Skip to content
This repository has been archived by the owner on Dec 3, 2021. It is now read-only.

Commit

Permalink
Merge pull request #235 from skondvilkar/master
Browse files Browse the repository at this point in the history
Added Stage 4 for the SaltStack lesson
  • Loading branch information
Mierdin authored Jan 25, 2020
2 parents 60b822d + f9109df commit afb3f95
Show file tree
Hide file tree
Showing 13 changed files with 283 additions and 11 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
- Updates to utility image [#285](https://github.com/nre-learning/nrelabs-curriculum/pull/285)
- Update YAML Loader statements[#292](https://github.com/nre-learning/nrelabs-curriculum/pull/292)
- Temporarily pin netmiko to 2.4.2 in st2 image [#293](https://github.com/nre-learning/nrelabs-curriculum/pull/293)

- Added stage 4 for the "Network Automation with Salt" lesson (configuring junos). [#235](https://github.com/nre-learning/nrelabs-curriculum/pull/235)

## v1.0.0 - August 08, 2019

- Replaced all individual snippet indices with 'this' keyword [#221](https://github.com/nre-learning/nrelabs-curriculum/pull/221)
Expand Down
16 changes: 15 additions & 1 deletion images/salt/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
FROM antidotelabs/utility

# Because tzdata comes with an interactive installer wizard to configure
# your timezone
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata

RUN wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/archive/2018.3.2/SALTSTACK-GPG-KEY.pub | apt-key add - && \
echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/archive/2018.3.2 xenial main" >> /etc/apt/sources.list && \
apt-get update
Expand All @@ -25,6 +29,16 @@ COPY ./salt_configs/vqfx1.sls /srv/pillar
# Add pillar file for top
COPY ./salt_configs/top.sls /srv/pillar

# Add salt file for infrastructure data
COPY ./salt_configs/infrastructure_data.sls /srv/pillar

# Add configuration template for vqfx1
RUN mkdir /srv/salt
COPY ./salt_configs/infrastructure_config.conf /srv/salt

# Add sls file to provision the configuration
COPY ./salt_configs/provision_infrastructure.sls /srv/salt

# set user permissions for Antidote user to run Salt
RUN chown -R antidote:antidote /etc/salt
RUN chown -R antidote:antidote /var/cache/salt
Expand All @@ -34,4 +48,4 @@ RUN chown -R antidote:antidote /var/run/salt
RUN chown -R antidote:antidote /var/run/salt-master.pid
RUN chmod -R 777 /var/run/salt-master.pid
RUN chown antidote:antidote /var/run
RUN chmod 777 /var/run
RUN chmod 777 /var/run
12 changes: 12 additions & 0 deletions images/salt/salt_configs/infrastructure_config.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
system {
replace: name-server {
{%- for dns_server in pillar.dns_servers %}
{{ dns_server }};
{%- endfor %}
}
replace: ntp {
{%- for ntp_server in pillar.ntp_servers %}
server {{ ntp_server }};
{%- endfor %}
}
}
6 changes: 6 additions & 0 deletions images/salt/salt_configs/infrastructure_data.sls
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
ntp_servers:
- 192.168.0.250
- 192.168.0.251
dns_servers:
- 192.168.0.253
- 192.168.0.254
5 changes: 5 additions & 0 deletions images/salt/salt_configs/provision_infrastructure.sls
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Install the infrastructure services config:
junos.install_config:
- name: salt:///infrastructure_config.conf
- replace: True
- timeout: 100
2 changes: 1 addition & 1 deletion images/salt/salt_configs/proxy
Original file line number Diff line number Diff line change
@@ -1 +1 @@
master: salt1
master: salt1
3 changes: 2 additions & 1 deletion images/salt/salt_configs/top.sls
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
base:
'vqfx1':
- vqfx1
- vqfx1
- infrastructure_data
2 changes: 1 addition & 1 deletion images/salt/salt_configs/vqfx1.sls
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ proxy:
proxytype: junos
host: vqfx1
username: antidote
password: antidotepassword
password: antidotepassword
3 changes: 3 additions & 0 deletions lessons/tools/lesson-30-salt/lesson.meta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,6 @@ stages:

- id: 3
description: Executing Junos commands in Salt

- id: 4
description: Junos Configuration Management with Salt
6 changes: 3 additions & 3 deletions lessons/tools/lesson-30-salt/stage2/guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,21 +12,21 @@ Now let's configure the Proxy Minions. To do this, we must define the IP address
```
cat /srv/pillar/vqfx1.sls
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 0)">Verify Output (Optional)</button>
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Verify Output (Optional)</button>


At this point we have to write the top.sls file which maps the Proxy Minion to the [pillar](https://docs.saltstack.com/en/latest/topics/pillar/) file that contains its corresponding details (`vqfx1.sls`)
```
cat /srv/pillar/top.sls
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 1)">Verify Output (Optional)</button>
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Verify Output (Optional)</button>


We also have to configure the /etc/salt/proxy file to point to the Salt Master
```
cat /etc/salt/proxy
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 2)">Verify Output (Optional)</button>
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Verify Output (Optional)</button>

The Proxy Minion is now configured and is ready to start.
```
Expand Down
6 changes: 3 additions & 3 deletions lessons/tools/lesson-30-salt/stage3/guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ For example,
```
show route | display xml rpc
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('vqfx1', 1)">Verify Output (Optional)</button>
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('vqfx1', this)">Verify Output (Optional)</button>

From the above snippet, the RPC command equivalent for the 'show route' CLI command is 'get-route-information'
Let us now run the junos.rpc command. We can specify a destination file where the output is directed to. The 'terse' keyword allows you to obtain a summary output.
Expand All @@ -37,6 +37,6 @@ To verify that the output was written to the '/var/tmp/route.xml', execute:
```
cat /var/tmp/route.xml
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 3)">Verify Output (Optional)</button>
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Verify Output (Optional)</button>

That's it for now - hopefully you enjoyed learning about Salt, and are ready to go automate!
See the next part of this lesson to learn how to automate Junos configurations with Salt!
165 changes: 165 additions & 0 deletions lessons/tools/lesson-30-salt/stage4/configs/vqfx1.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
<configuration operation="replace">
<version>15.1X53-D60.4</version>
<system>
<host-name>vqfx1</host-name>
<root-authentication>
<encrypted-password>$1$mlo32jo6$BOMVhmtORai2Kr24wRCCv1</encrypted-password>
<ssh-rsa>
<name>ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key</name>
</ssh-rsa>
</root-authentication>
<login>
<user>
<name>antidote</name>
<class>super-user</class>
<authentication>
<encrypted-password>$1$iH4TNedH$3RKJbtDRO.N4Ua8B6LL/v/</encrypted-password>
</authentication>
</user>
<password>
<change-type>set-transitions</change-type>
<minimum-changes>0</minimum-changes>
</password>
</login>
<services>
<ssh>
<root-login>allow</root-login>
</ssh>
<netconf>
<ssh>
</ssh>
<rfc-compliant/>
</netconf>
<rest>
<http>
<port>8080</port>
</http>
<enable-explorer/>
</rest>
</services>
<syslog>
<user>
<name>*</name>
<contents>
<name>any</name>
<emergency/>
</contents>
</user>
<file>
<name>messages</name>
<contents>
<name>any</name>
<notice/>
</contents>
<contents>
<name>authorization</name>
<info/>
</contents>
</file>
<file>
<name>interactive-commands</name>
<contents>
<name>interactive-commands</name>
<any/>
</contents>
</file>
</syslog>
<extensions>
<providers>
<name>juniper</name>
<license-type>
<name>juniper</name>
<deployment-scope>commercial</deployment-scope>
</license-type>
</providers>
<providers>
<name>chef</name>
<license-type>
<name>juniper</name>
<deployment-scope>commercial</deployment-scope>
</license-type>
</providers>
</extensions>
</system>
<interfaces operation="merge">
<interface>
<name>em0</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name>{{ mgmt_addr }}</name>
</address>
</inet>
</family>
</unit>
</interface>
<interface>
<name>em3</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name>10.31.0.11/24</name>
</address>
</inet>
</family>
</unit>
</interface>
<interface>
<name>em4</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name>10.12.0.11/24</name>
</address>
</inet>
</family>
</unit>
</interface>
</interfaces>
<forwarding-options>
<storm-control-profiles>
<name>default</name>
<all>
</all>
</storm-control-profiles>
</forwarding-options>
<routing-options>
<autonomous-system>
<as-number>64001</as-number>
</autonomous-system>
</routing-options>
<protocols>
<bgp operation="replace">
<group>
<name>PEERS</name>
<type>external</type>
<neighbor>
<name>10.31.0.13</name>
<peer-as>64003</peer-as>
</neighbor>
<neighbor>
<name>10.12.0.12</name>
<peer-as>64002</peer-as>
</neighbor>
</group>
</bgp>
<igmp-snooping>
<vlan>
<name>default</name>
</vlan>
</igmp-snooping>

</protocols>
<vlans>
<vlan>
<name>default</name>
<vlan-id>1</vlan-id>
</vlan>
</vlans>
</configuration>
65 changes: 65 additions & 0 deletions lessons/tools/lesson-30-salt/stage4/guide.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
## Network Automation with Salt

**Contributed by: [Ashwini Ravindra](https://github.com/ashwiniravindra) and [Shweta Kondvilkar](https://github.com/skondvilkar)**

---

## Part 4 - Junos Configuration Management with Salt

Now let's apply some Junos device configurations!

To configure general infrastructure services such as DNS and NTP, we will take advantage of configuration templating provided by Salt. The template will isolate the variable data like IP addresses, VLAN numbers, etc. from the network device feature configuration. With Salt, the variable data is naturally stored in the pillar system.

To do this, an SLS file is created in the pillar root directory containing the list of NTP and DNS servers.

```
cat /srv/pillar/infrastructure_data.sls
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Verify Output (Optional)</button>

To allow the Junos proxy minions to use the data defined in the `infrastructure_data.sls` file, we need to edit the top.sls file.

```
cat /srv/pillar/top.sls
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Verify Output (Optional)</button>

We also have to refresh the pillar data, so our minions can see the new pillar data.

```
salt 'vqfx1' saltutil.refresh_pillar
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Run this snippet</button>

Now let's create a configuration template - but before that, let's understand the placing of the template.

Salt has the concept of [file roots](https://docs.saltstack.com/en/latest/ref/file_server/file_roots.html) directory, which is configured as a `file_roots` parameter. This parameter is located in the '/etc/salt/master' configuration file on the Salt master, and this location is '/srv/salt' by default. Thus, in our case, we will use '/srv/salt' as the path.

The template will use Jinja syntax for the conditional loops, and the variables are accessed using `pillar.<var_name>`. We do have multiple options to create the template - Junos text configuration, XML, or Junos set commands. For now, let's go with a text configuration template.

```
cat /srv/salt/infrastructure_config.conf
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Run this snippet</button>

The next step is to create a salt SLS file, describing the state we want our 'vqfx1' and its configurations to be in. It will reference the [Junos state module] (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.junos.html) to provision the configuration template.

```
cat /srv/salt/provision_infrastructure.sls
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Run this snippet</button>

To apply the configuration changes, we need to execute a 'state.apply' function.

```
salt 'vqfx1' state.apply provision_infrastructure
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Run this snippet</button>

Finally, let's check if the configurations were successfully loaded and committed.

```
show configuration | compare rollback 1
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('vqfx1', this)">Run this snippet</button>

0 comments on commit afb3f95

Please sign in to comment.