Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Using Chef for Junos OS to Configure Ethernet Switching on EX Series, OCX Series, and QFX Series Switches

 

This example shows how you can use resources in the netdev cookbook to write recipes that configure the switching interfaces on EX Series switches, OCX Series switches, and QFX Series switches running the Chef client. For more information about the light-weight resources in the netdev cookbook, see Chef for Junos OS at https://docs.chef.io/junos.html.

Requirements

This example uses the following hardware and software components:

  • A properly set up and configured Chef workstation and Chef server

  • A supported Junos OS release (as specified in the Chef for Junos OS Release Notes)

  • A Juniper Networks switch that the Chef client manages

    Note

    This example uses netdev resources not supported on an OCX1100 switch. Only the netdev_interface resource is supported on an OCX1100 switch.

Before you begin, the number of aggregated Ethernet interfaces supported on the switch must have been already configured before you run the Chef client. To verify that a sufficient number of aggregated Ethernet interfaces has been configured, use the show chassis aggregated-devices configuration mode CLI command. Use the set chassis aggregated-devices ethernet device-count command to set the number of supported aggregated Ethernet interfaces.

Overview

This example takes you through using Chef for Junos OS to configure the switching interfaces on an access switch.

In this example, you create a cookbook, called netdev_access_switch, that is based on the netdev cookbook. Within the cookbook, you create three recipes:

  • vlan_create recipe—Defines netdev_vlan resources for the VLANs shown in Table 1.

  • access_interface_create recipe—Defines netdev_interface and netdev_l2_interface resources for the access interfaces shown in Table 2.

  • uplink_interface_create recipe—Defines netdev_lag and netdev_l2_interface resources for the link aggregation group (LAG ) interfaces shown in Table 3.

Table 1: VLANs Defined in the vlan_create Recipe

Name

VLAN ID

Description

blue

100

the blue VLAN

green

200

the green VLAN

red

300

the red VLAN

Table 2: Access Interfaces Defined in the access_interface_create Recipe

Name

Port Mode

VLAN Membership

Description

et-0/0/4

Access

blue

Access interface

et-0/0/5

Access

green

Access interface

et-0/0/6

Access

red

Access interface

Table 3: LAGs Defined in the uplink_interface_create Recipe

Name

Member
Interfaces

Mininum
Links

LACP

Port
Mode

VLAN
Membership

Description

ae0

et-0/1/0
et-0/1/2

1

Active

Trunk

blue, green, red

Uplink interface

ae1

et-0/2/0
et-0/2/2

1

Active

Trunk

blue, green, red

Uplink interface

In your own implementation of Chef for Junos OS, you can structure recipes in any way that makes sense for deploying and managing your switching resources. The recipes used in this example are simply one way of doing so.

After you create the recipes, you upload the cookbook to the Chef server and add the recipes to the run list for the access switch. Finally, you run the Chef client on the access switch. The client then uses the Junos OS providers in the netdev cookbook to implement the configuration described in the recipes.

Configuration

Step-by-Step Procedure

To configure the access switch by using Chef for Junos OS:

  1. From the chef-repo directory on the Chef workstation, download the netdev cookbook and extract the cookbook files to the cookbooks directory:

    knife cookbook site download netdev

    tar -zxvf netdev-n.n.n.tar.gz -C cookbooks

  2. Copy the netdev cookbook to create a new cookbook, netdev_access_switch, in the cookbooks directory.
  3. In an editor of your choice, write the vlan_create recipe for creating the blue, green, and red VLANs.
  4. Save the recipe in cookbooks/netdev_access_switch/recipes/ vlan_create.rb.
  5. In an editor of your choice, write the access_interface_create recipe, which configures the physical and Layer 2 properties of the access interfaces.
  6. Save the recipe in
    cookbooks/netdev_access_switch/recipes/ access_interface_create.rb.
  7. In an editor of your choice, write the uplink_interface_create recipe, which configures the LAG trunk interfaces.
  8. Save the recipe in
    cookbooks/netdev_access_switch /recipes/uplink_interface_create.rb.
  9. Upload the netdev_access_switch cookbook to the Chef server.
  10. Edit the node object that represents the access switch.

    Knife starts your editor and opens a JSON file that contains the node attributes.

  11. Enter the recipes in the run-list attribute and then save the JSON file.

    The order in which you enter the recipes matters—for example, the Chef client runs the vlans_create recipe first because it is listed first.

  12. If the number of aggregated Ethernet interfaces supported on the switch is not already configured, log in to the access switch, enter configuration mode, and configure the number of aggregated Ethernet interfaces supported.

    root@access-switch-node# set chassis aggregated-devices ethernet device-count 2

    root@access-switch-node# commit and-quit

  13. On the access switch, log in as the root user.
  14. From the UNIX-level shell, run the Chef client.
    • If the Juniper Networks version of the Chef client is 2.x (for example, Chef client version 11.10.4_2.0), enter:

      %/opt/jet/chef/bin/ruby /opt/jet/chef/bin/chef-client -c /var/db/chef/client.rb

    • If the Juniper Networks version of the Chef client is 1.x (for example, Chef client version 11.10.4_1.1), enter:

      %/opt/sdk/chef/bin/ruby /opt/sdk/chef/bin/chef-client -c /var/db/chef/client.rb

    The Chef client displays status messages during its run to indicate its progress in performing the configuration. For example:

Results

To check the results of the configuration:

  1. On the access switch, enter the CLI.

    % cli

  2. Enter the following CLI operational mode command:

Verification

Verifying the Status of the VLANs

Purpose

Verify the VLANs and VLAN memberships are correct.

Action

Use the show vlans command to verify VLAN membership.

Meaning

The output shows that the VLANs have been created correctly and contain the correct member interfaces.