IN THIS PAGE
Example: Using Chef for Junos OS to Configure Ethernet Switching on MX Series Routers
This example shows how you can use resources in the netdev cookbook to write recipes that configure the switching interfaces on MX Series routers running the Chef client. For more information about the light-weight resources in the netdev cookbook, see Chef for Junos OS at https://docs.chef.io/junos.html.
Requirements
This example uses the following hardware and software components:
A properly set up and configured Chef workstation and Chef server
An MX Series router that the Chef client manages
Junos OS Release 16.1 or later
Before you begin, the number of aggregated Ethernet interfaces supported on the router must already be configured before you run the Chef client.
To verify that a sufficient number of aggregated Ethernet interfaces has been configured, use the
show chassis aggregated-devicesconfiguration mode CLI command. Use theset chassis aggregated-devices ethernet device-countcommand to set the number of supported aggregated Ethernet interfaces.If the number of aggregated Ethernet interfaces supported on the router is not already configured, log in to the router, enter configuration mode, and configure the number of aggregated Ethernet interfaces supported:
root@router-node# set chassis aggregated-devices ethernet device-count 2root@router-node# commit and-quit
Overview
This example takes you through using Chef for Junos OS to configure the switching interfaces on an MX Series router.
In this example, you create a cookbook, called netdev_router, that is based on the netdev cookbook. Within the cookbook, you create four recipes:
vlan_createrecipe—Definesnetdev_vlanresources for the VLANs shown in Table 1.interface_createrecipe—Defines thenetdev_interfaceresources for the interfaces shown in Table 2.l2interface_createrecipe—Defines thenetdev_l2_interfaceresources for the interfaces shown in Table 2.lag_interface_createrecipe—Definesnetdev_lagandnetdev_l2_interfaceresources for the link aggregation group (LAG ) interfaces shown in Table 3.
Table 1: VLANs Defined in the vlan_create Recipe
Name | VLAN ID | Description |
|---|---|---|
blue | 100 | Chef-created blue VLAN |
green | 200 | Chef-created green VLAN |
red | 300 | Chef-created red VLAN |
Table 2: Interfaces Defined in the interface_create and l2interface_create Recipes
Name | Port Mode | VLAN Membership | Description |
|---|---|---|---|
ge-1/0/1 | Access | blue | Chef-created interface |
ge-1/0/2 | Access | green | Chef-created interface |
ge-1/0/3 | Access | red | Chef-created interface |
Table 3: LAGs Defined in the lag_interface_create Recipe
Name | Member | Mininum | LACP | Port | VLAN | Description |
|---|---|---|---|---|---|---|
ae0 | ge-1/0/6 | 1 | Active | Trunk | blue, green, red | Chef-created LAG interface |
ae1 | ge-1/0/8 | 1 | Active | Trunk | blue, green, red | Chef-created LAG interface |
In your own implementation of Chef for Junos OS, you can structure recipes in any way that makes sense for deploying and managing your switching resources. The recipes used in this example are simply one way of doing so.
After you create the recipes, you upload the cookbook to the Chef server and add the recipes to the run list for the managed router. Finally, you run the Chef client on the router. The client then uses the Junos OS providers in the netdev cookbook to implement the configuration described in the recipes.
The number of aggregated Ethernet interfaces supported on the router must already be configured before you run the Chef client.
Configuration
Step-by-Step Procedure
To configure the router by using Chef for Junos OS:
- From the
chef-repodirectory on the Chef workstation, download the netdev cookbook and extract the cookbook files to thecookbooksdirectory.knife cookbook site download netdev
tar -zxvf netdev-n.n.n.tar.gz -C cookbooks
- Copy the netdev cookbook to create a new cookbook, netdev_router, in the cookbooks directory.
- In an editor of your choice, write the
vlan_createrecipe for creating the blue, green, and red VLANs.# # Cookbook Name:: netdev_router # Recipe:: vlan_create # netdev_vlan "blue" do vlan_id 100 description "Chef-created blue VLAN" action :create end netdev_vlan "green" do vlan_id 200 description "Chef-created green VLAN" action :create end netdev_vlan "red" do vlan_id 300 description "Chef-created red VLAN" action :create end - Save the recipe in
cookbooks/netdev_router/recipes/vlan_create.rb. - In an editor of your choice, write the
interface_createrecipe, which configures the physical properties of the interfaces.# # Cookbook Name:: netdev_router # Recipe:: interface_create # # Physical interface creation using the following defaults: # auto-negotiation on, MTU 1500, administratively up netdev_interface "ge-1/0/1" do description "Chef-created interface" action :create end netdev_interface "ge-1/0/2" do description "Chef-created interface" action :create end netdev_interface "ge-1/0/3" do description "Chef-created interface" action :create end - Save the recipe in
cookbooks/netdev_router/recipes/interface_create.rb. - In an editor of your choice, write the
l2interface_createrecipe, which configures the Layer 2 properties of the interfaces.# # Cookbook Name:: netdev_router # Recipe:: l2interface_create # # Logical interface creation, setting port mode to access (vlan_tagging false) # and assigning interface to a VLAN netdev_l2_interface "ge-1/0/1" do description "belongs to blue VLAN" untagged_vlan "blue" vlan_tagging false action :create end netdev_l2_interface "ge-1/0/2" do description "belongs to green VLAN" untagged_vlan "green" vlan_tagging false action :create end netdev_l2_interface "ge-1/0/3" do description "belongs to red VLAN" untagged_vlan "red" vlan_tagging false action :create end - Save the recipe in
cookbooks/netdev_router/recipes/l2interface_create.rb. - In an editor of your choice, write the
lag_interface_createrecipe, which configures the LAG trunk interfaces.# # Cookbook Name:: netdev-router # Recipe:: lag_interface_create # netdev_l2_interface "ge-1/0/6" do action :delete end netdev_l2_interface "ge-1/0/7" do action :delete end netdev_l2_interface "ge-1/0/8" do action :delete end netdev_l2_interface "ge-1/0/9" do action :delete end # Create the LAGs netdev_lag "ae0" do links [ "ge-1/0/6", "ge-1/0/7" ] minimum_links 1 lacp "active" action :create end netdev_lag "ae1" do links [ "ge-1/0/8", "ge-1/0/9" ] minimum_links 1 lacp "active" action :create end # Configure Layer 2 switching on the LAGs. Define the port mode as trunk # (vlan_tagging true), with membership in the blue, green, and red VLANs. netdev_l2_interface "ae0" do description "Chef-created LAG interface" tagged_vlans [ "blue", "green", "red" ] vlan_tagging true action :create end netdev_l2_interface "ae1" do description "Chef-created LAG interface" tagged_vlans ["blue", "green", "red" ] vlan_tagging true action :create end - Save the recipe in
cookbooks/netdev_router /recipes/lag_interface_create.rb. - Upload the netdev_router cookbook to the Chef server.
$ knife cookbook upload netdev_router - Edit the node object that represents the router.
$ knife node edit router_node_nameKnife starts your editor and opens a JSON file that contains the node attributes.
- Enter the recipes in the
run-listattribute and then save the JSON file.{ "name": "router_node_name", "chef_environment": "_default", "normal": { }, "run_list": [ "recipe[netdev_router::interface_create]", "recipe[netdev_router::vlan_create]", "recipe[netdev_router::l2interface_create]", "recipe[netdev_router::lag_interface_create]" ] }The order in which you enter the recipes matters—for example, the Chef client runs the interfaces_create recipe first because it is listed first.
- Log in as the root user.
- From the UNIX-level shell, run the Chef client.
If the Juniper Networks version of the Chef client is 2.x (for example, Chef client version 11.10.4_2.0), enter:
%/opt/jet/chef/bin/ruby /opt/jet/chef/bin/chef-client -c /var/db/chef/client.rbIf the Juniper Networks version of the Chef client is 1.x (for example, Chef client version 11.10.4_1.1), enter:
%/opt/sdk/chef/bin/ruby /opt/sdk/chef/bin/chef-client -c /var/db/chef/client.rb
The Chef client displays status messages during its run to indicate its progress in performing the configuration. For example:
[2015-08-21T18:07:27+05:30] INFO: Forking chef instance to converge... Starting Chef Client, version 11.10.4 [2015-08-21T18:07:28+05:30] INFO: *** Chef 11.10.4 *** [2015-08-21T18:07:28+05:30] INFO: Chef-client pid: 9351 [2015-08-21T18:07:32+05:30] INFO: Run List is [recipe[netdev::interface_create], recipe[netdev::vlan_create], recipe[netdev::l2interface_create], recipe[netdev::lag_interface_create]] [2015-08-21T18:07:32+05:30] INFO: Run List expands to [netdev::interface_create, netdev::vlan_create, netdev::l2interface_create, netdev::lag_interface_create] [2015-08-21T18:07:32+05:30] INFO: Starting Chef Run for router-node . . . [2015-08-21T18:09:36+05:30] INFO: Chef Run complete in 123.446606904 seconds Running handlers: [2015-08-21T18:09:36+05:30] INFO: Running report handlers [2015-08-21T18:09:54+05:30] INFO: Committed pending Junos candidate configuration changes [2015-08-21T18:09:58+05:30] INFO: Released exclusive Junos configuration lock - JunosCommitTransactionHandler Running handlers complete [2015-08-21T18:09:58+05:30] INFO: Report handlers complete Chef Client finished, 13/17 resources updated in 150.983654211 seconds
Results
From operational mode, confirm your configuration by entering the show configuration | compare rollback 1 command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
root@router-node> show configuration | compare rollback 1
[edit]
+ interfaces {
+ ge-1/0/1 {
+ description "Chef-created interface";
+ unit 0 {
+ description "belongs to blue VLAN";
+ family bridge {
+ interface-mode access;
+ vlan-id 100;
+ }
+ }
+ }
+ ge-1/0/2 {
+ description "Chef-created interface";
+ unit 0 {
+ description "belongs to green VLAN";
+ family bridge {
+ interface-mode access;
+ vlan-id 200;
+ }
+ }
+ }
+ ge-1/0/3 {
+ description "Chef-created interface";
+ unit 0 {
+ description "belongs to red VLAN";
+ family bridge {
+ interface-mode access;
+ vlan-id 300;
+ }
+ }
+ }
+ ge-1/0/6 {
+ gigether-options {
+ 802.3ad ae0;
+ }
+ }
+ ge-1/0/7 {
+ gigether-options {
+ 802.3ad ae0;
+ }
+ }
+ ge-1/0/8 {
+ giether-options {
+ 802.3ad ae1;
+ }
+ }
+ ge-1/0/9 {
+ gigether-options {
+ 802.3ad ae1;
+ }
+ }
+ ae0 {
+ aggregated-ether-options {
+ minimum-links 1;
+ lacp {
+ active;
+ }
+ }
+ apply-macro "netdev_lag[:links]" {
+ ge-1/0/6;
+ ge-1/0/7;
+ }
+ unit 0 {
+ description "Chef-created LAG interface";
+ family bridge {
+ interface-mode trunk;
+ vlan-id-list [ 100 200 300 ];
+ }
+ }
+ }
+ ae1 {
+ aggregated-ether-options {
+ minimum-links 1;
+ lacp {
+ active;
+ }
+ }
+ apply-macro "netdev_lag[:links]" {
+ ge-1/0/8;
+ ge-1/0/9;
+ }
+ unit 0 {
+ description "Chef-created LAG interface";
+ family bridge {
+ interface-mode trunk;
+ vlan-id-list [ 100 200 300 ];
+ }
+ }
+ }
+ }
+ bridge-domains {
+ blue {
+ description "Chef-created blue VLAN";
+ domain-type bridge;
+ vlan-id 100;
+ }
+ green {
+ description "Chef-created green VLAN";
+ domain-tye bridge;
+ vlan-id 200;
+ }
+ red {
+ description "Chef-created blue VLAN";
+ domain-type bridge;
+ vlan-id 300;
+ }
+ }
The apply-macro statement under the ae0 and ae1 interface configuration is a normally hidden statement that is exposed when the configuration is generated by a Chef client.
Verification
Verifying the Status of the VLANs
Purpose
Verify the VLANs and VLAN memberships are correct.
Action
Use the show bridge domain command to verify VLAN membership.
root@mx-node> show bridge domain
Routing instance Bridge domain VLAN ID Interfaces
default-switch blue 100
ae0.0*
ae1.0*
ge-1/0/1.0*
default-switch green 200
ae0.0*
ae1.0*
ge-1/0/2.0*
default-switch red 300
ae0.0*
ae1.0*
ge-1/0/3.0* Meaning
The output shows that the VLANs have been created correctly and contain the correct member interfaces.