junos-ez-stdlib 0.1.2 → 1.0.3

data/docs/Providers/L2ports.md

@@ -23,7 +23,7 @@ puts "port #{port.name} is not a switch-port!" unless port.exists?
 
   - `:description` - String description at the logical interface level
   - `:untagged_vlan` - String, VLAN-name for packets without VLAN tags
-  - `:tagged_vlans` - Array of VLAN-names for packets with VLAN tags
+  - `:tagged_vlans` - Set of VLAN-names for packets with VLAN tags
   - `:vlan_tagging` - [true | false] - indicates if this port accepts packets with VLAN tags
 
 # METHODS

data/docs/Providers/LAGports.md

@@ -0,0 +1,57 @@
+# Junos::Ez::LAGports::Provider
+
+Manages Link Aggregation Group (LAG) port properties
+
+# EXAMPLE
+
+The provider *name* selector is the interface name, e.g. "ae0".
+
+```ruby
+Junos::Ez::LAGports::Provider( ndev, :lags )
+
+port = ndev.lags["ae0"]
+
+port[:links] = ["ge-0/0/0", "ge-0/0/1", "ge-0/0/2", "ge-0/0/3"]
+port[:lacp] = :active
+port[:minimum_links] = 2
+
+port.write!
+```
+
+# PROPERTIES
+
+  - `:links` - Set of interface names
+  - `:lacp` - [:active, :passive, :disabled], :disabled is default
+  - `:minimum_links` - number of interfaces that must be active for LAG to be declared 'up'
+
+# METHODS
+
+No additional methods at this time ...
+
+# USAGE NOTES
+
+### Allocating Aggregated Ethernet (AE) Ports in Junos
+
+Before using LAG ports, you must first configured the "aggregated ethernet ports" device count in Junos.  This is done under the `[edit chassis]` stanza as shown:
+
+````
+{master:0}[edit chassis]
+jeremy@switch# show
+aggregated-devices {
+    ethernet {
+        device-count 10;
+    }
+}
+````
+
+### Changing the Links Property
+
+The `:links` property is internally managed as a Ruby Set.  When modifing the `:links` property you must use an Array notation, even if you are simply adding or removing one link. For example:
+
+````ruby
+port = ndev.lags["ae0"]
+
+port[:links] += ["ge-0/0/15"]
+port.write!
+````
+

data/docs/Providers/Vlans.md

@@ -20,7 +20,7 @@ puts "VLAN: #{vlan.name} does not exists!" unless vlan.exists?
 
   - `:vlan_id` - The VLAN tag-id, Fixnum [ 1 .. 4094]
   - `:description` - String description for this VLAN
-  - `:no_mac_learning` - If `true` this VLAN will not learn MAC addresses
+  - `:no_mac_learning` - [`:enable`, `:disable`].  If `:enable` this VLAN will not learn MAC addresses
 
 # RESOURCE METHODS
 

data/examples/config/load_sample.conf

@@ -0,0 +1,129 @@
+# sample contributed by "Maarten at the Amsterdam University of Applied Sciences", @289Sec
+# slight mods by @nwkautomaniac
+
+# Prefix-lists:
+policy-options {
+    prefix-list dns-servers-ipv4 {
+        apply-path "system name-server <*.*>";
+    }
+    prefix-list ntp-servers-ipv4 {
+        apply-path "system ntp server <*.*>";
+    }
+    prefix-list snmp-client-systems-ipv4 {
+        apply-path "snmp client-list <*> <*.*>";
+    }
+    prefix-list tacacs-servers-ipv4 {
+        apply-path "system tacplus-server <*.*>";
+    }
+    prefix-list radius-servers-ipv4 {
+        apply-path "access radius-server <*.*>";
+    }
+    prefix-list management-networks-ipv4 {
+        172.20.0.0/16;
+	192.168.56.0/24;
+    }
+}
+
+
+# Firewall filter:
+firewall {
+    family inet {
+        filter re-protect-ipv4 {
+            term discard-fragments-icmp {
+                from {
+                    is-fragment;
+                    protocol icmp;
+                }
+                then discard;
+            }
+            term icmp-allow {
+                from {
+                    protocol icmp;
+                    icmp-type [ echo-request echo-reply unreachable time-exceeded source-quench ];
+                }
+                then accept;
+            }
+            term dns-allow {
+                from {
+                    source-prefix-list {
+                        dns-servers-ipv4;
+                    }
+                    protocol [ udp tcp ]
+                    source-port domain;
+                }
+                then accept;
+            }
+            term ntp-allow {
+                from {
+                    source-prefix-list {
+                        ntp-servers-ipv4;
+                    }
+                    protocol udp;
+                    source-port ntp;
+                }
+                then accept;
+            }
+            term snmp-allow {
+                from {
+                    source-prefix-list {
+                        snmp-client-systems-ipv4;
+                    }
+                    protocol udp;
+                    destination-port snmp;
+                }
+                then accept;
+            }
+            term tacacs-allow {
+                from {
+                    source-prefix-list {
+                        tacacs-servers-ipv4;
+                    }
+                    protocol tcp;
+                    source-port tacacs;
+                }
+                then accept;
+            }
+            term radius-allow {
+                from {
+                    source-prefix-list {
+                        radius-servers-ipv4;
+                    }
+                    protocol udp;
+                    source-port radius;
+                }
+                then accept;
+            }
+            term ssh-allow {
+                from {
+                    source-prefix-list {
+                        management-networks-ipv4;
+                    }
+                    protocol tcp;
+                    destination-port ssh;
+                }
+                then {
+                    accept;
+                }
+            }
+            term everything-else-discard {
+                then {
+                    discard;
+                }
+            }
+        }
+    }
+}
+
+
+# Interface configuration:
+interfaces {
+    fe-0/0/0 {
+        unit 0 {
+            family inet {  
+                filter {
+                    input re-protect-ipv4;
+                }
+            }
+        }
+    }
+}

data/examples/config/load_sample.set

@@ -0,0 +1,3 @@
+set system host-name jeremy
+set system domain-name foo.bar
+

data/examples/config/load_template_main.conf

@@ -0,0 +1,7 @@
+interfaces {
+<% interfaces.each do |ifd| %>
+   <%= ifd %> {
+      disable;
+   }
+<% end %>
+}

data/examples/config/load_template_object.conf

@@ -0,0 +1,7 @@
+interfaces {
+<% @interfaces.each do |ifd| %>
+   <%= ifd %> {
+      disable;
+   }
+<% end %>
+}

data/examples/lag_port.rb

@@ -0,0 +1,27 @@
+require 'net/netconf/jnpr'
+require 'junos-ez/stdlib'
+
+unless ARGV[0]
+  puts "You must specify a target"
+  exit 1
+end
+
+# login information for NETCONF session 
+login = { :target => ARGV[0], :username => 'jeremy',  :password => 'jeremy1',  }
+
+## create a NETCONF object to manage the device and open the connection ...
+
+ndev = Netconf::SSH.new( login )
+$stdout.print "Connecting to device #{login[:target]} ... "
+ndev.open
+$stdout.puts "OK!"
+
+Junos::Ez::Provider( ndev )
+Junos::Ez::Config::Utils( ndev, :cu )
+Junos::Ez::LAGports::Provider( ndev, :lags )
+Junos::Ez::Vlans::Provider( ndev, :vlans )
+Junos::Ez::L2ports::Provider( ndev, :l2_ports )
+
+binding.pry
+
+ndev.close

data/examples/simple.rb

@@ -2,7 +2,6 @@ require 'pry'
 require 'yaml'
 require 'net/netconf/jnpr'
 require 'junos-ez/stdlib'
-require 'junos-ez/srx'
 
 unless ARGV[0]
   puts "You must specify a target"

data/examples/vlans.rb

@@ -19,12 +19,12 @@ $stdout.puts "OK!"
 Junos::Ez::Provider( ndev )
 Junos::Ez::Config::Utils( ndev, :cu )
 Junos::Ez::Vlans::Provider( ndev, :vlans )
-Junos::Ez::L1ports::Provider( ndev, :l1_ports )
+#Junos::Ez::L1ports::Provider( ndev, :l1_ports )
 Junos::Ez::L2ports::Provider( ndev, :l2_ports )
-Junos::Ez::IPports::Provider( ndev, :ip_ports )
+#Junos::Ez::IPports::Provider( ndev, :ip_ports )
 
-pp ndev.vlans.list
-pp ndev.vlans.catalog
+#pp ndev.vlans.list
+#pp ndev.vlans.catalog
 
 binding.pry
 

data/junos-ez-stdlib.gemspec

@@ -1,15 +1,26 @@
-$LOAD_PATH.unshift 'lib'
-require 'rake'
-require 'junos-ez/provider'
-
-Gem::Specification.new do |s|
-  s.name = 'junos-ez-stdlib'
-  s.version = Junos::Ez::VERSION
-  s.summary = "Junos EZ Framework - Standard Libraries"
-  s.description = "Automation Framework for Junos/NETCONF:  Facts, Providers, and Utils"
-  s.homepage = 'https://github.com/jeremyschulman/ruby-junos-ez-stdlib'
-  s.authors = ["Jeremy Schulman"]
-  s.email = 'jschulman@juniper.net'
-  s.files = FileList[ '*', 'lib/**/*.rb', 'examples/**/*.rb', 'docs/**/*.md' ]
-  s.add_dependency('netconf', ">= 0.2.5")
+# frozen_string_literal: true
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'junos-ez/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'junos-ez-stdlib'
+  spec.version = Junos::Ez::VERSION
+  spec.authors = ['Jeremy Schulman', 'John Deatherage', 'Nitin Kumar', 'Priyal Jain', 'Ganesh Nalawade']
+  spec.email = 'jnpr-community-netdev@juniper.net'
+
+  spec.summary = 'Junos EZ Framework - Standard Libraries'
+  spec.description = 'Automation Framework for Junos/NETCONF:  Facts, Providers, and Utils'
+  spec.homepage = 'https://github.com/Juniper/ruby-junos-ez-stdlib'
+  spec.license = 'BSD-2-Clause'
+
+  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+
+  spec.add_dependency('netconf', '~> 0.3.1')
+
+  spec.add_development_dependency 'bundler', '~> 1.12'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rubocop', '~> 0.42.0'
 end

data/lib/junos-ez/facts.rb

@@ -75,11 +75,9 @@ end
 ### Load all of the fact files
 ### -----------------------------------------------------------------
 
-Dir[File.dirname(__FILE__) + "/facts/*.rb"].each do |file|
-  require file
-end    
-
-
-
-
+require 'junos-ez/facts/chassis'
+require 'junos-ez/facts/personality'
+require 'junos-ez/facts/version'
+require 'junos-ez/facts/switch_style'
+require 'junos-ez/facts/ifd_style'
 

data/lib/junos-ez/facts/chassis.rb

@@ -1,6 +1,12 @@
 Junos::Ez::Facts::Keeper.define( :chassis ) do |ndev, facts|
   
   inv_info = ndev.rpc.get_chassis_inventory
+  errs = inv_info.xpath('//output')[0]
+
+  if errs and errs.text.include? "This command can only be used on the master routing engine"
+     raise Junos::Ez::NoProviderError, "Chef can only be used on master routing engine !!"
+  end
+
   chassis = inv_info.xpath('chassis')
   
   facts[:hardwaremodel] = chassis.xpath('description').text

data/lib/junos-ez/facts/ifd_style.rb

@@ -1,10 +1,13 @@
-
 Junos::Ez::Facts::Keeper.define( :ifd_style ) do  |ndev, facts|
-  persona = uses :personality
+  persona,sw_style = uses :personality,:switch_style
   
   facts[:ifd_style] = case persona
   when :SWITCH
-    :SWITCH
+    if sw_style == :VLAN_L2NG
+      :CLASSIC
+    else
+      :SWITCH
+    end
   else
     :CLASSIC
   end      

data/lib/junos-ez/facts/personality.rb

@@ -3,22 +3,22 @@ Junos::Ez::Facts::Keeper.define( :personality ) do |ndev, facts|
   uses :chassis, :routingengines  
   model = facts[:hardwaremodel]
 
-  examine = ( model != "Virtual Chassis" ) ? model : facts[:RE0][:model]
+  examine = ( model != "Virtual Chassis" ) ? model : facts.select {|k,v| k.match(/^RE[0..9]+/) }.values[0][:model]
       
   facts[:personality] = case examine   
-  when /^(EX)|(QFX)/
+  when /^(EX)|(QFX)|(OCX)/i
     :SWITCH
-  when /^MX/
+  when /^MX/i
     :MX
-  when /^vMX/
+  when /^vMX/i
     facts[:virtual] = true
     :MX
-  when /SRX(\d){3}/
+  when /SRX(\d){3}/i
     :SRX_BRANCH
   when /junosv-firefly/i
     facts[:virtual] = true
     :SRX_BRANCH
-  when /SRX(\d){4}/
+  when /SRX(\d){4}/i
     :SRX_HIGHEND
   end
   

data/lib/junos-ez/facts/switch_style.rb

@@ -1,13 +1,22 @@
 Junos::Ez::Facts::Keeper.define( :switch_style ) do |ndev, facts|
   f_persona = uses :personality
+  
+  model = facts[:hardwaremodel]
+  examine = ( model != "Virtual Chassis" ) ? model : facts.select {|k,v| k.match(/^RE[0-9]+/) }.values[0][:model]   
     
   facts[:switch_style] = case f_persona
   when :SWITCH, :SRX_BRANCH
-    case facts[:hardwaremodel]
+    case examine
     when /junosv-firefly/i
       :NONE
-    when /^(ex9)|(ex43)/i
+    when /^(ex9)|(ex43)|(ocx)/i
       :VLAN_L2NG
+    when /^(qfx)/i
+      if facts[:version][0..3].to_f >= 13.2
+        :VLAN_L2NG
+      else
+        :VLAN
+      end
     else
       :VLAN
     end