Why Insomnia and not Postman?

Well, answer is straightforward – apples vs oranges. Somewhat I prefer Insomnia, though it is just a simplistic API client. But this is exactly what I normally need without additional features and Insomnia seems to be fulfilling my daily needs.

  • Depending on against what environment you run your API calls you can define a variables and their values per environment e.g. lab/prod. (Left top corner). Templating relies on Nunjucks

variable values for Dev environment

  • Allows to refer to results of different API calls e.g. Authorization Bearer token value – in the example below Fetch users requires Bearer token to be included in GET request hence it needs to perform first Authorization, obtain token and insert it into GET request:

Authorize URL looks as follows (IMPORTANT: never embed usernames, passwords in config files – rely on solutions like Hashicorp’s Vault, Azure KeyVault etc):

By peeking at results of the POST (Timeline) response from the server includes authorization Header that includes token value.


Subsequent Method can use the value just by manually copy pasting value of the header into authorization header of GET request:

Smarter solution is to define header in Header tab and use a function that will call POST Authorize method, grab the resulting authorization header value (Bearer token) and insert it into a header in the GET request. In value type CTRL+Space and look for function Response – Header:

Double click on red field and Edit tag window will pop up:

Now your requests will be using appropriate value for authorization header.

IMPORTANT: in order to have Edit tag pop up available you cannot enable (leave untickedRaw template syntax as otherwise you’ll have manually craft in Nunjucks value of the header.

AWS CloudFormer

Creating in AWS can performed using multiple ways:

  • AWS SDK (Java/Python/JS)
  • IT automation/IaaC tools (Chef, Puppet, Terraform, Ansible, SaltStack, Pulumi)
  • REST API directly
  • CloudFormation templates

First 3 underneath are using REST API, but using directly REST API to create resources in AWS might be cumbersome due to authentication that needs to be performed on REST API requests.

  • CLI/SDK/REST API/Chef/Ansible are more of an imperative/procedural way to define infrastructure (where each step must be explicitly defined so as to create a desired state of it)
  • Automation tools such as Terraform/SaltStack/Puppet/Pulumi are examples of declarative way (a definition of desired state is provided and it is up to a tool to create a desired state in AWS). 

CloudFormation is declarative as well and it is up to AWS to create a desired state as defined in a CloudFormation template. Template is JSON/YAML/text file which can be accompanied with parameters to fill in template values (template can contain default values for parameters).

A template can be built directly by editing a file. However, what if resources were created in AWS Console and one would like save a current state and share it over Slack as file or check it in to git to have versioning ?

CloudFormer can be of help and while it is still in Beta (at least since end of 2018) meaning it should not be used for critical/prod enviroments, it is ideal for demo/PoC/dev purposes:








Terraform or Pulumi for IaC

Terraform by Hashicorp is a pioneer in the area of IaC tooling which allows to define infrastructure in a declarative manner by using its own language (HCL – Hashicorp Configuration Language). That means:

  • it takes definition of the infrastructure (simplistic example could be a couple of VMs running in AWS or OpenStack) found in the config file (can be a single .tf file) defined in HCL
  • connects to the IaaS by using an appropriate provider – plugin/extension that allows to talk to AWS/Openstack etc.
  • compares current state of the infrastructure against what is found in the definition file (.tf)
  • tries to meet the desired state found definition file (using example below it means to deploy VMs)

Approach as above allows to have a deterministic state of your infrastructure and deployment is performed by calling API of the infrastructure provider rather than manually or using different methods already offered by them (e.g. HEAT templates for Openstack, python client vs CloudFormation for AWS, awscli tool). If a VM is deleted for any reason on the IaaS re-running the terraform apply (command to check current state of the infra, comparing against the definition file and trying to meet the desired state from the file) will just deploy the missing VM. 

It allows to have a common language for defining the infrastructure on different infrastructure providers (bearing in mind that each of them use basic different building blocks to create the infrastructure e.g. aws_subnet resource vs openstack_networking_subnet_v2 resource). 

Terraform allows for more than just creating resources on public/private cloud providers, it can deploy on kubernetes (more of a PaaS than IaaS), or interact with RESTAPI. People/companies create their custom providers.

However, anyone with some development background will see that that HCL language is limited – even writing a simple loop, while possible – it is somehow done indirectly (I admit I did not have time to check 0.12 option which was supposed to add some typical programming constructs like for loop). Immediately the feeling is that it should be done differently – you want to write a code and have appropriate programming libraries to wrap API calls to different providers. This is where Pulumi comes in – its tenets are the same:

  • it is declarative
  • it compares the current state against the definition (defined in the programming language of choice – at the moment of writing JS/TS/Python/Golang are supported)
  • uses programming language libraries to connect to IaaS (e.g. pulumi_gcp in Python) which extend core pulumi framework
  • tries to meet the desired state (pulumi up vs terraform apply)

What is new is that it’s SaaS by default and requires to setup an account on Pulumi website. Pulumi service keeps state on Amazon S3, but there is also an option to keep it locally (different backends). If it is kept on Pulumi then you can check your created infrastructure resources via their website (actually this is very cool, you can even click to connect to created VMs consoles’).

Rather than having a separate language to define the infrastructure you just import appropriate libraries and start defining the infrastructure directly in code. There is no better source of introduction to Pulumi than Joe Duffy’s blog post: http://joeduffyblog.com/2018/06/18/hello-pulumi/.

So which one should you choose? I would say it depends on the people who are going to use it:

  • Developers, people with development skills should opt for Pulumi so as not to be constrained by HCL. That also means learning curve is steeper for Pulumi.
  • People without such skills will feel more comfortable with HCL and might not feel constrained by it. They should go with Terraform. I just felt I had to create a lot of boilerplate with it.
  • Terraform is more mature (older tool) but Pulumi’s people are quite helpful and available on Slack so it is just kicking off.

I have posted few examples with both tools in my gitlab repo:



ConfD – making your network elements programmable

Tail-F, originally a Swedish company bought over by Cisco Systems, created a management agent software framework for network elements and applications – ConfD. If employed as a part of software – ConfD allows to be programmability an inherent part of it. This post will us a very tangible example of its power – while Linux natively doesn’t offer NETCONF to manage interfaces – with use of ConfD and special program that makes use of it – programmability is made possible.

ConfD uses, what most of up-to-speed network engineers should know, YANG – a data modeling language for NETCONF (if we treat NETCONF as a new SNMP then YANG is like SMI – “special version” of ASN.1 was for SNMP) – better description can be found here: http://www.tail-f.com/what-is-yang/

The way to depict what ConfD does is – let’s say if you create your own program that acts as a router and you need a CLI for e.g. show ip route and additionally you would like to have a possibility to check routes over the NETCONF then it’s going to be done automatically for you. ConfD will run as a process next to your routing process and will manage it’s configuration, offer CLI and NETCONF (also RESTCONF/SNMP/WebAPI if Premium version is used). Of course that means that a if you want to implement ConfD shall be a part of implementing your software, whole configuration, CLIs etc.

There are 2 versions of confd available – free (basic) and more capable (paid) premium – comparison can be found here: http://www.tail-f.com/confd-basic

More on how ConfD works and its composition (for example there is a database – CDB – that keeps the config) can be found on Tail-F site.

Let’s get to business, demonstration of how it can be used is based on:

  • confd basic 6.3
  • ydk 0.7.1 (there will be a separate post on ydk, installation, usage and what is it)

The very reason for using confd 6.3 is that newer versions i.e. 6.4 and 6.6 use YDK 1.1 for modelling and example program I wanted to test with YDK on newer confd versions uses YANG 1.1 while YDK has just partial support for it (full support is for YDK 1.0 – RFC 6020).

In order to install confd:

  1. Download the 6.3 and 6.4 versions appropriate for you os from https://developer.cisco.com/site/confD/downloads/
  2. Install it: 

  3. Source confdrc file (so as to have access to confd cli tools:

  4. Run some example intro example:

  5. access confd CLI by running confd_cli command unless you started using make cli that takes you directly to CLI


Run the example:

Example I would like to use is called linuxcfg but id doesn’t work out of the box. When both versions 6.3.and 6.4 are installed the Makefile in ipmibs directory must be overwritten in 6.3 examples folder:

When this is done you can compile the example.

ip a from linux level:

show ip ipAddressEntry from confd level:

Ok so maybe output is not ideal like… IP addressing in HEX.

You can also use pipes and regex to filter what you only need, you can save output, export to csv, json, curly-braces (like Juniper CLI) etc.

From now on you are on your own….just kiddn’ in the next post I will show how to setup YDK and query linucfg over NETCONF with YANG models provided with this example. Now we have a running linuxcfg with confd that exposes NETCONF. More to follow…

Automatically provisioning baremetal/VM server

During my endavours I had a situation where I had to provision 10 servers (install all of them manually and configure same things on all of them, same files etc).

There is a nice alternative to it called Stacki from StackIQ (bought by Teradata last year). What it offers is specialized PXE server that is used to boot baremetal/VM servers (CentOS/Redhat/Ubuntu). 

Its architecture look as follows (Stacki server == Frontend, server to be provisioned == backend):

Firstly in CSV file you prepare a list of hosts with their MACs and as a next step you add puppet that will be used to provision the servers after booting.

More can be found here: 


Frontend machine can be a VM – actually it worked pretty nice – tested with provisioning other VMs.

Connecting over SSH and running a command over NETCONF

When HW/virtualized/containerized network element offers NETCONF interface to manage, it is extremely beneficial to use it for repetitive tasks (upgrades, sanity checking, route table checking etc).

NETCONF can be used over different transports as below:

In case SSH is used then it must be made sure that SSH subsystem is enabled in SSH config on a device. 

If a YANG model is available then TailF offers a client and Java class generator under:


Alternatively, as in the example below, Python can be used to manually connect over SSH and based on YANG model (if used) instruct the device to perform a specific task.

There is a library in Python for that purpose called ncclient (NETCONF client): 


Firstly we need to do the proper import in our client script after installing the library:

Let’s define method used for connecting to the device:

Create an object class that inherits from RPC class of ncclient library and define a method that will be compose an XML NETCONF message based on YANG model:

Connect to the device and perform requested action (probably not the safest way to use clear text password to connect):

The request in NETCONF formatted XML would look as follows:

And a corresponding YANG model:

Lastly in XML: