WIP changes
Dan Ankers
parent
64c62977bc
commit
604dc68a6e
|
|
@ -1,9 +1,23 @@
|
||||||
{% macro systemsection(device,root_pw,users,syslog_servers,ntp_servers) %}
|
{% macro systemsection(device,root_pw,users,syslog_servers,ntp_servers,tacacs_servers) %}
|
||||||
system {
|
system {
|
||||||
host-name {{ device.name }};
|
host-name {{ device.name }};
|
||||||
|
{% if tacacs_servers %}
|
||||||
|
authentication-order [ tacplus password ];
|
||||||
|
{% endif %}
|
||||||
root-authentication {
|
root-authentication {
|
||||||
encrypted-password "{{ root_pw }}"; ## Client Higher
|
encrypted-password "{{ root_pw }}"; ## Client Higher
|
||||||
}
|
}
|
||||||
|
{% if tacacs_servers %}
|
||||||
|
tacplus-server {
|
||||||
|
{% for server, details in tacacs_servers %}
|
||||||
|
{{ server }} {
|
||||||
|
port 49;
|
||||||
|
secret "{{ details['secret']"; ## SECRET-DATA
|
||||||
|
source-address {{ device.primary_ip4.address.ip }};
|
||||||
|
}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
login {
|
login {
|
||||||
class sysadmin {
|
class sysadmin {
|
||||||
permissions [ admin clear configure control firewall-control interface interface-control network reset rollback routing routing-control snmp snmp-control trace-control view view-configuration ];
|
permissions [ admin clear configure control firewall-control interface interface-control network reset rollback routing routing-control snmp snmp-control trace-control view view-configuration ];
|
||||||
|
|
@ -12,25 +26,38 @@ system {
|
||||||
user {{ user }} {
|
user {{ user }} {
|
||||||
uid 200{{ loop.index }};
|
uid 200{{ loop.index }};
|
||||||
class {{ details['role'] }};
|
class {{ details['role'] }};
|
||||||
|
{% if details['password'] %}
|
||||||
authentication {
|
authentication {
|
||||||
encrypted-password "{{ details['password'] }}"; ## SECRET-DATA
|
encrypted-password "{{ details['password'] }}"; ## SECRET-DATA
|
||||||
}
|
}
|
||||||
|
{% endif %}
|
||||||
}
|
}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
}
|
}
|
||||||
services {
|
services {
|
||||||
|
{% if device.role.name in ['Leaf','Spine'] %}
|
||||||
ssh;
|
ssh;
|
||||||
|
{% else %}
|
||||||
|
ssh {
|
||||||
|
root-login deny;
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
}
|
}
|
||||||
syslog {
|
syslog {
|
||||||
{% for server in syslog_servers %}
|
{% for server in syslog_servers %}
|
||||||
host {{ server }} {
|
host {{ server }} {
|
||||||
any notice;
|
any notice;
|
||||||
authorization info;
|
authorization info;
|
||||||
|
{% if device.role.name in ['Leaf','Spine'] %}
|
||||||
|
match "!(.*DH_SVC_SENDMSG_FAILURE.*|.*UI_.*|.*shmlog: unable to create argtype.*|.*DEBUG: PAM_USER.*|.*DEBUG: PAM_ACTUAL_USER.*|.*SNMPD_AUTH_FAILURE.*|.*/usr/sbin/cron.*|.*jl2tpd.*|.*dfcd.*|.*l2ald.*|.*cc_mic_sfp_is_present.*|.*RMOPD_ICMP_SENDMSG_FAILURE.*|.*acx_vpls_mesh_grp_get_info.*|.*last message repeated.*|.*Refreshing mastership.*|.*hw.chassis.startup_time update.*)";
|
||||||
|
facility-override local6;
|
||||||
|
{% endif %}
|
||||||
}
|
}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
file interactive-commands {
|
file interactive-commands {
|
||||||
interactive-commands any;
|
interactive-commands any;
|
||||||
}
|
}
|
||||||
|
{% if device.role.name in ['Leaf','Spine'] %}
|
||||||
file linkupdown {
|
file linkupdown {
|
||||||
any info;
|
any info;
|
||||||
match "LINK_DOWN|LINK_UP";
|
match "LINK_DOWN|LINK_UP";
|
||||||
|
|
@ -39,6 +66,7 @@ system {
|
||||||
any notice;
|
any notice;
|
||||||
authorization info;
|
authorization info;
|
||||||
}
|
}
|
||||||
|
{% endif %}
|
||||||
}
|
}
|
||||||
{% if ntp_servers|length > 0 %}
|
{% if ntp_servers|length > 0 %}
|
||||||
ntp {
|
ntp {
|
||||||
|
|
@ -53,11 +81,13 @@ system {
|
||||||
|
|
||||||
{% macro chassissection(device,breakout_ports) %}
|
{% macro chassissection(device,breakout_ports) %}
|
||||||
chassis {
|
chassis {
|
||||||
|
{% if device.interfaces.all()|selectattr('type','eq','lag')|list|count > 0 %}
|
||||||
aggregated-devices {
|
aggregated-devices {
|
||||||
ethernet {
|
ethernet {
|
||||||
device-count {{ device.interfaces.all()|selectattr('type','eq','lag')|list|count }};
|
device-count {{ device.interfaces.all()|selectattr('type','eq','lag')|list|count }};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
{% endif %}
|
||||||
{% if breakout_ports %}
|
{% if breakout_ports %}
|
||||||
{% for fpc, fpcdata in breakout_ports.items() %}
|
{% for fpc, fpcdata in breakout_ports.items() %}
|
||||||
fpc {{ fpc }} {
|
fpc {{ fpc }} {
|
||||||
|
|
@ -73,6 +103,11 @@ chassis {
|
||||||
}
|
}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if device.role.name in ['Provider Core'] %}
|
||||||
|
forwarding-options {
|
||||||
|
lpm-profile;
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
}
|
}
|
||||||
{%- endmacro %}
|
{%- endmacro %}
|
||||||
|
|
||||||
|
|
@ -164,6 +199,17 @@ chassis {
|
||||||
|
|
||||||
{% macro interfacesection(device,vlans) %}
|
{% macro interfacesection(device,vlans) %}
|
||||||
interfaces {
|
interfaces {
|
||||||
|
{% if device.role.name in ['Provider Core'] %}
|
||||||
|
interface-range core-mpls {
|
||||||
|
{% for interface in device.interfaces.filter(tags__name='vpls-core') %}
|
||||||
|
member {{ interface }};
|
||||||
|
{% endfor %}
|
||||||
|
unit 0 {
|
||||||
|
family inet;
|
||||||
|
family mpls;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
{# Physical interfaces should be sorted by FPC/PIC/Port value - that's a challenge to do in Jinja so we cheat for now by putting the xe- interfaces first. This won't work for all devices! #}
|
{# Physical interfaces should be sorted by FPC/PIC/Port value - that's a challenge to do in Jinja so we cheat for now by putting the xe- interfaces first. This won't work for all devices! #}
|
||||||
{% for interface in device.interfaces.filter(name__startswith='ge-') %}
|
{% for interface in device.interfaces.filter(name__startswith='ge-') %}
|
||||||
{{ interfaceconfig(interface) }}
|
{{ interfaceconfig(interface) }}
|
||||||
|
|
@ -200,9 +246,9 @@ interfaces {
|
||||||
}
|
}
|
||||||
{%- endmacro %}
|
{%- endmacro %}
|
||||||
|
|
||||||
{% macro snmpsection(rack, snmp) %}
|
{% macro snmpsection(device, snmp) %}
|
||||||
snmp {
|
snmp {
|
||||||
location "Domicilium Datacentre {{ rack['name'] }}";
|
location "{{ device.rack.site.name }} Rack {{ device.rack.name }}";
|
||||||
contact "{{ snmp['contact'] }}";
|
contact "{{ snmp['contact'] }}";
|
||||||
community {{ snmp['community'] }} {
|
community {{ snmp['community'] }} {
|
||||||
authorization read-only;
|
authorization read-only;
|
||||||
|
|
@ -219,13 +265,41 @@ snmp {
|
||||||
}
|
}
|
||||||
{%- endmacro %}
|
{%- endmacro %}
|
||||||
|
|
||||||
{% macro routingoptionssection(device, overlay_as, gateway) %}
|
{% macro forwardingoptionssection(device) %}
|
||||||
|
forwarding-options {
|
||||||
|
hash-key {
|
||||||
|
family inet {
|
||||||
|
layer-4;
|
||||||
|
}
|
||||||
|
family mpls {
|
||||||
|
label-1;
|
||||||
|
label-2;
|
||||||
|
payload {
|
||||||
|
ip {
|
||||||
|
port-data;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
family inet {
|
||||||
|
filter {
|
||||||
|
input protect_RE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{%- endmacro %}
|
||||||
|
|
||||||
|
{% macro routingoptionssection(device, overlay_as = None, gateway = None, routes = None) %}
|
||||||
routing-options {
|
routing-options {
|
||||||
router-id {{ device.primary_ip4.address.ip }};
|
router-id {{ device.primary_ip4.address.ip }};
|
||||||
|
{% if overlay_as %}
|
||||||
autonomous-system {{ overlay_as }};
|
autonomous-system {{ overlay_as }};
|
||||||
{% if gateway %}
|
{% endif %}
|
||||||
|
{% if gateway or routes %}
|
||||||
static {
|
static {
|
||||||
|
{% if gateway %}
|
||||||
route 0.0.0.0/0 next-hop {{ gateway }};
|
route 0.0.0.0/0 next-hop {{ gateway }};
|
||||||
|
{% endif %}
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
forwarding-table {
|
forwarding-table {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue