diff --git a/CHANGELOG.md b/CHANGELOG.md index a2a0d44e..81d3d7e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,7 +13,8 @@ - Updates to utility image [#285](https://github.com/nre-learning/nrelabs-curriculum/pull/285) - Update YAML Loader statements[#292](https://github.com/nre-learning/nrelabs-curriculum/pull/292) - Temporarily pin netmiko to 2.4.2 in st2 image [#293](https://github.com/nre-learning/nrelabs-curriculum/pull/293) - +- Added stage 4 for the "Network Automation with Salt" lesson (configuring junos). [#235](https://github.com/nre-learning/nrelabs-curriculum/pull/235) + ## v1.0.0 - August 08, 2019 - Replaced all individual snippet indices with 'this' keyword [#221](https://github.com/nre-learning/nrelabs-curriculum/pull/221) diff --git a/images/salt/Dockerfile b/images/salt/Dockerfile index dd813762..5dd35763 100644 --- a/images/salt/Dockerfile +++ b/images/salt/Dockerfile @@ -1,5 +1,9 @@ FROM antidotelabs/utility +# Because tzdata comes with an interactive installer wizard to configure +# your timezone +RUN DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata + RUN wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/archive/2018.3.2/SALTSTACK-GPG-KEY.pub | apt-key add - && \ echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/archive/2018.3.2 xenial main" >> /etc/apt/sources.list && \ apt-get update @@ -25,6 +29,16 @@ COPY ./salt_configs/vqfx1.sls /srv/pillar # Add pillar file for top COPY ./salt_configs/top.sls /srv/pillar +# Add salt file for infrastructure data +COPY ./salt_configs/infrastructure_data.sls /srv/pillar + +# Add configuration template for vqfx1 +RUN mkdir /srv/salt +COPY ./salt_configs/infrastructure_config.conf /srv/salt + +# Add sls file to provision the configuration +COPY ./salt_configs/provision_infrastructure.sls /srv/salt + # set user permissions for Antidote user to run Salt RUN chown -R antidote:antidote /etc/salt RUN chown -R antidote:antidote /var/cache/salt @@ -34,4 +48,4 @@ RUN chown -R antidote:antidote /var/run/salt RUN chown -R antidote:antidote /var/run/salt-master.pid RUN chmod -R 777 /var/run/salt-master.pid RUN chown antidote:antidote /var/run -RUN chmod 777 /var/run \ No newline at end of file +RUN chmod 777 /var/run diff --git a/images/salt/salt_configs/infrastructure_config.conf b/images/salt/salt_configs/infrastructure_config.conf new file mode 100644 index 00000000..ec1abaf4 --- /dev/null +++ b/images/salt/salt_configs/infrastructure_config.conf @@ -0,0 +1,12 @@ +system { + replace: name-server { +{%- for dns_server in pillar.dns_servers %} + {{ dns_server }}; +{%- endfor %} + } + replace: ntp { +{%- for ntp_server in pillar.ntp_servers %} + server {{ ntp_server }}; +{%- endfor %} + } +} diff --git a/images/salt/salt_configs/infrastructure_data.sls b/images/salt/salt_configs/infrastructure_data.sls new file mode 100644 index 00000000..545e81f2 --- /dev/null +++ b/images/salt/salt_configs/infrastructure_data.sls @@ -0,0 +1,6 @@ +ntp_servers: + - 192.168.0.250 + - 192.168.0.251 +dns_servers: + - 192.168.0.253 + - 192.168.0.254 diff --git a/images/salt/salt_configs/provision_infrastructure.sls b/images/salt/salt_configs/provision_infrastructure.sls new file mode 100644 index 00000000..fcf9aaf3 --- /dev/null +++ b/images/salt/salt_configs/provision_infrastructure.sls @@ -0,0 +1,5 @@ +Install the infrastructure services config: + junos.install_config: + - name: salt:///infrastructure_config.conf + - replace: True + - timeout: 100 diff --git a/images/salt/salt_configs/proxy b/images/salt/salt_configs/proxy index cff912cd..0e22cdcc 100644 --- a/images/salt/salt_configs/proxy +++ b/images/salt/salt_configs/proxy @@ -1 +1 @@ -master: salt1 \ No newline at end of file +master: salt1 diff --git a/images/salt/salt_configs/top.sls b/images/salt/salt_configs/top.sls index d907bf8e..41266fb3 100644 --- a/images/salt/salt_configs/top.sls +++ b/images/salt/salt_configs/top.sls @@ -1,3 +1,4 @@ base: 'vqfx1': - - vqfx1 \ No newline at end of file + - vqfx1 + - infrastructure_data diff --git a/images/salt/salt_configs/vqfx1.sls b/images/salt/salt_configs/vqfx1.sls index b99974ef..9d72f57c 100644 --- a/images/salt/salt_configs/vqfx1.sls +++ b/images/salt/salt_configs/vqfx1.sls @@ -2,4 +2,4 @@ proxy: proxytype: junos host: vqfx1 username: antidote - password: antidotepassword \ No newline at end of file + password: antidotepassword diff --git a/lessons/tools/lesson-30-salt/lesson.meta.yaml b/lessons/tools/lesson-30-salt/lesson.meta.yaml index fba3ed61..c66d3405 100644 --- a/lessons/tools/lesson-30-salt/lesson.meta.yaml +++ b/lessons/tools/lesson-30-salt/lesson.meta.yaml @@ -46,3 +46,6 @@ stages: - id: 3 description: Executing Junos commands in Salt + + - id: 4 + description: Junos Configuration Management with Salt diff --git a/lessons/tools/lesson-30-salt/stage2/guide.md b/lessons/tools/lesson-30-salt/stage2/guide.md index e77e183f..b0b9561a 100644 --- a/lessons/tools/lesson-30-salt/stage2/guide.md +++ b/lessons/tools/lesson-30-salt/stage2/guide.md @@ -12,21 +12,21 @@ Now let's configure the Proxy Minions. To do this, we must define the IP address ``` cat /srv/pillar/vqfx1.sls ``` - + At this point we have to write the top.sls file which maps the Proxy Minion to the [pillar](https://docs.saltstack.com/en/latest/topics/pillar/) file that contains its corresponding details (`vqfx1.sls`) ``` cat /srv/pillar/top.sls ``` - + We also have to configure the /etc/salt/proxy file to point to the Salt Master ``` cat /etc/salt/proxy ``` - + The Proxy Minion is now configured and is ready to start. ``` diff --git a/lessons/tools/lesson-30-salt/stage3/guide.md b/lessons/tools/lesson-30-salt/stage3/guide.md index f060d090..fa81a8f2 100644 --- a/lessons/tools/lesson-30-salt/stage3/guide.md +++ b/lessons/tools/lesson-30-salt/stage3/guide.md @@ -22,7 +22,7 @@ For example, ``` show route | display xml rpc ``` - + From the above snippet, the RPC command equivalent for the 'show route' CLI command is 'get-route-information' Let us now run the junos.rpc command. We can specify a destination file where the output is directed to. The 'terse' keyword allows you to obtain a summary output. @@ -37,6 +37,6 @@ To verify that the output was written to the '/var/tmp/route.xml', execute: ``` cat /var/tmp/route.xml ``` - + -That's it for now - hopefully you enjoyed learning about Salt, and are ready to go automate! +See the next part of this lesson to learn how to automate Junos configurations with Salt! diff --git a/lessons/tools/lesson-30-salt/stage4/configs/vqfx1.txt b/lessons/tools/lesson-30-salt/stage4/configs/vqfx1.txt new file mode 100644 index 00000000..15d0a747 --- /dev/null +++ b/lessons/tools/lesson-30-salt/stage4/configs/vqfx1.txt @@ -0,0 +1,165 @@ + + 15.1X53-D60.4 + + vqfx1 + + $1$mlo32jo6$BOMVhmtORai2Kr24wRCCv1 + + ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key + + + + + antidote + super-user + + $1$iH4TNedH$3RKJbtDRO.N4Ua8B6LL/v/ + + + + set-transitions + 0 + + + + + allow + + + + + + + + + 8080 + + + + + + + * + + any + + + + + messages + + any + + + + authorization + + + + + interactive-commands + + interactive-commands + + + + + + + juniper + + juniper + commercial + + + + chef + + juniper + commercial + + + + + + + em0 + + 0 + + +
+ {{ mgmt_addr }} +
+
+
+
+
+ + em3 + + 0 + + +
+ 10.31.0.11/24 +
+
+
+
+
+ + em4 + + 0 + + +
+ 10.12.0.11/24 +
+
+
+
+
+
+ + + default + + + + + + + 64001 + + + + + + PEERS + external + + 10.31.0.13 + 64003 + + + 10.12.0.12 + 64002 + + + + + + default + + + + + + + default + 1 + + +
\ No newline at end of file diff --git a/lessons/tools/lesson-30-salt/stage4/guide.md b/lessons/tools/lesson-30-salt/stage4/guide.md new file mode 100644 index 00000000..9e734847 --- /dev/null +++ b/lessons/tools/lesson-30-salt/stage4/guide.md @@ -0,0 +1,65 @@ +## Network Automation with Salt + +**Contributed by: [Ashwini Ravindra](https://github.com/ashwiniravindra) and [Shweta Kondvilkar](https://github.com/skondvilkar)** + +--- + +## Part 4 - Junos Configuration Management with Salt + +Now let's apply some Junos device configurations! + +To configure general infrastructure services such as DNS and NTP, we will take advantage of configuration templating provided by Salt. The template will isolate the variable data like IP addresses, VLAN numbers, etc. from the network device feature configuration. With Salt, the variable data is naturally stored in the pillar system. + +To do this, an SLS file is created in the pillar root directory containing the list of NTP and DNS servers. + +``` +cat /srv/pillar/infrastructure_data.sls +``` + + +To allow the Junos proxy minions to use the data defined in the `infrastructure_data.sls` file, we need to edit the top.sls file. + +``` +cat /srv/pillar/top.sls +``` + + +We also have to refresh the pillar data, so our minions can see the new pillar data. + +``` +salt 'vqfx1' saltutil.refresh_pillar +``` + + +Now let's create a configuration template - but before that, let's understand the placing of the template. + +Salt has the concept of [file roots](https://docs.saltstack.com/en/latest/ref/file_server/file_roots.html) directory, which is configured as a `file_roots` parameter. This parameter is located in the '/etc/salt/master' configuration file on the Salt master, and this location is '/srv/salt' by default. Thus, in our case, we will use '/srv/salt' as the path. + +The template will use Jinja syntax for the conditional loops, and the variables are accessed using `pillar.`. We do have multiple options to create the template - Junos text configuration, XML, or Junos set commands. For now, let's go with a text configuration template. + +``` +cat /srv/salt/infrastructure_config.conf +``` + + +The next step is to create a salt SLS file, describing the state we want our 'vqfx1' and its configurations to be in. It will reference the [Junos state module] (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.junos.html) to provision the configuration template. + +``` +cat /srv/salt/provision_infrastructure.sls +``` + + +To apply the configuration changes, we need to execute a 'state.apply' function. + +``` +salt 'vqfx1' state.apply provision_infrastructure +``` + + +Finally, let's check if the configurations were successfully loaded and committed. + +``` +show configuration | compare rollback 1 +``` + +