1 files changed, 216 insertions, 0 deletions

diff --git a/docs/automation/vyos-salt.rst b/docs/automation/vyos-salt.rst
new file mode 100644
index 00000000..12be32a1
--- /dev/null
+++ b/docs/automation/vyos-salt.rst
@@ -0,0 +1,216 @@
+:lastproofread: 2023-01-16
+
+.. _vyos-salt:
+
+.. include:: /_include/need_improvement.txt
+
+Salt
+====
+
+VyOS supports op-mode and configuration via salt_.
+
+Without proxy it requires VyOS minion configuration
+and supports op-mode data:
+
+.. code-block:: none
+
+  set service salt-minion id 'r14'
+  set service salt-minion master '192.0.2.250'
+
+Check salt-keys on the salt master
+
+.. code-block:: none
+
+  / # salt-key --list-all
+  Accepted Keys:
+  r11
+  Denied Keys:
+  Unaccepted Keys:
+  r14
+  Rejected Keys:
+
+Accept minion key
+
+.. code-block:: none
+
+  / # salt-key --accept r14
+  The following keys are going to be accepted:
+  Unaccepted Keys:
+  r14
+  Proceed? [n/Y] y
+  Key for minion r14 accepted.
+
+
+
+Check that salt master can communicate with minions
+
+.. code-block:: none
+
+  / # salt '*' test.ping
+  r14:
+      True
+  r11:
+      True
+
+At this step we can get some op-mode information from VyOS nodes:
+
+.. code-block:: none
+
+  / # salt '*' network.interface eth0
+  r11:
+      |_
+        ----------
+        address:
+            192.0.2.11
+        broadcast:
+            192.0.2.255
+        label:
+            eth0
+        netmask:
+            255.255.255.0
+  r14:
+      |_
+        ----------
+        address:
+            192.0.2.14
+        broadcast:
+            192.0.2.255
+        label:
+            eth0
+        netmask:
+            255.255.255.0
+
+
+  / # salt r14 network.arp
+  r14:
+      ----------
+      aa:bb:cc:dd:f3:db:
+          192.0.2.1
+      aa:bb:cc:dd:2e:80:
+          203.0.113.1
+
+
+
+
+Netmiko-proxy
+-------------
+
+It is possible to configure VyOS via netmiko_ proxy module.
+It requires a minion with installed packet  ``python3-netmiko`` module
+who has a connection to VyOS nodes. Salt-minion have to communicate
+with salt master
+
+Configuration
+^^^^^^^^^^^^^
+
+Salt master configuration:
+
+.. code-block:: none
+
+  / # cat /etc/salt/master
+  file_roots:
+    base:
+      - /srv/salt/states
+
+  pillar_roots:
+    base:
+      - /srv/salt/pillars
+
+Structure of /srv/salt:
+
+.. code-block:: none
+
+  / # tree /srv/salt/
+  /srv/salt/
+  |___ pillars
+  |      |__ r11-proxy.sls
+  |      |__ top.sls
+  |___ states
+         |__ commands.txt
+
+top.sls
+
+.. code-block:: none
+
+  / # cat /srv/salt/pillars/top.sls
+  base:
+    r11-proxy:
+      - r11-proxy
+
+
+r11-proxy.sls Includes parameters for connecting to salt-proxy minion
+
+.. code-block:: none
+
+  / # cat /srv/salt/pillars/r11-proxy.sls 
+  proxy:
+    proxytype: netmiko # how to connect to proxy minion, change it
+    device_type: vyos  # 
+    host: 192.0.2.250
+    username: user
+    password: secret_passwd
+
+commands.txt
+
+.. code-block:: none
+
+  / # cat /srv/salt/states/commands.txt 
+  set interfaces ethernet eth0 description 'WAN'
+  set interfaces ethernet eth1 description 'LAN'
+
+Check that proxy minion is alive:
+
+.. code-block:: none
+
+  / # salt r11-proxy test.ping
+  r11-proxy:
+      True
+  / #
+
+Examples
+^^^^^^^^
+
+Example of op-mode:
+
+.. code-block:: none
+
+  / # salt r11-proxy netmiko.send_command 'show interfaces ethernet eth0 brief' host=192.0.2.14 device_type=vyos username=vyos password=vyos
+  r11-proxy:
+      Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
+      Interface        IP Address                        S/L  Description
+      ---------        ----------                        ---  -----------
+      eth0             192.0.2.14/24                     u/u  Upstream
+  / # 
+
+Example of configuration:
+
+.. code-block:: none
+
+  / # salt r11-proxy netmiko.send_config config_commands=['set interfaces ethernet eth0 description Link_to_WAN'] commit=True host=192.0.2.14 device_type=vyos username=vyos password=vyos
+  r11-proxy:
+      configure
+      set interfaces ethernet eth0 description Link_to_WAN
+      [edit]
+      vyos@r14# commit
+      [edit]
+      vyos@r14#
+  / #
+
+Example of configuration commands from the file "/srv/salt/states/commands.txt"
+
+.. code-block:: none
+
+  / # salt r11-proxy netmiko.send_config config_file=salt://commands.txt commit=True host=192.0.2.11 device_type=vyos username=vyos password=vyos
+  r11-proxy:
+      configure
+      set interfaces ethernet eth0 description 'WAN'
+      [edit]
+      vyos@r1# set interfaces ethernet eth1 description 'LAN'
+      [edit]
+      vyos@r1# commit
+      [edit]
+      vyos@r1#
+  / #
+
+.. _salt: https://docs.saltproject.io/en/latest/contents.html
+.. _netmiko: https://docs.saltproject.io/en/latest/ref/modules/all/salt.modules.netmiko_mod.html#module-salt.modules.netmiko_mod
\ No newline at end of file