From 327bdcfd8c8fc37b23a860afa07d66277192adb3 Mon Sep 17 00:00:00 2001 From: Marek Isalski Date: Tue, 21 Jun 2022 19:20:11 +0100 Subject: [PATCH] refactor --- includes/junos-v21-core-router/chassis.j2 | 68 ++++ .../forwarding-options.j2 | 51 +++ includes/junos-v21-core-router/groups.j2 | 33 ++ includes/junos-v21-core-router/interfaces.j2 | 95 +++++ includes/junos-v21-core-router/macros.j2 | 16 + .../junos-v21-core-router/routing-options.j2 | 8 + includes/junos-v21-core-router/system.j2 | 79 +++++ junos-v21-core-router.j2 | 335 +----------------- 8 files changed, 356 insertions(+), 329 deletions(-) create mode 100644 includes/junos-v21-core-router/chassis.j2 create mode 100644 includes/junos-v21-core-router/forwarding-options.j2 create mode 100644 includes/junos-v21-core-router/groups.j2 create mode 100644 includes/junos-v21-core-router/interfaces.j2 create mode 100644 includes/junos-v21-core-router/macros.j2 create mode 100644 includes/junos-v21-core-router/routing-options.j2 create mode 100644 includes/junos-v21-core-router/system.j2 diff --git a/includes/junos-v21-core-router/chassis.j2 b/includes/junos-v21-core-router/chassis.j2 new file mode 100644 index 0000000..eaceb3b --- /dev/null +++ b/includes/junos-v21-core-router/chassis.j2 @@ -0,0 +1,68 @@ +{%- set lag_interfaces = [] %} +{%- for interface, subinterfaces in device|get_interfaces|subinterfaces(".") %} +{%- if interface.type.value == 'lag' %}{%- do lag_interfaces.append(interface) %}{%- endif %} +{%- endfor %} + +chassis { + maximum-ecmp 16; + redundancy { + routing-engine 0 master; + routing-engine 1 backup; + failover { + on-loss-of-keepalives; + on-re-to-fpc-stale; + on-disk-failure; + on-loss-of-vm-host-connection; + } + graceful-switchover; + } + aggregated-devices { + ethernet { + device-count {{ lag_interfaces|length }}; + } + } + fpc 0 { + pic 0 { + number-of-ports 0; + } + pic 1 { + port 0 { + speed 100g; + } + port 1 { + speed 100g; + } + port 2 { + speed 100g; + } + port 3 { + speed 100g; + } + port 4 { + speed 100g; + } + port 5 { + speed 100g; + } + port 6 { + speed 100g; + } + port 7 { + speed 100g; + } + port 8 { + speed 100g; + } + port 9 { + speed 100g; + } + port 10 { + speed 100g; + } + port 11 { + speed 40g; /* XXX temporary for testing lab */ + } + } + } + network-services enhanced-ip; +} diff --git a/includes/junos-v21-core-router/forwarding-options.j2 b/includes/junos-v21-core-router/forwarding-options.j2 new file mode 100644 index 0000000..7285fc9 --- /dev/null +++ b/includes/junos-v21-core-router/forwarding-options.j2 @@ -0,0 +1,51 @@ +forwarding-options { + sampling { + input { + rate 10000; + run-length 0; + max-packets-per-second 50000; + } + } + load-balance { + per-flow { + hash-seed; + } + } + hash-key { + family inet { + layer-3; + layer-4; + symmetric-hash; + } + family inet6 { + layer-3; + layer-4; + } + family mpls { + label-1; + label-2; + label-3; + payload { + ether-pseudowire; + ip { + port-data; + } + } + } + family multiservice { + source-mac; + destination-mac; + payload { + ip { + layer-3; + layer-4; + } + } + } + } + enhanced-hash-key { + family mpls { + ether-pseudowire zero-control-word; + } + } +} diff --git a/includes/junos-v21-core-router/groups.j2 b/includes/junos-v21-core-router/groups.j2 new file mode 100644 index 0000000..c054fa6 --- /dev/null +++ b/includes/junos-v21-core-router/groups.j2 @@ -0,0 +1,33 @@ +groups { +{%- set re_groups = [] %} +{%- for interface, subinterfaces in device|get_interfaces|subinterfaces(".") %} +{%- if '@' in interface.name %} +{%- set re = interface.name.split("@")[1] %} +{%- do re_groups.append( re ) %} +{%- set interface_name = interface.name.split("@")[0] %} +{%- set interface_context = interface.tags|get_netbox_tags_contexts|contexts_merge_last %} + {{ re }} { + system { + host-name {{ re }}.{{ device.name }}; + services { + ssh; + } + } + interfaces { + {{ interface_name}} { + unit 0 { + family inet { + {%- for address in interface|get_addresses %}{% if address|ipv4 %} + address {{ address.address }}; + {%- endif %}{%- endfor %} + } + } + } + } + } + +{%- endif %} +{%- endfor %} +} + +apply-groups [ {% for re in re_groups %}{{ re }}{% if not loop.last %} {% endif %}{% endfor %} ]; diff --git a/includes/junos-v21-core-router/interfaces.j2 b/includes/junos-v21-core-router/interfaces.j2 new file mode 100644 index 0000000..6764ec7 --- /dev/null +++ b/includes/junos-v21-core-router/interfaces.j2 @@ -0,0 +1,95 @@ +interfaces { + +{%- for interface, subinterfaces in device|get_interfaces|subinterfaces(".") %} +{%- set interface_context = interface.tags|get_netbox_tags_contexts|contexts_merge_last %} + +{%- set interface_tags = [] %} +{%- for tag in interface.tags %} +{%- do interface_tags.append(tag.slug) %} +{%- endfor %} + +{%- if '@' in interface.name %} + /* groups interface: {{ interface.name }} */ + +{%- elif interface.mgmt_only %} + /* management interface: {{ interface.name }} */ + +{%- elif 'no-automation' in interface_tags %} + /* do not configure: {{ interface.name }} */ + +{% elif interface.lag %} + {{ interface.name }} { + {{ macros.interface_description(interface, interface_context) }} + gigether-options { + 802.3ad {{ interface.lag.name }}; + } + +{%- elif interface.name.startswith( 'lo' ) %} + {{ interface.name }} { + {{ macros.interface_description(interface, interface_context) }} + {%- for unit, subinterface in subinterfaces %} + unit {{ unit }} { + {%- if subinterface.untagged_vlan %} + vlan-id {{ subinterface.untagged_vlan.vid }}; + {%- elif unit|int %} + vlan-id {{ unit }}; + {%- endif %} + {%- set subinterface_context = subinterface.tags|get_netbox_tags_contexts|contexts_merge_last %} + {# interface_vrf(subinterface, subinterface_context) #} + {# interface_common(subinterface, subinterface_context) #} + {{ macros.interface_addresses(subinterface, subinterface_context) }} + } + {%- endfor %} + +{%- elif interface.type.value == 'lag' %} + {{ interface.name }} { + vlan-tagging; + aggregated-ether-options { + minimum-links 1; + link-speed 100g; + } + {{ macros.interface_description(interface, interface_context) }} + {# interface_common(interface, interface_context) #} + +{%- elif interface.type.value != 'virtual' %} + {{ interface.name }} { + {{ macros.interface_description(interface) }} + + {%- if not interface.mode or ( interface.mode.value == 'access' ) %} + unit 0 { + {# interface_vrf(interface, interface_context) #} + {# interface_common(interface, interface_context) #} + {{ macros.interface_addresses(interface, interface_context) }} + } + {%- elif interface.mode.value == 'tagged' %} + vlan-tagging; + {%- endif %} + +{%- endif %} + +{%- if ( not interface.mgmt_only ) and ( 'no-automation' not in interface_tags ) and ( '@' not in interface.name ) %} + {%- for tagged_vlan in interface.tagged_vlans %}{%- endfor %} + + {%- if interface.mode.value == 'tagged' %} + {%- for unit, subinterface in subinterfaces %} + unit {{ unit }} { + {%- if subinterface.untagged_vlan %} + vlan-id {{ subinterface.untagged_vlan.vid }}; + {%- elif unit|int %} + vlan-id {{ unit }}; + {%- endif %} + {%- set subinterface_context = subinterface.tags|get_netbox_tags_contexts|contexts_merge_last %} + {# interface_vrf(subinterface, subinterface_context) #} + {# interface_common(subinterface, subinterface_context) #} + {{ macros.interface_addresses(subinterface, subinterface_context) }} + } + {%- endfor %} + {%- endif %} + } +{%- endif %} + +{%- endfor %} + fxp0 { + unit 0; + } +} diff --git a/includes/junos-v21-core-router/macros.j2 b/includes/junos-v21-core-router/macros.j2 new file mode 100644 index 0000000..3abe969 --- /dev/null +++ b/includes/junos-v21-core-router/macros.j2 @@ -0,0 +1,16 @@ +{%- macro interface_description(interface, interface_context) %} + description "{% if interface.label %}{{ interface.label|replace('"','\\"') or "-" }}: {% endif %}{{ interface.description|replace('"','\\"') or "-" }}{% if interface.connected_endpoint %} ({{ interface.connected_endpoint.name|replace('"','\\"')|replace('.voneus.net','') }}{% if interface.connected_endpoint.device.name %} @ {{ interface.connected_endpoint.device.name|replace('.voneus.net','')|replace('"','\\"') }}{% endif %}){% endif %}{% if interface.cable %} via [{{ interface.cable.label.split("/")[-1] }}]{% endif %}{% if interface.link_peer %} to [{{ interface.link_peer.label or interface.link_peer.name }}{% if interface.link_peer.device %} @ {{ interface.link_peer.device.name.split("/")[-1]|replace('"','\\"')|replace('.voneus.net','') }}]{% endif %}{% endif %}" +{%- endmacro %} + +{%- macro interface_addresses(interface, interface_context) %} + family inet { + {%- for address in interface|get_addresses %}{% if address|ipv4 %} + address {{ address.address }} + {%- endif %}{%- endfor %} + } + family inet6 { + {%- for address in interface|get_addresses %}{% if address|ipv6 %} + address {{ address.address }} + {%- endif %}{%- endfor %} + } +{%- endmacro %} diff --git a/includes/junos-v21-core-router/routing-options.j2 b/includes/junos-v21-core-router/routing-options.j2 new file mode 100644 index 0000000..39656e5 --- /dev/null +++ b/includes/junos-v21-core-router/routing-options.j2 @@ -0,0 +1,8 @@ +routing-options { + static { + {%- for (route, route_data) in device.config_context.get('routes',{}).items() %} + route {{ route }} next-hop {{ route_data.get('next-hop', None) }}; + {%- endfor %} + } + nonstop-routing; +} diff --git a/includes/junos-v21-core-router/system.j2 b/includes/junos-v21-core-router/system.j2 new file mode 100644 index 0000000..eed9448 --- /dev/null +++ b/includes/junos-v21-core-router/system.j2 @@ -0,0 +1,79 @@ +system { + root-authentication { + encrypted-password "$6$uC87jp7U$04FIKNRT3VcUzqDiaxKVRVqnQM2c48Q2NpIARsSuKVVK7gezNX92B7261QV.kRHg.yswiDhUY.SF4e/qgRNdL0"; ## SECRET-DATA + } + commit synchronize; + login { + user faelix { + full-name "FAELIX NOC"; + uid 2000; + class super-user; + authentication { + encrypted-password "$6$4sVD2r4y$PjAIeLZ/tJcDhsQekJI9wU2l4xYf8k6mHuzvLivK2tcFXdcHMjP23Up/oUzMRWiVtEW99foiEWuXG40tL5cHy0"; + ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM05RD1X1njHcJvPTGbaCkO7rssp6T8uTCH3b6Sk4MA9 maz@lifting-shadows"; + } + } + user voneus { + full-name "Voneus NOC"; + uid 2001; + class super-user; + authentication { + encrypted-password "$6$4sVD2r4y$PjAIeLZ/tJcDhsQekJI9wU2l4xYf8k6mHuzvLivK2tcFXdcHMjP23Up/oUzMRWiVtEW99foiEWuXG40tL5cHy0"; + ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM05RD1X1njHcJvPTGbaCkO7rssp6T8uTCH3b6Sk4MA9 maz@lifting-shadows"; + } + } + user nomios { + full-name "Nomios NOC"; + uid 2002; + class super-user; + authentication { + encrypted-password "$6$4sVD2r4y$PjAIeLZ/tJcDhsQekJI9wU2l4xYf8k6mHuzvLivK2tcFXdcHMjP23Up/oUzMRWiVtEW99foiEWuXG40tL5cHy0"; + ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM05RD1X1njHcJvPTGbaCkO7rssp6T8uTCH3b6Sk4MA9 maz@lifting-shadows"; + } + } + } + services { + ssh; + } + authentication-order [ password radius ]; + syslog { + file interactive-commands { + interactive-commands any; + } + file messages { + any notice; + authorization info; + } + } + processes { + dhcp-service { + traceoptions { + file dhcp_logfile size 10m; + level all; + flag packet; + } + } + } + domain-name core.voneus.net; + domain-search [ core.voneus.net oob.core.voneus.net netops.voneus.net ]; + time-zone Universal; + location country-code UK; + name-server { + 9.9.9.9; + 1.1.1.1; + 8.8.8.8; + } + radius-server { + {% for radius_server, radius_data in device.config_context.get('radius-servers',{}).items() %} + {{ radius_server }} secret "{{ radius_data.get('secret') }}";{% endfor %} + } + accounting { + events login; + destination { + radius; + } + } + ntp { + server 185.134.196.169 prefer; + } +} diff --git a/junos-v21-core-router.j2 b/junos-v21-core-router.j2 index a697121..d30c911 100644 --- a/junos-v21-core-router.j2 +++ b/junos-v21-core-router.j2 @@ -2,333 +2,10 @@ {% import "macros.j2" as macros %} version 21.3R1.9; -groups { -{%- set re_groups = [] %} -{%- set lag_interfaces = [] %} -{%- for interface, subinterfaces in device|get_interfaces|subinterfaces(".") %} -{%- if interface.type.value == 'lag' %}{%- do lag_interfaces.append(interface) %}{%- endif %} -{%- if '@' in interface.name %} -{%- set re = interface.name.split("@")[1] %} -{%- do re_groups.append( re ) %} -{%- set interface_name = interface.name.split("@")[0] %} -{%- set interface_context = interface.tags|get_netbox_tags_contexts|contexts_merge_last %} - {{ re }} { - system { - host-name {{ re }}.{{ device.name }}; - services { - ssh; - } - } - interfaces { - {{ interface_name}} { - unit 0 { - family inet { - {%- for address in interface|get_addresses %}{% if address|ipv4 %} - address {{ address.address }}; - {%- endif %}{%- endfor %} - } - } - } - } - } -{%- endif %} -{%- endfor %} -} -apply-groups [ {% for re in re_groups %}{{ re }}{% if not loop.last %} {% endif %}{% endfor %} ]; -system { - root-authentication { - encrypted-password "$6$uC87jp7U$04FIKNRT3VcUzqDiaxKVRVqnQM2c48Q2NpIARsSuKVVK7gezNX92B7261QV.kRHg.yswiDhUY.SF4e/qgRNdL0"; ## SECRET-DATA - } - commit synchronize; - login { - user faelix { - full-name "FAELIX NOC"; - uid 2000; - class super-user; - authentication { - encrypted-password "$6$4sVD2r4y$PjAIeLZ/tJcDhsQekJI9wU2l4xYf8k6mHuzvLivK2tcFXdcHMjP23Up/oUzMRWiVtEW99foiEWuXG40tL5cHy0"; - ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM05RD1X1njHcJvPTGbaCkO7rssp6T8uTCH3b6Sk4MA9 maz@lifting-shadows"; - } - } - user voneus { - full-name "Voneus NOC"; - uid 2001; - class super-user; - authentication { - encrypted-password "$6$4sVD2r4y$PjAIeLZ/tJcDhsQekJI9wU2l4xYf8k6mHuzvLivK2tcFXdcHMjP23Up/oUzMRWiVtEW99foiEWuXG40tL5cHy0"; - ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM05RD1X1njHcJvPTGbaCkO7rssp6T8uTCH3b6Sk4MA9 maz@lifting-shadows"; - } - } - user nomios { - full-name "Nomios NOC"; - uid 2002; - class super-user; - authentication { - encrypted-password "$6$4sVD2r4y$PjAIeLZ/tJcDhsQekJI9wU2l4xYf8k6mHuzvLivK2tcFXdcHMjP23Up/oUzMRWiVtEW99foiEWuXG40tL5cHy0"; - ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM05RD1X1njHcJvPTGbaCkO7rssp6T8uTCH3b6Sk4MA9 maz@lifting-shadows"; - } - } - } - services { - ssh; - } - authentication-order [ password radius ]; - syslog { - file interactive-commands { - interactive-commands any; - } - file messages { - any notice; - authorization info; - } - } - processes { - dhcp-service { - traceoptions { - file dhcp_logfile size 10m; - level all; - flag packet; - } - } - } - domain-name core.voneus.net; - domain-search [ core.voneus.net oob.core.voneus.net netops.voneus.net ]; - time-zone Universal; - location country-code UK; - name-server { - 9.9.9.9; - 1.1.1.1; - 8.8.8.8; - } - radius-server { - {% for radius_server, radius_data in device.config_context.get('radius-servers',{}).items() %} - {{ radius_server }} secret "{{ radius_data.get('secret') }}";{% endfor %} - } - accounting { - events login; - destination { - radius; - } - } - ntp { - server 185.134.196.169 prefer; - } -} -chassis { - maximum-ecmp 16; - redundancy { - routing-engine 0 master; - routing-engine 1 backup; - failover { - on-loss-of-keepalives; - on-re-to-fpc-stale; - on-disk-failure; - on-loss-of-vm-host-connection; - } - graceful-switchover; - } - aggregated-devices { - ethernet { - device-count {{ lag_interfaces|length }}; - } - } - fpc 0 { - pic 0 { - number-of-ports 0; - } - pic 1 { - port 0 { - speed 100g; - } - port 1 { - speed 100g; - } - port 2 { - speed 100g; - } - port 3 { - speed 100g; - } - port 4 { - speed 100g; - } - port 5 { - speed 100g; - } - port 6 { - speed 100g; - } - port 7 { - speed 100g; - } - port 8 { - speed 100g; - } - port 9 { - speed 100g; - } - port 10 { - speed 100g; - } - port 11 { - speed 40g; /* XXX temporary for testing lab */ - } - } - } - network-services enhanced-ip; -} -interfaces { - -{%- for interface, subinterfaces in device|get_interfaces|subinterfaces(".") %} -{%- set interface_context = interface.tags|get_netbox_tags_contexts|contexts_merge_last %} - -{%- set interface_tags = [] %} -{%- for tag in interface.tags %} -{%- do interface_tags.append(tag.slug) %} -{%- endfor %} - -{%- if '@' in interface.name %} - /* groups interface: {{ interface.name }} */ - -{%- elif interface.mgmt_only %} - /* management interface: {{ interface.name }} */ - -{%- elif 'no-automation' in interface_tags %} - /* do not configure: {{ interface.name }} */ - -{% elif interface.lag %} - {{ interface.name }} { - {{ macros.interface_description(interface, interface_context) }} - gigether-options { - 802.3ad {{ interface.lag.name }}; - } - -{%- elif interface.name.startswith( 'lo' ) %} - {{ interface.name }} { - {{ macros.interface_description(interface, interface_context) }} - {%- for unit, subinterface in subinterfaces %} - unit {{ unit }} { - {%- if subinterface.untagged_vlan %} - vlan-id {{ subinterface.untagged_vlan.vid }}; - {%- elif unit|int %} - vlan-id {{ unit }}; - {%- endif %} - {%- set subinterface_context = subinterface.tags|get_netbox_tags_contexts|contexts_merge_last %} - {# interface_vrf(subinterface, subinterface_context) #} - {# interface_common(subinterface, subinterface_context) #} - {{ macros.interface_addresses(subinterface, subinterface_context) }} - } - {%- endfor %} - -{%- elif interface.type.value == 'lag' %} - {{ interface.name }} { - vlan-tagging; - aggregated-ether-options { - minimum-links 1; - link-speed 100g; - } - {{ macros.interface_description(interface, interface_context) }} - {# interface_common(interface, interface_context) #} - -{%- elif interface.type.value != 'virtual' %} - {{ interface.name }} { - {{ macros.interface_description(interface) }} - - {%- if not interface.mode or ( interface.mode.value == 'access' ) %} - unit 0 { - {# interface_vrf(interface, interface_context) #} - {# interface_common(interface, interface_context) #} - {{ macros.interface_addresses(interface, interface_context) }} - } - {%- elif interface.mode.value == 'tagged' %} - vlan-tagging; - {%- endif %} - -{%- endif %} - -{%- if ( not interface.mgmt_only ) and ( 'no-automation' not in interface_tags ) and ( '@' not in interface.name ) %} - {%- for tagged_vlan in interface.tagged_vlans %}{%- endfor %} - - {%- if interface.mode.value == 'tagged' %} - {%- for unit, subinterface in subinterfaces %} - unit {{ unit }} { - {%- if subinterface.untagged_vlan %} - vlan-id {{ subinterface.untagged_vlan.vid }}; - {%- elif unit|int %} - vlan-id {{ unit }}; - {%- endif %} - {%- set subinterface_context = subinterface.tags|get_netbox_tags_contexts|contexts_merge_last %} - {# interface_vrf(subinterface, subinterface_context) #} - {# interface_common(subinterface, subinterface_context) #} - {{ macros.interface_addresses(subinterface, subinterface_context) }} - } - {%- endfor %} - {%- endif %} - } -{%- endif %} - -{%- endfor %} - fxp0 { - unit 0; - } -} -forwarding-options { - sampling { - input { - rate 10000; - run-length 0; - max-packets-per-second 50000; - } - } - load-balance { - per-flow { - hash-seed; - } - } - hash-key { - family inet { - layer-3; - layer-4; - symmetric-hash; - } - family inet6 { - layer-3; - layer-4; - } - family mpls { - label-1; - label-2; - label-3; - payload { - ether-pseudowire; - ip { - port-data; - } - } - } - family multiservice { - source-mac; - destination-mac; - payload { - ip { - layer-3; - layer-4; - } - } - } - } - enhanced-hash-key { - family mpls { - ether-pseudowire zero-control-word; - } - } -} -routing-options { - static { - {%- for (route, route_data) in device.config_context.get('routes',{}).items() %} - route {{ route }} next-hop {{ route_data.get('next-hop', None) }}; - {%- endfor %} - } - nonstop-routing; -} +{% include "includes/junos-v21-core-router/groups.j2" with context %} +{% include "includes/junos-v21-core-router/system.j2" with context %} +{% include "includes/junos-v21-core-router/chassis.j2" with context %} +{% include "includes/junos-v21-core-router/interfaces.j2" with context %} +{% include "includes/junos-v21-core-router/forwarding-options.j2" with context %} +{% include "includes/junos-v21-core-router/routing-options.j2" with context %}