GitOps Workflow for Network Automation
Overview
GitOps applies infrastructure-as-code principles to network configuration:
-
Git as single source of truth
-
Pull requests for change review
-
Automated deployment on merge
-
Rollback via git revert
Workflow
Developer Git Repo CI/CD Network
│ │ │ │
│── Edit .j2 ─────▶│ │ │
│ │ │ │
│── git push ─────▶│ │ │
│ │── PR Created ─▶│ │
│ │ │── Lint/Test ───▶│
│ │ │ │
│◀── Review ───────│ │ │
│ │ │ │
│── Approve ──────▶│── Merge ──────▶│ │
│ │ │── Deploy ──────▶│
│ │ │── Verify ──────▶│
│ │ │ │Implementation
Repository Structure
network-configs/
├── inventory/
│ ├── hosts.yaml
│ └── group_vars/
├── templates/
│ ├── access-switch.j2
│ └── core-switch.j2
├── generated/ # gitignored, CI output
├── .github/
│ └── workflows/
│ └── deploy.yaml
└── nornir.yamlCI Pipeline (GitHub Actions)
name: Network Config Deploy
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Lint Jinja2
run: j2lint templates/
diff:
runs-on: ubuntu-latest
steps:
- name: Generate configs
run: nornir run --task generate
- name: Show diff
run: nornir run --task diff_config
deploy:
if: github.ref == 'refs/heads/main'
needs: [lint, diff]
runs-on: self-hosted
steps:
- name: Deploy configs
run: nornir run --task deploy_configRollback
# Revert last commit
git revert HEAD --no-edit
git push
# CI automatically deploys previous config