dan
/
hobarton_config_templates
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: dan:netbox
Branches Tags
dan:netbox
dan:main
..
compare: dan:main
Branches Tags
dan:netbox
dan:main

No commits in common. "netbox" and "main" have entirely different histories.
netbox ... main

4 changed files with 105 additions and 204 deletions
Show Stats Expand all files Collapse all files

274
juniper-macros.j2
View File

@ -1,63 +1,36 @@
{% macro systemsection(device,root_pw,users,syslog_servers,ntp_servers,tacacs_servers) %} {% macro systemsection(device) %}
system { system {
host-name {{ device.name }}; host-name {{ device['hostname'] }};
{% if tacacs_servers %}
authentication-order [ tacplus password ];
{% endif %}
root-authentication { root-authentication {
encrypted-password "{{ root_pw }}"; ## Client Higher encrypted-password "{{ device['config_context']['root_pw'] }}"; ## Client Higher
} }
{% if tacacs_servers %}
tacplus-server {
{% for server, details in tacacs_servers %}
{{ server }} {
port 49;
secret "{{ details['secret'] }}"; ## SECRET-DATA
source-address {{ device.primary_ip4.address.ip }};
}
{% endfor %}
}
{% endif %}
login { login {
class sysadmin { class sysadmin {
permissions [ admin clear configure control firewall-control interface interface-control network reset rollback routing routing-control snmp snmp-control trace-control view view-configuration ]; permissions [ admin clear configure control firewall-control interface interface-control network reset rollback routing routing-control snmp snmp-control trace-control view view-configuration ];
} }
{% for user, details in users|dictsort %} {% for user, details in device['config_context']['users']|dictsort %}
user {{ user }} { user {{ user }} {
uid 200{{ loop.index }}; uid 200{{ loop.index }};
class {{ details['role'] }}; class {{ details['role'] }};
{% if details['password'] %}
authentication { authentication {
encrypted-password "{{ details['password'] }}"; ## SECRET-DATA encrypted-password "{{ details['password'] }}"; ## SECRET-DATA
} }
{% endif %}
} }
{% endfor %} {% endfor %}
} }
services { services {
{% if device.role.name in ['Leaf','Spine'] %}
ssh; ssh;
{% else %}
ssh {
root-login deny;
}
{% endif %}
} }
syslog { syslog {
{% for server in syslog_servers %} {% for server in device['config_context']['syslog_servers'] %}
host {{ server }} { host {{ server }} {
any notice; any notice;
authorization info; authorization info;
{% if device.role.name in ['Leaf','Spine'] %}
match "!(.*DH_SVC_SENDMSG_FAILURE.*|.*UI_.*|.*shmlog: unable to create argtype.*|.*DEBUG: PAM_USER.*|.*DEBUG: PAM_ACTUAL_USER.*|.*SNMPD_AUTH_FAILURE.*|.*/usr/sbin/cron.*|.*jl2tpd.*|.*dfcd.*|.*l2ald.*|.*cc_mic_sfp_is_present.*|.*RMOPD_ICMP_SENDMSG_FAILURE.*|.*acx_vpls_mesh_grp_get_info.*|.*last message repeated.*|.*Refreshing mastership.*|.*hw.chassis.startup_time update.*)";
facility-override local6;
{% endif %}
} }
{% endfor %} {% endfor %}
file interactive-commands { file interactive-commands {
interactive-commands any; interactive-commands any;
} }
{% if device.role.name in ['Leaf','Spine'] %}
file linkupdown { file linkupdown {
any info; any info;
match "LINK_DOWN|LINK_UP"; match "LINK_DOWN|LINK_UP";
@ -66,11 +39,10 @@ system {
any notice; any notice;
authorization info; authorization info;
} }
{% endif %}
} }
{% if ntp_servers|length > 0 %} {% if device['config_context']['ntp_servers']|length > 0 %}
ntp { ntp {
{% for server in ntp_servers %} {% for server in device['config_context']['ntp_servers'] %}
server {{ server }}; server {{ server }};
{% endfor %} {% endfor %}
} }
@ -79,17 +51,15 @@ system {
{%- endmacro %} {%- endmacro %}
{% macro chassissection(device,breakout_ports) %} {% macro chassissection(device) %}
chassis { chassis {
{% if device.interfaces.all()|selectattr('type','eq','lag')|list|count > 0 %}
aggregated-devices { aggregated-devices {
ethernet { ethernet {
device-count {{ device.interfaces.all()|selectattr('type','eq','lag')|list|count }}; device-count {{ device['interfaces']|selectattr('type','eq','LAG')|list|count }};
} }
} }
{% endif %} {% if device['config_context']['breakout_ports'] %}
{% if breakout_ports %} {% for fpc, fpcdata in device['config_context']['breakout_ports'].items() %}
{% for fpc, fpcdata in breakout_ports.items() %}
fpc {{ fpc }} { fpc {{ fpc }} {
{% for pic, picdata in fpcdata.items() %} {% for pic, picdata in fpcdata.items() %}
pic {{ pic }} { pic {{ pic }} {
@ -103,36 +73,25 @@ chassis {
} }
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if device.role.name in ['Provider Core'] %}
forwarding-options {
lpm-profile;
}
{% endif %}
} }
{%- endmacro %} {%- endmacro %}
{% macro interfaceconfig(interface,rack = None) -%} {% macro interfaceconfig(interface,rack = None) %}
{% if not ('-' in interface.name) or interface.description or interface.lag or interface.ip_addresses.count() or interface.connected_endpoints or interface.mode or interface.tagged_vlans.all() or interface.untagged_vlan %} {{ interface['name'] }} {
{{ interface.name }} { {% if interface.get('description') != '' %}
{% if interface.description %} description "{{ interface['description'] }}";
description "{{ interface.description }}";
{% endif %} {% endif %}
{% if interface.mtu and not interface.lag %} {% if interface.get('mtu') and not interface.get('lag') %}
mtu {{ interface.mtu }}; mtu {{ interface['mtu'] }};
{% endif %} {% endif %}
{% if interface.device.role.name in ['Provide Core'] %} {% if interface.get('lag') %}
flexible-vlan-tagging;
native-vlan-id 1;
encapsulation flexible-ethernet-services;
{% endif %}
{% if interface.lag %}
ether-options { ether-options {
802.3ad {{ interface.lag.name }}; 802.3ad {{ interface['lag']['name'] }};
} }
{% endif %} {% endif %}
{% if interface.name.startswith('ae') %} {% if interface['name'].startswith('ae') %}
{% if interface.custom_field_data['esi_lag'] %} {% if interface['_custom_field_data']['esi_lag'] %}
esi { esi {
auto-derive { auto-derive {
lacp; lacp;
@ -143,39 +102,35 @@ chassis {
aggregated-ether-options { aggregated-ether-options {
lacp { lacp {
periodic fast; periodic fast;
{% if interface.custom_field_data['system_id'] %} {% if interface['_custom_field_data']['system_id'] %}
system-id {{ interface.custom_field_data['system_id'] }}; system-id {{ interface['_custom_field_data']['system_id'] }};
{% elif interface.custom_field_data['esi_lag'] %} {% elif interface['_custom_field_data']['esi_lag'] %}
system-id 00:00:{{ '%02d' % rack|int }}:{% if interface.name[2:]|int < 99 %}{{ '%02d' % interface.name[2:]|int }}{% else %}{{ '%02x' % interface.name[2:]|int }}{% endif %}:00:01; system-id 00:00:{{ '%02d' % rack|int }}:{% if interface['name'][2:]|int < 99 %}{{ '%02d' % interface['name'][2:]|int }}{% else %}{{ '%02x' % interface['name'][2:]|int }}{% endif %}:00:01;
{% endif %} {% endif %}
} }
} }
{% endif %} {% endif %}
{% if interface.ip_addresses.count() > 0 %} {% if interface['ip_addresses']|length > 0 %}
unit 0 { unit 0 {
{% if (interface.connected_endpoints) and (interface.connected_endpoints[0].device.role.name == 'Provider Core') %}
vlan-id 1;
{% endif %}
family inet { family inet {
{% if interface.ip_addresses.first().status == 'reserved' %}inactive: {% endif %}address {{ interface.ip_addresses.first().address }}; {% if interface['ip_addresses'][0]['status']['name'] == 'Reserved' %}inactive: {% endif %}address {{ interface['ip_addresses'][0]['address'] }};
} }
} }
{% endif %} {% endif %}
{% if interface.device.role.name in ['Leaf','Spine'] %} {% if interface.get('mode') is not none %}
{% if interface.mode != '' %}
unit 0 { unit 0 {
family ethernet-switching { family ethernet-switching {
{% if interface.mode=='ACCESS' %} {% if interface['mode']=='ACCESS' %}
interface-mode access; interface-mode access;
vlan { vlan {
members {{ interface.untagged_vlan.vid }}; members {{ interface['untagged_vlan']['vid'] }};
} }
{% elif interface.mode=='TAGGED' %} {% elif interface['mode']=='TAGGED' %}
interface-mode trunk; interface-mode trunk;
vlan { vlan {
members [ {% for vlan in interface.tagged_vlans %}{{ vlan.vid }} {% endfor %}]; members [ {% for vlan in interface['tagged_vlans'] %}{{ vlan['vid'] }} {% endfor %}];
} }
{% elif interface.mode=='TAGGED_ALL' %} {% elif interface['mode']=='TAGGED_ALL' %}
interface-mode trunk; interface-mode trunk;
vlan { vlan {
members [ all ]; members [ all ];
@ -184,81 +139,52 @@ chassis {
storm-control default; storm-control default;
} }
} }
{% elif interface.device.role.name in ['Provider Core'] and interface.connected_endpoints %}
{% if interface.connected_endpoints[0].device.role.name in ['Provider Edge'] %}
{% for vlan in interface.tagged_vlans %}
unit {{ vlan.vid }} {
encapsulation vlan-vpls;
vlan-id {{ vlan.vid }};
}
{% endfor %}
{% endif %}
{% endif %}
{% endif %} {% endif %}
} }
{% endif %}
{%- endmacro %} {%- endmacro %}
{% macro interfacesection(device,vlans) %} {% macro interfacesection(device,vlans) %}
interfaces { interfaces {
{% if device.role.name in ['Provider Core'] %}
interface-range core-mpls {
{% for interface in device.interfaces.filter(cable__isnull=False) %}
{% if interface.connected_endpoints and interface.connected_endpoints[0].device.role.name in ['Provider Core'] %}
member {{ interface }};
{% endif %}
{% endfor %}
unit 0 {
family inet;
family mpls;
}
}
{% endif %}
{# Physical interfaces should be sorted by FPC/PIC/Port value - that's a challenge to do in Jinja so we cheat for now by putting the xe- interfaces first. This won't work for all devices! #} {# Physical interfaces should be sorted by FPC/PIC/Port value - that's a challenge to do in Jinja so we cheat for now by putting the xe- interfaces first. This won't work for all devices! #}
{% for interface in device.interfaces.filter(name__contains='-')|j2_natsort(attribute="name") %} {% for interface in device['interfaces'] if interface['name'].startswith('xe-') %}
{{- interfaceconfig(interface) }}
{% endfor %}
{% for interface in device.interfaces.filter(name__startswith='ae') %}
{{ interfaceconfig(interface,device.rack.name[5:]) }}
{% endfor %}
{% for interface in device.interfaces.filter(name__exact='em0') %}
{{ interfaceconfig(interface) }} {{ interfaceconfig(interface) }}
{% endfor %} {% endfor %}
{% for interface in device.interfaces.filter(name__startswith='irb') %} {% for interface in device['interfaces'] if interface['name'].startswith('et-') %}
{{ interfaceconfig(interface) }}
{% endfor %}
{% for interface in device['interfaces'] if interface['name'].startswith('ae') %}
{{ interfaceconfig(interface,device['rack']['name'][5:]) }}
{% endfor %}
{% for interface in device['interfaces'] if interface['name']=='em0' %}
{{ interfaceconfig(interface) }}
{% endfor %}
{% for interface in device['interfaces'] if interface['name'].startswith('irb') %}
{% if loop.first %} {% if loop.first %}
irb { irb {
{% endif %} {% endif %}
unit {{ interface.name[4:] }} { unit {{ interface['name'][4:] }} {
description "{{ interface.description }}"; description "{{ interface['description'] }}";
family inet { family inet {
{% if interface.ip_addresses.first().status == 'reserved' %}inactive: {% endif %}address {{ interface.ip_addresses.first().address }}; {% if interface['ip_addresses'][0]['status']['name'] == 'Reserved' %}inactive: {% endif %}address {{ interface['ip_addresses'][0]['address'] }};
} }
} }
{% if loop.last %} {% if loop.last %}
} }
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% for interface in device.interfaces.filter(name__startswith='lo') %} {% for interface in device['interfaces'] if interface['name'].startswith('lo') %}
{{ interfaceconfig(interface) }} {{ interfaceconfig(interface) }}
{% endfor %} {% endfor %}
} }
{%- endmacro %} {%- endmacro %}
{% macro snmpsection(device, snmp) %} {% macro snmpsection(rack, config_context) %}
snmp { snmp {
{% if device.rack and device.rack.site %} location "Domicilium Datacentre {{ rack['name'] }}";
location "{{ device.rack.site.name }} Rack {{ device.rack.name }}"; contact "{{ config_context['snmp']['contact'] }}";
{% elif device.rack and device.site %} community {{ config_context['snmp']['community'] }} {
location "{{ device.site.name }} Rack {{ device.rack.name }}";
{% elif device.site %}
location "{{ device.site.name }}"
{% elif device.rack %}
location "{{ device.rack.name }}"
{% endif %}
contact "{{ snmp['contact'] }}";
community {{ snmp['community'] }} {
authorization read-only; authorization read-only;
{% for client in snmp['clients'] %} {% for client in config_context['snmp']['clients'] %}
{% if loop.first %} {% if loop.first %}
clients { clients {
{% endif %} {% endif %}
@ -271,43 +197,13 @@ snmp {
} }
{%- endmacro %} {%- endmacro %}
{% macro forwardingoptionssection(device) %} {% macro routingoptionssection(primary_ip4, config_context) %}
forwarding-options {
hash-key {
family inet {
layer-4;
}
family mpls {
label-1;
label-2;
payload {
ip {
port-data;
}
}
}
}
family inet {
filter {
input protect_RE;
}
}
}
{%- endmacro %}
{% macro routingoptionssection(device, overlay_as = None, gateway = None, routes = None) %}
routing-options { routing-options {
{% if device.primary_ip4 %} router-id {{ primary_ip4['address'][:-3] }};
router-id {{ device.primary_ip4.address.ip }}; autonomous-system {{ config_context['overlay_as'] }};
{% endif %} {% if config_context['gateway'] %}
{% if overlay_as %}
autonomous-system {{ overlay_as }};
{% endif %}
{% if gateway or routes %}
static { static {
{% if gateway %} route 0.0.0.0/0 next-hop {{ config_context['gateway'] }};
route 0.0.0.0/0 next-hop {{ gateway }};
{% endif %}
} }
{% endif %} {% endif %}
forwarding-table { forwarding-table {
@ -333,8 +229,8 @@ routing-options {
multiplier 3; multiplier 3;
session-mode automatic; session-mode automatic;
} }
{% for dst_switch in spines if dst_switch.primary_ip4.address != device.primary_ip4.address %} {% for dst_switch in spines if dst_switch['primary_ip4']['address'] != device['primary_ip4']['address'] %}
neighbor {{ dst_switch.primary_ip4.address.ip }}; neighbor {{ dst_switch['primary_ip4']['address'][:-3] }};
{% endfor %} {% endfor %}
} }
{%- endmacro %} {%- endmacro %}
@ -342,12 +238,12 @@ routing-options {
{% macro bgpoverlaygroup(device) %} {% macro bgpoverlaygroup(device) %}
group OVERLAY { group OVERLAY {
type internal; type internal;
local-address {{ device.primary_ip4.address.ip }}; local-address {{ device['primary_ip4']['address'][:-3] }};
family evpn { family evpn {
signaling; signaling;
} }
{% if device.role.name == 'Spine' %} {% if device['device_role']['name'] == 'Spine' %}
cluster {{ device.primary_ip4.address.ip }}; cluster {{ device['primary_ip4']['address'][:-3] }};
multipath; multipath;
{% endif %} {% endif %}
bfd-liveness-detection { bfd-liveness-detection {
@ -355,8 +251,8 @@ routing-options {
multiplier 3; multiplier 3;
session-mode automatic; session-mode automatic;
} }
{% for interface in device.interfaces.filter(cable__isnull=False) %} {% for dst_switch in device['peering_interfaces'] %}
neighbor {{ interface.connected_endpoints[0].device.primary_ip4.address.ip }}; neighbor {{ dst_switch['cable_peer_interface']['device']['primary_ip4']['address'][:-3] }};
{% endfor %} {% endfor %}
} }
{%- endmacro %} {%- endmacro %}
@ -371,13 +267,13 @@ routing-options {
unicast; unicast;
} }
export BGP_LOOPBACK0; export BGP_LOOPBACK0;
local-as {{ device.local_context_data['underlay_as'] }}; local-as {{ device['config_context']['underlay_as'] }};
multipath { multipath {
multiple-as; multiple-as;
} }
{% for interface in device.interfaces.filter(cable__isnull=False) %} {% for dst_switch in device['peering_interfaces'] %}
neighbor {{ interface.connected_endpoints[0].ip_addresses.first().address.ip }} { neighbor {{ dst_switch['cable_peer_interface']['ip_addresses'][0]['address'][:-3] }} {
peer-as {{ interface.connected_endpoints[0].device.local_context_data['underlay_as'] }}; peer-as {{ dst_switch['cable_peer_interface']['device']['local_context_data']['underlay_as'] }};
} }
{% endfor %} {% endfor %}
} }
@ -386,14 +282,18 @@ routing-options {
{% macro bgpsection(device,spines) %} {% macro bgpsection(device,spines) %}
{% if device.role.name in ['Spine','Lab-Spine'] %} {% if device['device_role']['name'] in ['Spine','Lab-Spine'] %}
{% set role='Spine' %} {% set role='Spine' %}
{% set other_role='Leaf' %} {% set other_role='Leaf' %}
{% else %} {% else %}
{% set role='Leaf' %} {% set role='Leaf' %}
{% set other_role='Spine' %} {% set other_role='Spine' %}
{% endif %} {% endif %}
{% set name=device.name %} {% if device['device_role']['name'] == 'Lab-Spine' %}
{% set name=device['name'][4:] %}
{% else %}
{% set name=device['name'] %}
{% endif %}
bgp { bgp {
{{ bgpoverlaygroup(device) }} {{ bgpoverlaygroup(device) }}
{% if role == 'Spine' %} {% if role == 'Spine' %}
@ -405,32 +305,34 @@ routing-options {
{%- endmacro %} {%- endmacro %}
{% macro sflowsection(sflow) %} {% macro sflowsection(device) %}
{% if device['config_context']['sflow'] %}
sflow { sflow {
{% for collector in sflow['collectors'] %} {% for collector in device['config_context']['sflow']['collectors'] %}
collector {{ collector }}; collector {{ collector }};
{% endfor %} {% endfor %}
{% for interface in sflow['interfaces'] %} {% for interface in device['config_context']['sflow']['interfaces'] %}
interfaces {{ interface }}.0; interfaces {{ interface }}.0;
{% endfor %} {% endfor %}
} }
{% endif %}
{%- endmacro %} {%- endmacro %}
{% macro vlanssection(vlans,device) %} {% macro vlanssection(vlans,device) %}
vlans { vlans {
{# This next line selects all of the VLANs which are configured on this device #} {# This next line selects all of the VLANs which are configured on this device #}
{% for vlan in vlans if (device.interfaces.all()|selectattr('untagged_vlan.vid','equalto',vlan)|list|count or interfaces|map(attribute='tagged_vlans')|sum(start=[])|selectattr('vid','equalto',vlan)|list|count) or device.interfaces.all()|selectattr('name', 'equalto', 'irb.'+vlan.vid|string)|list|count %} {% for vlan in vlans if (device['interfaces']|selectattr('untagged_vlan.vid','equalto',vlan)|list|count or interfaces|map(attribute='tagged_vlans')|sum(start=[])|selectattr('vid','equalto',vlan)|list|count) or device['interfaces']|selectattr('name', 'equalto', 'irb.'+vlan['vid']|string)|list|count %}
vl{{ vlan.vid }} { vl{{ vlan['vid'] }} {
{% if vlan.name != '' %} {% if vlan['name'] != '' %}
description "{{ vlan.name }}"; description "{{ vlan['name'] }}";
{% endif %} {% endif %}
vlan-id {{ vlan.vid }}; vlan-id {{ vlan['vid'] }};
{% if device.interfaces.all()|selectattr('name', 'equalto', 'irb.'+vlan.vid|string)|list|count %} {% if device['interfaces']|selectattr('name', 'equalto', 'irb.'+vlan['vid']|string)|list|count %}
l3-interface irb.{{vlan.vid}}; l3-interface irb.{{vlan['vid']}};
{% endif %} {% endif %}
vxlan { vxlan {
vni {{ vlan.vid }}; vni {{ vlan['vid'] }};
} }
} }
{% endfor %} {% endfor %}

33
juniper-vxlan.j2
View File

@ -1,11 +1,12 @@
{% set device=({'hostname':hostname,'device_role':device_role,'primary_ip4':primary_ip4,'rack':rack,'interfaces':interfaces,'peering_interfaces':peering_interfaces,'config_context':config_context}) %}
{% import "juniper-macros.j2" as junos %} {% import "juniper-macros.j2" as junos %}
{{ junos.systemsection(device,root_pw,users,syslog_servers,ntp_servers) }} {{ junos.systemsection(device) }}
{% if device.role.name == 'Leaf' %} {% if device_role['name'] == 'Leaf' %}
{{ junos.chassissection(device,breakout_ports) }} {{ junos.chassissection(device) }}
{% endif %} {% endif %}
{{ junos.interfacesection(device,ipam.VLAN.objects.filter(tenant=device.tenant)) }} {{ junos.interfacesection(device,tenant['vlans']) }}
{{ junos.snmpsection(device, snmp) }} {{ junos.snmpsection(rack, config_context) }}
{% if device.role.name == 'Leaf' %} {% if device_role['name'] == 'Leaf' %}
forwarding-options { forwarding-options {
storm-control-profiles default { storm-control-profiles default {
all; all;
@ -17,7 +18,7 @@ policy-options {
term TERM1 { term TERM1 {
from { from {
protocol direct; protocol direct;
route-filter {{ device.primary_ip4.address }} exact; route-filter {{ primary_ip4['address'] }} exact;
} }
then accept; then accept;
} }
@ -28,32 +29,28 @@ policy-options {
} }
} }
} }
{{ junos.routingoptionssection(device, overlay_as, gateway) }} {{ junos.routingoptionssection(primary_ip4, config_context) }}
protocols { protocols {
{% if device.role.name in ['Leaf','Spine'] %} {{ junos.bgpsection(device,tenant['spines']) }}
{{ junos.bgpsection(device,dcim.Device.objects.filter(tenant=device.tenant,role__name='Spine')) }} {% if device_role['name'] == 'Leaf' %}
{% if device.role.name == 'Leaf' %}
evpn { evpn {
encapsulation vxlan; encapsulation vxlan;
extended-vni-list all; extended-vni-list all;
} }
{% endif %}
{% endif %} {% endif %}
lldp { lldp {
interface all; interface all;
} }
{% if sflow %} {{ junos.sflowsection(device) }}
{{ junos.sflowsection(sflow) }}
{% endif %}
} }
{% if device.role.name == 'Leaf' %} {% if device_role['name'] == 'Leaf' %}
switch-options { switch-options {
vtep-source-interface lo0.0; vtep-source-interface lo0.0;
route-distinguisher {{ device.primary_ip4.address.ip }}:1; route-distinguisher {{ primary_ip4['address'][:-3] }}:1;
vrf-target { vrf-target {
target:64512:1111; target:64512:1111;
auto; auto;
} }
} }
{{ junos.vlanssection(ipam.VLAN.objects.filter(tenant=device.tenant), device) }} {{ junos.vlanssection(tenant['vlans'], device) }}
{% endif %} {% endif %}

1
junos-leaf.j2 Symbolic link
View File

@ -0,0 +1 @@
juniper-vxlan.j2

1
junos-spine.j2 Symbolic link
View File

@ -0,0 +1 @@
juniper-vxlan.j2