Installation

This information contains instructions to install SaltStack (Salt) with the napalm_dellos10 proxy. Included are instructions for the setup environment for managing Dell EMC Networking OS10 switches

Install Salt

Installation of Salt contains three components:

  • salt-master
  • salt-minion
  • salt-proxy

The simplest way to install Salt is via salt bootstrap.

wget -O bootstrap-salt.sh https://bootstrap.saltstack.com/develop
sudo sh bootstrap-salt.sh -M

See the platform-specific instructions from the official Saltstack documentation for more information. Be aware to install the master distribution from the PPA repo, as the local server will run as Master and control the devices as proxy-minions.

See the CentOS documentation for more information.

Install NAPALM

Install the Dell EMC Networking OS10 NAPALM driver:

sudo apt-get install libffi-dev libssl-dev python-dev python-cffi libxslt1-dev python-pip
pip install --upgrade pip
sudo pip install --upgrade cffi
sudo pip install napalm-dellos10

You can also install NAPALM using napalm-install Saltstack formula. See napalm-install-formula for a more detailed usage example.

Configure salt-proxy

The salt-proxy configuration is shown, and the default location of the salt-proxy configuration file is /etc/salt/proxy.

master: localhost
multiprocessing: false # turn off multiprocessing
mine_enabled: true # not required, but nice to have
pki_dir: /etc/salt/pki/proxy # not required - this separates the proxy keys into a different directory

Configure salt-minion

The salt-minion configuration is shown, and the default location of the salt-minion configuration file is /etc/salt/minion.

master: localhost

Configure connection with device

In salt-napalm, all switch-specific information such as switch IP address and credentials are configured in the pillar file.

Step 1

The default pillar data file location is /srv/pillar. You must create this directory as it will not be available by default (you can change the location later). See pillar-roots for complete information.

mkdir -p /srv/pillar

Step 2

Create a top.sls file in that directory, which tells the salt-master which minions receive which pillar.

Create and edit the /srv/pillar/top.sls file and match the example:

base: # Default value, configurable at /etc/salt/master
  LEAF_1: # ``DEVICE_ID``, used to interact with the device, from Salt CLI
    - leaf_1_pillar # ``DEVICE_SLS_FILENAME``, Name of the file containing the specifications of the device
  LEAF_2:
    - leaf_2_pillar

Note

DEVICE_ID, given in the above configuration shall be used in following places,
  1. Run the salt-proxy salt-proxy --proxyid=[DEVICE_ID] -l debug
  2. Connect to device using Salt CLI salt 'LEAF_1' test.ping

Step 2a

Create a DEVICE_SLS_FILENAME file (mentioned in Step 2) in /srv/pillar/leaf_1_pillar.sls:

proxy:
  proxytype: napalm
  driver: dellos10
  host: 192.168.128.128
  username: my_username
  passwd: my_password
  optional_args:
    global_delay_factor: 3 # This is optional value, increase value in case device response is slow

The passwd is in plain-text and is used for encrypting the password (see salt-renderers.gpg).

Start Salt Services

sudo systemctl start salt-master
sudo systemctl restart salt-minion

Start proxy-minion for device

Test the proxy-minion:

sudo salt-proxy --proxyid=[DEVICE_ID] -l debug

On the first connection attempt, the minion cannot talk and is stuck with an error message:

[ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
[INFO    ] Waiting 10 seconds before retry.

This is normal and is due to the salt key from the minion not being accepted by the master. Quit the minion with CTRL + C and run sudo salt-key.

[root@master ~]# salt-key -L
Unaccepted Keys:
LEAF_1
LEAF_2
Accepted Keys:

This example shows that the salt-master is aware of four salt-minions, but none of the keys has been accepted. To accept the keys and allow the Minions to be controlled by the salt-master, use the salt-key command:

[root@master ~]# salt-key -A
[root@master ~]# salt-key -L
Unaccepted Keys:
Accepted Keys:
LEAF_1
LEAF_2

The salt-key command allows for signing keys individually or in bulk. The example shows using -A bulk-accepts all pending keys. To accept keys individually, use the lowercase of the same option (-a).

Start the proxy again.

Test your configuration

Once the key has been accepted, restart the proxy in debug mode and start a separate terminal session:

sudo salt 'LEAF_1' test.ping

To test for all leaf devices:

sudo salt 'LEAF_*' test.ping

It should return True if there are no problems. If everything checks out, hit CTRL + C and restart salt-proxy as a daemon.

sudo salt-proxy --proxyid=[DEVICE_ID] -d

Example:

sudo salt-proxy --proxyid=LEAF_1 -d
sudo salt-proxy --proxyid=LEAF_2 -d

Finally, sync your packages:

sudo salt '*' saltutil.sync_all