Skip to content
This repository has been archived by the owner on Dec 3, 2021. It is now read-only.

Added Stage 4 for the SaltStack lesson #235

Merged
merged 14 commits into from
Jan 25, 2020
Merged
Show file tree
Hide file tree
Changes from 9 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
- Updates to utility image [#285](https://github.com/nre-learning/nrelabs-curriculum/pull/285)
- Update YAML Loader statements[#292](https://github.com/nre-learning/nrelabs-curriculum/pull/292)
- Temporarily pin netmiko to 2.4.2 in st2 image [#293](https://github.com/nre-learning/nrelabs-curriculum/pull/293)

- Added stage 4 for the "Network Automation with Salt" lesson (configuring junos). [#235](https://github.com/nre-learning/nrelabs-curriculum/pull/235)

## v1.0.0 - August 08, 2019

- Replaced all individual snippet indices with 'this' keyword [#221](https://github.com/nre-learning/nrelabs-curriculum/pull/221)
Expand Down
12 changes: 11 additions & 1 deletion images/salt/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,16 @@ COPY ./salt_configs/vqfx1.sls /srv/pillar
# Add pillar file for top
COPY ./salt_configs/top.sls /srv/pillar

# Add salt file for infrastructure data
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general, we like to avoid loading images up with lesson-specific configuration files and other scripts. Any reason why these files couldn't go in the root of the lesson directory, or perhaps stage4 directory?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking more broadly at the Dockerfile, looks like this was already being done. Since you've agreed to let me finish this out, I'll just focus on moving these three files out of the salt image and into the stage4 directory (and will accordingly update the stage 4 lesson guide). However, all other per-stage files should be kept out of the image to keep it more reusable, so I opened #295 to follow up on this in a separate PR later.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eh.....after thinking about it a bit more, the lesson works well enough for now, so I'm going to leave things the way they are. In #295, we'll work to move these files out of the image and into perhaps the configs directory where they can be placed in the correct location on behalf of the user, without muddying the image for others that might want to use it. For now, nevermind. :)

COPY ./salt_configs/infrastructure_data.sls /srv/pillar

# Add configuration template for vqfx1
RUN mkdir /srv/salt
COPY ./salt_configs/infrastructure_config.conf /srv/salt

# Add sls file to provision the configuration
COPY ./salt_configs/provision_infrastructure.sls /srv/salt

# set user permissions for Antidote user to run Salt
RUN chown -R antidote:antidote /etc/salt
RUN chown -R antidote:antidote /var/cache/salt
Expand All @@ -34,4 +44,4 @@ RUN chown -R antidote:antidote /var/run/salt
RUN chown -R antidote:antidote /var/run/salt-master.pid
RUN chmod -R 777 /var/run/salt-master.pid
RUN chown antidote:antidote /var/run
RUN chmod 777 /var/run
RUN chmod 777 /var/run
12 changes: 12 additions & 0 deletions images/salt/salt_configs/infrastructure_config.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
system {
replace: name-server {
{%- for dns_server in pillar.dns_servers %}
{{ dns_server }};
{%- endfor %}
}
replace: ntp {
{%- for ntp_server in pillar.ntp_servers %}
server {{ ntp_server }};
{%- endfor %}
}
}
6 changes: 6 additions & 0 deletions images/salt/salt_configs/infrastructure_data.sls
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
ntp_servers:
- 192.168.0.250
- 192.168.0.251
dns_servers:
- 192.168.0.253
- 192.168.0.254
5 changes: 5 additions & 0 deletions images/salt/salt_configs/provision_infrastructure.sls
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Install the infrastructure services config:
junos.install_config:
- name: salt:///infrastructure_config.conf
- replace: True
- timeout: 100
3 changes: 2 additions & 1 deletion images/salt/salt_configs/top.sls
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
base:
'vqfx1':
- vqfx1
- vqfx1
- infrastructure_data
3 changes: 3 additions & 0 deletions lessons/tools/lesson-30-salt/lesson.meta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,6 @@ stages:

- id: 3
description: Executing Junos commands in Salt

- id: 4
description: Junos Configuration Management with Salt
Empty file.
165 changes: 165 additions & 0 deletions lessons/tools/lesson-30-salt/stage4/configs/vqfx1.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
<configuration operation="replace">
<version>15.1X53-D60.4</version>
<system>
<host-name>vqfx1</host-name>
<root-authentication>
<encrypted-password>$1$mlo32jo6$BOMVhmtORai2Kr24wRCCv1</encrypted-password>
<ssh-rsa>
<name>ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key</name>
</ssh-rsa>
</root-authentication>
<login>
<user>
<name>antidote</name>
<class>super-user</class>
<authentication>
<encrypted-password>$1$iH4TNedH$3RKJbtDRO.N4Ua8B6LL/v/</encrypted-password>
</authentication>
</user>
<password>
<change-type>set-transitions</change-type>
<minimum-changes>0</minimum-changes>
</password>
</login>
<services>
<ssh>
<root-login>allow</root-login>
</ssh>
<netconf>
<ssh>
</ssh>
<rfc-compliant/>
</netconf>
<rest>
<http>
<port>8080</port>
</http>
<enable-explorer/>
</rest>
</services>
<syslog>
<user>
<name>*</name>
<contents>
<name>any</name>
<emergency/>
</contents>
</user>
<file>
<name>messages</name>
<contents>
<name>any</name>
<notice/>
</contents>
<contents>
<name>authorization</name>
<info/>
</contents>
</file>
<file>
<name>interactive-commands</name>
<contents>
<name>interactive-commands</name>
<any/>
</contents>
</file>
</syslog>
<extensions>
<providers>
<name>juniper</name>
<license-type>
<name>juniper</name>
<deployment-scope>commercial</deployment-scope>
</license-type>
</providers>
<providers>
<name>chef</name>
<license-type>
<name>juniper</name>
<deployment-scope>commercial</deployment-scope>
</license-type>
</providers>
</extensions>
</system>
<interfaces operation="merge">
<interface>
<name>em0</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name>{{ mgmt_addr }}</name>
</address>
</inet>
</family>
</unit>
</interface>
<interface>
<name>em3</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name>10.31.0.11/24</name>
</address>
</inet>
</family>
</unit>
</interface>
<interface>
<name>em4</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name>10.12.0.11/24</name>
</address>
</inet>
</family>
</unit>
</interface>
</interfaces>
<forwarding-options>
<storm-control-profiles>
<name>default</name>
<all>
</all>
</storm-control-profiles>
</forwarding-options>
<routing-options>
<autonomous-system>
<as-number>64001</as-number>
</autonomous-system>
</routing-options>
<protocols>
<bgp operation="replace">
<group>
<name>PEERS</name>
<type>external</type>
<neighbor>
<name>10.31.0.13</name>
<peer-as>64003</peer-as>
</neighbor>
<neighbor>
<name>10.12.0.12</name>
<peer-as>64002</peer-as>
</neighbor>
</group>
</bgp>
<igmp-snooping>
<vlan>
<name>default</name>
</vlan>
</igmp-snooping>

</protocols>
<vlans>
<vlan>
<name>default</name>
<vlan-id>1</vlan-id>
</vlan>
</vlans>
</configuration>
66 changes: 66 additions & 0 deletions lessons/tools/lesson-30-salt/stage4/guide.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
## Network Automation with Salt

**Contributed by: [Ashwini Ravindra](https://github.com/ashwiniravindra) and [Shweta Kondvilkar](https://github.com/skondvilkar)**

---

## Part 4 - Junos Configuration Management with Salt

Now let's apply some Junos device configurations!

To configure general infrastructure services such as DNS and NTP, we will take advantage of configuration templating provided by Salt. The template will isolate the variable data like IP addresses, VLAN numbers, etc. from the network device feature configuration. With Salt, the variable data is naturally stored in the pillar system.

To do this, an SLS file is created in the pillar root directory containing the list of NTP and DNS servers.

```
cat /srv/pillar/infrastructure_data.sls
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 0)">Verify Output (Optional)</button>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The snippet index you're providing here is actually not needed anymore. You can provide the this keyword and antidote-web will take care of identifying the correct snippet. You can still use this old way of doing things but it's more brittle, so I'd prefer you update these. See below

Suggested change
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 0)">Verify Output (Optional)</button>
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', this)">Verify Output (Optional)</button>


To allow the Junos proxy minions to use the data defined in the `infrastructure_data.sls` file, we need to edit the top.sls file.

```
cat /srv/pillar/top.sls
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 1)">Verify Output (Optional)</button>

We also have to refresh the pillar data, so our minions can see the new pillar data.

```
salt 'vqfx1' saltutil.refresh_pillar
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 2)">Run this snippet</button>

Now let's create a configuration template - but before that, let's understand the placing of the template.

Salt has the concept of [file roots](https://docs.saltstack.com/en/latest/ref/file_server/file_roots.html) directory, which is configured as a `file_roots` parameter. This parameter is located in the '/etc/salt/master' configuration file on the Salt master, and this location is '/srv/salt' by default. Thus, in our case, we will use '/srv/salt' as the path.

The template will use Jinja syntax for the conditional loops, and the variables are accessed using `pillar.<var_name>`. We do have multiple options to create the template - Junos text configuration, XML, or Junos set commands. For now, let's go with a text configuration template.

```
cat /srv/salt/infrastructure_config.conf
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 3)">Run this snippet</button>

The next step is to create a salt SLS file, describing the state we want our 'vqfx1' and its configurations to be in. It will reference the [Junos state module] (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.junos.html) to provision the configuration template.

```
cat /srv/salt/provision_infrastructure.sls
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 4)">Run this snippet</button>

To apply the configuration changes, we need to execute a 'state.apply' function.

```
salt 'vqfx1' state.apply provision_infrastructure
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('salt1', 5)">Run this snippet</button>

Finally, let's check if the configurations were successfully loaded and committed.

```
show configuration | compare rollback 1
```
<button type="button" class="btn btn-primary btn-sm" onclick="runSnippetInTab('vqfx1', 6)">Run this snippet</button>

That's it for now - hopefully you enjoyed learning about Salt, and are ready to go automate!