Ive been floating the idea around our team of setting up a proper repository for our network devices configs and templates. were just getting ansible stood up, and working to get that to use our templates we already have to generate config files, then eventually have it push the config to the devices. This brings us to where are we storing those config files. today any templates or config files are just stored on a shared drive, which i want to change so that they are securely stored some where with access control, as well as then having version control over the templates and configs them selves in that repository so we can use the repository as a source of truth. currently we are primarily a cisco shop, but were already planning to look at other vendors for a firewall refresh coming up in the next year or 2 and are wanting to start using SD wan for connectivity with our clients, which will likely not be viptela/cisco.
currently we do have backups occurring using solar winds of all devices, and while it generates nightly change reports to those devices, i feel its not the same thing as a version controlled repository that we could eventually tie into our ticketing system to monitor for deviations from the repository for a device and generate a remediation ticket.
we also allready are using netbox, which the plan is to use as a source of truth as well. it would provide information about device models and variable information that gets fed into the templates to generate the configs that are then stored in the repository. so basicly the information in netbox as a source of truth would feed into what is in the configs in the repository so the repository can act as a source of truth for the actual configs.
my team is new to automation, and trying to shift away from the spreadsheets and notepad documents stored on shared drives. are there any specific recommendations for repositories for the network side of the house? some of the other teams use their own repositories such as azure and git (open source), but im really not sure where to start in evaluating what our network team which focuses on routing, switching and firewalling, should focus on.
No comments:
Post a Comment