This blog post will show you how to increase the efficiency of Cisco DNA Center (DNAC) by integrating with Jenkins to get things automated. We explain how to build a step-by-step  pipeline that will automate deploying  of CLI Templates to network devices using the "DNAC Python SDK" and Jenkins. Then we will examine other options to create CI/CD pipelines for common network provisioning tasks like inventory, and  SDA-as-Code.

Cisco DNA Center is a powerful network controller and management dashboard for secure access to networks and applications. Cisco DNAC helps to Simplify management and streamline network operations with an intelligent intent-based network controller.

Cisco DNA Center provides the ability to receive custom notifications when specific events are triggered, such as Cisco DNAC Assurance and Automation for System Wide Information Management (SWIM) events. This mechanism enables third party systems to take business actions in response to a particular event.

IT Service Management (ITSM) minimizes handoffs, reduces duplication of issues, and optimizes processes by integrating the Cisco DNAC platform into incident-management, change-management, and problem-management systems. It also integrates the Cisco DNAC platform into approval and pre-approval chains, and it links the Cisco DNAC platform with formal change and maintenance-window schedules.

The Cisco DNA Center platform GUI provides a Manage drop-down menu option that provides access to the following features:

Bundles: Access to bundles that you can use to integrate Cisco DNA Center with your own applications or to enhance the performance of Cisco DNAC itself.

The Cisco DNA Center provides you with the following software developer tools to access and program with Cisco DNAC, as well as to integrate Cisco DNAC with other applications:

• APIs: Available APIs organized within categories by functionality (for example, Operational Tasks or Site Management APIs).
  • Integration Flows: Available integration flows organized by category type. Currently, only IT Service Management (ITSM) is available.
  • Events: Provides a window to view and subscribe to specific events that may occur in your network.

The Runtime Dashboard provides you with a quick review of the following summaries:

• API Summary: Summary of recent API calls, results, and performances. Click View Details to open a slide-in pane with information about individual API call counts and call durations.
•  Event Summary: Cisco DNA Center events involving REST endpoints or integration flows. Click on an event name (link) to open a slide-in pane with additional detailed event information.
• Integration Flow Summary: Summary of integration flow instances, results, and performances. Choose the appropriate tab to view additional detailed information about either the REST-based or Schedule-based Integration Flows.

Configurations: Access to a window to configure global settings for a single bundle or across multiple bundles for a custom platform experience.

In a company most of the engineers may be using the same script over and over for automating the tasks. But if there are any changes made in the script due to a bug fix, it will not be updated to all engineers. In this scenario we need to have a better capability to share the knowledge between each other. Most of the companies may have the various home-grown scripts/apps to manage. This may lead to security concerns that can be caused because of complexity and lack of consistency in the script. This can also cause Limited visibility and reporting.

To resolve the above mentioned issue we can use DevOps tools like GitHub and Jenkins .  

What is Jenkins?

Jenkins is a self-contained, opensource automation server which can be used to automate all sorts of tasks related to building, testing, and delivering or deploying software. Jenkins can be installed through native system packages, Docker, or even run standalone by any machine with a Java Runtime Environment (JRE) installed.”

If we look at Cisco DNA Center and DevOps Journey over the years, it has moved from Ad-hoc Scripting to Re-usable Frameworks like GitHub and Jenkins.

Jenkins is the framework that perfectly fits with Cisco DNAC. Here we are going to see Cisco DNAC Jenkins Integration.

Jenkins is a self-contained, open-source automation server which may be used to support network infrastructure management as Infrastructure-as-code, Integrate with GitHub for validated and approved apps ,Integrate with GitHub for intent configurations, profiles and policies  and be the platform used by all network engineers to run apps and scripts.

1. Jenkins file is a text file representing the definition of a pipeline. It includes multiple stages and steps.
2. Steps may be constructed using:

• Shell commands
• Run code developed using the Python SDK, Ansible or Terraform
• Plugins

What happens if you have multiple DNAC clusters, for example one in the lab and one in the production? You build a Services Layer which includes both Jenkins and GitHub. The Cisco DNAC cluster will provide the same experience. Then from Services layer if needed can build additional integrations with other platforms also. If you follow a model like this, you will have consistent outcomes and can scale to multiple DNAC clusters for which same information is needed using the automation script.

Let’s take a Jenkins Use Case on CLI Template Deployment

1. Network engineer comes and asks for a very descriptive task to be done with DNAC.
2. For that will push the script that will help to run the job into GitHub
3. Jenkins will download the repository from GitHub that will trigger the task to be done by DNAC
4. Jenkins can run on a schedule based on the steps build up for running the container, installing the libraries, Downloading the GitHub repo and things like that.
5. On executing the workflow, the python script will call DNAC API for everything that you want to interact and want Cisco DNAC to do for you.
6. At the end a report will be generated and will be pushed to GitHub.
7. You can go to the Jenkins console and see exactly what failed.

In this example of “Jenkins Project – CLI Deployment” what you have is a Cisco DNAC along with a lab and a Production device as mentioned in the Project Details file below. What You want is to first test on lab and then deploy on the production network. All you need is to create a CLI Template.

Now from the point of view of a DevOps engineer what you need is the Jenkins file. You can use any automation options like python, Ansible or Terraform to build the Jenkins file.

In this example the scripts used are tested and validated based on the enterprise standards. The script starts from pip install which has all the requirements needed followed by building and running the docker container. These are the assumptions that we need to consider while creating a Cisco DNA Center Jenkins Pipeline.

• You must have Jenkins installed and running
• • Docker to be installed and running
• You should also have created a GitHub Token (if planning to use GitHub). If so, add the GitHub Token to your Jenkins credentials using the Manage Credentials option from the Dashboard as shown below.

Let’s walk through the code on “How to create a Jenkins Pipeline for CLI Templates Deployment.”

After selecting the Docker image (python) define the environment variables like GitHub username/password. After that clone the GitHub repo using the app code, where you have the requirements.txt file.  The modules are installed on a docker container instead of our laptop. Next you will have the templates repo cloned followed by deploying the template on the lab.

Here you have a python application and a template downloaded from GitHub to configure specific devices on the platform. Since everything is predefined and validated like the image to be used on Docker container it will be very easy for continuing the same related to what is to be done on production environment and finally pushing outcome as report from Jenkins into GitHub. In the end you may remove the container.

The script will be available under the resource section.

Here goes the code walk through

Now lets see the application that you are going to call from Jenkins to deploy CLI template. In GitHub repo you may find so many similar applications which could be used to automate the workflow on your laptop. Please note the same will run on the docker container. The details are shown below.

Once the application is called form the Jenkins it will deploy the template to the devices using cisco DNAC API. Let’s have a walk-through of the demo on CLI Templates Pipeline.  Frist lets have a look at the stages and steps that we are going to run on Jenkins. It’s the template.

Here In In this scenario the Job is going to be executed manually.

Jenkins Pipeline Dashboard gives you last Job Build and time for each stage, Status for each stage and Build History. Here as shown below what you do is just click on the button Build Now.

Once the Job got build and running you may click on the latest Job id (In this case #108) . This will show you the Job Build Console Output page. Here if you scroll up you can see first the details about building of the container that will be hosted with all the packages needed. Then we can see the repo is being cloned and started installing all the python libraries. After that the versions are checked which is followed by deployment of templates to the lab and once that is completed its deployed on production and finally building the reports. These logs will help to monitor what happened like if any Device API failure happens or any error occurred on running the job.

Once completed you can see a Jenkins project and the template that has been created

Also from the Report Generated can confirm that the Job got completed correctly.

Next let’s try out a Jenkins Pipeline to Collect Device Inventory. In this you are going to automate the build based on some conditions.

1. This pipeline will run every 15 minutes.
2. Will collect the Cisco DNA Center device inventory and Push the inventory files to GitHub
3. It includes device and AP inventories, software non-compliant devices list, formatted as JSON and YAML files
4. Always up-to-date rich inventory data will be needed for other automation tools and platforms

You can have Jenkins Build Triggers by the following ways - remotely using (API call) , Periodically , via GitHub actions ,After another build is finished. In the below Dashboard please note the time gap under which the job is been running .

When you click on the Configure button you can see that under Build Triggers menu the schedule

And on scrolling down under Advanced Project options can see the Pipeline hosted under Jenkins.

Next when you come back to dashboard

and click on the Job #id You can see the console output like in the previous CLI Templates example. Here you are using a python script to collect the device inventory which is been stored locally on the docker container that could be pushed into github. This data will be needed for asset management or security audit or any other use cases were correct and up to date information will be the main factor.

If we check the github repo and refresh

You can find the sample file with inventory details that will be updated every 15 minutes.

Next example is to create Fabric using Jenkins Pipeline on a schedule of every 5 minutes. For that every time when the Network engineer pushes the file with fabric details to GitHub, Build will pull GitHub to download the fabric configuration file and deploy fabrics . This will happen only if the file exists . Jenkins will Skip deployment of fabric if no file is present and its possible to add state and reporting.

The details of log file generated on the fabric configuration if the file exits is shown below. Basically, what you are doing is deploying the fabric_operations.yml file which acts as the template file with device information and DNAC details.

In next example let's see SDA as code.

Once you click on the project you can see the time schedule and details under which the code will be executed if the file exists.

Similar to above examples you may click on the Job #id and see the console output. The history log will show you when the job was skipped.

If you didn’t push any file into github then there is nothing for the automation tool to be performed.

If you are going to push the file into github.

You can see from github that the fabric_operations.yml had started.

From Dashboard we can see the time at which the job started and other details.

Credit : This  article was created based on  Jenkins Automations for Cisco DNA Center - DEVNET-2151 cisco live presentation.

Resources

• https://dnacentersdk.readthedocs.io/en/latest/
• https://github.com/cisco-en-programmability/dnacenter-jenkins-tutorial
• https://github.com/zapodeanu/dnacenter_jenkins_automations_public
• https://www.youtube.com/c/CiscoENProgrammability
• https://github.com/cisco-en-programmability