nanog mailing list archives

Re: Templating/automating configuration

From: "tim () pelican org" <tim () pelican org>
Date: Wed, 7 Jun 2017 10:23:33 +0100 (BST)

Hi Brian,

On Tuesday, 6 June, 2017 21:48, "Brian Knight" <ml () knight-networks com> said:

Because we had different sources of truth which were written in-house, we wound up
rolling our own template engine in Python. It took about 3 weeks to write the
engine and adapt existing templates.  Given a circuit ID, it generates the full
config for copy and paste into a terminal session.  It also hooks into a
configuration parser tool, written in-house, that tracks configured interfaces, so
it is easy to see whether the template would overwrite an existing interface.


Interesting.  I'm going through much the same process at the moment, due to similar requirements - multiple sources of 
truth, validation that there's no clash with existing configs, but also with a requirement for network-wide atomic 
operations.  The latter has been a strong driver for a custom tool - it's now grabbing an exclusive lock on all the 
devices, making all the checks, pushing all the config, commit check everywhere, commit everywhere, and only once all 
the commits succeed, release the locks.  If any of those steps fail anywhere, we get to roll back everywhere.  
(Obviously with appropriate timeouts / back-offs / deadlock prevention, and specific to platforms with sane config 
management - no vanilla IOS).

Did you find anything to give you a leg-up on config parsing, or did you have to do that completely from scratch?  At 
the moment, I'm working with PyEZ (I know, vendor lock-in, but we're firmly a Juniper shop, and going in eyes-open to 
the lock-in) to build a limited model of just the parts of the config I'm interested in validating, and it seems to be 
working.

If I had a free hand and unlimited budget, I would find a single app that
functions as a source of truth for all circuits and products, which includes a
templating engine that hooks in easily.


Plus the business buy-in and the resource to go back and standardise all the existing configs, so the application can 
fully parse and understand the network before it starts.  That, and a pony :)

Regards,
Tim.

Current thread:

Re: Templating/automating configuration, (continued)
- - Re: Templating/automating configuration Gordon Cook (Jun 11)
    - Re: Templating/automating configuration Gordon Cook (Jun 11)
- Re: Templating/automating configuration Brian Knight (Jun 06)
  - Re: Templating/automating configuration Job Snijders (Jun 06)
    - RE: Templating/automating configuration Graham Johnston (Jun 14)
    - Re: Templating/automating configuration 'Job Snijders' (Jun 14)
    - Re: Templating/automating configuration Nick Hilliard (Jun 14)
    - Re: Templating/automating configuration Job Snijders (Jun 14)
    - Re: Templating/automating configuration Jimmy Hess (Jun 15)
    - Re: Templating/automating configuration Mike Meredith (Jun 15)
  - Re: Templating/automating configuration tim () pelican org (Jun 07)
    - Re: Templating/automating configuration Brian Knight (Jun 07)
    - Re: Templating/automating configuration James Bensley (Jun 07)