Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Chef for Junos OS Overview

    Chef software automates the provisioning and management of compute, networking, and storage resources, whether these resources are on-site, in the cloud, or both. Chef software transforms infrastructure into code, enabling you to configure, deploy, and scale in real time, while reducing the risk of human error. See Chef for Junos OS at https://docs.chef.io/junos.html .

    Using Chef, you write abstract definitions of your infrastructure in Ruby and manage the definitions like you manage source code. These abstract definitions are applied to the nodes in your infrastructure by the Chef clients running on those nodes. When you bring a new node online, the Chef client running on that node needs only to determine which definitions to apply.

    Chef for Junos OS enables Chef support on selected Juniper Networks devices. You can use Chef for Junos OS to automate common switching network configurations, such as physical and logical Ethernet link properties and VLANs, on these devices. See the Chef for Junos OS Release Notes for information about which Juniper Network devices support Chef clients.

    Understanding Cookbooks, Recipes, Resources, and Providers

    Within the Chef framework, the abstract infrastructure definitions are contained in reusable cookbooks and recipes:

    • Cookbooks are packages that contain the recipes, files, attribute definitions, and so on that describe a portion of your infrastructure and how to deploy, configure, and manage it. For example, the apache2 cookbook maintained by Chef contains recipes for installing and configuring an Apache HTTP Server.
    • Recipes are written in Ruby and describe the installation, configuration, and management of the infrastructure elements.
    • Resources are the major building blocks of recipes. A resource is a platform-neutral representation of an element of the system and its desired state—for example, a service that should be started or a file that should be written.
    • Providers are the underlying platform-specific implementations that bring resources to their desired states. For example, a resource might specify a particular software package to be installed, without describing how it is installed. The providers associated with the resource direct the Chef client how to perform the installation on specific platforms.

    Chef for Junos OS Features

    To support the Chef framework on Juniper Networks devices running Junos OS, Chef for Junos OS provides the following software components:

    Providers for the netdev Cookbook Resources

    The netdev cookbook, developed and maintained by Chef, contains platform-neutral primitives for the following network resources:

    • Physical interfaces—Physical Ethernet interface attributes, such as administrative state, description, speed, duplex mode, and MTU with the netdev_interface resource
    • Layer 2 Ethernet switching services—Logical Ethernet switching interface attributes, such as description, VLAN membership, and port mode (access or trunk) with the netdev_l2_interface resource
    • Link aggregation groups (LAGs)—LAG interface attributes, such as name, member links, LACP mode, and minimum up links required with the netdev_lag resource
    • VLANs—VLAN attributes, such as name, ID, and description with the netdev_vlan resource
    • Configuration at any hierarchy level—Custom configuration with the netdev_group resource

    Note: Juniper Networks OCX1100 switches support only the netdev_interface physical interface resource.

    Chef for Junos OS supports providers that are specific to Junos OS for the switching resources. These providers translate the configuration modeled by the resources into the NETCONF XML code required to implement the configuration on the device the Chef client is running on. Together, the netdev cookbook resources and Junos OS providers enable you to automate your configuration of Juniper Networks devices running Junos OS without having knowledge of specific CLI commands or XML code.

    The netdev cookbook is available at the Chef supermarket website at https://supermarket.getchef.com/cookbooks/netdev. For more information about the netdev cookbook resources, see Chef for Junos OS at https://docs.chef.io/junos.html .

    Native Chef Client

    The Chef client (chef-client) is an agent that runs locally on every managed node in a Chef deployment and performs the configuration defined in recipes. Chef for Junos OS provides a Chef client that runs natively on supported Juniper Networks devices running Junos OS.

    Native Ohai

    Ohai is a tool that collects detailed data about a node, such as hardware properties, memory and processor usage, networking statistics, kernel data, and hostname. It provides this data to the Chef client at the start of every Chef client run. This data is also uploaded to the Chef server at the end of each Chef client run, making it available to searches.

    Chef for Junos OS provides a version of Ohai that runs natively on supported Juniper Networks devices running Junos OS. This version includes a plug-in that extends Ohai to collect Junos OS and platform-specific attributes. For a description of Ohai options and an example of using Ohai, see the Chef website at https://docs.chef.io/ctl_ohai.html .

    Ruby Interpreter and junos-ez-stdlib

    Chef for Junos OS provides a version of the Ruby Interpreter that is compatible with the Chef client. It also provides junos-ez-stdlib, which contains libraries used by the netdev cookbook providers and by Ohai.

    Components of a Chef for Junos OS Deployment

    A Chef for Junos OS deployment consists of the following major components:

    • Chef server—The server acts as a hub for configuration data. The server stores cookbooks and the node object metadata that describes each registered node the Chef client manages.

      You can choose between two types of servers:

      • Enterprise Chef—Highly scalable server that includes premium features and support. You can install the server behind a firewall, or you can use a cloud-based server hosted by Chef.
      • Open source Chef—Open-source, free version of the server that is the basis for Enterprise Chef.
    • Workstations—You perform most of your work on a workstation. You use the Chef CLI, which is called knife, to develop cookbooks and recipes, which are stored in a local Chef repository. From the workstation, you can synchronize the local repository with your version-control system, upload cookbooks to the Chef server, and perform operations on nodes.
    • Nodes—A node is any device or virtual device that is configured for the Chef client to manage. To manage a node, the Chef client running on the node obtains the configuration details, such as recipes, templates, and file distributions, from the Chef server. The Chef client then does as much of the configuration work as possible on the node itself.

      For a Juniper Networks device to be a Chef node, it must have the Chef client installed and configured on it. See the Chef for Junos OS Release Notes for information about Juniper Networks devices running Junos OS that support the Chef client.

    Figure 1 shows the major components of a Chef for Junos OS deployment. For more details about all the components that constitute a Chef deployment, see the Chef documentation at https://docs.chef.io/ .

    Figure 1: Major Components of a Chef for Junos OS Deployment

    Major Components of a Chef
for Junos OS Deployment

    Deploying Chef for Junos OS Overview

    The following major steps describe how you deploy Chef for Junos OS:

    1. Set up the Chef server. For more information, see the Chef documentation at https://docs.chef.io/ .
    2. Set up the Chef workstation. The major steps for doing so are:

      1. Install the Chef client and Ruby Interpreter on your workstation. You can install both at the same time by using the Chef omnibus installer.
      2. Set up the Chef repository (chef-repro) and the version-control system.
      3. Install authentication keys and verify that you can connect to the Chef server from your workstation.

        For more information about setting up the Chef workstation, see the Chef documentation at https://docs.chef.io/ .

      4. After you have set up the workstation, download the netdev cookbook to the chef-repro repository and extract the cookbook files.

        knife cookbook site download netdev

        tar -zxvf netdev-n.n.n.tar.gz -C cookbooks

    3. If the Chef client is not already installed on the Junos OS nodes, install the client by using the Chef for Junos OS installation package as described in Installing or Removing the Chef Client on Juniper Networks Devices Running Junos OS.

      Note: On Juniper Networks switches running Junos OS with Junos Automation Enhancements, you do not need to install the Chef client because the Chef client and related components are installed with the Junos OS software.

    4. Configure the Chef client on the Junos OS nodes so that it can connect with the Chef server. For more information, see Configuring the Chef Client on Juniper Networks Devices Running Junos OS.

    Running the Chef Client

    To run the Chef client on a managed node, log in as the root user and enter one of the following commands from the UNIX-level shell:

    • If the Juniper Networks version of the Chef client is 2.x (for example, Chef client version 11.10.4_2.0), enter:
      %/opt/jet/chef/bin/ruby /opt/jet/chef/bin/chef-client -c /var/db/chef/client.rb
    • If the Juniper Networks version of the Chef client is 1.x (for example, Chef client version 11.10.4_1.1), enter:
      %/opt/sdk/chef/bin/ruby /opt/sdk/chef/bin/chef-client -c /var/db/chef/client.rb

    These commands assume that your client.rb file resides in the /var/db directory. We recommend using this directory.

    On a device with redundant Routing Engines, you must run the Chef client from the master Routing Engine.

    When the Chef client runs, it obtains an exclusive configuration lock, which it releases after it commits all pending configuration changes. If you enable the reporting add-on on your Enterprise Chef server, the Chef client reports the results of the run back to the server. On successful Chef client runs, the Chef client sends a list of updated resources to the server; on failed Chef client runs, it sends a full exception stacktrace to the server.

    The configuration of a resource on a managed node always reflects the resource state defined in the last recipe that was run that contains that resource. For example, if you run a recipe that defines a LAG resource as containing the member links ge-0/0/0 and ge-0/0/1 and then later run a recipe that defines the same LAG resource as containing the member links ge-0/0/2 and ge-0/0/03, the resulting configuration for the LAG on the managed node contains only the member links ge-0/0/2 and ge-0/0/3.

    Modified: 2016-06-17