Puppet netdev Resources
Understanding the netdev_stdlib Puppet Resource Types
On the Puppet master, two Puppet modules are required to manage
devices running Junos OS. The first module, netdevops/netdev_stdlib, includes the Puppet type definitions for the netdev resources.
The netdev resources model the properties for various network resources
and control specific Ethernet switch configuration such as VLANs. Table 1 describes the resource
types defined by the netdev_stdlib module. In the Puppet manifest, you use the netdev resource types
in resource declarations to specify the desired configurations of
the agent nodes running Junos OS.
The netdev_stdlib resource
definitions represent a superset of configuration parameters for that
resource. The manifest file should only configure those parameters
that are supported on a given platform or that are relevant to the
given interface type.
Table 1: Resource Types Defined in the netdev_stdlib Module
Type Name | Description |
|---|---|
Models the properties of the network device. | |
Models the properties for a physical interface. | |
Models the properties for Layer 2 switching services
on an interface. | |
Models the properties for a link aggregation group (LAG). | |
Models the properties for a VLAN resource. |
The second Puppet module, juniper/netdev_stdlib_junos, includes the Junos OS-specific code that implements each of
the types defined by netdev_stdlib. When you install the netdev_stdlib_junos module on the Puppet master, it automatically installs the netdev_stdlib module.
In a Puppet manifest, you must specify one and only one netdev_device for a given node. The netdev provider
code automatically creates dependencies between the netdev_device resource and the other netdev resources. If the netdev_device cannot be created, then the Puppet agent does not process the other
resources.
To create the netdev_device resource,
the Puppet agent must open a NETCONF session with the device running
Junos OS and establish an exclusive lock on the configuration database.
Since the Puppet agent is running on the device, opening a connection
should not fail. However, obtaining an exclusive lock could fail if
another administrator is managing the device and already has a lock
on the configuration database.
The netdev_interface resource type
models the properties for a physical interface, whereas netdev_l2_interface models the properties for Layer 2
switching services on an interface. You only need to define the netdev_interface resource to change physical interface
properties such as speed, MTU, or duplex mode. You do not need to
define a netdev_interface resource as a
prerequisite for defining a netdev_l2_interface resource.
The netdev_vlan resource type models
the properties for a VLAN resource. A netdev_l2_interface resource can reference VLANs created using netdev_vlan resources, or it can reference VLANs already existing in the device
configuration. Thus, you do not need to define a netdev_vlan resource in order to use VLANs in the netdev_l2_interface definition.
Only the netdev_device and netdev_interface resources are supported on OCX1100
switches.
To manage resources that do not have type specifications
in the netdev_stdlib module, you
can use the apply_group defined resource
type provided as part of the netdev_stdlib_junos module.
netdev_device
Syntax
netdev_device { "name": }Release Information
Resource support starting in netdev_stdlib_junos module version 1.0.0.
Description
Puppet resource type that models the management
connection to the agent node running Junos OS. In a Puppet manifest,
you must specify one and only one netdev_device for a given node.
Attributes
name—Name identifying the agent node. This
can be a user-defined identifier and does not need to have any relationship
to the actual node name.Usage Examples
The following Puppet manifest code creates a netdev_device resource. In this example, the netdev_device name is the value of the $hostname variable, which is provided by Facter.
node "jd.example.com" {
netdev_device { $hostname: }
<…additional resources…>
}
netdev_interface
Syntax
netdev_interface { "name":
ensure => (present | absent),
active => (true | false),
admin => (up | down),
description => "interface-description",
speed => speed,
duplex => (auto | full | half),
mtu => mtu
}Release Information
Resource support starting in netdev_stdlib_junos module version 1.0.0.
Description
Puppet resource type that enables you to model the properties and manage the configuration of a physical interface.
The netdev_stdlib resource
definitions represent a superset of configuration parameters for that
resource. The manifest file should only configure those parameters
that are supported on a given platform or that are relevant to the
given interface type.
Attributes
name—Junos OS interface name, for example,
ge-0/0/0.active —(Optional) Specify whether to activate or deactivate
the corresponding configuration. A value of true activates the configuration. A value of false deactivates the configuration without removing it.Default: true
If the resource declaration includes the active attribute and also ensure => absent, the client deletes the corresponding configuration and ignores
the active attribute.
admin—(Optional) Configure the interface as administratively
enabled or disabled. A value of up configures the interface
as administratively enabled, and a value of down administratively
disables the interface.Default: up
description—(Optional) Interface description. Default: “Puppet created interface: <name>”
duplex—(Optional) Interface duplex mode. Acceptable values
are auto, full, and half. Default: auto
EX4300 switches support full duplex only. If you include the duplex attribute in your manifest file and set it to anything other than full, the Puppet agent displays an error message when it runs and ignores the duplex attribute setting.
ensure—(Optional) Specify whether to create or delete the
configuration. A value of present creates
the configuration. A value of absent deletes
the configuration.Default: present
mtu—(Optional) Maximum transmission unit (MTU) of the interface.speed—(Optional) Interface speed. Acceptable values are auto, 10m, 100m, 1g, and 10g. Default: auto
Setting the speed attribute to the default value of auto causes the device to use the existing configuration for the speed statement and does not explicitly configure anything for the interface speed.
Usage Examples
The following Puppet manifest code configures the description, speed, and duplex mode for interface ge-0/0/0:
node "jd.example.com" {
netdev_device { $hostname: }
netdev_interface { "ge-0/0/0":
description => "connected to old hub",
speed => 100m,
duplex => full
}
}
On a switch running Junos OS, the resulting configuration is:
root@jd.example.com> show configuration interfaces
ge-0/0/0description "connected to old hub";
ether-options {
link-mode full-duplex;
speed {
100m;
}
}
On an MX Series router running Junos OS, the resulting configuration is:
root@jd.example.com> show configuration interfaces
ge-0/0/0description "Connected to old hub"; speed 100m; link-mode full-duplex;
If the Puppet manifest sets the speed attribute to auto, the device uses the existing configuration
for the speed statement and does not explicitly configure
anything for the interface speed. The following Puppet manifest code
configures the mtu statement for the ge-0/0/0 interface
and instructs the device to use the existing configuration for the speed statement:
node "jd.example.com" {
netdev_device { $hostname: }
netdev_interface { "ge-0/0/0":
speed => auto,
mtu => 1514
}
}
The resulting configuration uses the existing configuration for the speed statement, which in this case is 100m.
root@jd.example.com> show configuration interfaces
ge-0/0/0speed 100m; mtu 1514;
netdev_l2_interface
Syntax
netdev_l2_interface { "name":
ensure => (present | absent),
active => (true | false),
description => "interface-description",
tagged_vlans => (vlan | [vlan1, vlan2, vlan3, ...]),
untagged_vlan => vlan,
vlan_tagging => (enable | disable)
}Release Information
Resource support starting in netdev_stdlib_junos module version 1.0.0.
Description
Puppet resource type that enables you to model
the properties and manage the configuration of Layer 2 switching
services on an interface. You do not need to define a netdev_interface resource as a prerequisite for defining
a netdev_l2_interface resource.
The netdev_l2_interface resource
is not supported on OCX1100 switches.
A netdev_l2_interface resource can
reference VLANs created using netdev_vlan resources, or it can reference VLANs that already exist in the device
configuration. Thus, you do not need to define a netdev_vlan resource in order to use VLANs in the netdev_l2_interface definition.
Attributes
name—Junos OS interface name, excluding any
logical unit number, for example, ge-0/0/0. active —(Optional) Specify whether to activate or deactivate
the corresponding configuration. A value of true activates the configuration. A value of false deactivates the configuration without removing it.Default: true
If the resource declaration includes the active attribute and also ensure => absent, the client deletes the corresponding configuration and ignores
the active attribute.
description—(Optional) Interface description. Default: “Puppet created netdev_l2_interface: <name>”
ensure—(Optional) Specify whether to create or delete the
configuration. A value of present creates
the configuration. A value of absent deletes
the configuration.Default: present
tagged_vlans—(Optional) Configure one or more VLANs that can carry
traffic on a trunk interface. The value can be a single VLAN name
or an array of VLAN names. If you set this attribute, the code automatically
configures the port as a trunk port.untagged_vlan—(Optional) Configure the specified VLAN as the native
VLAN on an interface. The value is the name of the VLAN for untagged
packets.vlan_tagging—(Optional) Configure the mode for the given port as
access or trunk. A value of enable configures the
port in trunk mode, in which tagged packets are processed. A value
of disable configures the port in access
mode, in which tagged packets are discarded.
If you do not specify a value for this attribute, but you do
set the tagged_vlans attribute, the code
automatically configures the port as a trunk port. When you configure
an MX Series router, you must define the tagged_vlans attribute for a trunk port configuration or define the untagged_vlan attribute for an access port configuration.
Default: disable
Usage Examples
The following Puppet manifest code configures ge-0/0/0 as a trunk port accepting tagged frames from the Pink and Green VLANs. The code configures the Red VLAN as the native VLAN for that interface.
node "jd.example.com" {
<…config omitted…>
netdev_l2_interface { "ge-0/0/0":
tagged_vlans => [ Green, Pink ],
untagged_vlan => Red
}
}
On a switch running Junos OS, the resulting configuration is:
root@jd.example.com> show configuration interfaces
ge-0/0/0unit 0 {
description "Puppet created netdev_l2_interface: ge-0/0/0";
family ethernet-switching {
port-mode trunk;
vlan {
members [ Green Pink ];
}
native-vlan-id Red;
}
}
On an MX Series router, the resulting configuration uses the corresponding VLAN IDs instead of VLAN names, as shown in the following output:
root@jd.example.com> show configuration interfaces
ge-0/0/0flexible-vlan-tagging;
native-vlan-id 103;
encapsulation flexible-ethernet-services;
unit 0 {
description "Puppet created netdev_l2_interface: ge-0/0/0";
family bridge {
interface-mode trunk;
vlan-id-list [ 101 103 105 ];
}
}
netdev_lag
Syntax
netdev_lag { "name":
ensure => (present | absent),
active => (true | false),
links => ('interface-name' | ['interface-name1', 'interface-name2' ...]),
lacp => (active | disabled | passive),
minimum_links => minimum
}Release Information
Resource support starting in netdev_stdlib_junos module version 1.0.0.
Description
Puppet resource type that enables you to model the properties and manage the configuration of link aggregation groups (LAGs). In Junos OS, LAG ports are referred to as aggregated Ethernet bundles or ae ports.
The netdev_lag resource is
not supported on OCX1100 switches.
The links attribute causes physical
interfaces to be added or removed from the LAG. To successfully assign
the physical interfaces in the links attribute
list to a LAG, you must ensure that there are no existing logical
units configured on those physical interfaces. To enforce this prerequisite,
you can use the netdev_l2_interface resource
with ensure=>absent to remove any existing
logical units.
Junos OS requires at least one unit configured under the LAG (ae) port for the links to display as part of the show command. Therefore, you need to define Layer 2 services using the netdev_l2_interface resource type.
Attributes
name—Junos OS LAG name, excluding any logical
unit number, for example, ae0.active—(Optional) Specify whether to activate or deactivate
the corresponding configuration. A value of true activates the configuration. A value of false deactivates the configuration without removing it.Default: true
If the resource declaration includes the active attribute and also ensure => absent, the client deletes the corresponding configuration and ignores
the active attribute.
ensure—(Optional) Specify whether to create or delete the
configuration. A value of present creates
the configuration. A value of absent deletes
the configuration.Default: present
lacp—(Optional) Link Aggregation Control Protocol (LACP)
mode. disabled—LACP is not used.
active—LACP active mode.
passive—LACP passive mode.
Default: disabled
links—Configure one or more physical interfaces as members
of the LAG bundle. The value can be a single interface or an array
of interfaces.minimum_links—(Optional) Integer that defines the minimum number
of physical links that must be in the up state to declare the LAG port in the up state. Usage Examples
The following Puppet manifest code configures a LAG bundle ae0 consisting of three interfaces, ge-0/0/15, ge-0/0/20, and ge-0/0/21, which accept tagged frames from the Blue and Green VLANs. The code configures the Red VLAN as the native VLAN.
node "jd.example.com" {
<…config omitted…>
netdev_lag { "ae0":
links => [ 'ge-0/0/15', 'ge-0/0/20', 'ge-0/0/21' ]
}
netdev_l2_interface { "ae0":
tagged_vlans => [ Blue, Green ],
untagged_vlan => Red
}
}On a switch running Junos OS, the resulting configuration is:
root@jd.example.com> show configuration interfacesge-0/0/15 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/20 {
ether-options {
802.3ad ae0;
}
}
ge-0/0/21 {
ether-options {
802.3ad ae0;
}
}
ae0 {
unit 0 {
description "Puppet created netdev_l2_interface: ae0";
family ethernet-switching {
port-mode trunk;
vlan {
members [ Blue Green ];
}
native-vlan-id Red;
}
}
}On an MX Series router running Junos OS, the resulting configuration is:
root@jd.example.com> show configuration interfacesge-0/0/15 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/20 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/21 {
gigether-options {
802.3ad ae0;
}
}
ae0 {
apply-macro "netdev_lag[:links]" {
ge-0/0/15;
ge-0/0/20;
ge-0/0/21;
}
flexible-vlan-tagging;
native-vlan-id 103;
encapsulation flexible-ethernet-services;
unit 0 {
description "Puppet created netdev_l2_interface: ae0";
family bridge {
interface-mode trunk;
vlan-id-list [ 103 520 101 ];
}
}
}Puppet for Junos OS uses an apply-macro statement in LAG configurations to identify the list of LAG members.
netdev_vlan
Syntax
netdev_vlan { "name":
ensure => (present | absent),
active => (true | false),
vlan_id => id,
description => "vlan-description"
}
Release Information
Resource support starting in netdev_stdlib_junos module version 1.0.0.
Description
Puppet resource type that enables you to model the properties and manage the configuration of VLANs on agent nodes running Junos OS.
The netdev_vlan resource is
not supported on OCX1100 switches.
Attributes
name—Name of the VLAN, which must be a VLAN
name that is valid on the agent node.active—(Optional) Specify whether to activate or deactivate
the corresponding configuration. A value of true activates the configuration. A value of false deactivates the configuration without removing it.Default: true
If the resource declaration includes the active attribute and also ensure => absent, the client deletes the corresponding configuration and ignores
the active attribute.
description—(Optional) VLAN description. Default: “Puppet created VLAN: <name>: <vlan-id>”
ensure—(Optional) Specify whether to create or delete the
configuration. A value of present creates
the configuration. A value of absent deletes
the configuration.Default: present
vlan_id—VLAN tag identifier. Valid VLAN IDs range from 1 through
4094.Usage Examples
The following Puppet manifest code defines a VLAN named Green with a VLAN ID of 500:
node "jd.example.com" {
netdev_device { $hostname: }
netdev_vlan { "Green":
vlan_id => 500
}
}
On a switch running Junos OS, the resulting configuration is:
vlans {
Green {
description "Puppet created VLAN: Green: 500";
vlan-id 500;
}
}
On an MX Series router, the resulting configuration is:
bridge-domains {
Green {
description "Puppet created VLAN: Green: 500";
domain-type bridge;
vlan-id 500;
}
}
The following Puppet manifest code deactivates the Green VLAN, which has a VLAN ID of 500:
node "jd.example.com" {
netdev_device { $hostname: }
netdev_vlan { "Green":
active => false,
vlan_id => 500
}
}
On a switch running Junos OS, the resulting configuration is:
root@jd.example.com> show configuration vlansinactive: Green {
description "Puppet created VLAN: Green: 500";
vlan-id 500;
}
On an MX Series router, the resulting configuration is:
root@jd.example.com> show configuration bridge-domainsinactive: Green {
description "Puppet created VLAN: Green: 500";
domain-type bridge;
vlan-id 500;
}