kayobe/doc/source/configuration/reference/physical-network.rst
Mark Goddard 7e3e6558de Support skipping SSH keyscan for older switch devices
Some network devices may use SSH key exchange algorithms that are no
longer supported by the Ansible control host. This will cause
ssh-keyscan to fail, preventing Kayobe from configuring the devices.
This change makes it possible to work around the issue by setting
switch_skip_keyscan to true for the affected devices. The SSH known
hosts file on the Ansible control host will need to be populated
manually.

Change-Id: I4e3394cff1fd86eb5c1a4be55d6fd7fd080b2944
2024-09-13 17:36:32 +02:00

9.8 KiB

Physical Network Configuration

Kayobe supports configuration of physical network devices. This feature is optional, and this section may be skipped if network device configuration will be managed via other means.

Devices are added to the Ansible inventory, and configured using Ansible's networking modules. Configuration is applied via the kayobe physical network configure command. See physical-network for details.

The following switch operating systems are currently supported:

Note

When developing switch configuration, it can be helpful to see what commands will be generated. This can be done using the --display parameter for kayobe physical network configure, which will output switch global and port configuration as terminal output without applying it.

Adding Devices to the Inventory

Network devices should be added to the Kayobe Ansible inventory, and should be members of the switches group.

[switches]
switch0
switch1

In some cases it may be useful to differentiate different types of switches, For example, a mgmt network might carry out-of-band management traffic, and a ctl network might carry control plane traffic. A group could be created for each of these networks, with each group being a child of the switches group.

[switches:children]
mgmt-switches
ctl-switches

[mgmt-switches]
switch0

[ctl-switches]
switch1

Network Device Configuration

Configuration is typically specific to each network device. It is therefore usually best to add a host_vars file to the inventory for each device. Common configuration for network devices can be added in a group_vars file for the switches group or one of its child groups.

---
# Host configuration for switch0
ansible_host: 1.2.3.4
---
# Host configuration for switch1
ansible_host: 1.2.3.5
---
# Group configuration for 'switches' group.
ansible_user: alice

Common Configuration Variables

The type of switch should be configured via the switch_type variable. See physical-network-device-specific for details of the value to set for each device type.

ansible_host should be set to the management IP address used to access the device. ansible_user should be set to the user used to access the device.

Global switch configuration is specified via the switch_config variable. It should be a list of configuration lines to apply.

Per-interface configuration is specified via the switch_interface_config variable. It should be an object mapping switch interface names to configuration objects. Each configuration object contains a description item and a config item. The config item should contain a list of per-interface configuration lines.

The switch_interface_config_enable_discovery and switch_interface_config_disable_discovery variables take the same format as the switch_interface_config variable. They define interface configuration to apply to enable or disable hardware discovery of bare metal compute nodes.

---
ansible_host: 1.2.3.4

ansible_user: alice

switch_config:
  - global config line 1
  - global config line 2

switch_interface_config:
  interface-0:
    description: controller0
    config:
      - interface-0 config line 1
      - interface-0 config line 2
  interface-1:
    description: compute0
    config:
      - interface-1 config line 1
      - interface-1 config line 2

Network device configuration can become quite repetitive, so it can be helpful to define group variables that can be referenced by multiple devices. For example:

---
# Group configuration for the 'switches' group.
switch_config_default:
  - default global config line 1
  - default global config line 2

switch_interface_config_controller:
  - controller interface config line 1
  - controller interface config line 2

switch_interface_config_compute:
  - compute interface config line 1
  - compute interface config line 2
---
ansible_host: 1.2.3.4

ansible_user: alice

switch_config: "{{ switch_config_default }}"

switch_interface_config:
  interface-0:
    description: controller0
    config: "{{ switch_interface_config_controller }}"
  interface-1:
    description: compute0
    config: "{{ switch_interface_config_compute }}"

Support for Older Devices

Some network devices may use SSH key exchange algorithms that are no longer supported by the Ansible control host. This will cause ssh-keyscan to fail, preventing Kayobe from configuring the devices. To work around this, set switch_skip_keyscan to true for the affected devices. The SSH known hosts file on the Ansible control host will need to be populated manually.

Device-specific Configuration Variables

Arista EOS

Configuration for these devices is applied using the arista-switch Ansible role in Kayobe. The role configures Arista switches using the eos Ansible modules.

switch_type should be set to arista.

  • ansible_host is the hostname or IP address. Optional.
  • ansible_user is the SSH username.
  • ansible_ssh_pass is the SSH password.
  • ansible_connection should be ansible.netcommon.network_cli.
  • ansible_network_os should be arista.eos.eos.
  • ansible_become should be true.
  • ansible_become_method should be enable.

Cumulus Linux (with NCLU)

Configuration for these devices is applied using the nclu Ansible module.

switch_type should be set to nclu.

Cumulus Linux (with NVUE)

Configuration for these devices is applied using the nvidia.nvue.command Ansible module.

switch_type should be set to nvue.

SSH configuration

As with any non-switch host in the inventory, the nclu and nvidia.nvue.command modules rely on the default connection parameters used by Ansible:

  • ansible_host is the hostname or IP address. Optional.
  • ansible_user is the SSH username.

Dell OS6, OS9, and OS10

Configuration for these devices is applied using the dellos6_config, dellos9_config, and dellos10_config Ansible modules.

switch_type should be set to dellos6, dellos9, or dellos10.

switch_config_save may be set to true to enable saving configuration after it has been applied.

Provider

  • ansible_host is the hostname or IP address. Optional.
  • ansible_user is the SSH username.
  • ansible_ssh_pass is the SSH password.
  • switch_auth_pass is the 'enable' password.

Alternatively, set switch_dellos_provider to the value to be passed as the provider argument to the dellos*_config module.

Dell PowerConnect

Configuration for these devices is applied using the stackhpc.network.dell_powerconnect_switch Ansible role. The role uses the expect Ansible module to automate interaction with the switch CLI via SSH.

switch_type should be set to dell-powerconnect.

Provider

  • ansible_host is the hostname or IP address. Optional.
  • ansible_user is the SSH username.
  • switch_auth_pass is the SSH password.

Juniper Junos OS

Configuration for these devices is applied using the junos_config Ansible module.

switch_type should be set to junos.

switch_junos_config_format may be used to set the format of the configuration. The variable is passed as the src_format argument to the junos_config module. The default value is text.

Provider

  • ansible_host is the hostname or IP address. Optional.
  • ansible_user is the SSH username.
  • ansible_ssh_pass is the SSH password. Mutually exclusive with ansible_ssh_private_key_file.
  • ansible_ssh_private_key_file is the SSH private key file. Mutually exclusive with ansible_ssh_pass.
  • switch_junos_timeout may be set to a timeout in seconds for communicating with the device.

Alternatively, set switch_junos_provider to the value to be passed as the provider argument to the junos_config module.

Mellanox MLNX OS

Configuration for these devices is applied using the stackhpc.network.mellanox_switch Ansible role. The role uses the expect Ansible module to automate interaction with the switch CLI via SSH.

switch_type should be set to mellanox.

Provider

  • ansible_host is the hostname or IP address. Optional.
  • ansible_user is the SSH username.
  • switch_auth_pass is the SSH password.