From a0657ef147a05ff09776604ccd81a583b0e4da97 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Fri, 3 Feb 2023 07:51:41 -0500 Subject: Salt configuration examples --- docs/automation/index.rst | 3 +- docs/automation/vyos-salt.rst | 216 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 218 insertions(+), 1 deletion(-) create mode 100644 docs/automation/vyos-salt.rst diff --git a/docs/automation/index.rst b/docs/automation/index.rst index f9049c48..dd7b596a 100644 --- a/docs/automation/index.rst +++ b/docs/automation/index.rst @@ -3,7 +3,7 @@ VyOS Automation ############### - * Saltstack + * Nornir * startup scripts @@ -14,5 +14,6 @@ VyOS Automation vyos-ansible vyos-napalm vyos-netmiko + vyos-salt command-scripting cloud-init diff --git a/docs/automation/vyos-salt.rst b/docs/automation/vyos-salt.rst new file mode 100644 index 00000000..12be32a1 --- /dev/null +++ b/docs/automation/vyos-salt.rst @@ -0,0 +1,216 @@ +:lastproofread: 2023-01-16 + +.. _vyos-salt: + +.. include:: /_include/need_improvement.txt + +Salt +==== + +VyOS supports op-mode and configuration via salt_. + +Without proxy it requires VyOS minion configuration +and supports op-mode data: + +.. code-block:: none + + set service salt-minion id 'r14' + set service salt-minion master '192.0.2.250' + +Check salt-keys on the salt master + +.. code-block:: none + + / # salt-key --list-all + Accepted Keys: + r11 + Denied Keys: + Unaccepted Keys: + r14 + Rejected Keys: + +Accept minion key + +.. code-block:: none + + / # salt-key --accept r14 + The following keys are going to be accepted: + Unaccepted Keys: + r14 + Proceed? [n/Y] y + Key for minion r14 accepted. + + + +Check that salt master can communicate with minions + +.. code-block:: none + + / # salt '*' test.ping + r14: + True + r11: + True + +At this step we can get some op-mode information from VyOS nodes: + +.. code-block:: none + + / # salt '*' network.interface eth0 + r11: + |_ + ---------- + address: + 192.0.2.11 + broadcast: + 192.0.2.255 + label: + eth0 + netmask: + 255.255.255.0 + r14: + |_ + ---------- + address: + 192.0.2.14 + broadcast: + 192.0.2.255 + label: + eth0 + netmask: + 255.255.255.0 + + + / # salt r14 network.arp + r14: + ---------- + aa:bb:cc:dd:f3:db: + 192.0.2.1 + aa:bb:cc:dd:2e:80: + 203.0.113.1 + + + + +Netmiko-proxy +------------- + +It is possible to configure VyOS via netmiko_ proxy module. +It requires a minion with installed packet ``python3-netmiko`` module +who has a connection to VyOS nodes. Salt-minion have to communicate +with salt master + +Configuration +^^^^^^^^^^^^^ + +Salt master configuration: + +.. code-block:: none + + / # cat /etc/salt/master + file_roots: + base: + - /srv/salt/states + + pillar_roots: + base: + - /srv/salt/pillars + +Structure of /srv/salt: + +.. code-block:: none + + / # tree /srv/salt/ + /srv/salt/ + |___ pillars + | |__ r11-proxy.sls + | |__ top.sls + |___ states + |__ commands.txt + +top.sls + +.. code-block:: none + + / # cat /srv/salt/pillars/top.sls + base: + r11-proxy: + - r11-proxy + + +r11-proxy.sls Includes parameters for connecting to salt-proxy minion + +.. code-block:: none + + / # cat /srv/salt/pillars/r11-proxy.sls + proxy: + proxytype: netmiko # how to connect to proxy minion, change it + device_type: vyos # + host: 192.0.2.250 + username: user + password: secret_passwd + +commands.txt + +.. code-block:: none + + / # cat /srv/salt/states/commands.txt + set interfaces ethernet eth0 description 'WAN' + set interfaces ethernet eth1 description 'LAN' + +Check that proxy minion is alive: + +.. code-block:: none + + / # salt r11-proxy test.ping + r11-proxy: + True + / # + +Examples +^^^^^^^^ + +Example of op-mode: + +.. code-block:: none + + / # salt r11-proxy netmiko.send_command 'show interfaces ethernet eth0 brief' host=192.0.2.14 device_type=vyos username=vyos password=vyos + r11-proxy: + Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down + Interface IP Address S/L Description + --------- ---------- --- ----------- + eth0 192.0.2.14/24 u/u Upstream + / # + +Example of configuration: + +.. code-block:: none + + / # salt r11-proxy netmiko.send_config config_commands=['set interfaces ethernet eth0 description Link_to_WAN'] commit=True host=192.0.2.14 device_type=vyos username=vyos password=vyos + r11-proxy: + configure + set interfaces ethernet eth0 description Link_to_WAN + [edit] + vyos@r14# commit + [edit] + vyos@r14# + / # + +Example of configuration commands from the file "/srv/salt/states/commands.txt" + +.. code-block:: none + + / # salt r11-proxy netmiko.send_config config_file=salt://commands.txt commit=True host=192.0.2.11 device_type=vyos username=vyos password=vyos + r11-proxy: + configure + set interfaces ethernet eth0 description 'WAN' + [edit] + vyos@r1# set interfaces ethernet eth1 description 'LAN' + [edit] + vyos@r1# commit + [edit] + vyos@r1# + / # + +.. _salt: https://docs.saltproject.io/en/latest/contents.html +.. _netmiko: https://docs.saltproject.io/en/latest/ref/modules/all/salt.modules.netmiko_mod.html#module-salt.modules.netmiko_mod \ No newline at end of file -- cgit v1.2.3