Puppet users - May 2010 - puppet for switches

This might be a crazy idea, but it just popped into my head, and I
wanted to know if it''s possible. Perhaps not possible right now, but
possible in a theoretical sense.

Is it possible that puppet could be modified to be used to manage
switches that have a command line based interface?

When I manage our Allied Telesis switches (which have a CLI similar to
cisco IOS) I wonder if I could control it via a puppet-like node:

node ''switch-101'' {
   vlan { storage:
     id => 1234,
     untagged_ports => "3/e1, 4/e3",
     tagged_ports => "1/e1-2/e48",
   }
   include gvrp
   include stp::rstp
   stp::portfast { "1/e1-e48,2/e1-48",3/e1-48": }
}


Now I know we probably can''t get puppet to run on the switch, but we
can
get a host to ssh or telnet to the switch, and to download the current
configuration of the switch.

-- 
+-Geoff Crompton
+--Debian System Administrator
+---Trinity College

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 5/05/10 1:53 PM, Geoff Crompton wrote:
> This might be a crazy idea, but it just popped into my head, and I
> wanted to know if it''s possible. Perhaps not possible right now,
but
> possible in a theoretical sense.
> 
> Is it possible that puppet could be modified to be used to manage
> switches that have a command line based interface?
> 
> When I manage our Allied Telesis switches (which have a CLI similar to
> cisco IOS) I wonder if I could control it via a puppet-like node:
> 
> node ''switch-101'' {
>    vlan { storage:
>      id => 1234,
>      untagged_ports => "3/e1, 4/e3",
>      tagged_ports => "1/e1-2/e48",
>    }
>    include gvrp
>    include stp::rstp
>    stp::portfast { "1/e1-e48,2/e1-48",3/e1-48": }
> }
> 
> 
> Now I know we probably can''t get puppet to run on the switch, but
we can
> get a host to ssh or telnet to the switch, and to download the current
> configuration of the switch.
> 
It''s feasible - you could create a type and provider that connects
to the switch and interacts with the CLI to retrieve the
configuration, manipulate it in some way (depending on how complex
the format is) and then send it back and apply it.

Obviously there would be limitations - no Factor facts and you''d
have to create a dummy node I guess because the switch wouldn''t be a
real "node".

Others may have niftier ideas on how to do this - an easier
mechanism might be use Puppet''s REST API to integrate with the
switches own management tool if it has an exposed API.

Regards

James Turnbull

- -- 
Author of:
* Pro Linux System Administration (http://tinyurl.com/linuxadmin)
* Pulling Strings with Puppet (http://tinyurl.com/pupbook)
* Pro Nagios 2.0 (http://tinyurl.com/pronagios)
* Hardening Linux (http://tinyurl.com/hardeninglinux)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBS+DzNCFa/lDkFHAyAQKpsAf+J2ILNsTi6+A8JekLF5tAES+BNHdqnd9s
tlouVVokiMebNmh0m51aguvmTN2V4pa5RYQpmbfVqK1SI3m/UT68EH871vMbc6KG
xUpZTbR2zhin46qMWVZReWsJq2r9yLXex3fM66/YTh25J7S9j/kP8OpUKdguAW5L
cB66vXTlJjO7IXSZwyZzP3lvllShJ0sZAb/RvIrfKE9XXnCU5x7kF8gMLpQqjrqB
E/Dnm0Vi02b+agpzeapqbPf+CEHgBVaBIdZoPg7hAyBPIsvNoD1/pUIXkfU7/96/
ADF5O+BXbXXS5S0CgZ/SoD979VCEWwWW2Dy0CmuTLgfxJeuhdg0/KQ==QYIs
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On May 4, 2010, at 9:25 PM, James Turnbull wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 5/05/10 1:53 PM, Geoff Crompton wrote:
>> This might be a crazy idea, but it just popped into my head, and I
>> wanted to know if it''s possible. Perhaps not possible right
now, but
>> possible in a theoretical sense.
>>
>> Is it possible that puppet could be modified to be used to manage
>> switches that have a command line based interface?
>>
>> When I manage our Allied Telesis switches (which have a CLI similar  
>> to
>> cisco IOS) I wonder if I could control it via a puppet-like node:
>>
>> node ''switch-101'' {
>>   vlan { storage:
>>     id => 1234,
>>     untagged_ports => "3/e1, 4/e3",
>>     tagged_ports => "1/e1-2/e48",
>>   }
>>   include gvrp
>>   include stp::rstp
>>   stp::portfast { "1/e1-e48,2/e1-48",3/e1-48": }
>> }
>>
>>
>> Now I know we probably can''t get puppet to run on the switch,
but
>> we can
>> get a host to ssh or telnet to the switch, and to download the  
>> current
>> configuration of the switch.
>>
>
> It''s feasible - you could create a type and provider that connects
> to the switch and interacts with the CLI to retrieve the
> configuration, manipulate it in some way (depending on how complex
> the format is) and then send it back and apply it.
>
> Obviously there would be limitations - no Factor facts and you''d
> have to create a dummy node I guess because the switch wouldn''t be
a
> real "node".
>
> Others may have niftier ideas on how to do this - an easier
> mechanism might be use Puppet''s REST API to integrate with the
> switches own management tool if it has an exposed API.
The way that I would implement this would basically to write a system  
that read in the whole switch config, used the catalog and RAL to  
compare states and write a new config, and then a hook at the end to  
write the new config.

You could use the (new in 0.25) pre and post transaction hooks to  
retrieve and store the switch config, and then it''s just a question of
having RAL types that modify that config in some way.

Make sense?

-- 
When I die, I want go out just like my grandfather, in his sleep,
peaceful and quiet...not kicking and screaming like the other guys in
his car.
---------------------------------------------------------------------
Luke Kanies  -|-   http://puppetlabs.com   -|-   +1(615)594-8199

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

----- "Geoff Crompton" <geoffc@trinity.unimelb.edu.au> a écrit :

| This might be a crazy idea, but it just popped into my head, and I
| wanted to know if it''s possible. Perhaps not possible right now, but
| possible in a theoretical sense.
| 
| Is it possible that puppet could be modified to be used to manage
| switches that have a command line based interface?
| 
| When I manage our Allied Telesis switches (which have a CLI similar
| to
| cisco IOS) I wonder if I could control it via a puppet-like node:
| 
| node ''switch-101'' {
|    vlan { storage:
|      id => 1234,
|      untagged_ports => "3/e1, 4/e3",
|      tagged_ports => "1/e1-2/e48",
|    }
|    include gvrp
|    include stp::rstp
|    stp::portfast { "1/e1-e48,2/e1-48",3/e1-48": }
| }
| 
| 
| Now I know we probably can''t get puppet to run on the switch, but we
| can
| get a host to ssh or telnet to the switch, and to download the
| current
| configuration of the switch.

Funny, Brice and I had talked about this a while ago :) Obviously you could use
a host as "proxy" to get facts and then decide what hooks to run. I
(re)wrote a little ruby lib [1] thinking about this, still need some work btw

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

That would be very cool indeed, manifests would get quite big though  
in really large environments (think 100k end points).  Juniper and  
Cisco support would be great.

Sent from my iPhone

On May 5, 2010, at 4:15 AM, Nicolas Szalay <nszalay@qualigaz.com> wrote:
> ----- "Geoff Crompton" <geoffc@trinity.unimelb.edu.au> a
écrit :
>
> | This might be a crazy idea, but it just popped into my head, and I
> | wanted to know if it''s possible. Perhaps not possible right now,
but
> | possible in a theoretical sense.
> |
> | Is it possible that puppet could be modified to be used to manage
> | switches that have a command line based interface?
> |
> | When I manage our Allied Telesis switches (which have a CLI similar
> | to
> | cisco IOS) I wonder if I could control it via a puppet-like node:
> |
> | node ''switch-101'' {
> |    vlan { storage:
> |      id => 1234,
> |      untagged_ports => "3/e1, 4/e3",
> |      tagged_ports => "1/e1-2/e48",
> |    }
> |    include gvrp
> |    include stp::rstp
> |    stp::portfast { "1/e1-e48,2/e1-48",3/e1-48": }
> | }
> |
> |
> | Now I know we probably can''t get puppet to run on the switch,
but we
> | can
> | get a host to ssh or telnet to the switch, and to download the
> | current
> | configuration of the switch.
>
> Funny, Brice and I had talked about this a while ago :) Obviously  
> you could use a host as "proxy" to get facts and then decide what
> hooks to run. I (re)wrote a little ruby lib [1] thinking about this,  
> still need some work btw
>
> -- 
> You received this message because you are subscribed to the Google  
> Groups "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
> .
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
> .
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

----- "Geoff Crompton" <geoffc@trinity.unimelb.edu.au> wrote:
> This might be a crazy idea, but it just popped into my head, and I
> wanted to know if it''s possible. Perhaps not possible right now,
but
> possible in a theoretical sense.
> 
> Is it possible that puppet could be modified to be used to manage
> switches that have a command line based interface?
> 
> When I manage our Allied Telesis switches (which have a CLI similar
> to
> cisco IOS) I wonder if I could control it via a puppet-like node:
> 
> node ''switch-101'' {
>    vlan { storage:
>      id => 1234,
>      untagged_ports => "3/e1, 4/e3",
>      tagged_ports => "1/e1-2/e48",
>    }
>    include gvrp
>    include stp::rstp
>    stp::portfast { "1/e1-e48,2/e1-48",3/e1-48": }
> }
> 
> 
> Now I know we probably can''t get puppet to run on the switch, but
we
> can
> get a host to ssh or telnet to the switch, and to download the
> current
> configuration of the switch.
there was a past thread on this, it''s not perfect but might give you
something to think about

http://www.mail-archive.com/puppet-dev@googlegroups.com/msg05169.html

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

- "Geoff Crompton" <geoffc@trinity.unimelb.edu.au>
wrote:
> Is it possible that puppet could be modified to be used to manage
> switches that have a command line based interface?
Before reinventing the wheel in terms of grabbing and storing
switch/router/firewall configs, take a look at this:

http://www.shrubbery.net/rancid/

HTH

Gary

-- 
Gary Law

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Geoff Crompton <geoffc@trinity.unimelb.edu.au> writes:
> This might be a crazy idea, but it just popped into my head, and I
> wanted to know if it''s possible. Perhaps not possible right now,
but
> possible in a theoretical sense.
>
> Is it possible that puppet could be modified to be used to manage
> switches that have a command line based interface?
I think there''s a lot of value in configuration management system for
network stuff. Though I don''t think puppet is a good fit. Puppet has
lots of types that don''t really make sense in that context.

http://www.netomata.com is the most recent thing I''ve seen in this
space. I''m not sure how far along they are.

seph

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 5 May 2010 16:54, Gary Law <gary.law@gmail.com>
wrote:
>
> Before reinventing the wheel in terms of grabbing and storing
> switch/router/firewall configs, take a look at this:
>
> http://www.shrubbery.net/rancid/

 And http://trac.nocproject.org/trac/

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

seph wrote:
> Geoff Crompton <geoffc@trinity.unimelb.edu.au> writes:
> 
>> This might be a crazy idea, but it just popped into my head, and I
>> wanted to know if it''s possible. Perhaps not possible right
now, but
>> possible in a theoretical sense.
>>
>> Is it possible that puppet could be modified to be used to manage
>> switches that have a command line based interface?
> 
> I think there''s a lot of value in configuration management system
for
> network stuff. Though I don''t think puppet is a good fit. Puppet
has
> lots of types that don''t really make sense in that context.
> 
> http://www.netomata.com is the most recent thing I''ve seen in this
> space. I''m not sure how far along they are.
> 
> seph
> 
I posted a similar question on sage-au just after my puppet post. 
Someone pointed me to http://www.netomata.com. While it looks like it 
has a little way to go, it looks so good that it deflated my enthusiasm 
for using puppet for this. Naturally TMTOWTDI.

-- 
+-Geoff Crompton
+--Debian System Administrator
+---Trinity College

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wed, May 5, 2010 at 8:53 PM, Geoff Crompton
<geoffc@trinity.unimelb.edu.au> wrote:
> seph wrote:
>>
>> Geoff Crompton <geoffc@trinity.unimelb.edu.au> writes:
>>
>>> This might be a crazy idea, but it just popped into my head, and I
>>> wanted to know if it''s possible. Perhaps not possible
right now, but
>>> possible in a theoretical sense.
>>>
>>> Is it possible that puppet could be modified to be used to manage
>>> switches that have a command line based interface?
>>
>> I think there''s a lot of value in configuration management
system for
>> network stuff. Though I don''t think puppet is a good fit.
Puppet has
>> lots of types that don''t really make sense in that context.
>>
>> http://www.netomata.com is the most recent thing I''ve seen in
this
>> space. I''m not sure how far along they are.
>>
>> seph
>>
>
> I posted a similar question on sage-au just after my puppet post. Someone
> pointed me to http://www.netomata.com. While it looks like it has a little
> way to go, it looks so good that it deflated my enthusiasm for using puppet
> for this. Naturally TMTOWTDI.
>
> --
> +-Geoff Crompton
> +--Debian System Administrator
> +---Trinity College
>
Just to add a similar ''this would be neat'' comment to it, I
know
several of the Cobbler guys have talked about wanting to see a
"libswitch" kind of similar to a libvirt.

If we had such a thing, making a Puppet type for it seems quite logical.

This sounds like it would be along similar lines.

Next steps:   X-10 home automation hooks :)

--Michael

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On May 5, 2010, at 9:02 AM, seph wrote:
> Geoff Crompton <geoffc@trinity.unimelb.edu.au> writes:
> 
>> This might be a crazy idea, but it just popped into my head, and I
>> wanted to know if it''s possible. Perhaps not possible right
now, but
>> possible in a theoretical sense.
>> 
>> Is it possible that puppet could be modified to be used to manage
>> switches that have a command line based interface?
> 
> I think there''s a lot of value in configuration management system
for
> network stuff. Though I don''t think puppet is a good fit. Puppet
has
> lots of types that don''t really make sense in that context.
> 
> http://www.netomata.com is the most recent thing I''ve seen in this
> space. I''m not sure how far along they are.
I am currently using the ncg, from Netomata to manage my switches/routers. 
Its''s great, I recommend it.


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I have a dozen use cases for some sort of
Puppet ''proxy'' client that could supply facts and
act as a provider for
(e.g. load balancers, rackspace cloud, web services,
embedded devices) where running Puppet locally was not practical.

Does anyone  know of such a thing?

On Thu, May 6, 2010 at 4:35 PM, Michael DeHaan <michael@puppetlabs.com>
wrote:
> Just to add a similar ''this would be neat'' comment to it,
I know
> several of the Cobbler guys have talked about wanting to see a
> "libswitch" kind of similar to a libvirt.
>
> If we had such a thing, making a Puppet type for it seems quite logical.
>
> This sounds like it would be along similar lines.
>
> Next steps:   X-10 home automation hooks :)
>
> --Michael
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.