dan
/
hobarton_config_templates
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: dan:netbox
Branches Tags
dan:netbox
dan:main
..
compare: dan:main
Branches Tags
dan:netbox
dan:main

No commits in common. "netbox" and "main" have entirely different histories.
netbox ... main

4 changed files with 105 additions and 204 deletions
Show Stats Expand all files Collapse all files

274
juniper-macros.j2
View File

@ -1,63 +1,36 @@
{% macro systemsection(device,root_pw,users,syslog_servers,ntp_servers,tacacs_servers) %}
{% macro systemsection(device) %}
system {
host-name {{ device.name }};
{% if tacacs_servers %}
authentication-order [ tacplus password ];
{% endif %}
host-name {{ device['hostname'] }};
root-authentication {
encrypted-password "{{ root_pw }}"; ## Client Higher
encrypted-password "{{ device['config_context']['root_pw'] }}"; ## Client Higher
}
{% if tacacs_servers %}
tacplus-server {
{% for server, details in tacacs_servers %}
{{ server }} {
port 49;
secret "{{ details['secret'] }}"; ## SECRET-DATA
source-address {{ device.primary_ip4.address.ip }};
}
{% endfor %}
}
{% endif %}
login {
class sysadmin {
permissions [ admin clear configure control firewall-control interface interface-control network reset rollback routing routing-control snmp snmp-control trace-control view view-configuration ];
}
{% for user, details in users|dictsort %}
{% for user, details in device['config_context']['users']|dictsort %}
user {{ user }} {
uid 200{{ loop.index }};
class {{ details['role'] }};
{% if details['password'] %}
authentication {
encrypted-password "{{ details['password'] }}"; ## SECRET-DATA
}
{% endif %}
}
{% endfor %}
}
services {
{% if device.role.name in ['Leaf','Spine'] %}
ssh;
{% else %}
ssh {
root-login deny;
}
{% endif %}
}
syslog {
{% for server in syslog_servers %}
{% for server in device['config_context']['syslog_servers'] %}
host {{ server }} {
any notice;
authorization info;
{% if device.role.name in ['Leaf','Spine'] %}
match "!(.*DH_SVC_SENDMSG_FAILURE.*|.*UI_.*|.*shmlog: unable to create argtype.*|.*DEBUG: PAM_USER.*|.*DEBUG: PAM_ACTUAL_USER.*|.*SNMPD_AUTH_FAILURE.*|.*/usr/sbin/cron.*|.*jl2tpd.*|.*dfcd.*|.*l2ald.*|.*cc_mic_sfp_is_present.*|.*RMOPD_ICMP_SENDMSG_FAILURE.*|.*acx_vpls_mesh_grp_get_info.*|.*last message repeated.*|.*Refreshing mastership.*|.*hw.chassis.startup_time update.*)";
facility-override local6;
{% endif %}
}
{% endfor %}
file interactive-commands {
interactive-commands any;
}
{% if device.role.name in ['Leaf','Spine'] %}
file linkupdown {
any info;
match "LINK_DOWN|LINK_UP";
@ -66,11 +39,10 @@ system {
any notice;
authorization info;
}
{% endif %}
}
{% if ntp_servers|length > 0 %}
{% if device['config_context']['ntp_servers']|length > 0 %}
ntp {
{% for server in ntp_servers %}
{% for server in device['config_context']['ntp_servers'] %}
server {{ server }};
{% endfor %}
}
@ -79,17 +51,15 @@ system {
{%- endmacro %}
{% macro chassissection(device,breakout_ports) %}
{% macro chassissection(device) %}
chassis {
{% if device.interfaces.all()|selectattr('type','eq','lag')|list|count > 0 %}
aggregated-devices {
ethernet {
device-count {{ device.interfaces.all()|selectattr('type','eq','lag')|list|count }};
device-count {{ device['interfaces']|selectattr('type','eq','LAG')|list|count }};
}
}
{% endif %}
{% if breakout_ports %}
{% for fpc, fpcdata in breakout_ports.items() %}
{% if device['config_context']['breakout_ports'] %}
{% for fpc, fpcdata in device['config_context']['breakout_ports'].items() %}
fpc {{ fpc }} {
{% for pic, picdata in fpcdata.items() %}
pic {{ pic }} {
@ -103,36 +73,25 @@ chassis {
}
{% endfor %}
{% endif %}
{% if device.role.name in ['Provider Core'] %}
forwarding-options {
lpm-profile;
}
{% endif %}
}
{%- endmacro %}
{% macro interfaceconfig(interface,rack = None) -%}
{% if not ('-' in interface.name) or interface.description or interface.lag or interface.ip_addresses.count() or interface.connected_endpoints or interface.mode or interface.tagged_vlans.all() or interface.untagged_vlan %}
{{ interface.name }} {
{% if interface.description %}
description "{{ interface.description }}";
{% macro interfaceconfig(interface,rack = None) %}
{{ interface['name'] }} {
{% if interface.get('description') != '' %}
description "{{ interface['description'] }}";
{% endif %}
{% if interface.mtu and not interface.lag %}
mtu {{ interface.mtu }};
{% if interface.get('mtu') and not interface.get('lag') %}
mtu {{ interface['mtu'] }};
{% endif %}
{% if interface.device.role.name in ['Provide Core'] %}
flexible-vlan-tagging;
native-vlan-id 1;
encapsulation flexible-ethernet-services;
{% endif %}
{% if interface.lag %}
{% if interface.get('lag') %}
ether-options {
802.3ad {{ interface.lag.name }};
802.3ad {{ interface['lag']['name'] }};
}
{% endif %}
{% if interface.name.startswith('ae') %}
{% if interface.custom_field_data['esi_lag'] %}
{% if interface['name'].startswith('ae') %}
{% if interface['_custom_field_data']['esi_lag'] %}
esi {
auto-derive {
lacp;
@ -143,39 +102,35 @@ chassis {
aggregated-ether-options {
lacp {
periodic fast;
{% if interface.custom_field_data['system_id'] %}
system-id {{ interface.custom_field_data['system_id'] }};
{% elif interface.custom_field_data['esi_lag'] %}
system-id 00:00:{{ '%02d' % rack|int }}:{% if interface.name[2:]|int < 99 %}{{ '%02d' % interface.name[2:]|int }}{% else %}{{ '%02x' % interface.name[2:]|int }}{% endif %}:00:01;
{% if interface['_custom_field_data']['system_id'] %}
system-id {{ interface['_custom_field_data']['system_id'] }};
{% elif interface['_custom_field_data']['esi_lag'] %}
system-id 00:00:{{ '%02d' % rack|int }}:{% if interface['name'][2:]|int < 99 %}{{ '%02d' % interface['name'][2:]|int }}{% else %}{{ '%02x' % interface['name'][2:]|int }}{% endif %}:00:01;
{% endif %}
}
}
{% endif %}
{% if interface.ip_addresses.count() > 0 %}
{% if interface['ip_addresses']|length > 0 %}
unit 0 {
{% if (interface.connected_endpoints) and (interface.connected_endpoints[0].device.role.name == 'Provider Core') %}
vlan-id 1;
{% endif %}
family inet {
{% if interface.ip_addresses.first().status == 'reserved' %}inactive: {% endif %}address {{ interface.ip_addresses.first().address }};
{% if interface['ip_addresses'][0]['status']['name'] == 'Reserved' %}inactive: {% endif %}address {{ interface['ip_addresses'][0]['address'] }};
}
}
{% endif %}
{% if interface.device.role.name in ['Leaf','Spine'] %}
{% if interface.mode != '' %}
{% if interface.get('mode') is not none %}
unit 0 {
family ethernet-switching {
{% if interface.mode=='ACCESS' %}
{% if interface['mode']=='ACCESS' %}
interface-mode access;
vlan {
members {{ interface.untagged_vlan.vid }};
members {{ interface['untagged_vlan']['vid'] }};
}
{% elif interface.mode=='TAGGED' %}
{% elif interface['mode']=='TAGGED' %}
interface-mode trunk;
vlan {
members [ {% for vlan in interface.tagged_vlans %}{{ vlan.vid }} {% endfor %}];
members [ {% for vlan in interface['tagged_vlans'] %}{{ vlan['vid'] }} {% endfor %}];
}
{% elif interface.mode=='TAGGED_ALL' %}
{% elif interface['mode']=='TAGGED_ALL' %}
interface-mode trunk;
vlan {
members [ all ];
@ -184,81 +139,52 @@ chassis {
storm-control default;
}
}
{% elif interface.device.role.name in ['Provider Core'] and interface.connected_endpoints %}
{% if interface.connected_endpoints[0].device.role.name in ['Provider Edge'] %}
{% for vlan in interface.tagged_vlans %}
unit {{ vlan.vid }} {
encapsulation vlan-vpls;
vlan-id {{ vlan.vid }};
}
{% endfor %}
{% endif %}
{% endif %}
{% endif %}
}
{% endif %}
{%- endmacro %}
{% macro interfacesection(device,vlans) %}
interfaces {
{% if device.role.name in ['Provider Core'] %}
interface-range core-mpls {
{% for interface in device.interfaces.filter(cable__isnull=False) %}
{% if interface.connected_endpoints and interface.connected_endpoints[0].device.role.name in ['Provider Core'] %}
member {{ interface }};
{% endif %}
{% endfor %}
unit 0 {
family inet;
family mpls;
}
}
{% endif %}
{# Physical interfaces should be sorted by FPC/PIC/Port value - that's a challenge to do in Jinja so we cheat for now by putting the xe- interfaces first. This won't work for all devices! #}
{% for interface in device.interfaces.filter(name__contains='-')|j2_natsort(attribute="name") %}
{{- interfaceconfig(interface) }}
{% endfor %}
{% for interface in device.interfaces.filter(name__startswith='ae') %}
{{ interfaceconfig(interface,device.rack.name[5:]) }}
{% endfor %}
{% for interface in device.interfaces.filter(name__exact='em0') %}
{% for interface in device['interfaces'] if interface['name'].startswith('xe-') %}
{{ interfaceconfig(interface) }}
{% endfor %}
{% for interface in device.interfaces.filter(name__startswith='irb') %}
{% for interface in device['interfaces'] if interface['name'].startswith('et-') %}
{{ interfaceconfig(interface) }}
{% endfor %}
{% for interface in device['interfaces'] if interface['name'].startswith('ae') %}
{{ interfaceconfig(interface,device['rack']['name'][5:]) }}
{% endfor %}
{% for interface in device['interfaces'] if interface['name']=='em0' %}
{{ interfaceconfig(interface) }}
{% endfor %}
{% for interface in device['interfaces'] if interface['name'].startswith('irb') %}
{% if loop.first %}
irb {
{% endif %}
unit {{ interface.name[4:] }} {
description "{{ interface.description }}";
unit {{ interface['name'][4:] }} {
description "{{ interface['description'] }}";
family inet {
{% if interface.ip_addresses.first().status == 'reserved' %}inactive: {% endif %}address {{ interface.ip_addresses.first().address }};
{% if interface['ip_addresses'][0]['status']['name'] == 'Reserved' %}inactive: {% endif %}address {{ interface['ip_addresses'][0]['address'] }};
}
}
{% if loop.last %}
}
{% endif %}
{% endfor %}
{% for interface in device.interfaces.filter(name__startswith='lo') %}
{% for interface in device['interfaces'] if interface['name'].startswith('lo') %}
{{ interfaceconfig(interface) }}
{% endfor %}
}
{%- endmacro %}
{% macro snmpsection(device, snmp) %}
{% macro snmpsection(rack, config_context) %}
snmp {
{% if device.rack and device.rack.site %}
location "{{ device.rack.site.name }} Rack {{ device.rack.name }}";
{% elif device.rack and device.site %}
location "{{ device.site.name }} Rack {{ device.rack.name }}";
{% elif device.site %}
location "{{ device.site.name }}"
{% elif device.rack %}
location "{{ device.rack.name }}"
{% endif %}
contact "{{ snmp['contact'] }}";
community {{ snmp['community'] }} {
location "Domicilium Datacentre {{ rack['name'] }}";
contact "{{ config_context['snmp']['contact'] }}";
community {{ config_context['snmp']['community'] }} {
authorization read-only;
{% for client in snmp['clients'] %}
{% for client in config_context['snmp']['clients'] %}
{% if loop.first %}
clients {
{% endif %}
@ -271,43 +197,13 @@ snmp {
}
{%- endmacro %}
{% macro forwardingoptionssection(device) %}
forwarding-options {
hash-key {
family inet {
layer-4;
}
family mpls {
label-1;
label-2;
payload {
ip {
port-data;
}
}
}
}
family inet {
filter {
input protect_RE;
}
}
}
{%- endmacro %}
{% macro routingoptionssection(device, overlay_as = None, gateway = None, routes = None) %}
{% macro routingoptionssection(primary_ip4, config_context) %}
routing-options {
{% if device.primary_ip4 %}
router-id {{ device.primary_ip4.address.ip }};
{% endif %}
{% if overlay_as %}
autonomous-system {{ overlay_as }};
{% endif %}
{% if gateway or routes %}
router-id {{ primary_ip4['address'][:-3] }};
autonomous-system {{ config_context['overlay_as'] }};
{% if config_context['gateway'] %}
static {
{% if gateway %}
route 0.0.0.0/0 next-hop {{ gateway }};
{% endif %}
route 0.0.0.0/0 next-hop {{ config_context['gateway'] }};
}
{% endif %}
forwarding-table {
@ -333,8 +229,8 @@ routing-options {
multiplier 3;
session-mode automatic;
}
{% for dst_switch in spines if dst_switch.primary_ip4.address != device.primary_ip4.address %}
neighbor {{ dst_switch.primary_ip4.address.ip }};
{% for dst_switch in spines if dst_switch['primary_ip4']['address'] != device['primary_ip4']['address'] %}
neighbor {{ dst_switch['primary_ip4']['address'][:-3] }};
{% endfor %}
}
{%- endmacro %}
@ -342,12 +238,12 @@ routing-options {
{% macro bgpoverlaygroup(device) %}
group OVERLAY {
type internal;
local-address {{ device.primary_ip4.address.ip }};
local-address {{ device['primary_ip4']['address'][:-3] }};
family evpn {
signaling;
}
{% if device.role.name == 'Spine' %}
cluster {{ device.primary_ip4.address.ip }};
{% if device['device_role']['name'] == 'Spine' %}
cluster {{ device['primary_ip4']['address'][:-3] }};
multipath;
{% endif %}
bfd-liveness-detection {
@ -355,8 +251,8 @@ routing-options {
multiplier 3;
session-mode automatic;
}
{% for interface in device.interfaces.filter(cable__isnull=False) %}
neighbor {{ interface.connected_endpoints[0].device.primary_ip4.address.ip }};
{% for dst_switch in device['peering_interfaces'] %}
neighbor {{ dst_switch['cable_peer_interface']['device']['primary_ip4']['address'][:-3] }};
{% endfor %}
}
{%- endmacro %}
@ -371,13 +267,13 @@ routing-options {
unicast;
}
export BGP_LOOPBACK0;
local-as {{ device.local_context_data['underlay_as'] }};
local-as {{ device['config_context']['underlay_as'] }};
multipath {
multiple-as;
}
{% for interface in device.interfaces.filter(cable__isnull=False) %}
neighbor {{ interface.connected_endpoints[0].ip_addresses.first().address.ip }} {
peer-as {{ interface.connected_endpoints[0].device.local_context_data['underlay_as'] }};
{% for dst_switch in device['peering_interfaces'] %}
neighbor {{ dst_switch['cable_peer_interface']['ip_addresses'][0]['address'][:-3] }} {
peer-as {{ dst_switch['cable_peer_interface']['device']['local_context_data']['underlay_as'] }};
}
{% endfor %}
}
@ -386,14 +282,18 @@ routing-options {
{% macro bgpsection(device,spines) %}
{% if device.role.name in ['Spine','Lab-Spine'] %}
{% if device['device_role']['name'] in ['Spine','Lab-Spine'] %}
{% set role='Spine' %}
{% set other_role='Leaf' %}
{% else %}
{% set role='Leaf' %}
{% set other_role='Spine' %}
{% endif %}
{% set name=device.name %}
{% if device['device_role']['name'] == 'Lab-Spine' %}
{% set name=device['name'][4:] %}
{% else %}
{% set name=device['name'] %}
{% endif %}
bgp {
{{ bgpoverlaygroup(device) }}
{% if role == 'Spine' %}
@ -405,32 +305,34 @@ routing-options {
{%- endmacro %}
{% macro sflowsection(sflow) %}
{% macro sflowsection(device) %}
{% if device['config_context']['sflow'] %}
sflow {
{% for collector in sflow['collectors'] %}
{% for collector in device['config_context']['sflow']['collectors'] %}
collector {{ collector }};
{% endfor %}
{% for interface in sflow['interfaces'] %}
{% for interface in device['config_context']['sflow']['interfaces'] %}
interfaces {{ interface }}.0;
{% endfor %}
}
{% endif %}
{%- endmacro %}
{% macro vlanssection(vlans,device) %}
vlans {
{# This next line selects all of the VLANs which are configured on this device #}
{% for vlan in vlans if (device.interfaces.all()|selectattr('untagged_vlan.vid','equalto',vlan)|list|count or interfaces|map(attribute='tagged_vlans')|sum(start=[])|selectattr('vid','equalto',vlan)|list|count) or device.interfaces.all()|selectattr('name', 'equalto', 'irb.'+vlan.vid|string)|list|count %}
vl{{ vlan.vid }} {
{% if vlan.name != '' %}
description "{{ vlan.name }}";
{% for vlan in vlans if (device['interfaces']|selectattr('untagged_vlan.vid','equalto',vlan)|list|count or interfaces|map(attribute='tagged_vlans')|sum(start=[])|selectattr('vid','equalto',vlan)|list|count) or device['interfaces']|selectattr('name', 'equalto', 'irb.'+vlan['vid']|string)|list|count %}
vl{{ vlan['vid'] }} {
{% if vlan['name'] != '' %}
description "{{ vlan['name'] }}";
{% endif %}
vlan-id {{ vlan.vid }};
{% if device.interfaces.all()|selectattr('name', 'equalto', 'irb.'+vlan.vid|string)|list|count %}
l3-interface irb.{{vlan.vid}};
vlan-id {{ vlan['vid'] }};
{% if device['interfaces']|selectattr('name', 'equalto', 'irb.'+vlan['vid']|string)|list|count %}
l3-interface irb.{{vlan['vid']}};
{% endif %}
vxlan {
vni {{ vlan.vid }};
vni {{ vlan['vid'] }};
}
}
{% endfor %}

33
juniper-vxlan.j2
View File

@ -1,11 +1,12 @@
{% set device=({'hostname':hostname,'device_role':device_role,'primary_ip4':primary_ip4,'rack':rack,'interfaces':interfaces,'peering_interfaces':peering_interfaces,'config_context':config_context}) %}
{% import "juniper-macros.j2" as junos %}
{{ junos.systemsection(device,root_pw,users,syslog_servers,ntp_servers) }}
{% if device.role.name == 'Leaf' %}
{{ junos.chassissection(device,breakout_ports) }}
{{ junos.systemsection(device) }}
{% if device_role['name'] == 'Leaf' %}
{{ junos.chassissection(device) }}
{% endif %}
{{ junos.interfacesection(device,ipam.VLAN.objects.filter(tenant=device.tenant)) }}
{{ junos.snmpsection(device, snmp) }}
{% if device.role.name == 'Leaf' %}
{{ junos.interfacesection(device,tenant['vlans']) }}
{{ junos.snmpsection(rack, config_context) }}
{% if device_role['name'] == 'Leaf' %}
forwarding-options {
storm-control-profiles default {
all;
@ -17,7 +18,7 @@ policy-options {
term TERM1 {
from {
protocol direct;
route-filter {{ device.primary_ip4.address }} exact;
route-filter {{ primary_ip4['address'] }} exact;
}
then accept;
}
@ -28,32 +29,28 @@ policy-options {
}
}
}
{{ junos.routingoptionssection(device, overlay_as, gateway) }}
{{ junos.routingoptionssection(primary_ip4, config_context) }}
protocols {
{% if device.role.name in ['Leaf','Spine'] %}
{{ junos.bgpsection(device,dcim.Device.objects.filter(tenant=device.tenant,role__name='Spine')) }}
{% if device.role.name == 'Leaf' %}
{{ junos.bgpsection(device,tenant['spines']) }}
{% if device_role['name'] == 'Leaf' %}
evpn {
encapsulation vxlan;
extended-vni-list all;
}
{% endif %}
{% endif %}
lldp {
interface all;
}
{% if sflow %}
{{ junos.sflowsection(sflow) }}
{% endif %}
{{ junos.sflowsection(device) }}
}
{% if device.role.name == 'Leaf' %}
{% if device_role['name'] == 'Leaf' %}
switch-options {
vtep-source-interface lo0.0;
route-distinguisher {{ device.primary_ip4.address.ip }}:1;
route-distinguisher {{ primary_ip4['address'][:-3] }}:1;
vrf-target {
target:64512:1111;
auto;
}
}
{{ junos.vlanssection(ipam.VLAN.objects.filter(tenant=device.tenant), device) }}
{{ junos.vlanssection(tenant['vlans'], device) }}
{% endif %}

1
junos-leaf.j2 Symbolic link
View File

@ -0,0 +1 @@
juniper-vxlan.j2

1
junos-spine.j2 Symbolic link
View File

@ -0,0 +1 @@
juniper-vxlan.j2