Wednesday, January 9, 2019

NAPALM/SaltStack Roadblock

So I got some fantastic advice from r/sysadmin regarding engineering and automation last year that helped me grow exponentially as an engineer. Here’s hoping that lightning can strike twice!

I’m currently in charge of designing and implementing a SaltStack/NAPALM automation solution for our network team. The end goal is to have all network device configuration done through GitHub so that we have history, diffs, tracking for all networking changes across the org. We plan on locking direct ssh access to the network devices to a select few people if we can get this implemented.

I’ve already figured out the GitHub integrations with SaltStack/NAPALM, but I’m stuck wondering how much I can really lean on Salt States for the network configurations. (Webhooks set off scripts to pull the changed files to minions and upload diffs)

Personally, all SaltStack documentation has been useless for me in answering this question. I’ve spent weeks now pouring over module documentation and blog posts from the NAPALM team and it just isn’t getting me anywhere. I realize that all of the engineers involved in both are much more talented and intelligent than I could hope to be, but I can’t even seem to find an example of an SLS file that defines ACLs for network devices without just referring to set commands.

Anybody have any experience and/or advice regarding this setup? Am I just working with stuff that’s bleeding-edge enough that the resources I need just don’t exist yet or is this all just way over my head?



No comments:

Post a Comment