Change Automation Overview
The Change Automation application automates the process of deploying changes to the network. You can define automation tasks to achieve the intended network states in Change Automation using Playbooks that consists of Plays written using YAML. You can then push configuration changes to Cisco Network Service Orchestrator (NSO), which deploys these changes to the network devices.
The difference between Change Automation and other existing scripted automation frameworks is that Change Automation is a closed-loop framework. Changes are deployed to the router or other device using programmable APIs, and the intent of the change is verified using telemetry that comes back from the router. Change Automation relies on telemetry to verify the intent of the change, avoiding the need to frequently poll the device for updates.
The following is a high level Change Automation workflow:
-
Review the existing Plays and Playbooks to see if any of them meet your needs fully or partially.
Note
Change Automation comes with a robust library of Playbooks, each with its own collection of configuration and check Plays.
-
Build Playbook as required:
-
If the required Playbook is available, use it.
-
If some combination of existing Plays accomplishes the task, build a new Playbook using those Plays.
-
If some of the required Plays are not available, create new Plays and build a new Playbook using the new and existing Plays.
-
-
Dry run the Playbook to test if it accomplishes the desired changes in the network.
-
Deploy the Playbook.
Change Automation allows you to customize and generate Plays and Playbooks using its API interface. For more information, see About Custom Plays and About Customizing Playbooks.
Configure Change Automation Settings
Configuring Change Automation settings is a post-installation activity and is the first task to be performed after installing Change Automation. This section explains the initial settings that must be configured before you can start using Change Automation.
As you configure Change Automation settings, bear in mind that Crosswork provides several ways to run Playbooks.
-
Manually ("on demand") or via scheduled execution. These two methods are typically used for Playbooks that accomplish data collection, configuration changes, or things like SMU deployment independent of any KPI-related fault detected in the network.
-
Manually or automatically when the Playbook is tied to a KPI. These methods are typically used when you want to run a Playbook intended to remediate a fault detected in the network. Key parameters needed to run the Playbook are populated when the alert tied to the KPI is triggered.
Note |
The Change Automation settings can only be configured once. If you want to modify the settings, Change Automation must be re-installed. Before reinstalling, make sure to export any Plays or Playbooks you have created, and after reinstalling, import them. For more information, see Export Plays, Import Custom Plays, Export Playbooks, and Import Playbooks. |
System Settings
After you install Change Automation, check that you can access the Change Automation application from the main menu: Go to
. Crosswork displays the Change Automation window, prompting you to complete the Change Automation application's configuration.Once initial setup is done, navigate to
to review the Change Automation settings:-
Playbook Job Scheduling: Enable or disable the ability to schedule Playbook jobs.
-
Credential Prompt: Device override credentials are an additional level of authentication that can improve change auditing. If enabled, users will be prompted to enter the credentials (device override credentials) before each Playbook execution. If disabled, you must create the relevant credential profile and provider settings for the override credentials to work. Follow the prompts on the window to meet each requirement.
As you make these changes, please note the following special considerations:
-
If you want to enable automatic Playbook execution, you must ensure that Playbook Job Scheduling is enabled, and that Credential Prompt is disabled. For more guidance, see Enable Automatic Playbook Execution.
-
If Credential Prompt is enabled: While executing Device Config plays, entering incorrect device override credentials will cause the playbook execution to fail. However, for a Check play or Data Collection play, the device override credentials are not validated and the Playbook will execute successfully irrespective of the accuracy of the override credentials. Device override credentials are only validated while pushing configuration changes.
-
If Credential Prompt is disabled: Only user IDs with write permissions for Administration APIs under Change Automation can complete the credential profile and provider setup tasks. If you are unsure if your user ID has the required privileges, you can check by selecting and inspecting the ID's privileges.
-
If Playbook Job Scheduling is disabled, then the Credential Prompt is enabled by default. You cannot disable the credential prompt if you disable Playbook job scheduling.
-
-
Click Save after you configure the above settings.
Enable Automatic Playbook Execution
In addition to running KPI-linked Playbooks manually, at the network operator's discretion, Crosswork Change Automation and Health Insights permits you to run one or more of your KPI-linked Playbooks automatically, whenever the KPI linked to that Playbook raises an alert of sufficient severity.
To enable this option, Playbook Job Scheduling must be enabled and Credential Prompt must be disabled. As noted above, you must have Crosswork system administrator privileges to change these settings.
Warning |
Once these settings are saved, you cannot change them unless you first use the Crosswork Manager to uninstall, then reinstall, both the Crosswork Change Automation and Health Insights applications. |
-
From the main menu, choose Device Override Credentials page opens.
. The -
Under Playbook Job Scheduling, click the Enabled button. Under Credential Prompt click the Disabled radio button.
When you are finished, the window should look like the illustration below.
-
Click Save to commit to these settings.
Assign Change Automation User Access Levels
Once the Change Automation system settings are completed, an admin user must review other user roles to ensure that all the users who need them have the proper level of access to run, import, and create Plays and Playbooks. Only users with write permissions for Administration APIs can disable or enable Playbook execution access and assign labels.
To provide this access, the admin user must:
-
Go to
. -
Under the Roles pane, select the role for which you want to grant the access.
-
In the right panel, under Read and Write check boxes (as necessary) for Play APIs and Playbook APIs under Change Automation.
, enable
Use the Change Automation Dashboard
The Change Automation Dashboard window (shown in the figure below) lets you view all Playbook-related activity and initiate Playbook runs. It displays the total number of Playbooks, the Playbook Jobs Calendar, the most recently run Playbook jobs, and the same network topology map you see when you select Topology from the main menu.
To view the Change Automation Dashboard window, select .
The Playbooks tile displays the total number of Playbooks (pre-defined and custom). Clicking on a specific number displays all the Playbooks that correspond to the selected category:
-
Total Playbooks indicate the total number of pre-defined and user created Playbooks (My Playbooks) that exist in the system.
-
Predefined Playbooks indicate the number of pre-defined Playbooks that exist in the system.
-
My Playbooks indicate the number of custom Playbooks that are created by the current user.
Creating Playbooks does not use a license. The license count is incremented only upon the first execution of a Playbook (pre-defined or user created), irrespective of whether the Playbook runs successfully or not. Subsequent execution of the Playbook does not increment the license count.
The Jobs Calendar tile displays a calendar (month, week, day) with the number of job sets executed on a given day that is marked in a circle against the corresponding date. Clicking on the number displays a dialog box with the names of the Playbook job sets and their execution time. Click the desired job set to view the execution details.
The color of the circle indicates the overall status of the job sets:
-
A red circle indicates at least one job set with Failed status among the day's overall job sets.
-
A gray circle indicates that all job sets are either in Scheduled or Running status.
-
A blue circle indicates at least one critical job set in Recovered status among the day's overall job sets.
-
A green circle indicates most of the Playbooks are in success state. Clicking on it displays all the jobs that are Recovered, Scheduled, or Running.
The View All Jobs link on the Jobs tile gives you direct access to the Change Automation Automation Job History window.
View the Play list
The Play List window of the Change Automation application gives you a consolidated list of all the Plays in the system.
From the main menu, select Play List window.
to view theItem | Description | |
---|---|---|
1 |
Click to create a custom Play. See Create a Custom Play Using Templates. |
|
Click to delete a custom Play. See Delete Custom Plays. |
||
Click to import a custom Play from a gzipped TAR archive file. See Import Custom Plays. |
||
Click to export a custom Play as a gzipped TAR archive file. See Export Plays. |
||
2 |
Click to see a pop-up Play Details window showing the Play's description and schema. When you are finished viewing these details, click or the Close button to close the pop-up window. |
|
3 |
The Type column indicates the type of the Play. You can click the column headings (Name, Description, Type, Labels, and Modified by) to sort the table by that column's data. |
|
4 |
Click to refresh the Plays list. |
|
5 |
Click to set filter criteria on one or more columns in the table. |
|
Click to clear any filter criteria you may have set. |
View the Playbook List
The Change Automation application's Playbook List window (in the following figure) gives you a consolidated list of all the Playbooks in the system. To view the Playbook List window, select .
Item | Description | |
---|---|---|
1 |
Click to create a custom Playbook. See Create a Custom Playbook Through the UI. |
|
Click to delete the currently selected custom Playbook. See Delete Custom Playbooks. |
||
Click to import Playbooks from a gzipped TAR archive file. See Import Playbooks. |
||
Click to export the currently selected Playbook(s) as a gzipped TAR archive file. See Export Playbooks. |
||
2 |
Click Manage Labels to assign label(s) to the Playbook. Assigning label(s) to the Playbooks gives the system administrator the ability to control which Playbooks each user role is allowed to run. |
|
3 |
Click to see a pop-up Playbook Details window showing the Playbook's description, software compatibility, version number, and its plays. When you are finished viewing these details, click or the Close button to close the pop-up window. |
|
4 |
click the Name, Description, Version, Software Platform, and Last Modified column headings in the table to sort the table by that column's data. You can also choose which columns are shown, and set quick or advanced filters on any column. |
|
5 |
Click to refresh the Playbooks list. |
|
6 |
Click to set filter criteria on one or more columns in the table. |
|
Click to clear any filter criteria you may have set. |