ansible
 ---> Using cache
 ---> 0032fa2f2b1c
Step 19/38 : RUN chown -R dev:dev /home/dev
 ---> Using cache
 ---> 32856383b5d9
Step 20/38 : RUN chown -R dev:dev /var/log/ansible
 ---> Using cache
 ---> 530ea3da4591
Step 21/38 : VOLUME /home/dev/pk-nuage-multi
 ---> Using cache
 ---> 32c035a8b8ae
Step 22/38 : VOLUME /home/dev/.ssh
 ---> Using cache
 ---> f61f1c9170a0
Step 23/38 : VOLUME /var/log/ansible
 ---> Using cache
 ---> 45bb5df13ed1
Step 24/38 : WORKDIR /home/dev
 ---> Using cache
 ---> 87d1081701a5
Step 25/38 : ENV HOME /home/dev
 ---> Using cache
 ---> ea7f117a31a2
Step 26/38 : ADD vimrc /home/dev/.vimrc
 ---> Using cache
 ---> cf729acf4c10
Step 27/38 : ADD setup.sh /home/dev/setup.sh
 ---> Using cache
 ---> 176d7267eab5
Step 28/38 : ADD .nuage_license_key /home/dev/.nuage_license_key
 ---> Using cache
 ---> 78e9575c438f
Step 29/38 : RUN chmod 755 /home/dev/setup.sh
 ---> Using cache
 ---> 2701ffc9a9f0
Step 30/38 : ADD bash_profile /home/dev/.bash_profile
 ---> Using cache
 ---> 830c0edf3b3f
Step 31/38 : RUN mkdir -p /home/dev/.vim/autoload /home/dev/.vim/bundle
 ---> Using cache
 ---> ccebbfc38fba
Step 32/38 : RUN curl -LSso /home/dev/.vim/autoload/pathogen.vim https://tpo.pe/pathogen.vim
 ---> Using cache
 ---> 1a2d1987d675
Step 33/38 : RUN git clone git://github.com/chase/vim-ansible-yaml.git  /home/dev/.vim/bundle/vim-ansible-yaml
 ---> Using cache
 ---> 0d9641c4088b
Step 34/38 : RUN git clone https://github.com/lepture/vim-jinja.git /home/dev/.vim/bundle/vim-jinja
 ---> Using cache
 ---> 36940194aa83
Step 35/38 : RUN git clone git://github.com/ansible/ansible.git --recursive /home/dev/ansible
 ---> Using cache
 ---> fffa0dc891c2
Step 36/38 : RUN chown -R dev: /home/dev
 ---> Using cache
 ---> 8d0e89c1848e
Step 37/38 : USER dev
 ---> Using cache
 ---> c5f4b462152f
Step 38/38 : CMD /home/dev/setup.sh
 ---> Using cache
 ---> 8c179cd27888
Successfully built 8c179cd27888

One thought on “SDN/SDWAN lab on-premises within 60min #Nuage

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s