This repository has been archived by the owner on Dec 3, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 79
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #235 from skondvilkar/master
Added Stage 4 for the SaltStack lesson
- Loading branch information
Showing
13 changed files
with
283 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
system { | ||
replace: name-server { | ||
{%- for dns_server in pillar.dns_servers %} | ||
{{ dns_server }}; | ||
{%- endfor %} | ||
} | ||
replace: ntp { | ||
{%- for ntp_server in pillar.ntp_servers %} | ||
server {{ ntp_server }}; | ||
{%- endfor %} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
ntp_servers: | ||
- 192.168.0.250 | ||
- 192.168.0.251 | ||
dns_servers: | ||
- 192.168.0.253 | ||
- 192.168.0.254 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
Install the infrastructure services config: | ||
junos.install_config: | ||
- name: salt:///infrastructure_config.conf | ||
- replace: True | ||
- timeout: 100 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
master: salt1 | ||
master: salt1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
base: | ||
'vqfx1': | ||
- vqfx1 | ||
- vqfx1 | ||
- infrastructure_data |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,4 +2,4 @@ proxy: | |
proxytype: junos | ||
host: vqfx1 | ||
username: antidote | ||
password: antidotepassword | ||
password: antidotepassword |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,165 @@ | ||
<configuration operation="replace"> | ||
<version>15.1X53-D60.4</version> | ||
<system> | ||
<host-name>vqfx1</host-name> | ||
<root-authentication> | ||
<encrypted-password>$1$mlo32jo6$BOMVhmtORai2Kr24wRCCv1</encrypted-password> | ||
<ssh-rsa> | ||
<name>ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key</name> | ||
</ssh-rsa> | ||
</root-authentication> | ||
<login> | ||
<user> | ||
<name>antidote</name> | ||
<class>super-user</class> | ||
<authentication> | ||
<encrypted-password>$1$iH4TNedH$3RKJbtDRO.N4Ua8B6LL/v/</encrypted-password> | ||
</authentication> | ||
</user> | ||
<password> | ||
<change-type>set-transitions</change-type> | ||
<minimum-changes>0</minimum-changes> | ||
</password> | ||
</login> | ||
<services> | ||
<ssh> | ||
<root-login>allow</root-login> | ||
</ssh> | ||
<netconf> | ||
<ssh> | ||
</ssh> | ||
<rfc-compliant/> | ||
</netconf> | ||
<rest> | ||
<http> | ||
<port>8080</port> | ||
</http> | ||
<enable-explorer/> | ||
</rest> | ||
</services> | ||
<syslog> | ||
<user> | ||
<name>*</name> | ||
<contents> | ||
<name>any</name> | ||
<emergency/> | ||
</contents> | ||
</user> | ||
<file> | ||
<name>messages</name> | ||
<contents> | ||
<name>any</name> | ||
<notice/> | ||
</contents> | ||
<contents> | ||
<name>authorization</name> | ||
<info/> | ||
</contents> | ||
</file> | ||
<file> | ||
<name>interactive-commands</name> | ||
<contents> | ||
<name>interactive-commands</name> | ||
<any/> | ||
</contents> | ||
</file> | ||
</syslog> | ||
<extensions> | ||
<providers> | ||
<name>juniper</name> | ||
<license-type> | ||
<name>juniper</name> | ||
<deployment-scope>commercial</deployment-scope> | ||
</license-type> | ||
</providers> | ||
<providers> | ||
<name>chef</name> | ||
<license-type> | ||
<name>juniper</name> | ||
<deployment-scope>commercial</deployment-scope> | ||
</license-type> | ||
</providers> | ||
</extensions> | ||
</system> | ||
<interfaces operation="merge"> | ||
<interface> | ||
<name>em0</name> | ||
<unit> | ||
<name>0</name> | ||
<family> | ||
<inet> | ||
<address> | ||
<name>{{ mgmt_addr }}</name> | ||
</address> | ||
</inet> | ||
</family> | ||
</unit> | ||
</interface> | ||
<interface> | ||
<name>em3</name> | ||
<unit> | ||
<name>0</name> | ||
<family> | ||
<inet> | ||
<address> | ||
<name>10.31.0.11/24</name> | ||
</address> | ||
</inet> | ||
</family> | ||
</unit> | ||
</interface> | ||
<interface> | ||
<name>em4</name> | ||
<unit> | ||
<name>0</name> | ||
<family> | ||
<inet> | ||
<address> | ||
<name>10.12.0.11/24</name> | ||
</address> | ||
</inet> | ||
</family> | ||
</unit> | ||
</interface> | ||
</interfaces> | ||
<forwarding-options> | ||
<storm-control-profiles> | ||
<name>default</name> | ||
<all> | ||
</all> | ||
</storm-control-profiles> | ||
</forwarding-options> | ||
<routing-options> | ||
<autonomous-system> | ||
<as-number>64001</as-number> | ||
</autonomous-system> | ||
</routing-options> | ||
<protocols> | ||
<bgp operation="replace"> | ||
<group> | ||
<name>PEERS</name> | ||
<type>external</type> | ||
<neighbor> | ||
<name>10.31.0.13</name> | ||
<peer-as>64003</peer-as> | ||
</neighbor> | ||
<neighbor> | ||
<name>10.12.0.12</name> | ||
<peer-as>64002</peer-as> | ||
</neighbor> | ||
</group> | ||
</bgp> | ||
<igmp-snooping> | ||
<vlan> | ||
<name>default</name> | ||
</vlan> | ||
</igmp-snooping> | ||
|
||
</protocols> | ||
<vlans> | ||
<vlan> | ||
<name>default</name> | ||
<vlan-id>1</vlan-id> | ||
</vlan> | ||
</vlans> | ||
</configuration> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
## Network Automation with Salt | ||
|
||
**Contributed by: [Ashwini Ravindra](https://github.com/ashwiniravindra) and [Shweta Kondvilkar](https://github.com/skondvilkar)** | ||
|
||
--- | ||
|
||
## Part 4 - Junos Configuration Management with Salt | ||
|
||
Now let's apply some Junos device configurations! | ||
|
||
To configure general infrastructure services such as DNS and NTP, we will take advantage of configuration templating provided by Salt. The template will isolate the variable data like IP addresses, VLAN numbers, etc. from the network device feature configuration. With Salt, the variable data is naturally stored in the pillar system. | ||
|
||
To do this, an SLS file is created in the pillar root directory containing the list of NTP and DNS servers. | ||
|
||
``` | ||
cat /srv/pillar/infrastructure_data.sls | ||
``` | ||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Verify Output (Optional)</button> | ||
|
||
To allow the Junos proxy minions to use the data defined in the `infrastructure_data.sls` file, we need to edit the top.sls file. | ||
|
||
``` | ||
cat /srv/pillar/top.sls | ||
``` | ||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Verify Output (Optional)</button> | ||
|
||
We also have to refresh the pillar data, so our minions can see the new pillar data. | ||
|
||
``` | ||
salt 'vqfx1' saltutil.refresh_pillar | ||
``` | ||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Run this snippet</button> | ||
|
||
Now let's create a configuration template - but before that, let's understand the placing of the template. | ||
|
||
Salt has the concept of [file roots](https://docs.saltstack.com/en/latest/ref/file_server/file_roots.html) directory, which is configured as a `file_roots` parameter. This parameter is located in the '/etc/salt/master' configuration file on the Salt master, and this location is '/srv/salt' by default. Thus, in our case, we will use '/srv/salt' as the path. | ||
|
||
The template will use Jinja syntax for the conditional loops, and the variables are accessed using `pillar.<var_name>`. We do have multiple options to create the template - Junos text configuration, XML, or Junos set commands. For now, let's go with a text configuration template. | ||
|
||
``` | ||
cat /srv/salt/infrastructure_config.conf | ||
``` | ||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Run this snippet</button> | ||
|
||
The next step is to create a salt SLS file, describing the state we want our 'vqfx1' and its configurations to be in. It will reference the [Junos state module] (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.junos.html) to provision the configuration template. | ||
|
||
``` | ||
cat /srv/salt/provision_infrastructure.sls | ||
``` | ||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Run this snippet</button> | ||
|
||
To apply the configuration changes, we need to execute a 'state.apply' function. | ||
|
||
``` | ||
salt 'vqfx1' state.apply provision_infrastructure | ||
``` | ||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Run this snippet</button> | ||
|
||
Finally, let's check if the configurations were successfully loaded and committed. | ||
|
||
``` | ||
show configuration | compare rollback 1 | ||
``` | ||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('vqfx1', this)">Run this snippet</button> | ||
|