Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:03,730 --> 00:00:06,990 This is a free, complete course for the CCNA. 2 00:00:06,990 --> 00:00:10,769 If you like these videos, please subscribe\n 3 00:00:10,769 --> 00:00:15,298 Also, please like and leave a comment, and\n 4 00:00:18,039 --> 00:00:23,710 In this video we will cover configuration\n 5 00:00:23,710 --> 00:00:29,450 They are exam topic 6.6, which says you must\n 6 00:00:30,940 --> 00:00:36,109 So, just like with the other automation topics\n 7 00:00:36,109 --> 00:00:40,619 be able to use these tools yet, but Cisco\n 8 00:00:40,619 --> 00:00:42,549 of their purpose and capabilities. 9 00:00:42,549 --> 00:00:46,789 Here’s what we’ll cover in this video. 10 00:00:46,789 --> 00:00:52,929 First I’ll introduce configuration management\n 11 00:00:52,929 --> 00:00:57,600 Then I’ll introduce some of the characteristics\n 12 00:00:59,950 --> 00:01:04,290 So far I’ve introduced various automation\n 13 00:01:05,530 --> 00:01:09,799 They are suitable for some jobs, and not suitable\nfor others. 14 00:01:09,799 --> 00:01:13,829 Depending on the company you work for and\n 15 00:01:13,828 --> 00:01:18,519 automation tools, or just a few of them, or\nnone at all. 16 00:01:18,519 --> 00:01:22,840 Configuration management tools like these\n 17 00:01:22,840 --> 00:01:28,310 in medium to large networks with hundreds\n 18 00:01:28,310 --> 00:01:32,579 And make sure to watch until the end of the\n 19 00:01:32,578 --> 00:01:38,718 Software’s ExSim, the best practice exams\nfor the CCNA. 20 00:01:38,718 --> 00:01:43,199 To understand one reason why configuration\n 21 00:01:43,200 --> 00:01:47,070 the concept of configuration drift. 22 00:01:47,069 --> 00:01:51,779 Configuration drift is when individual changes\n 23 00:01:51,780 --> 00:01:57,409 to deviate from the standard and correct configurations\n 24 00:01:57,409 --> 00:02:00,609 This is not a good thing, and should be avoided\n 25 00:02:00,609 --> 00:02:05,459 I mentioned this earlier in the course, but\n 26 00:02:05,459 --> 00:02:08,389 have a totally unique configuration. 27 00:02:08,389 --> 00:02:13,029 Although each device will have unique parts\n 28 00:02:13,030 --> 00:02:19,110 and its host name, most of a device’s configuration\n 29 00:02:19,110 --> 00:02:23,460 by the network architects or engineers of\nthe company. 30 00:02:23,460 --> 00:02:28,330 For example, you can expect all of your routers\n 31 00:02:28,330 --> 00:02:34,830 same Syslog configurations, the same AAA configurations\n 32 00:02:34,830 --> 00:02:37,940 one or two LAN interfaces, etc. 33 00:02:37,939 --> 00:02:42,129 Those all follow standard templates, with\n 34 00:02:43,419 --> 00:02:48,989 But, as individual engineers make changes\n 35 00:02:48,990 --> 00:02:54,860 fix network issues, test configurations, etc,\n 36 00:02:56,509 --> 00:03:01,590 Often records of these individual changes\n 37 00:03:01,590 --> 00:03:04,430 can lead to issues in the future. 38 00:03:04,430 --> 00:03:08,700 For example, it might be hard to tell if a\n 39 00:03:11,530 --> 00:03:15,680 The configuration management tools we’ll\n 40 00:03:15,680 --> 00:03:20,730 without automation tools like Ansible, it\n 41 00:03:22,169 --> 00:03:26,709 For example, something I did in the past was\n 42 00:03:26,710 --> 00:03:29,379 a text file and place it in a shared folder. 43 00:03:29,379 --> 00:03:36,449 In my case, a standard file naming system\n 44 00:03:36,449 --> 00:03:40,750 Notice in the screenshot here we have three\n 45 00:03:40,750 --> 00:03:45,340 different dates, and three versions of R2’s\nconfig as well. 46 00:03:45,340 --> 00:03:50,599 This helps keep track of previous versions\n 47 00:03:50,599 --> 00:03:54,780 However there are flaws to this system, as\n 48 00:03:54,780 --> 00:03:58,500 new config in the folder after making changes. 49 00:03:58,500 --> 00:04:01,729 In that case, which one should be considered\nthe correct config? 50 00:04:01,729 --> 00:04:06,780 And even if the configurations are properly\n 51 00:04:06,780 --> 00:04:10,080 guarantee that the configurations actually\nmatch the standard. 52 00:04:10,080 --> 00:04:13,400 It just helps us keep track of different versions\nof the config. 53 00:04:13,400 --> 00:04:19,509 Plus, a manual approach is not very scalable\n 54 00:04:19,509 --> 00:04:24,590 So, configuration management tools can of\n 55 00:04:24,589 --> 00:04:31,638 like preventing configuration drift, but they\n 56 00:04:31,639 --> 00:04:36,569 Configuration provisioning refers to how configuration\n 57 00:04:36,569 --> 00:04:42,490 This includes configuring new devices too,\n 58 00:04:42,490 --> 00:04:47,418 As you know, traditionally configuration provisioning\n 59 00:04:47,418 --> 00:04:51,209 via SSH, or console as well of course. 60 00:04:51,209 --> 00:04:53,948 But this is not practical in large networks. 61 00:04:53,949 --> 00:04:59,218 It simply doesn’t scale well in networks\n 62 00:04:59,218 --> 00:05:03,288 Configuration management tools like Ansible,\n 63 00:05:03,288 --> 00:05:08,300 to devices on a mass scale with a fraction\n 64 00:05:08,300 --> 00:05:12,879 Two essential components that you’ll find\n 65 00:05:12,879 --> 00:05:17,789 Here’s an example of a template, where values\n 66 00:05:17,788 --> 00:05:22,300 IP address, mask, OSPF process ID, and area. 67 00:05:22,300 --> 00:05:27,689 Instead, we use a separate file specifying\n 68 00:05:29,870 --> 00:05:35,959 Given a template and the appropriate variables,\n 69 00:05:35,959 --> 00:05:40,060 Of course, this is just a small snippet of\n 70 00:05:40,060 --> 00:05:44,538 easy it would be to generate the configuration\n 71 00:05:44,538 --> 00:05:49,469 All devices can share the template, and we\n 72 00:05:52,120 --> 00:05:55,769 Exactly how these templates and variables\n 73 00:05:55,769 --> 00:06:00,519 tool, but they all use a system like this. 74 00:06:00,519 --> 00:06:04,408 Okay now let me introduce configuration management\ntools. 75 00:06:04,408 --> 00:06:08,740 These are network automation tools that facilitate\n 76 00:06:10,319 --> 00:06:15,479 They can be useful in networks of any size,\n 77 00:06:15,478 --> 00:06:20,598 The options you need to be aware of for the\n 78 00:06:20,598 --> 00:06:25,269 When it comes to managing network devices,\n 79 00:06:25,269 --> 00:06:28,359 Ansible first, Puppet second, and Chef third. 80 00:06:28,360 --> 00:06:33,650 However, these tools weren’t originally\n 81 00:06:33,649 --> 00:06:38,218 They were originally developed after the rise\n 82 00:06:38,218 --> 00:06:42,168 automate the process of creating, configuring,\nand removing VMs. 83 00:06:42,168 --> 00:06:48,389 But these days they are also widely used to\n 84 00:06:48,389 --> 00:06:52,668 They can be used to perform tasks such as\n 85 00:06:54,629 --> 00:06:58,889 Using templates it’s very simple to generate\n 86 00:07:01,619 --> 00:07:04,569 They can be used to perform configuration\nchanges on devices. 87 00:07:04,569 --> 00:07:10,439 It can be all devices in your network, or\n 88 00:07:10,439 --> 00:07:15,290 You tell Ansible or Puppet or Chef which changes\n 89 00:07:15,290 --> 00:07:18,278 does the rest of the work for you. 90 00:07:18,278 --> 00:07:22,408 These tools can also be used to check device\n 91 00:07:23,408 --> 00:07:28,438 If a device’s configuration doesn’t match\n 92 00:07:29,610 --> 00:07:33,490 Then you can investigate that issue and fix\n 93 00:07:35,069 --> 00:07:37,569 Or you can automate the change. 94 00:07:37,569 --> 00:07:41,968 You can also compare configurations between\n 95 00:07:41,968 --> 00:07:44,110 configurations on the same device. 96 00:07:44,110 --> 00:07:48,080 These are just some examples of what you can\n 97 00:07:48,079 --> 00:07:52,618 Basically, they solve the problem of managing\n 98 00:07:52,619 --> 00:07:55,090 with hundreds or thousands of different devices. 99 00:07:55,089 --> 00:08:02,098 Now let’s take a look at the basic characteristics\n 100 00:08:04,139 --> 00:08:09,999 Ansible is a configuration management tool\n 101 00:08:09,999 --> 00:08:12,669 Ansible itself is written in Python. 102 00:08:12,668 --> 00:08:17,459 The other two I’ll introduce, Puppet and\n 103 00:08:21,158 --> 00:08:26,329 It means that it doesn’t require any special\n 104 00:08:26,329 --> 00:08:32,908 Instead, Ansible simply uses SSH to connect\n 105 00:08:35,250 --> 00:08:39,559 This is a big advantage of Ansible which makes\n 106 00:08:39,559 --> 00:08:45,099 reason that it is the most popular choice\n 107 00:08:45,100 --> 00:08:48,040 Ansible also uses what’s called a push model. 108 00:08:48,039 --> 00:08:53,849 The Ansible server, also called the control\n 109 00:08:53,850 --> 00:08:57,040 and push configuration changes to them. 110 00:08:57,039 --> 00:09:01,329 This is different than Puppet and Chef which\n 111 00:09:01,330 --> 00:09:05,770 connect to the server to receive their configurations. 112 00:09:05,769 --> 00:09:11,019 After installing Ansible, you must create\n 113 00:09:11,019 --> 00:09:13,939 Playbooks are the ‘blueprint’ of automation\ntasks. 114 00:09:13,940 --> 00:09:18,780 They outline the logic and actions of the\n 115 00:09:21,240 --> 00:09:26,019 Then you’ll also need inventory files which\n 116 00:09:26,019 --> 00:09:28,500 as well as their characteristics. 117 00:09:28,500 --> 00:09:34,500 For example, their device role such as access\n 118 00:09:34,500 --> 00:09:38,120 etc can be listed as a characteristic. 119 00:09:38,120 --> 00:09:43,470 These inventory files can be written in multiple\n 120 00:09:43,470 --> 00:09:48,850 You also need templates, which as you saw\n 121 00:09:48,850 --> 00:09:53,899 but specific values for variables are not\n 122 00:09:54,899 --> 00:09:58,549 These templates are written in a format called\nJinja2. 123 00:09:58,549 --> 00:10:01,199 And finally you’ll need variable files. 124 00:10:01,200 --> 00:10:05,340 They list variables and their values, as you\nalso saw earlier. 125 00:10:05,340 --> 00:10:10,440 These values are substituted into the templates\n 126 00:10:10,440 --> 00:10:12,430 these files are written in YAML. 127 00:10:12,429 --> 00:10:16,559 Let’s look at a diagram to visualize how\nthis works. 128 00:10:16,559 --> 00:10:22,679 So, here we have our inventory, templates,\n 129 00:10:22,679 --> 00:10:27,389 The inventory provides a list of devices,\n 130 00:10:27,389 --> 00:10:33,139 for the devices, and the variables provide\n 131 00:10:33,139 --> 00:10:37,629 These inputs are given to the playbook which\n 132 00:10:41,879 --> 00:10:47,649 You should know that it is agentless, written\n 133 00:10:47,649 --> 00:10:53,529 connect to devices, and uses YAML for its\nnecessary files. 134 00:10:55,059 --> 00:10:59,919 Puppet is a configuration management tool\n 135 00:10:59,919 --> 00:11:04,889 It is typically agent-based, which means that\n 136 00:11:04,889 --> 00:11:07,850 installed on the managed devices. 137 00:11:07,850 --> 00:11:12,240 And not all Cisco devices support a Puppet\n 138 00:11:12,240 --> 00:11:15,570 is more popular for network device management. 139 00:11:15,570 --> 00:11:20,850 However it can be run agentless, in which\n 140 00:11:20,850 --> 00:11:26,580 the proxy agent uses SSH to connect to the\n 141 00:11:26,580 --> 00:11:30,110 Note that in Puppet the server is called the\nPuppet master. 142 00:11:30,110 --> 00:11:35,409 And Puppet uses a pull model, so clients pull\n 143 00:11:35,409 --> 00:11:39,129 of the Puppet master pushing configurations\nto them. 144 00:11:39,129 --> 00:11:44,110 And note that clients use TCP 8140 to communicate\n 145 00:11:44,110 --> 00:11:47,159 You probably should remember that port number. 146 00:11:47,159 --> 00:11:52,089 And instead of YAML, it uses a proprietary\n 147 00:11:52,090 --> 00:11:56,580 Like Ansible it requires some different text\n 148 00:11:56,580 --> 00:12:01,629 Manifest file defines the desired configuration\n 149 00:12:01,629 --> 00:12:06,019 The Puppet master then uses this Manifest\n 150 00:12:08,179 --> 00:12:12,379 And just like Ansible, templates are used\n 151 00:12:13,850 --> 00:12:17,279 Here’s a very simplified look at that. 152 00:12:17,279 --> 00:12:21,589 Note that some of the devices have a Puppet\n 153 00:12:21,590 --> 00:12:25,000 to communicate with the device, but one doesn’t. 154 00:12:25,000 --> 00:12:28,539 Instead it will communicate via the external\nagent. 155 00:12:28,539 --> 00:12:33,129 In both cases, the network devices are able\n 156 00:12:35,769 --> 00:12:40,610 Remember that it’s written in Ruby, is typically\n 157 00:12:40,610 --> 00:12:48,009 master, it uses a pull model, clients use\n 158 00:12:48,009 --> 00:12:53,689 it uses a proprietary language for its files\n 159 00:12:53,690 --> 00:12:56,980 the desired configuration state of devices. 160 00:12:56,980 --> 00:13:01,019 Those are the main points you should know\nabout Puppet. 161 00:13:03,120 --> 00:13:07,019 Like Puppet, it is a configuration management\n 162 00:13:07,019 --> 00:13:11,990 It is agent-based, so specific software, a\n 163 00:13:13,669 --> 00:13:17,649 And not all Cisco devices support a Chef agent,\n 164 00:13:17,649 --> 00:13:21,879 So, this is the least popular of the three\nchoices. 165 00:13:21,879 --> 00:13:25,070 Like Puppet, Chef also uses a Pull model. 166 00:13:25,070 --> 00:13:30,480 And the Chef server uses TCP port 10002 to\n 167 00:13:30,480 --> 00:13:33,800 It uses various other ports, too, but you\nshould remember 10002. 168 00:13:33,799 --> 00:13:40,409 And Chef’s files use a DSL, Domain-Specific\n 169 00:13:40,409 --> 00:13:44,129 So, what are some of those files used by Chef. 170 00:13:44,129 --> 00:13:47,850 We have resources, which are like the ingredients\nin a recipe. 171 00:13:47,850 --> 00:13:51,550 They define configuration objects managed\nby Chef. 172 00:13:51,549 --> 00:13:56,819 A configuration object could be, for example,\n 173 00:13:56,820 --> 00:14:00,050 Then there are recipes, like the recipes in\na cookbook. 174 00:14:00,049 --> 00:14:05,029 They outline the logic and actions of the\n 175 00:14:05,029 --> 00:14:10,009 And of course there are cookbooks too, sets\n 176 00:14:10,009 --> 00:14:14,399 And finally run-lists, which are an ordered\n 177 00:14:14,399 --> 00:14:18,370 to the desired configuration state. 178 00:14:18,370 --> 00:14:23,060 And here’s a diagram from the Chef website\n 179 00:14:23,059 --> 00:14:28,039 Admins will do their work on a Chef workstation,\n 180 00:14:30,000 --> 00:14:35,110 Required information is stored on a Chef server,\n 181 00:14:35,110 --> 00:14:36,960 communicate with the Chef server. 182 00:14:36,960 --> 00:14:43,040 Notice that possible clients include servers,\n 183 00:14:43,039 --> 00:14:45,610 clouds, and of course network devices. 184 00:14:45,610 --> 00:14:50,320 As mentioned earlier, these tools weren’t\n 185 00:14:50,320 --> 00:14:52,560 and they can be used for various purposes. 186 00:14:55,080 --> 00:15:01,580 Remember that it is written in Ruby, is agent-based,\n 187 00:15:01,580 --> 00:15:08,620 configurations, and its files such as cookbooks\n 188 00:15:08,620 --> 00:15:11,610 And finally, here’s a chart comparing the\nthree. 189 00:15:11,610 --> 00:15:15,580 Something I didn’t mention clearly is that\n 190 00:15:17,700 --> 00:15:22,980 I recommend memorizing these basic characteristics\n 191 00:15:24,029 --> 00:15:28,059 Okay, here’s what we covered in this video. 192 00:15:28,059 --> 00:15:32,719 I introduced configuration management tools\n 193 00:15:32,720 --> 00:15:38,690 And then I introduced three that you should\n 194 00:15:38,690 --> 00:15:42,560 We only covered some very basic characteristics\n 195 00:15:44,509 --> 00:15:49,559 As you continue your studies you’ll probably\n 196 00:15:49,559 --> 00:15:54,250 especially Ansible, but for now you just need\n 197 00:15:54,250 --> 00:15:58,299 And make sure to watch until the end of the\n 198 00:15:58,299 --> 00:16:02,359 Software’s ExSim, the best practice exams\nfor the CCNA. 199 00:16:02,360 --> 00:16:07,419 Okay, let’s go to quiz question 1. 200 00:16:07,419 --> 00:16:12,360 Which of the following configuration management\n 201 00:16:12,360 --> 00:16:17,360 Pause the video now to select the best answer. 202 00:16:17,360 --> 00:16:23,028 Okay, the answer is B, Ansible. 203 00:16:23,028 --> 00:16:28,080 Ansible is agentless, so the control node\n 204 00:16:28,080 --> 00:16:33,690 Now, a Puppet external agent also connects\n 205 00:16:33,690 --> 00:16:37,730 architecture does not, so Ansible is definitely\n 206 00:16:42,070 --> 00:16:45,970 Which of the following configuration management\n 207 00:16:47,500 --> 00:16:52,019 Pause the video now to select the best answers. 208 00:16:52,019 --> 00:16:57,909 Okay, the answers are A, Chef and C, Puppet. 209 00:16:57,909 --> 00:17:01,769 They both use a pull model, whereas Ansible\nuses a push model. 210 00:17:06,470 --> 00:17:10,930 Which of the following configuration management\n 211 00:17:10,930 --> 00:17:15,430 Pause the video now to select the best answer. 212 00:17:15,430 --> 00:17:20,470 Okay, the answer is D, all of the above. 213 00:17:20,470 --> 00:17:26,069 Now, in this video I didn’t explicitly state\n 214 00:17:26,069 --> 00:17:30,470 model, but in describing their operations\n 215 00:17:35,119 --> 00:17:39,139 Which of the following configuration management\n 216 00:17:40,549 --> 00:17:45,039 Pause the video now to select the best answers. 217 00:17:45,039 --> 00:17:50,960 Okay, the answers are A, Chef and C, Puppet. 218 00:17:50,960 --> 00:17:55,058 Both of these tools are written in Ruby, whereas\n 219 00:17:55,058 --> 00:18:00,129 Okay, let’s go to question 5. 220 00:18:00,130 --> 00:18:03,990 Which of the following configuration management\n 221 00:18:03,990 --> 00:18:11,039 Pause the video now to select the best answer. 222 00:18:11,039 --> 00:18:13,970 Okay the answer is B, Ansible. 223 00:18:13,970 --> 00:18:17,558 Ansible playbooks are the blueprints of automation\ntasks. 224 00:18:17,558 --> 00:18:21,529 They outline the logic and actions of the\n 225 00:18:21,529 --> 00:18:24,000 Okay, that’s all for the quiz. 226 00:18:24,000 --> 00:18:28,048 Now let’s try a bonus question from Boson\n 18511