Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Using Chef to Configure Juniper Networks Devices

 

Example: Using Chef for Junos OS to Configure Ethernet Switching on EX Series, OCX Series, and QFX Series Switches

This example shows how you can use resources in the netdev cookbook to write recipes that configure the switching interfaces on EX Series switches, OCX Series switches, and QFX Series switches running the Chef client. For more information about the light-weight resources in the netdev cookbook, see Chef for Junos OS at https://docs.chef.io/junos.html.

Requirements

This example uses the following hardware and software components:

  • A properly set up and configured Chef workstation and Chef server

  • A supported Junos OS release (as specified in the Chef for Junos OS Release Notes)

  • A Juniper Networks switch that the Chef client manages

    Note

    This example uses netdev resources not supported on an OCX1100 switch. Only the netdev_interface resource is supported on an OCX1100 switch.

Before you begin, the number of aggregated Ethernet interfaces supported on the switch must have been already configured before you run the Chef client. To verify that a sufficient number of aggregated Ethernet interfaces has been configured, use the show chassis aggregated-devices configuration mode CLI command. Use the set chassis aggregated-devices ethernet device-count command to set the number of supported aggregated Ethernet interfaces.

Overview

This example takes you through using Chef for Junos OS to configure the switching interfaces on an access switch.

In this example, you create a cookbook, called netdev_access_switch, that is based on the netdev cookbook. Within the cookbook, you create three recipes:

  • vlan_create recipe—Defines netdev_vlan resources for the VLANs shown in Table 1.

  • access_interface_create recipe—Defines netdev_interface and netdev_l2_interface resources for the access interfaces shown in Table 2.

  • uplink_interface_create recipe—Defines netdev_lag and netdev_l2_interface resources for the link aggregation group (LAG ) interfaces shown in Table 3.

Table 1: VLANs Defined in the vlan_create Recipe

Name

VLAN ID

Description

blue

100

the blue VLAN

green

200

the green VLAN

red

300

the red VLAN

Table 2: Access Interfaces Defined in the access_interface_create Recipe

Name

Port Mode

VLAN Membership

Description

et-0/0/4

Access

blue

Access interface

et-0/0/5

Access

green

Access interface

et-0/0/6

Access

red

Access interface

Table 3: LAGs Defined in the uplink_interface_create Recipe

Name

Member
Interfaces

Mininum
Links

LACP

Port
Mode

VLAN
Membership

Description

ae0

et-0/1/0
et-0/1/2

1

Active

Trunk

blue, green, red

Uplink interface

ae1

et-0/2/0
et-0/2/2

1

Active

Trunk

blue, green, red

Uplink interface

In your own implementation of Chef for Junos OS, you can structure recipes in any way that makes sense for deploying and managing your switching resources. The recipes used in this example are simply one way of doing so.

After you create the recipes, you upload the cookbook to the Chef server and add the recipes to the run list for the access switch. Finally, you run the Chef client on the access switch. The client then uses the Junos OS providers in the netdev cookbook to implement the configuration described in the recipes.

Configuration

Step-by-Step Procedure

To configure the access switch by using Chef for Junos OS:

  1. From the chef-repo directory on the Chef workstation, download the netdev cookbook and extract the cookbook files to the cookbooks directory:

    knife cookbook site download netdev

    tar -zxvf netdev-n.n.n.tar.gz -C cookbooks

  2. Copy the netdev cookbook to create a new cookbook, netdev_access_switch, in the cookbooks directory.
  3. In an editor of your choice, write the vlan_create recipe for creating the blue, green, and red VLANs.
  4. Save the recipe in cookbooks/netdev_access_switch/recipes/ vlan_create.rb.
  5. In an editor of your choice, write the access_interface_create recipe, which configures the physical and Layer 2 properties of the access interfaces.
  6. Save the recipe in
    cookbooks/netdev_access_switch/recipes/ access_interface_create.rb.
  7. In an editor of your choice, write the uplink_interface_create recipe, which configures the LAG trunk interfaces.
  8. Save the recipe in
    cookbooks/netdev_access_switch /recipes/uplink_interface_create.rb.
  9. Upload the netdev_access_switch cookbook to the Chef server.
  10. Edit the node object that represents the access switch.

    Knife starts your editor and opens a JSON file that contains the node attributes.

  11. Enter the recipes in the run-list attribute and then save the JSON file.

    The order in which you enter the recipes matters—for example, the Chef client runs the vlans_create recipe first because it is listed first.

  12. If the number of aggregated Ethernet interfaces supported on the switch is not already configured, log in to the access switch, enter configuration mode, and configure the number of aggregated Ethernet interfaces supported.

    root@access-switch-node# set chassis aggregated-devices ethernet device-count 2

    root@access-switch-node# commit and-quit

  13. On the access switch, log in as the root user.
  14. From the UNIX-level shell, run the Chef client.
    • If the Juniper Networks version of the Chef client is 2.x (for example, Chef client version 11.10.4_2.0), enter:

      %/opt/jet/chef/bin/ruby /opt/jet/chef/bin/chef-client -c /var/db/chef/client.rb

    • If the Juniper Networks version of the Chef client is 1.x (for example, Chef client version 11.10.4_1.1), enter:

      %/opt/sdk/chef/bin/ruby /opt/sdk/chef/bin/chef-client -c /var/db/chef/client.rb

    The Chef client displays status messages during its run to indicate its progress in performing the configuration. For example:

Results

To check the results of the configuration:

  1. On the access switch, enter the CLI.

    % cli

  2. Enter the following CLI operational mode command:

Verification

Verifying the Status of the VLANs

Purpose

Verify the VLANs and VLAN memberships are correct.

Action

Use the show vlans command to verify VLAN membership.

Meaning

The output shows that the VLANs have been created correctly and contain the correct member interfaces.

Example: Using Chef for Junos OS to Configure Ethernet Switching on MX Series Routers

This example shows how you can use resources in the netdev cookbook to write recipes that configure the switching interfaces on MX Series routers running the Chef client. For more information about the light-weight resources in the netdev cookbook, see Chef for Junos OS at https://docs.chef.io/junos.html.

Requirements

This example uses the following hardware and software components:

  • A properly set up and configured Chef workstation and Chef server

  • An MX Series router that the Chef client manages

  • Junos OS Release 16.1 or later

Before you begin, the number of aggregated Ethernet interfaces supported on the router must already be configured before you run the Chef client.

  • To verify that a sufficient number of aggregated Ethernet interfaces has been configured, use the show chassis aggregated-devices configuration mode CLI command. Use the set chassis aggregated-devices ethernet device-count command to set the number of supported aggregated Ethernet interfaces.

  • If the number of aggregated Ethernet interfaces supported on the router is not already configured, log in to the router, enter configuration mode, and configure the number of aggregated Ethernet interfaces supported:

    root@router-node# set chassis aggregated-devices ethernet device-count 2

    root@router-node# commit and-quit

Overview

This example takes you through using Chef for Junos OS to configure the switching interfaces on an MX Series router.

In this example, you create a cookbook, called netdev_router, that is based on the netdev cookbook. Within the cookbook, you create four recipes:

  • vlan_create recipe—Defines netdev_vlan resources for the VLANs shown in Table 4.

  • interface_create recipe—Defines the netdev_interface resources for the interfaces shown in Table 5.

  • l2interface_create recipe—Defines the netdev_l2_interface resources for the interfaces shown in Table 5.

  • lag_interface_create recipe—Defines netdev_lag and netdev_l2_interface resources for the link aggregation group (LAG ) interfaces shown in Table 6.

Table 4: VLANs Defined in the vlan_create Recipe

Name

VLAN ID

Description

blue

100

Chef-created blue VLAN

green

200

Chef-created green VLAN

red

300

Chef-created red VLAN

Table 5: Interfaces Defined in the interface_create and l2interface_create Recipes

Name

Port Mode

VLAN Membership

Description

ge-1/0/1

Access

blue

Chef-created interface

ge-1/0/2

Access

green

Chef-created interface

ge-1/0/3

Access

red

Chef-created interface

Table 6: LAGs Defined in the lag_interface_create Recipe

Name

Member
Interfaces

Mininum
Links

LACP

Port
Mode

VLAN
Membership

Description

ae0

ge-1/0/6
ge-1/0/7

1

Active

Trunk

blue, green, red

Chef-created LAG interface

ae1

ge-1/0/8
ge-1/0/9

1

Active

Trunk

blue, green, red

Chef-created LAG interface

In your own implementation of Chef for Junos OS, you can structure recipes in any way that makes sense for deploying and managing your switching resources. The recipes used in this example are simply one way of doing so.

After you create the recipes, you upload the cookbook to the Chef server and add the recipes to the run list for the managed router. Finally, you run the Chef client on the router. The client then uses the Junos OS providers in the netdev cookbook to implement the configuration described in the recipes.

Note

The number of aggregated Ethernet interfaces supported on the router must already be configured before you run the Chef client.

Configuration

Step-by-Step Procedure

To configure the router by using Chef for Junos OS:

  1. From the chef-repo directory on the Chef workstation, download the netdev cookbook and extract the cookbook files to the cookbooks directory.

    knife cookbook site download netdev

    tar -zxvf netdev-n.n.n.tar.gz -C cookbooks

  2. Copy the netdev cookbook to create a new cookbook, netdev_router, in the cookbooks directory.
  3. In an editor of your choice, write the vlan_create recipe for creating the blue, green, and red VLANs.
  4. Save the recipe in cookbooks/netdev_router/recipes/vlan_create.rb.
  5. In an editor of your choice, write the interface_create recipe, which configures the physical properties of the interfaces.
  6. Save the recipe in cookbooks/netdev_router/recipes/interface_create.rb.
  7. In an editor of your choice, write the l2interface_create recipe, which configures the Layer 2 properties of the interfaces.
  8. Save the recipe in cookbooks/netdev_router/recipes/l2interface_create.rb.
  9. In an editor of your choice, write the lag_interface_create recipe, which configures the LAG trunk interfaces.
  10. Save the recipe in cookbooks/netdev_router /recipes/lag_interface_create.rb.
  11. Upload the netdev_router cookbook to the Chef server.

    $ knife cookbook upload netdev_router

  12. Edit the node object that represents the router.

    $ knife node edit router_node_name

    Knife starts your editor and opens a JSON file that contains the node attributes.

  13. Enter the recipes in the run-list attribute and then save the JSON file.

    The order in which you enter the recipes matters—for example, the Chef client runs the interfaces_create recipe first because it is listed first.

  14. Log in as the root user.
  15. From the UNIX-level shell, run the Chef client.
    • If the Juniper Networks version of the Chef client is 2.x (for example, Chef client version 11.10.4_2.0), enter:

      %/opt/jet/chef/bin/ruby /opt/jet/chef/bin/chef-client -c /var/db/chef/client.rb

    • If the Juniper Networks version of the Chef client is 1.x (for example, Chef client version 11.10.4_1.1), enter:

      %/opt/sdk/chef/bin/ruby /opt/sdk/chef/bin/chef-client -c /var/db/chef/client.rb

    The Chef client displays status messages during its run to indicate its progress in performing the configuration. For example:

Results

From operational mode, confirm your configuration by entering the show configuration | compare rollback 1 command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Note

The apply-macro statement under the ae0 and ae1 interface configuration is a normally hidden statement that is exposed when the configuration is generated by a Chef client.

Verification

Verifying the Status of the VLANs

Purpose

Verify the VLANs and VLAN memberships are correct.

Action

Use the show bridge domain command to verify VLAN membership.

Meaning

The output shows that the VLANs have been created correctly and contain the correct member interfaces.

Example: Using Chef for Junos OS to Configure Any Hierarchy Level

This example shows how you can use the netdev_group resource in the netdev cookbook to write recipes that configure any hierarchy level on devices running Chef for Junos OS. For more information about the light-weight resources in the netdev cookbook, see Chef for Junos OS at https://docs.chef.io/junos.html .

Requirements

This example uses the following hardware and software components:

  • A properly set up and configured Chef workstation and Chef server

  • Junos OS Release 16.1

  • A Juniper Networks device that the Chef client manages

    Note

    This example uses the netdev_group resource that is not supported on an OCX1100 switch. Only the netdev_interface resource is supported on an OCX1100 switch.

Before you begin, make sure that the local autonomous system number is already defined on the device.

Overview

The netdev_group resource specifies an Embedded Ruby (ERB) template file that defines a Junos OS configuration to be applied to the groups hierarchy level on the device. For information about Chef cookbook templates, see https://docs.chef.io/templates.html. When the client downloads the catalog, it adds the configuration data generated by the template under the [edit groups] hierarchy level and configures the apply-groups statement to include the group name. If the commit succeeds, the configuration inherits the statements in the configuration group. The configuration file is created in /var/tmp/name, where name is the name of a Junos OS group on the Chef client.

The netdev_group resource has the following actions:

  • :create–Create a Junos OS group (default).

  • :delete–Delete a Junos OS group.

The netdev_group resource has the following attributes:

  • name–The name of the Junos OS group under which configuration is applied.

  • template_path–The path of the template used to create the Junos OS configuration file in the format template-file-name.config-format.erb, where template-file-name is the name of the file and config-format is one of xml, set, or text. If config-format is not specified, xml is the default format.

  • variables–(Optional) Variables input to the template file.

Configuration

This example creates a ntedev_group resource named bgp_create.rb that configures statements for internal and external BGP peering. The netdev_group resource references the bgp.xml.erb template that generates the configuration data for the resource. The template is located in the netdev/templates/junos directory. The attributes that apply to the template are defined in netdev/attributes/default.rb under the variable name bgp.

The BGP variable definition contains the node-specific configuration values that the template uses to generate the configuration data for that group. The data is provided in a hash that uses the BGP group names as keys. Each key maps to another hash that contains the details for that group including the group type, and the IP addresses and AS number of the peers. When the template is referenced, it iterates over the hash and generates the Junos OS configuration data for the groups command.

Creating the netdev_group Resource

Step-by-Step Procedure

To create the netdev_group resource:

  1. From the chef-repo directory on the Chef workstation, download the netdev cookbook and extract the cookbook files to the cookbooks directory.

    knife cookbook site download netdev

    tar -zxvf netdev-n.n.n.tar.gz -C cookbooks

  2. Copy the netdev cookbook to create a new cookbook, netdev_device, in the cookbooks directory.
  3. In an editor of your choice, write the bgp_group recipe for creating the BGP configuration in the cookbooks/netdev_device/recipes/ bgp_create.rb file.

Creating the ERB Template

Step-by-Step Procedure

To create and stage the ERB template:

  • Create a new template file named bgp.xml.erb in the netdev/templates/junos directory, and add the text and Ruby tags required to generate the desired configuration data, in Junos OS XML format, for the BGP resource.

Creating the Attributes for the Template

Step-by-Step Procedure

To create and save the attributes for the template:

  • Add the BGP attributes to the end of the end of the default.rb file:

Configuring the Device by Using Chef for Junos OS

Step-by-Step Procedure

To configure the device by using Chef for Junos OS:

  1. Upload the netdev_device cookbook to the Chef server.

    $ knife cookbook upload netdev_device

  2. Edit the node object that represents the device.

    $ knife node edit device_node_name

    Knife starts your editor and opens a JSON file that contains the node attributes.

  3. Enter the recipe in the run-list attribute and then save the JSON file.

    The order in which you enter the recipes matters. The last configuration overrides any previous configuration.

  4. Log in as the root user.
  5. From the UNIX-level shell, run the Chef client.
    • If the Juniper Networks version of the Chef client is 2.x (for example, Chef client version 11.10.4_2.0), enter:

      %/opt/jet/chef/bin/ruby /opt/jet/chef/bin/chef-client -c /var/db/chef/client.rb

    • If the Juniper Networks version of the Chef client is 1.x (for example, Chef client version 11.10.4_1.1), enter:

      %/opt/sdk/chef/bin/ruby /opt/sdk/chef/bin/chef-client -c /var/db/chef/client.rb

    The Chef client displays status messages during its run to indicate its progress in performing the configuration.

Verification

To verify that the commit was successful and the configuration reflects the new BGP resource, perform these tasks:

Verifying the Commit

Purpose

Action

Meaning

The JUNOS: OK: COMMIT success! message and the commit log indicate that the Chef client successfully applied the configuration changes generated by the template.

Verifying the Configuration

Purpose

Verify that the BGP configuration group is in the active configuration on the device and that the configuration group name is configured for the apply-groups statement.

Action

From operational mode, enter the show configuration groups bgp_group and the show configuration apply-groups commands.

chef@chef-client> show configuration groups bgp_group
chef@chef-client> show configuration apply-groups

Meaning

The output shows that the BGP configuration was successfully configured in the groups hierarchy and that bgp_group was added to the apply-groups hierarchy.