容器化NPB + Ansible：自动化运维方案

原创于 2025-12-08 11:38:07 发布 · 113 阅读

CC 4.0 BY-SA版权

文章标签：

NPB 2.0：架构革新与自动化赋能

从专用硬件设备到容器化部署，从手工配置到自动化下发，NPB技术正经历着从“功能实现”到“运维友好”的深刻转型。在NPB 2.0架构中，星融元将NPB组件容器化运行于交换机之上，并深度融合Ansible自动化工具，实现了网络策略的快速、标准化部署。

什么是Ansible？

Ansible作为一款开源自动化工具，以其无代理、声明式的特点，成为跨平台配置管理的理想选择。结合星融元开发的Ansible Collection for AsterNOS，用户可直接通过Playbook调用SONiC设备的CLI接口，完成复杂的网络策略配置，极大提升了运维的一致性与可靠性。

本文将通过具体操作流程，展示如何利用Ansible实现NPB设备的自动化配置。

实施流程概要

1.在服务器上安装 Ansible

pip3 install ansible

我们所提供的demo文件结构如下：

eric@mypc:~$ tree
.
├── ansible.cfg
├── group_vars
│   └── sonic.yml
├── host_vars
│   └── sonic1.yml
├── inventory
├── library
│   └── sonic_klish.py
└── site.yml

2.在 ansible.cfg 中指定设备信息文件

[defaults]
inventory = inventory #指定为'inventory'文件
host_key_checking = False
retry_files_enabled = False
gathering = explicit
stdout_callback = yaml

3.在 inventory 文件中指定设备的登录信息

[sonic]
sonic1 ansible_host=192.168.1.x ansible_user=x ansible_password=x

4.group_vars/sonic.yml 文件不需要改动

# group_vars/sonic.yml
host: "{{ ansible_host }}"
user: "{{ ansible_user }}"
password: "{{ ansible_password }}"

5.host_vars/sonic1.yml 中编写要下发的配置

以下为两组示例的命令行配置

config_vlan_cmd: |
  configure
  vlan 3003
  end
exit

config_acl_test_cmd: |
  configure
  access-list L3 test1 ingress priority 500000
  rule 1 packet-action permit redirect-action ethernet 11
exit
  interface ethernet 11
  acl test1
  end
exit

6、library/sonic_klish.py （不需要改动，用来调用设备的 CLI（代码略）

7、site.yml 设置用例

新增两个task分别调用config_acl_test_cmd和config_vlan_cmd

---
- hosts: sonic
  gather_facts: no
  tasks:
    - name: Push klish commands
      sonic_klish:
        commands: "{{ config_acl_test_cmd }}"
        host:     "{{ host }}"
        user:     "{{ user }}"
        password: "{{ password }}"
      delegate_to: localhost
      register: result
      
    - name: Push klish commands 1
      sonic_klish:
        commands: "{{ config_vlan_cmd }}"
        host:     "{{ host }}"
        user:     "{{ user }}"
        password: "{{ password }}"
      delegate_to: localhost
      register: result

    - debug: var=result.stdout

8.执行用例

[root@localhost ansible]# ansible-playbook -v site.yml
Using /home/ryan/ansible/ansible.cfg as config file

打印如下，则执行完毕：

PLAY [sonic] *********************
 
TASK [Push klish commands] ****************
changed: [sonic1 -> localhost] => changed=true
  stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
    stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# access-list L3 test1 ingress priority 500000
    sonic(config-L3-acl-test1)# rule 1 packet-action permit redirect-action ethernet 13
    sonic(config-L3-acl-test1)# exit[J
    sonic(config)# interface ethernet 13
    sonic(config-if-13)# acl test1[J
    sonic(config-if-13)# end[J
    sonic# exit
  stdout_lines: <omitted>

TASK [debug] ***********************
ok: [sonic1] => 
  result.stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
    stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# access-list L3 test1 ingress priority 500000
    sonic(config-L3-acl-test1)# rule 1 packet-action permit redirect-action ethernet 13
    sonic(config-L3-acl-test1)# exit[J
    sonic(config)# interface ethernet 13
    sonic(config-if-13)# acl test1[J
    sonic(config-if-13)# end[J
    sonic# exit

TASK [Push klish commands] *****************
changed: [sonic1 -> localhost] => changed=true
  stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
    stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# vlan 3003
    sonic(config-vlan-3003)# end[J
    sonic# exit
  stdout_lines: <omitted>

TASK [debug] *********************
ok: [sonic1] => 
  result.stdout: |-
    Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
    ...Entering cli view, please wait...
    stty: 'standard input': Inappropriate ioctl for device
    stty: 'standard input': Inappropriate ioctl for device
    sonic# configure
    sonic(config)# vlan 3003
    sonic(config-vlan-3003)# end[J
    sonic# exit

PLAY RECAP ************************
sonic1                     : ok=4    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0