Name: cisco-network-chef-cookbook
Owner: Chef Partners
Description: null
Created: 2015-08-20 21:11:04.0
Updated: 2015-10-01 19:08:34.0
Pushed: 2015-12-21 20:21:04.0
Homepage: null
Size: 1381
Language: Ruby
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
–
–
The cisco-cookbook
allows a network administrator to manage Cisco Network Elements using Chef. This cookbook bundles a set of Chef Resources, providers, Sample Recipes and installation Tools for effective network management. The resources and capabilities provided by this cookbook will grow with contributions from Cisco, Chef Software Inc., and the open source community.
The Cisco Network Elements and Operating Systems managed by this cookbook are continuously expanding. Please refer to the Limitations section for details on currently supported hardware and software. The Limitations section also provides details on compatible Chef client and Chef Server versions.
This GitHub repository contains the latest version of the cisco-cookbook source code. Supported versions of the cisco-cookbook are available at Chef Supermarket. Please refer to SUPPORT.md for additional details.
Contributions to this cookbook are welcome. Guidelines on contributions to the cookbook are captured in CONTRIBUTING.md
This cookbook enables management of supported Cisco Network Elements using Chef. This cookbook enhances the Chef DSL by introducing new Chef Resources and Providers capable of managing network elements.
The set of supported network element platforms is continuously expanding. Please refer to the Limitations section for a list of currently supported platforms.
The cisco-cookbook
is installed on the Chef server. Please see The Chef Server for information on Chef server setup. See Chef's knife cookbook site for general information on Chef cookbook installation.
The Chef Client (agent) requires installation and setup on each device. Agent setup can be performed as a manual process or it may be automated. For more information please see the README-agent-install.md document for detailed instructions on agent installation and configuration on Cisco Nexus devices.
As noted in the agent installation guide, these are the current RPM versions for use with cisco-cookbook:
bash-shell
guestshell
The cisco-cookbook has dependencies on a few ruby gems. These gems are already installed in the cookbook as vendored gems so there are no additional steps required for installing these gems. The gems are shown here for reference only:
Place a dependency on cisco-cookbook in your cookbook's metadata.rb
nds 'cisco-cookbook', '~> 1.0'
See the recipes directory for example usage of cisco providers and resources.
Miscellaneous Types
Interface Types
OSPF Types
SNMP Types
TACACS Types
VLAN Types
–
cisco_command_config
cisco_interface
cisco_interface_ospf
cisco_ospf
cisco_ospf_vrf
cisco_snmp_community
cisco_snmp_group
cisco_snmp_server
cisco_snmp_user
cisco_tacacs_server
cisco_tacacs_server_host
cisco_vlan
cisco_vtp
–
The following resources are listed alphabetically.
The cisco_command_config
resource allows raw configurations to be managed by chef. It serves as a stopgap until specialized resources are created. It has the following limitations:
feature
configuration is not enabled firstno router ospf RED
removes all configuration under router ospf REDEthernet1/1
, not Eth1/1
o_command_config 'loop42' do
mmand '
rface loopback42
scription Peering for AS 42
address 192.168.1.42/24
o_command_config 'route42' do
mmand ' ip route 192.168.42.42/32 Null0 '
command
- The sequence of configuration commands to apply.The cisco_interface
resource is used to manage general configuration of all
interface types, including ethernet, port-channel, loopback, and SVI (vlan).
o_interface 'Ethernet1/1' do
tion :create
v4_address '10.1.1.1'
v4_netmask_length 24
v4_proxy_arp true
v4_redirects true
utdown true
itchport_mode 'disabled'
o_interface 'Ethernet1/2' do
tion :create
cess_vlan 100
utdown false
itchport_mode 'access'
itchport_vtp true
Note that the setting of the switchport_mode
parameter influences which of the
other parameters are permitted. Not all interface types support all of the below
parameters.
interface_name
- The interface name, in lower case. Defaults to the
resource name.
access_vlan
- The access VLAN ID. Only valid with switchport_mode
set to access
or trunk
.
description
- Descriptive label for this interface.
shutdown
- Set to true
to administratively shut down this interface,
false
to administratively enable this interface.
ipv4_address
- IPv4 address to apply to this interface. Requires
ipv4_netmask_length
.
ipv4_netmask_length
- Netmask length of this interface's IPv4 address.
Must be a value between 0
and 32
. Requires ipv4_address
.
ipv4_proxy_arp
- Set to true
to enable Proxy ARP on this interface,
false
to disable Proxy ARP.
ipv4_redirects
- Set to false
to disable ICMP redirects on this interface,
true
to enable them.
negotiate_auto
- Set to true
or false
to enable or disable
autonegotiation of interface speed.
switchport_autostate_exclude
- Set to true
or false
to exclude or
include this interface from SVI calculations. Default value: false
.
switchport_mode
- Interface switchport mode. Available options (depending
on interface type) are 'disabled', 'access', 'tunnel', 'fex_fabric',
'trunk', 'default'. If set to 'default', the default mode for the interface
type is used.
switchport_vtp
- Set to true
or false
to enable or disable VTP on this
interface. Default value: false
.
svi_autostate
- Enable/disable SVI autostate. Default value: true
.
Only applicable to SVI (vlan
) interfaces.
svi_management
- Enable/disable SVI management. Default value: false
.
Only applicable to SVI (vlan
) interfaces.
:create
- Creates and/or updates the interface configuration.
:destroy
- Unconfigures and/or deletes the interface.
Note that logical interfaces (loopback, SVI, etc.) can be created/destroyed, while physical interfaces (Ethernet, etc.) can only be configured/unconfigured. The same actions apply regardless.
The cisco_interface_ospf
resource is used to manage per-interface OSPF
configuration properties. More broadly applicable OSPF configuration is
managed by the cisco_ospf
and cisco_ospf_vrf
resources.
o_interface_ospf 'Ethernet1/2' do
tion :create
pf 'Sample'
ea 200
st 200
ad_interval 200
llo_interval 200
ssage_digest true
ssage_digest_encryption_type 'cisco_type_7'
ssage_digest_algorithm_type 'md5'
ssage_digest_key_id 7
ssage_digest_password '088199c89d4a5ee'
ssive_interface true
interface_name
- The interface name, in lower case. Defaults to the
resource name.
ospf
- The OSPF process name. Required.
area
- The OSPF area. Required.
cost
- The OSPF link cost for this interface. Default is 0
, meaning to
calculate cost automatically.
dead_interval
- The OSPF dead interval on this interface, in seconds.
Default value: 40
.
hello_interval
- The OSPF hello interval on this interface, in seconds.
Default value: 10
.
message_digest
- Enable or disable message-digest authentication on
on the interface. Available options are true
and false
. Default value:
false
.
message_digest_algorithm_type
- OSPF message digest algorithm.
Default value: md5
, which is currently the only supported value.
message_digest_encryption_type
- Encryption type for the message digest
password. Available options are 'cleartext'
, '3des'
, and 'cisco_type_7'
.
Default value: 'cleartext'
.
message_digest_key_id
- The key ID to use for message digest authentication.
Valid values are numbers from 0
to 255
, with 0
(the default value)
indicating message digest authentication is disabled.
message_digest_password
- The message digest key (password), in the format
specified by message_digest_encryption
.
passive_interface
- Set to true
or false
to suppress or permit OSPF
routing updates on this interface.
:create
- Creates and/or updates the OSPF configuration on the interface.
:destroy
- Removes all OSPF configuration on the interface.
The cisco_ospf
resource is used to enable/disable OSPF on the switch.
More detailed OSPF configuration is managed by the cisco_ospf_vrf
and
cisco_interface_ospf
resources.
o_ospf 'Sample' do
tion :create
name
- The name of the OSPF process. Defaults to the resource name.:create
- Enables the given OSPF process, first configuring feature ospf
if necessary.
:destroy
- Destroys the given OSPF process. If no OSPF configuration
remains, will also disable feature ospf
.
The cisco_ospf_vrf
resource is used to manage per-VRF OSPF configuration,
including the default
VRF.
o_ospf_vrf 'dark_blue default' do
to_cost 45000
fault_metric 5
g_adjacency 'detail'
mer_throttle_lsa_start 5
mer_throttle_lsa_hold 5500
mer_throttle_lsa_max 5600
mer_throttle_spf_start 250
mer_throttle_spf_hold 1500
mer_throttle_spf_max 5500
o_ospf_vrf 'dark_blue vrf1' do
to_cost 46000
fault_metric 10
g_adjacency 'log'
mer_throttle_lsa_start 8
mer_throttle_lsa_hold 5600
mer_throttle_lsa_max 5800
mer_throttle_spf_start 277
mer_throttle_spf_hold 1700
mer_throttle_spf_max 5700
ospf
- Name of the parent OSPF process. Defaults to the first word of
the resource name.
vrf
- Name of the VRF to apply OSPF configuration to. Defaults to the
second word of the resource name. A value of default
refers to the default
VRF.
auto_cost
- The reference bandwidth, in Mbps, used to calculate interface
default metrics. Default value: 40000
.
default_metric
- The default cost metric for redistributed routes.
log_adjacency
- Whether to generate system log messages whenever a neighbor
changes state. Available options are 'none'
, 'log'
, or 'detail'
.
Default value: 'none'
.
router_id
- IPv4 address to use as a router-id for OSPF.
timer_throttle_lsa_start
- LSA generation start interval, in milliseconds.
Default value: 0
.
timer_throttle_lsa_hold
- LSA generation hold interval, in milliseconds.
Default value: 5000
.
timer_throttle_lsa_max
- LSA generation maximum interval, in milliseconds.
Default value: 5000
.
timer_throttle_spf_start
- Initial SPF schedule delay, in milliseconds.
Default value: 200
.
timer_throttle_spf_hold
- Minimum hold time between SPF calculations,
in milliseconds. Default value: 1000
.
timer_throttle_spf_max
- Maximum wait time between SPF calculations, in
milliseconds. Default value: 5000
.
:create
- Enables the given OSPF process for the given VRF.
:destroy
- Removes the given VRF from the given OSPF process.
The cisco_package
resource is a subclass of the Chef yum_package
resource.
Unlike yum_package
, it will always install packages into the NX-OS native
environment, even if the Chef agent is running within guestshell
.
book_file '/bootflash/demo-one-1.0-1.x86_64.rpm' do
ner 'root'
oup 'root'
de '0775'
urce 'rpm-store/demo-one-1.0-1.x86_64.rpm'
o_package 'demo-one' do
tion :install
urce '/bootflash/demo-one-1.0-1.x86_64.rpm'
See https://docs.chef.io/resource_package.html
See https://docs.chef.io/resource_package.html
The cisco_snmp_community
resource is used to manage SNMP communities.
o_snmp_community 'setcom' do
tion :create
l 'testcomacl'
oup 'network-admin'
community
- Name of the SNMP community to manage. Defaults to the
resource name.
acl
- Access control list (ACL) to filter SNMP requests. Default value: '',
indicating no ACL.
group
- SNMP group name. Default value: network-operator
.
:create
- Create or update the given SNMP community.
:destroy
- Destroy the given SNMP community.
The cisco_snmp_group
resource is used to manage SNMP groups. Cisco NX-OS
defines SNMP groups based on user roles, so this resource is unable to create
or delete groups but can only be used to validate that the group exists or not.
o_snmp_group 'network-admin' do
tion :create
group
- SNMP group name. Defaults to the resource name.:create
- Ensure that the given group exists, or raise an error if not.
:destroy
- Ensure that the given group does not exist, or raise an error.
The cisco_snmp_server
resource is used to manage the SNMP server configuration
on a node. There can only be one instance of this resource per node.
o_snmp_server 'default' do
aaa_user_cache_timeout 1000
contact 'user1'
global_enforce_priv true
location 'rtp'
packet_size 2500
protocol false
tcp_session_auth false
name
- Must be default
.
aaa_user_cache_timeout
- Time in seconds before entries in the AAA user
cache time out. Default value: 3600
.
contact
- SNMP system contact (sysContact).
global_enforce_priv
- Used to enable/disable SNMP message encryption for
all users. Default value: true
.
location
- SNMP location (sysLocation).
packet_size
- Maximum SNMP packet size. Default value: 1500
.
protocol
- Used to enable/disable the SNMP protocol. Default value: true
.
tcp_session_auth
- Used to enable/disable one-time authentication for SNMP
over a TCP session. Default value: true
.
:update
- Apply changes to the SNMP server configuration as necessary.The cisco_snmp_user
resource is used to manage SNMP user configuration.
o_snmp_user 'v3test' do
oups ['network-admin']
o_snmp_user 'withengine 128:128:127:127:124:2' do
th_password 'Plus+Minus-'
th_protocol 'md5'
oups ['network-admin']
calized_key false
iv_password 'Minus-Plus+'
iv_protocol 'des'
user
- The username to manage. Defaults to the first word of the resource
name.
engine_id
- SNMP user engineID. Defaults to the second word of the resource
name, if any, else ''. Valid values are '' or a string consisting of 5 to 32
colon-separated decimal octets.
auth_password
- User authentication password.
auth_protocol
- Authentication protocol to use. Available options are
'md5'
, 'sha
', or 'none'
. Default value: md5
.
groups
- Array of strings representing the SNMP group(s) that the user
belongs to.
localized_key
- Set to true
if the auth_password
and priv_password
are in localized key format, false
if they are in cleartext format.
priv_protocol
- Privacy protocol to use. Available options are 'des'
and 'aes128'
. Default value: des
.
priv_password
- User privacy password.
:create
- Create or update the given SNMP user.
:destroy
- Destroy the given SNMP user.
The cisco_tacacs_server
resource is used to manage global TACACS+ server
configuration. There can only be one instance of this resource per node.
o_tacacs_server 'default' do
tion :create
adtime 20
rected_request true
cryption_password 'test123'
cryption_type 'clear'
urce_interface 'Ethernet1/2'
meout 10
deadtime
- TACACS+ server deadtime interval, in minutes.
directed_request
- Set to true to permit users to specify which server to
query. Default value: false
.
encryption_password
- Specifies the global TACACS+ server preshared key.
encryption_type
- The encryption type for the encryption_password
.
Available values are 'clear'
, 'encrypted'
, or 'default'
.
source_interface
- Global source interface for all TACACS+ server groups.
timeout
- Global timeout interval for TACACS+ servers, in seconds.
Default value: 5
.
:create
- Enable feature tacacs+
and apply any specified configuration.
:update
- Update existing TACACS+ configuration.
:destroy
- Disable TACACS+.
The cisco_tacacs_server_host
resource is used to manage per-host TACACS+
configuration.
o_tacacs_server_host 'testhost' do
tion :create
cryption_password 'foobarpassword'
cryption_type 'clear'
rt 66
meout 33
name
- The hostname to manage.
encryption_password
- The preshared key for this host.
encryption_type
- The encryption type for the encryption_password
.
Available values are 'clear'
, 'encrypted'
, or 'default'
.
port
- Server port for the host. Default value: 49
.
timeout
- Timeout interval for this host, in seconds. Default value: '0'
,
indicating to inherit the global TACACS+ server timeout.
:create
- Create/update configuration for this TACACS+ server host.
:destroy
- Remove all configuration for this host.
The cisco_vlan
resource is used to manage VLAN configuration.
o_vlan '220' do
tion :create
utdown true
ate 'active'
an_name 'newtest'
name
- The VLAN ID, in the range 1-4096. Some values are reserved and may
not be managed by Chef.
shutdown
- Whether the VLAN is shut down. Default value: false
.
state
- State of the VLAN. Accepted values are 'active'
and 'suspend'
.
Default value: active
.
vlan_name
- Descriptive name for the VLAN.
:create
- Create/update the specified VLAN.
:destroy
- Delete the specified VLAN.
The cisco_vtp
resource is used to manage VLAN Trunking Protocol (VTP)
configuration. There can only be one instance of this resource per node.
o_vtp 'default' do
tion :create
main 'cisco1234'
lename 'bootflash:/vlan.dat'
ssword 'test1234'
rsion 2
domain
- VTP administrative domain. Required.
filename
- VTP file name. Default value: bootflash:/vlan.dat
password
- VTP domain password.
version
- VTP version number. Default value: 1
.
:create
- Enable feature vtp
and apply VTP configuration as requested.
:destroy
- Disable VTP.
Minimum Requirements:
Contributions to cisco-cookbook are welcome and encouraged. Please follow this general workflow for new contributions. See CONTRIBUTING.md for more information.
add_component_x
)–
right (c) 2014-2015 Cisco and/or its affiliates.
nsed under the Apache License, Version 2.0 (the "License");
may not use this file except in compliance with the License.
may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
ss required by applicable law or agreed to in writing, software
ributed under the License is distributed on an "AS IS" BASIS,
OUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
the License for the specific language governing permissions and
tations under the License.