Automating Network Operations with Salt 2019.2.0 (Fluorine)

October 25, 2019 - Megan Wilhite

Automating network operations is a complex challenge for organizations both big and small. And the challenge is often compounded by disparate tools, multiple network operating systems from different network equipment vendors which often requires staff to work with different technologies, low-level utilities and command line interfaces (CLI). 

Simple tasks we now take for granted, such as updating software, is extremely complex and error prone for network devices. At SaltConf18 last year the IBM Cloud team shared how they worked with Cisco to use SaltStack to automate and scale control of their massive and very complex network environment. This year at SaltConf19 we have an entire training course track focused on NetOps along with many breakout sessions highlighting the use of SaltStack network automation.

With the release of Salt 2019.2.0 we are now bringing the same scale and automation to control many more network devices.

In the 2019.2.0 Fluorine release we have expanded our network automation support by adding additional API’s, module and switch support. Thanks to the many community contributions we are continually expanding the network devices and APIs Salt can support. The following network automation features have been added into the 2019.2.0 release:

Netbox (Contributor: @Ichabond)

Netbox is a web application that allows Salt users to manage and document a computer network. The netbox Salt module was initially added in the 2018.3.0 release to allow a user to query netbox.  In the 2019.2.0 release the capabilities of this module have been expanded to also allow Salt users to manage netbox.

Capabilities added to the netbox module include managing netbox circuits, devices, interfaces, and sites. This now gives a user the ability to not only query information from netbox but also manage it all from Salt. Another addition to Salt for netbox was a netbox external pillar. This will allow a user to add pillar data directly from the netbox api for napalm proxy minions.

To use these new features you only need to install the pynetbox python module and setup the url and token to your netbox instance in your minion config: 

  url: http://localhost:32768/
  token: 01234556789abcdef0123456789abcdef01234567

After you have the url and token setup you can now use the new commands to manage your netbox instance:

salt ‘*’ netbox.create_site FL

Now if you check your netbox instance you should see the new FL site:

Netmiko (Contributor: @mirceaulinic)

Netmiko is a multi-vendor library that helps simplify management of network devices via SSH. The library is currently based on the Paramiko SSH library. In 2019.2.0 the ability to manage network devices using netmiko was added by both the netmiko execution and proxy module. New netmiko support adds the ability to run an arbitrary netmiko call, commit configuration changes and run ssh commands against the network devices. To use the new netmiko module you just need to install the netmiko library and add the configuration settings for your device. In the example below we will manage a Cisco NX-OS device. Add the device_type, ip, password and username to the minion configuration as shown below:

  device_type: cisco_nxos
  password: Cisco123
  username: admin

Now you can interact with the network device with the new execution module:

salt ‘*’ netmiko.send_command ‘show vrf’
      VRF-Name                            VRF-ID  State      Reason
      default                                  1   Up          --
      management                               2   Up          --
Arista (Contributor: @mirceaulinic)

Arista devices can now be managed in Salt via the proxy and execution module added in the 2019.2.0 release. These new modules use the pyeapi to interact with the Arista devices. A user can now run pyeapi calls and manage configurations for the nodes. 

Cisco Nexus (Contributor: @mirceaulinic)

In previous Salt releases Cisco Nexus was already supported via ssh. The 2019.2.0 release has now added the ability to manage a Cisco Nexus device via the nx-api using a proxy and execution module. A user can now run commands and manage configurations of Cisco switches via the API.

In order to use the nx-api you first need to enable it in configuration mode on your Cisco Nexus device:

sbx-n9kv# conf t
Enter configuration commands, one per line. End with CNTL/Z.
sbx-n9kv(config)# feature nxapi

After enabling nxapi on the switch you will need to configure your salt minion configuration to include all the necessary information to connect to your device:

  username: admin
  password: Cisco123
  verify: False

Now you can run commands against your Cisco Nexus devices:

salt ‘*’ ‘show vrf’
       -  VRF-Name                           VRF-ID  State     Reason
          default                                 1  Up         --
          management                              2  Up         --

Thanks to the Salt community for their significant contributions to this Salt release.  All of these improvements to Salt network automation allow users to manage more network devices at scale in a more efficient way. If you want to see all of the features added into the 2019.2.0 release please check out the release notes here and the 2019.2.0 blog that highlights all of the key points in the release here: