Extreme Puppet implementation

This document provides information on Puppet, a third-party virtual machine (TPVM) application that runs on SLX-OS platforms. Puppet is a scripting language available from Puppet Labs that system administrators can use to automate configuration and management of a data center.

Using Puppet, you can:

Manage a data center‘s resources and infrastructure life cycle, from provisioning and configuration to orchestration and reporting.
Automate repetitive tasks, quickly deploy critical applications, and probatively manage change.
Scale to thousands of servers, either on location or in the cloud.

Software Requirement

The Extreme Puppet solution requires the following software:

SLX-OS 17r.2.00 or later
Puppet Enterprise 4.9 +

How Puppet works

In the Agent/Master architecture, a Puppet master server controls important configuration information and manages agent nodes requests for configuration catalogs. Periodically, a Puppet agent sends facts to the Puppet master and requests a catalog. The master compiles and returns the node‘s catalog. There are two ways of integration with Puppet agent/master architecture.

Support Puppet agent on a device (router or switch), and let the device be managed by the Puppet master as a node. In this mode, types and providers are installed on the master and assigned to a node. The providers, and resource are downloaded to the node and the catalog is executed periodically. In this case, the provider can use any of the switch internal mechanisms (Python, CLI) to configure the switch.
Implement a provider in such a way that it can run on any puppet agent (that is, whereever there is a puppet agent). In this case, the provider must be capable enough to communicate and configure the router or switch. This can be accomplished by the APIs provided by the device such as NETCONF and REST API.

We support a hybrid Puppet setup which allows the provider to run on a Puppet agent installed by the customer on the TPVM. NETCONF is used as the API to communicate from the TPVM to the SLX-OS VM in the Extreme device.

Puppet can also run in a stand-alone architecture, where each managed server has its own complete copy of the configuration, and it compiles its own catalog. The managed nodes run the Puppet apply application, as a scheduled task/cron job (or on demand for initial configuration for smaller configuration tasks).

The following illustration depicts how the major Puppet components interact.


Component	Role
Puppet master	In a standard Puppet client-server deployment, the server is known as the master. The Puppet master controls the data center configuration. The puppet master serves configuration catalogs on demand to the puppet agent service that runs on the clients. The master uses an HTTP server to provide catalogs. The master can reside in any location, but the master must have connectivity to the agents. The master contains the Puppet-language file or files known as manifests.
Agent	Puppet agents are Puppet client daemons that receive their configuration information from the Puppet master. A computer running the puppet agent is called an agent node. The Agent nodes must have connectivity to both the Puppet Master and to the Extreme node cluster or clusters it is configuring.
Extreme Provider	Extreme Providers implement resource types on a specific type of system, using the system's own tools. The Extreme Provider executes the manifests for the purpose of configuring the associated node cluster(s) and switches. The Extreme Provider uses NETCONF calls to configure the switch or switches. These Netconf calls are transparent to the Puppet administrator and user. In general, providers are simple Ruby wrappers around shell commands, so they are usually short and easy to create. Instructions are given later in this chapter and where to obtain the Provider and run it on the Puppet Master.
Manifest	A file containing code written in the Puppet language, and named with the .pp file extension. The manifest usually defines nodes, so that each managed agent node receives a unique catalog.
Catalog	A catalog is a compilation of all the resources that are applied to a given system and the relationships between those resources.

Limitation and restriction

Puppet provider does not retry in case NETCONF request times out (switch reboot, failover etc), The script runs the next time puppet script is scheduled.
All errors are logged to /var/log/syslog.
Only the Netdev types mentioned in this document are supported.

Main steps for using Puppet

The main steps needed to employ Puppet in your environment are:

Determining where you want the Puppet master to reside. This can be a server in any location.
Determining which node or nodes you want to be Agent nodes. The Agent nodes must have connectivity to both the Puppet Master and the Extreme node cluster or clusters that you want the Agent node to configure.
Installing the Extreme Provider on the Puppet Master.
Setting up the site manifest file.
Writing one manifest for each node cluster that you want to manage by means of Puppet.
Placing the manifest(s) on the Master Puppet server.

Installing the Extreme Provider

Extreme SLX-OS devices running SLX-OS firmware can be configured using the Puppet module. This module supports basic interface, L2 port configuration, LAG and VLAN configurations. This module is derived from Netdev_stdlib with a modification required to configure the SLX-OS devices.

Follow these steps to install the Puppet Master and Agent:

Download the netdev types from https://github.com/brocade/netdev-stdlib-slxos.
Install the Extreme Provider by running the following command on the server: puppet module install netdev_stdlib_slxos-1.0.0
The Puppet master is not packaged with the SLX-OS software. Download the Puppet master from https://apt.puppetlabs.com/. You must install the Puppet Master on a separate server. The Puppet Agent can be installed on the TPVM, and must have connectivity to the puppet Master. On chassis-based devices, the virtual-IP can be used to communicate from the TPVM to the SLX-OS VM.

Site manifest

The main “point of entry” manifest is used by the puppet master when compiling a catalog. The location of this manifest is set with the manifest setting in the puppet.conf file, which is downloaded when you install the Provider. The default value of the site manifest location is usually /etc/puppet/manifests/site.pp or /etc/puppetlabs/puppet/manifests/site.pp. A site manifest file must be configured on the Puppet Master to define all the Agent node(s) and switches that must be configured. Refer to Puppet documentation for detailed information about how to configure the site manifest file. The file name is site.pp. You need to create your own site manifest file. The following is an example of a site manifest file. In this example, datacenter10 and datacenter20 are Agent nodes.

root@ldap:/etc/puppetlabs/code/environments/production#cat 

manifests/site.pp 

node tpvm.englab.extreme.com { 

   slxos_netdev_interface { "ethernet 0/7": 

      ensure        => present, 

      admin         => up, 

      description   => "Ethernet 0/7", 

      mtu           => 1548, 

      speed         => "10000", 

      target     => "http://admin:password@10.11.12.14:830", 

   } 

   slxos_netdev_interface { "ethernet 0/8": 

      ensure        => present, 

      admin         => up, 

      description   => "Ethernet 0/8", 

      mtu           => 1548, 

      speed         => "10000", 

      target     => "http://admin:password@10.11.12.14:830", 

   } 

   slxos_netdev_interface { "ethernet 0/9": 

      ensure        => present, 

      admin         => up, 

      description   => "Ethernet 0/9", 

      mtu           => 1548, 

      speed         => "10000", 

      target     => "http://admin:password@10.11.12.14:830", 

   } 

   slxos_netdev_vlan { "vlan 2": 

      ensure        => present, 

      vlan_id       => 2, 

      description   => "Vlan 2", 

      target     => "http://admin:password@10.11.12.14:830", 

   } 

   slxos_netdev_vlan { "vlan 3": 

      ensure        => present, 

      vlan_id       => 3, 

      description   => "Vlan 3", 

      target     => "http://admin:password@10.11.12.14:830", 

   } 

   slxos_netdev_vlan { "vlan 4": 

      ensure        => present, 

      vlan_id       => 4, 

      description   => "Vlan 4", 

      target     => "http://admin:password@10.11.12.14:830", 

   } 

   slxos_netdev_l2_interface { "ethernet 0/7": 

      tagged_vlans  => ["2","3"], 

      require       => Slxos_netdev_vlan["vlan 2", "vlan 3"], 

      target     => "http://admin:password@10.11.12.14:830", 

   } 

   slxos_netdev_lag { "10": 

      minimum_links => 5, 

      lacp          => active, 

      type          => standard, 

      links         => ["ethernet 0/3", "ethernet 0/4"], 

      target     => "http://admin:password@10.11.12.14:830", 

   } 


} 

root@ldap:/etc/puppetlabs/code/environments/production#

Puppet Documentation

Refer to the following URLs for complete Puppet documentation.

Main Puppet documentation site: https://docs.puppetlabs.com/
Information on the main configuration file: https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
Information on the main manifests: https://docs.puppetlabs.com/puppet/4.1/reference/dirs_manifest.html

Additional Information

If you are using Puppet to manage resources, the properties that you configure with Puppet can be changed by using the command line interface (CLI). However, if any such properties are changed from the CLI, the Puppet-managed settings go back into effect when the script is run. This takes place either every 30 minutes (automatically) or when you manually run the script. If you want to change the 30-minute proxy-request interval, you can change the run interval property of the main configuration file. For more information, refer to https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html.