Short of complete SDN, for those of you that have some degree of configuration templating and/or automation tools what is it that you run? I'm envisioning some sort of tool that let's me define template snippets of configuration and aids in their deployment to devices. I'm okay doing the heaving lifting in defining everything, I'm just looking for the tool that stitches it together and hopefully makes things a little less error prone for those who aren't as adept.
Graham Johnston
Network Planner
Westman Communications Group
204.717.2829
johnstong@westmancom.com<mailto:johnstong@westmancom.com>
Hi,
Take a look at Ansible
https://www.ansible.com/
Our whole infra is automated using it and it is great!
Regards,
Edy
I echo Ansible. I'm using it with NAPALM and jinja2 templates to push and
verify config on switches.
Oli
Graham Johnston wrote:
Short of complete SDN, for those of you that have some degree of
configuration templating and/or automation tools what is it that you
run? I'm envisioning some sort of tool that let's me define template
snippets of configuration and aids in their deployment to devices.
I'm okay doing the heaving lifting in defining everything, I'm just
looking for the tool that stitches it together and hopefully makes
things a little less error prone for those who aren't as adept.
you would probably want to look at napalm for something like this. It
will back-end into ansible or more recently, salt stack.
Nick
http://ipspace.net - search on everything ref network automation, under
webinars. Ivan is among the best in analysis and consolidation of such
info, and in documenting all options you may have.
Once you see what he has to offer, and definitely not only in the network
automation space, you may want to subscribe to all his webinars repository
access.
Regards,
***Stefan
Go templates: http://golang.org/> Fast and simple with gRPC and other good stuff like kelsey’s confd (a daemon that watches for changes and update templates)
% go doc text/template
package template // import "text/template"
Package template implements data-driven templates for generating textual
output.
To generate HTML output, see package html/template, which has the same
interface as this package but automatically secures HTML output against
certain attacks.
Templates are executed by applying them to a data structure. Annotations in
the template refer to elements of the data structure (typically a field of a
struct or a key in a map) to control execution and derive values to be
displayed. Execution of the template walks the structure and sets the
cursor, represented by a period '.' and called "dot", to the value at the
current location in the structure as execution proceeds.
The input text for a template is UTF-8-encoded text in any format.
"Actions"--data evaluations or control structures--are delimited by "{{" and
"}}"; all text outside actions is copied to the output unchanged. Except for
raw strings, actions may not span newlines, although comments can.
Once parsed, a template may be executed safely in parallel.
Here is a trivial example that prints "17 items are made of wool".
type Inventory struct {
Material string
Count uint
}
sweaters := Inventory{"wool", 17}
tmpl, err := template.New("test").Parse("{{.Count}} items are made of {{.Material}}")
if err != nil { panic(err) }
err = tmpl.Execute(os.Stdout, sweaters)
if err != nil { panic(err) }
Alexis
❦ 6 juin 2017 14:30 +0100, Oliver Elliott <Oliver.Elliott@bristol.ac.uk> :
I echo Ansible. I'm using it with NAPALM and jinja2 templates to push and
verify config on switches.
Why not using the builtin ability of ansible for most vendors? (genuine
question)
http://docs.ansible.com/ansible/list_of_network_modules.html
One reason, which is our reason for using NAPALM with Ansible, is that
the built in Ansible modules often just edit certain lines of config
in the target device. For example, the Cisco IOS module within Ansible
scans the device config for say the line starting with "Interface
Etherernet 1/1" and then I tell it to ensure the lines " ip vrf
customer A" and " ip address x.x.x.x n.n.n.n" are under the search
line. It's OK but its text matching and not fool proof. It also
doesn't help me to guarantee the state of our tin (I might push an
update to one interface on a device and simultaneously someone else
might pushes an update to a different interface, our respective views
of the device config might not include each other’s updates).
We use the NAPALM module although it needs to be a bit more than just
NAPALM, its not a panacea. We generate a full device config (even for
a one line interface update) and push that into atomic storage (git),
when then pass that file from git to NAPALM. NAPALM will copy the file
to the device and do a full config replace for us, and we can get a
diff from before and after that process and report that back and
ensure that exactly what we wanted to change has been changed only.
All changes come through git which act’s like a queue meaning that if
two people make simultaneous updates to different interfaces there’ll
be a git commit/push error. [1]
Cheers,
James.
[1] That’s the plan at least, the reality though is that vendor bugs
are plentiful.
Salt is great for generating configs based on jinja templates, and you can
use napalm in conjunction with salt to push the configs to the device on a
set schedule (typically this is done hourly). If manual changes are made to
the router, salt would override them on the next run, so it's a great way
to make sure configs are consistent.
again I understand and agree
the reach of your drowning analysis and understanding is awesome
hi randy bush
oops and hi jp confused of calcutta and chris locke rage boy
agree
again all of the above
thanks