I am working on a project that requires me to spin up a virtual lab, simulating the live environment, test changes there and then, once the changes are verified in lab - apply them to the live environment.
One of the big hurdles I ran into - virtual labs (at least Cisco ones) do not allow you to ssh into virtual devices by default, which makes it nearly impossible to use network automation tools like Ansible. Of course, you could extend the virtual network into the real one, but at least in my environment it would create lots of other issues with security and other teams.
My solution to the problem - write a proxy server in python, which will receive SSH connection from Ansible and proxy them to the virtual device. I have written some very basic script a couple of years ago and used it for some small testing, then somebody else turned the script into a linux service and just recently I added some code to handle CMLv2 lab (where there are no telnet ports exposed anymore, instead you have to SSH into the CML host and type "open virtual_device_id" to open console connection to it).
You can find code with install instructions here - https://github.com/eoprede/ssh_to_telnet_proxy
As an example, here's how I start script in my environment:
/usr/local/bin/ssh_to_telnet_proxy -k /root/.ssh/id_rsa -p 3000 --cml my.cmlv2.com --logfile /var/log/ssh2telnet.log
And this is how my ansible inventory looks like, when I am connecting to one of the virtual IOS devices:
test: hosts: "ssh2telnet.proxy.com": vars: ansible_connection: network_cli ansible_network_os: ios ansible_user: gesha24@/ecf1dd/n1/0 ansible_password: password ansible_port: 3000 ansible_become: yes ansible_become_method: enable
After that I can run pretty much any playbook against a virtual device and verify it performs as expected.
Hopefully somebody will find this useful. Reach out here or on git if you have issues/bugs with the code, pull requests are also always welcome.
No comments:
Post a Comment