This repository has been archived by the owner on Dec 3, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 79
Added Stage 4 for the SaltStack lesson #235
Merged
Merged
Changes from 9 commits
Commits
Show all changes
14 commits
Select commit
Hold shift + click to select a range
5c2ab10
Stage 4 added
skondvilkar d25d30f
Added .md file and modified Dockerfile for stage 4 for SaltStack (#2)
skondvilkar b330157
Merge remote-tracking branch 'upstream/master'
skondvilkar 2806633
Stage 4
skondvilkar a5b3ee1
Merge remote-tracking branch 'upstream/master'
skondvilkar 01c93c8
updated changelog.md
skondvilkar 43d59fc
Merge pull request #5 from skondvilkar/shwetak02
skondvilkar 300785b
Merge branch 'master' into master
Mierdin 9ccc16f
Merge branch 'master' into master
Mierdin d4a339d
Add step to install tzdata noninteractively
Mierdin 8f97869
Add newlines to config files so they show up properly in terminal output
Mierdin 31b5867
Remove empty file (erroneously committed?)
Mierdin a0f9105
Amend end of stage3/stage4 guides to flow better with new content (an…
Mierdin f9109df
Use 'this' keyword for all snippet run buttons
Mierdin File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
system { | ||
replace: name-server { | ||
{%- for dns_server in pillar.dns_servers %} | ||
{{ dns_server }}; | ||
{%- endfor %} | ||
} | ||
replace: ntp { | ||
{%- for ntp_server in pillar.ntp_servers %} | ||
server {{ ntp_server }}; | ||
{%- endfor %} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
ntp_servers: | ||
- 192.168.0.250 | ||
- 192.168.0.251 | ||
dns_servers: | ||
- 192.168.0.253 | ||
- 192.168.0.254 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
Install the infrastructure services config: | ||
junos.install_config: | ||
- name: salt:///infrastructure_config.conf | ||
- replace: True | ||
- timeout: 100 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
base: | ||
'vqfx1': | ||
- vqfx1 | ||
- vqfx1 | ||
- infrastructure_data |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,165 @@ | ||
<configuration operation="replace"> | ||
<version>15.1X53-D60.4</version> | ||
<system> | ||
<host-name>vqfx1</host-name> | ||
<root-authentication> | ||
<encrypted-password>$1$mlo32jo6$BOMVhmtORai2Kr24wRCCv1</encrypted-password> | ||
<ssh-rsa> | ||
<name>ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key</name> | ||
</ssh-rsa> | ||
</root-authentication> | ||
<login> | ||
<user> | ||
<name>antidote</name> | ||
<class>super-user</class> | ||
<authentication> | ||
<encrypted-password>$1$iH4TNedH$3RKJbtDRO.N4Ua8B6LL/v/</encrypted-password> | ||
</authentication> | ||
</user> | ||
<password> | ||
<change-type>set-transitions</change-type> | ||
<minimum-changes>0</minimum-changes> | ||
</password> | ||
</login> | ||
<services> | ||
<ssh> | ||
<root-login>allow</root-login> | ||
</ssh> | ||
<netconf> | ||
<ssh> | ||
</ssh> | ||
<rfc-compliant/> | ||
</netconf> | ||
<rest> | ||
<http> | ||
<port>8080</port> | ||
</http> | ||
<enable-explorer/> | ||
</rest> | ||
</services> | ||
<syslog> | ||
<user> | ||
<name>*</name> | ||
<contents> | ||
<name>any</name> | ||
<emergency/> | ||
</contents> | ||
</user> | ||
<file> | ||
<name>messages</name> | ||
<contents> | ||
<name>any</name> | ||
<notice/> | ||
</contents> | ||
<contents> | ||
<name>authorization</name> | ||
<info/> | ||
</contents> | ||
</file> | ||
<file> | ||
<name>interactive-commands</name> | ||
<contents> | ||
<name>interactive-commands</name> | ||
<any/> | ||
</contents> | ||
</file> | ||
</syslog> | ||
<extensions> | ||
<providers> | ||
<name>juniper</name> | ||
<license-type> | ||
<name>juniper</name> | ||
<deployment-scope>commercial</deployment-scope> | ||
</license-type> | ||
</providers> | ||
<providers> | ||
<name>chef</name> | ||
<license-type> | ||
<name>juniper</name> | ||
<deployment-scope>commercial</deployment-scope> | ||
</license-type> | ||
</providers> | ||
</extensions> | ||
</system> | ||
<interfaces operation="merge"> | ||
<interface> | ||
<name>em0</name> | ||
<unit> | ||
<name>0</name> | ||
<family> | ||
<inet> | ||
<address> | ||
<name>{{ mgmt_addr }}</name> | ||
</address> | ||
</inet> | ||
</family> | ||
</unit> | ||
</interface> | ||
<interface> | ||
<name>em3</name> | ||
<unit> | ||
<name>0</name> | ||
<family> | ||
<inet> | ||
<address> | ||
<name>10.31.0.11/24</name> | ||
</address> | ||
</inet> | ||
</family> | ||
</unit> | ||
</interface> | ||
<interface> | ||
<name>em4</name> | ||
<unit> | ||
<name>0</name> | ||
<family> | ||
<inet> | ||
<address> | ||
<name>10.12.0.11/24</name> | ||
</address> | ||
</inet> | ||
</family> | ||
</unit> | ||
</interface> | ||
</interfaces> | ||
<forwarding-options> | ||
<storm-control-profiles> | ||
<name>default</name> | ||
<all> | ||
</all> | ||
</storm-control-profiles> | ||
</forwarding-options> | ||
<routing-options> | ||
<autonomous-system> | ||
<as-number>64001</as-number> | ||
</autonomous-system> | ||
</routing-options> | ||
<protocols> | ||
<bgp operation="replace"> | ||
<group> | ||
<name>PEERS</name> | ||
<type>external</type> | ||
<neighbor> | ||
<name>10.31.0.13</name> | ||
<peer-as>64003</peer-as> | ||
</neighbor> | ||
<neighbor> | ||
<name>10.12.0.12</name> | ||
<peer-as>64002</peer-as> | ||
</neighbor> | ||
</group> | ||
</bgp> | ||
<igmp-snooping> | ||
<vlan> | ||
<name>default</name> | ||
</vlan> | ||
</igmp-snooping> | ||
|
||
</protocols> | ||
<vlans> | ||
<vlan> | ||
<name>default</name> | ||
<vlan-id>1</vlan-id> | ||
</vlan> | ||
</vlans> | ||
</configuration> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
@@ -0,0 +1,66 @@ | ||||||
## Network Automation with Salt | ||||||
|
||||||
**Contributed by: [Ashwini Ravindra](https://github.com/ashwiniravindra) and [Shweta Kondvilkar](https://github.com/skondvilkar)** | ||||||
|
||||||
--- | ||||||
|
||||||
## Part 4 - Junos Configuration Management with Salt | ||||||
|
||||||
Now let's apply some Junos device configurations! | ||||||
|
||||||
To configure general infrastructure services such as DNS and NTP, we will take advantage of configuration templating provided by Salt. The template will isolate the variable data like IP addresses, VLAN numbers, etc. from the network device feature configuration. With Salt, the variable data is naturally stored in the pillar system. | ||||||
|
||||||
To do this, an SLS file is created in the pillar root directory containing the list of NTP and DNS servers. | ||||||
|
||||||
``` | ||||||
cat /srv/pillar/infrastructure_data.sls | ||||||
``` | ||||||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 0)">Verify Output (Optional)</button> | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The snippet index you're providing here is actually not needed anymore. You can provide the
Suggested change
|
||||||
|
||||||
To allow the Junos proxy minions to use the data defined in the `infrastructure_data.sls` file, we need to edit the top.sls file. | ||||||
|
||||||
``` | ||||||
cat /srv/pillar/top.sls | ||||||
``` | ||||||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 1)">Verify Output (Optional)</button> | ||||||
|
||||||
We also have to refresh the pillar data, so our minions can see the new pillar data. | ||||||
|
||||||
``` | ||||||
salt 'vqfx1' saltutil.refresh_pillar | ||||||
``` | ||||||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 2)">Run this snippet</button> | ||||||
|
||||||
Now let's create a configuration template - but before that, let's understand the placing of the template. | ||||||
|
||||||
Salt has the concept of [file roots](https://docs.saltstack.com/en/latest/ref/file_server/file_roots.html) directory, which is configured as a `file_roots` parameter. This parameter is located in the '/etc/salt/master' configuration file on the Salt master, and this location is '/srv/salt' by default. Thus, in our case, we will use '/srv/salt' as the path. | ||||||
|
||||||
The template will use Jinja syntax for the conditional loops, and the variables are accessed using `pillar.<var_name>`. We do have multiple options to create the template - Junos text configuration, XML, or Junos set commands. For now, let's go with a text configuration template. | ||||||
|
||||||
``` | ||||||
cat /srv/salt/infrastructure_config.conf | ||||||
``` | ||||||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 3)">Run this snippet</button> | ||||||
|
||||||
The next step is to create a salt SLS file, describing the state we want our 'vqfx1' and its configurations to be in. It will reference the [Junos state module] (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.junos.html) to provision the configuration template. | ||||||
|
||||||
``` | ||||||
cat /srv/salt/provision_infrastructure.sls | ||||||
``` | ||||||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 4)">Run this snippet</button> | ||||||
|
||||||
To apply the configuration changes, we need to execute a 'state.apply' function. | ||||||
|
||||||
``` | ||||||
salt 'vqfx1' state.apply provision_infrastructure | ||||||
``` | ||||||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 5)">Run this snippet</button> | ||||||
|
||||||
Finally, let's check if the configurations were successfully loaded and committed. | ||||||
|
||||||
``` | ||||||
show configuration | compare rollback 1 | ||||||
``` | ||||||
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('vqfx1', 6)">Run this snippet</button> | ||||||
|
||||||
That's it for now - hopefully you enjoyed learning about Salt, and are ready to go automate! |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general, we like to avoid loading images up with lesson-specific configuration files and other scripts. Any reason why these files couldn't go in the root of the lesson directory, or perhaps stage4 directory?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking more broadly at the Dockerfile, looks like this was already being done. Since you've agreed to let me finish this out, I'll just focus on moving these three files out of the salt image and into the stage4 directory (and will accordingly update the stage 4 lesson guide). However, all other per-stage files should be kept out of the image to keep it more reusable, so I opened #295 to follow up on this in a separate PR later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Eh.....after thinking about it a bit more, the lesson works well enough for now, so I'm going to leave things the way they are. In #295, we'll work to move these files out of the image and into perhaps the configs directory where they can be placed in the correct location on behalf of the user, without muddying the image for others that might want to use it. For now, nevermind. :)