Understanding Salt for Junos OS

Salt for Junos OS Overview

Salt, or the SaltStack Platform, is a Python-based, open-source remote execution and configuration management tool. Salt enables you to define the state of a system and enforce that state on managed nodes. You can also use Salt to execute ad hoc commands on a device. The distributed design and persistent sessions make it fast, flexible, and highly scalable, with deployments that can manage thousands of devices across multiple vendors. The Salt installation includes modules that enable you to use Salt Open or SaltStack Enterprise to manage devices running Junos OS.

Salt differs from other configuration management tools in that it is event driven. The Salt architecture is centered around an event bus, which uses ZeroMQ as the default message and event transport mechanism for communication between components. Components communicate by sending messages through the bus, and external events can be injected on the bus. This enables you to build an event-driven infrastructure (EDI) that automatically responds to specific events.

The general Salt architecture is a server/client model in which the Salt master manages one or more Salt minions. Salt typically uses an agent-based architecture, which requires the managed nodes to run the salt-minion process, as shown in Figure 1. The Salt master issues commands to the minions, and the minions execute the commands and return the results to the Salt master.

Figure 1: Salt Server/Client Architecture

However, Salt setups are flexible and allow for a masterless option, an agentless option, and the use of proxy minions. A proxy minion enables you to manage a device that does not directly run a Salt minion but can be managed through another protocol, for example, the Network Configuration Protocol (NETCONF). A Salt master can manage devices running Junos OS through a Salt proxy minion.

The Salt installation includes the Junos proxy module, which translates Salt operations into Junos OS-specific instructions and enables the Salt system to use a proxy minion to connect to and manage devices running Junos OS. The Junos proxy connects to the Salt master using the ZeroMQ event bus and uses the Juniper Junos PyEZ library to establish a NETCONF session over SSH with the device running Junos OS. The proxy minion process can run on the Salt master as shown in Figure 2 or on one or more separate servers as shown in Figure 3.

Figure 2: Junos Proxy Minions Same Server Architecture

Figure 3: Junos Proxy Minion Separate Server Architecture

The Salt installation also includes the Junos execution and state modules (for Salt). These modules define functions that enable you to execute ad hoc commands or define and enforce particular states on devices running Junos OS. You can use the functions to automate key operational and configuration tasks in your network. For example, you can:

• Manage and provision configurations, including generating, loading and committing, and backing up configurations

• Retrieve and analyze operational information or configuration data

• Execute Junos OS CLI commands and RPCs

• Perform software installations

• Audit and validate operational states

The Salt event system uses a publish-subscribe (pub/sub) model. Events are published on the event bus, and subscribers listen for published events and react as directed. Salt provides methods to publish external events on the bus and to react to events. This enables you to use Salt to monitor and respond to events in real time.

The Salt installation includes the Junos syslog engine (for Salt), which listens for Junos OS system log messages from managed devices and publishes them on the Salt event bus. You can use the Junos syslog engine, in conjunction with Salt reactors, for event-based state management of devices running Junos OS. Salt reactors enable you to take action in response to events on the Salt event bus. When you enable the Salt Reactor system, it monitors the Salt event bus and triggers actions for matching events based on your configured rules. By enabling the Junos syslog engine and configuring custom reactors, you can automatically troubleshoot and correct common network issues.

Benefits of Salt and Salt for Junos OS

• Provide an efficient and scalable solution for managing large numbers of devices.

• Enable automatic enforcement of the correct state of a device.

• Shorten troubleshooting time and speed time to resolution for network issues by automating troubleshooting tasks.

• Improve network reliability and maximize network uptime by automatically responding to specific system events.

• Enable customized event-driven automation of devices running Junos OS. You can define which events to track and write custom reactors to respond to those events.

Additional Resources

This documentation assumes that the reader is familiar with the SaltStack Platform. For more information about Salt, including supported operating systems and installation instructions, see the SaltStack website at https://www.saltstack.com.

Table 1 describes a number of Salt and Salt for Junos OS resources.