WIP changes
Dan Ankers
parent
64c62977bc
commit
604dc68a6e
|
|
@ -1,9 +1,23 @@
|
|||
{% macro systemsection(device,root_pw,users,syslog_servers,ntp_servers) %}
|
||||
{% macro systemsection(device,root_pw,users,syslog_servers,ntp_servers,tacacs_servers) %}
|
||||
system {
|
||||
host-name {{ device.name }};
|
||||
{% if tacacs_servers %}
|
||||
authentication-order [ tacplus password ];
|
||||
{% endif %}
|
||||
root-authentication {
|
||||
encrypted-password "{{ root_pw }}"; ## Client Higher
|
||||
}
|
||||
{% if tacacs_servers %}
|
||||
tacplus-server {
|
||||
{% for server, details in tacacs_servers %}
|
||||
{{ server }} {
|
||||
port 49;
|
||||
secret "{{ details['secret']"; ## SECRET-DATA
|
||||
source-address {{ device.primary_ip4.address.ip }};
|
||||
}
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
||||
login {
|
||||
class sysadmin {
|
||||
permissions [ admin clear configure control firewall-control interface interface-control network reset rollback routing routing-control snmp snmp-control trace-control view view-configuration ];
|
||||
|
|
@ -12,25 +26,38 @@ system {
|
|||
user {{ user }} {
|
||||
uid 200{{ loop.index }};
|
||||
class {{ details['role'] }};
|
||||
{% if details['password'] %}
|
||||
authentication {
|
||||
encrypted-password "{{ details['password'] }}"; ## SECRET-DATA
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
}
|
||||
services {
|
||||
{% if device.role.name in ['Leaf','Spine'] %}
|
||||
ssh;
|
||||
{% else %}
|
||||
ssh {
|
||||
root-login deny;
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
syslog {
|
||||
{% for server in syslog_servers %}
|
||||
host {{ server }} {
|
||||
any notice;
|
||||
authorization info;
|
||||
{% if device.role.name in ['Leaf','Spine'] %}
|
||||
match "!(.*DH_SVC_SENDMSG_FAILURE.*|.*UI_.*|.*shmlog: unable to create argtype.*|.*DEBUG: PAM_USER.*|.*DEBUG: PAM_ACTUAL_USER.*|.*SNMPD_AUTH_FAILURE.*|.*/usr/sbin/cron.*|.*jl2tpd.*|.*dfcd.*|.*l2ald.*|.*cc_mic_sfp_is_present.*|.*RMOPD_ICMP_SENDMSG_FAILURE.*|.*acx_vpls_mesh_grp_get_info.*|.*last message repeated.*|.*Refreshing mastership.*|.*hw.chassis.startup_time update.*)";
|
||||
facility-override local6;
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
file interactive-commands {
|
||||
interactive-commands any;
|
||||
}
|
||||
{% if device.role.name in ['Leaf','Spine'] %}
|
||||
file linkupdown {
|
||||
any info;
|
||||
match "LINK_DOWN|LINK_UP";
|
||||
|
|
@ -39,6 +66,7 @@ system {
|
|||
any notice;
|
||||
authorization info;
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
{% if ntp_servers|length > 0 %}
|
||||
ntp {
|
||||
|
|
@ -53,11 +81,13 @@ system {
|
|||
|
||||
{% macro chassissection(device,breakout_ports) %}
|
||||
chassis {
|
||||
{% if device.interfaces.all()|selectattr('type','eq','lag')|list|count > 0 %}
|
||||
aggregated-devices {
|
||||
ethernet {
|
||||
device-count {{ device.interfaces.all()|selectattr('type','eq','lag')|list|count }};
|
||||
}
|
||||
}
|
||||
{% endif %}
|
||||
{% if breakout_ports %}
|
||||
{% for fpc, fpcdata in breakout_ports.items() %}
|
||||
fpc {{ fpc }} {
|
||||
|
|
@ -73,6 +103,11 @@ chassis {
|
|||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if device.role.name in ['Provider Core'] %}
|
||||
forwarding-options {
|
||||
lpm-profile;
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
{%- endmacro %}
|
||||
|
||||
|
|
@ -164,6 +199,17 @@ chassis {
|
|||
|
||||
{% macro interfacesection(device,vlans) %}
|
||||
interfaces {
|
||||
{% if device.role.name in ['Provider Core'] %}
|
||||
interface-range core-mpls {
|
||||
{% for interface in device.interfaces.filter(tags__name='vpls-core') %}
|
||||
member {{ interface }};
|
||||
{% endfor %}
|
||||
unit 0 {
|
||||
family inet;
|
||||
family mpls;
|
||||
}
|
||||
}
|
||||
{% endif %}
|
||||
{# Physical interfaces should be sorted by FPC/PIC/Port value - that's a challenge to do in Jinja so we cheat for now by putting the xe- interfaces first. This won't work for all devices! #}
|
||||
{% for interface in device.interfaces.filter(name__startswith='ge-') %}
|
||||
{{ interfaceconfig(interface) }}
|
||||
|
|
@ -200,9 +246,9 @@ interfaces {
|
|||
}
|
||||
{%- endmacro %}
|
||||
|
||||
{% macro snmpsection(rack, snmp) %}
|
||||
{% macro snmpsection(device, snmp) %}
|
||||
snmp {
|
||||
location "Domicilium Datacentre {{ rack['name'] }}";
|
||||
location "{{ device.rack.site.name }} Rack {{ device.rack.name }}";
|
||||
contact "{{ snmp['contact'] }}";
|
||||
community {{ snmp['community'] }} {
|
||||
authorization read-only;
|
||||
|
|
@ -219,13 +265,41 @@ snmp {
|
|||
}
|
||||
{%- endmacro %}
|
||||
|
||||
{% macro routingoptionssection(device, overlay_as, gateway) %}
|
||||
{% macro forwardingoptionssection(device) %}
|
||||
forwarding-options {
|
||||
hash-key {
|
||||
family inet {
|
||||
layer-4;
|
||||
}
|
||||
family mpls {
|
||||
label-1;
|
||||
label-2;
|
||||
payload {
|
||||
ip {
|
||||
port-data;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
family inet {
|
||||
filter {
|
||||
input protect_RE;
|
||||
}
|
||||
}
|
||||
}
|
||||
{%- endmacro %}
|
||||
|
||||
{% macro routingoptionssection(device, overlay_as = None, gateway = None, routes = None) %}
|
||||
routing-options {
|
||||
router-id {{ device.primary_ip4.address.ip }};
|
||||
{% if overlay_as %}
|
||||
autonomous-system {{ overlay_as }};
|
||||
{% if gateway %}
|
||||
{% endif %}
|
||||
{% if gateway or routes %}
|
||||
static {
|
||||
{% if gateway %}
|
||||
route 0.0.0.0/0 next-hop {{ gateway }};
|
||||
{% endif %}
|
||||
}
|
||||
{% endif %}
|
||||
forwarding-table {
|
||||
|
|
|
|||
Loading…
Reference in New Issue