Key Topics   1

Chapter 29
Embedded Event Manager (EEM) is a very flexible and powerful Cisco IOS tool. EEM
allows engineers to build software applets that can automate many tasks. EEM also derives
some of its power from the fact that it enables you to build custom scripts using Tcl. Scripts
can automatically execute, based on the output of an action or an event on a device. One
of the main benefits of EEM is that it is all contained within the local device. There is no
need to rely on an external scripting engine or monitoring device in most cases. Figure 29-1
illustrates some of the EEM event detectors and how they interact with the IOS subsystem.

M29_Edgeworth_C29.indd 1 12/12/19 4:37 PM

 2   CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide

Puppet
Puppet is a robust configuration management and automation tool. Cisco supports the
use of Puppet on a variety of devices, such as Catalyst switches, Nexus switches, and the
Cisco Unified Computing System (UCS) server platform. Puppet works with many different
vendors and is one of the more commonly used tools used for automation. Puppet can be
used during the entire lifecycle of a device, including initial deployment, configuration
management, and repurposing and removing devices in a network.
Puppet uses the concept of a puppet master (server) to communicate with devices that have
the puppet agent (client) installed locally on the device. Changes and automation tasks are
executed within the puppet console and then shared between the puppet master and puppet
agents. These changes or automation tasks are stored in the puppet database (PuppetDB),
which can be located on the same puppet master server or on a separate box. This allows the
tasks to be saved so they can be pushed out to the puppet agents at a later time.

M29_Edgeworth_C29.indd 2 12/12/19 4:37 PM

 Key Topics   3

Chef
Chef is an open source configuration management tool that is designed to automate con-
figurations and operations of a network and server environment. Chef is written in Ruby and
Erlang, but when it comes to actually writing code within Chef, Ruby is the language used.

M29_Edgeworth_C29.indd 3 12/12/19 4:37 PM

 4   CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide

SaltStack (Agent and Server Mode)

SaltStack is another configuration management tool, in the same category as Chef and
Puppet. Of course, SaltStack has its own unique terminology and architecture. SaltStack is
built on Python, and it has a Python interface so a user can program directly to SaltStack
by using Python code. However, most of the instructions or states that get sent out to the
nodes are written in YAML or a DSL. These are called Salt formulas. Formulas can be
modified but are designed to work out of the box. Another key difference from Puppet and
Chef is SaltStack’s overall architecture. SaltStack uses the concept of systems, which are
divided into various categories. For example, whereas the Puppet architecture has a puppet
master and puppet agents, SaltStack has masters and minions.

M29_Edgeworth_C29.indd 4 12/12/19 4:37 PM

 Key Topics   5

Ansible
Ansible is an automation tool that is capable of automating cloud provisioning, deployment
of applications, and configuration management. Ansible has been around for quite some
time and was catapulted further into the mainstream when RedHat purchased the company
in 2015. Ansible has grown very popular due to its simplicity and the fact that it is open
source. Ansible was created with the following concepts in mind:

■■ Consistent

■■ Secure

■■ Highly reliable

■■ Minimal learning curve

M29_Edgeworth_C29.indd 5 12/12/19 4:37 PM

 6   CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide

Puppet Bolt
Puppet Bolt allows you to leverage the power of Puppet without having to install a puppet
master or puppet agents on devices or nodes. Much like Ansible, Puppet Bolt connects to
devices by using SSH or WinRM connections. Puppet Bolt is an open source tool that is
based on the Ruby language and can be installed as a single package.
In Puppet Bolt, tasks can be used for pushing configuration and for managing services, such
as starting and stopping services and deploying applications. Tasks are sharable. For example,
users can visit Puppet Forge to find and share tasks with others in the community. Tasks
are really good for solving problems that don’t fit in the traditional model of client/server
or puppet master and puppet agent. As mentioned earlier in this chapter, Puppet is used to
ensure configuration on devices and can periodically validate that the change or specific
value is indeed configured. Puppet Bolt allows you to execute a change or configuration
immediately and then validate it.

M29_Edgeworth_C29.indd 6 12/12/19 4:37 PM

 Key Topics   7

SaltStack SSH (Server-Only Mode)

SaltStack offers an agentless option called Salt SSH that allows users to run Salt commands
without having to install a minion on the remote device or node. This is similar in concept to
Puppet Bolt. The main requirements to use Salt SSH are that the remote system must have
SSH enabled and Python installed.

M29_Edgeworth_C29.indd 7 12/12/19 4:37 PM

 8   CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide

Table 29-7  High-Level Configuration Management and Automation Tool Comparison

Factor Puppet Chef Ansible SaltStack
Architecture Puppet masters Chef server Control Salt master
and puppet and Chef station and and minions
agents clients remote hosts
Language Puppet DSL Ruby DSL YAML YAML
Terminology Modules and Cookbooks Playbooks Pillars and
manifests and recipes and plays grains
Support for Yes Yes Yes Yes
large-scale
deployments
Agentless version Puppet Bolt N/A Yes Salt SSH

M29_Edgeworth_C29.indd 8 12/12/19 4:37 PM