New to Meraki Automation and to DevOps, Any suggestions

IntrovertEngg
Getting noticed

New to Meraki Automation and to DevOps, Any suggestions

I am relatively new to network automation. I understand a little bit about programming. The manager assigned me the task of automating some operations for the Meraki dashboard. For example, make bulk changes to multiple networks within an organization such as VLAN creation, IP whitelisting, VPN exclusion rules, and so on. Those changes wont be limited for multiple networks but sometimes for multiple organizations as well. I've been assigned one Linux VM, and it appears that I'll need to use it as a launch pad for API jobs. I've tried browsing the API documentation and even running a couple of GET queries and was successful, but I don't have a thorough understanding of it, so I'm hesitant.
 
Where do I begin to learn this? On a high level, I'm thinking about using HTML as a frontend. Fields will appear based on the task selected from the dropdown; the user should enter a value in them and click the enter button, and the API should shoot. Is this too complicated and requires rocket science? Also, is there a way to change the way the result output is displayed? It currently appears in syntax format, but can I convert it to a tabular format with only specific information to be displayed ? For example If I run getOrganizationAdmins, I receive information like ID, name, e-mail, authenticationMethod, orgAccess,AccountStatus,twoFactor, lastactive, tags etc.. If I just want to receive limited info like ID, name, e-mail, OrgAccess then how it can be achieved? I believe that as I learn more, may be I will gain a better understanding of what works and what does not. 
 
But, if anyone has been through this and come out on top, do you have any advice for me? I'd request you to advise me on how to get started, what I should read, and any website/youtube video urls - any assistance in this regard would be greatly appreciated.  
 
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal

The truth is that there is no guide on where to start. What I recommend is reading this article and this case study, maybe that can guide you a little.

 

https://www.boundlessdigital.com/library/blog/getting-started-with-the-meraki-api/

https://www.boundlessdigital.com/library/success-stories/cci-idf-success-story/

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
bbyw
Conversationalist

I highly recommend using ChatGPT for this task. Even with fundamentals of programming and documentation you can achieve a lot with 3.5 version. I have not tried yet ChatGPT 4 but I can imagine it will be even easier.

As long as you know what you want to achieve, can describe it clearly and concisely to ChatGPT and you're not afraid of simple debugging/researching then you'll be good.

I have very basic knowledge of programming and was able to create already few simple scripts like the ones you are describing using Meraki documentation and GPT.

On top of that you can also sign up for free 4 hour online workshop that is solely dedicated to task of using Python for Meraki automation - https://community.meraki.com/t5/Meraki-Automation-Using-Python/ct-p/python

Jamieinbox
Getting noticed

Hi, yes- been through some of the same things. I think this (my blog post) will help you. I have a lot of code that I've done that's posted on github, too. I have 3-4 blogs on the topic. I don't use postman, NodeRed. I Script test and post. Now what I really want is a Meraki sandbox, but something like displaying your networks (I have posted github code for that) shouldn't be too dangerous. Best of luck, let's keep in touch.

(1) Trying to Use AI ChatGPT to Code Python with Meraki (substack.com)

mlefebvre
Building a reputation

Who will be using this automation? Just you? Your team? Other teams within the business? If you are exposing it to others, how will you manage access to this solution?

 

What automations are being created (config changes, monitoring etc.), how frequently will they need to be ran, and what types of user inputs are you expecting to handle? Is CLI an option, or is a web GUI required? The moment you introduce a web GUI you are significantly upping the complexity of the solution.

 

Do you need any specific outputs, such as CSV/PDF/email reports etc?

 

Roughly how large is your environment?

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Wow, what an encompassing question.

 

In this space, most automation are written in Python.  Python is considered a "first class" citizen, it has the best support and the SDKs get bug fixes first.

 

If you don't know Python, you should start by learning this foundation language.  The Python foundation has a free course.
https://www.learnpython.org/ 

 

Once you have a passable knowledge of Python you can then start to look at learning the Meraki Python SDK.  The Cisco Developer website has a "getting started" lab.
https://developer.cisco.com/meraki/build/automation-with-python-api-lab/ 

 

 

You could also consider using Postman.  It is more of a "GUI" environment like you have indicated.  You can do quite a bit, but it is definitely more limited, and if you hit up Google for answers, you won't get as many results as using Python.

This Cisco Developer guide covers using Postman:
https://developer.cisco.com/meraki/meraki-platform/ 

 

If you do go down the Python route, as I am suggesting - Cisco Meraki have a lot of pre-written scripts as examples.  You can often start by finding something similar to what you want, and "copy and paste" to get you going quickly.
https://github.com/meraki/automation-scripts 

 

 

I think it might be worthwhile setting an expectation with your manager as well.  I think you'll need to be allocated 80 hours of learning time before you can bang out scripts to do what is required with the assistance of Google.
This could be done as 3 hours per working day spread out over 30 days (a month).  Without this kind of investment in you it would be unreasonable for your work to expect you to start churning out useful scripts.

 

 

@sungod , perhaps you would like to share some thoughts from a professional in this space?

Jamieinbox
Getting noticed

Check out this DevNet Video, at 42:00 for practical show.

sungod
Head in the Cloud

What's the intended usage? Not just 'now', but over the next year+.

 

You mention an HTML front end, but if it will only be used by yourself or a small number of other admins, it's probably better to simply create standalone scripts for each task, they can always be scheduled by cron/whatever if they need to run at a specific time.

 

If the intent is wider use, possibly by the fat-fingered, then I suggest before getting into the Meraki specifics, you need to figure out how you will handle secure access/authentication etc., log everything and harden the platform against accidental/malicious misuse.

 

For tasks that are 'dangerous', consider a creating some kind of permissive action link so that at least one other admin must approve before execution.

 

Have an automated script that regularly grabs API usage across all the orgs, check for unexpected/unauthorised activity.

 

Figure out how you are going to secure/manage API keys.

 

Generically...

 

Use Python, it may not be the most efficient runtime, but it can still max the API rate limit.

 

Use the Meraki Python library, it tracks the production API pretty closely, if you need to use beta API you can still leverage the library by making a compatible function in your script.

 

Sanitise/validate input data as fully as you can before making any change, it's better to not change anything than to exit part way through a batch of changes, watch out for unicode, there's a lot to be said for sticking to ASCII.

 

Use UTC for the linux system and all time-related activities, tracking umpteen timezones and DST changes is a pain.

 

Log everything, for tasks running autonomously have them alert the admin(s) if there's a problem, I use email.

 

You say you have a Linux VM, document every step needed to recreate whatever you build.

 

Have a separate development/test system, i.e one VM is not enough.

 

How are you going to back up the VM(s)?

 

Consider creating a private Github for the project, that you/others can use.

 

Lastly, do you really need to develop this? There are Meraki ecosystem partners that provide this type of thing, it may be more cost effective/supportable to use an off the shelf solution.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.