Puppet for Junos

Having some issues grokking how to use netdev_lag resource correctly.

1. What is the purpose of this apply-macro it puts on my LAG interface, and/or is it a side-effect of something I'm doing wrong ?:

ae0 {
    apply-macro "netdev_lag[:links]" {
        ge-0/0/10;
        ge-0/0/11;
        ge-0/0/12;
    }
    unit 0 {
        description "Puppet created eth-switch: ae0";
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ Larry Moe ];
            }
            native-vlan-id Curly;
        }
    }
}

Here's my manifest:

      1 node "wf-ps-ex4200-4" {
      2
      3     #
      4     # include the "tackle_dummy" port,vlab settings. (vlans, ports ge-0/0/10 thru 12)
      5     #
      6     include tackle_dummy
      7
      8     netdev_lag { "ae0":
      9         links => [ 'ge-0/0/10', 'ge-0/0/11', 'ge-0/0/12' ]
     10     }
     11
     12     netdev_l2_interface { "ae0":
     13         tagged_vlans => [ Larry, Moe ],
     14         untagged_vlan => Curly
     15     }
     16 }


The link ports are defined in the config, a priori:
...
ge-0/0/10 {
    ether-options {
        802.3ad ae0;
    }
}
ge-0/0/11 {
    ether-options {
        802.3ad ae0;
    }
}
ge-0/0/12 {
    ether-options {
        802.3ad ae0;
    }
}
....

2. I don't understand the documentation on the netdev_lag  resource (Spefically the paragraph following the table in the "Application Note").  I guess that's the root of my confusion.

  I'd like to just create a bunch of l2 interfaces like this:

    $junk_ports = {
        "ge-0/0/10" => { description => "${junk_port_desc} member 1" },
        "ge-0/0/11" => { description => "${junk_port_desc} member 2" },
        "ge-0/0/12" => { description => "${junk_port_desc} member 3" },
    }
    create_resources ( netdev_l2_interface, $junk_ports)

...and then assemble them into a lag.   But they end up getting created with "unit 0", and then can't be added to a lag bundle using a netdev_lag resource.  

How do I achive this using the create_resources() function ?    The note re: using  "ensure=>absent"in the netdev_l2_interface is unclear to me.  (As usual, an example would go a long way to clarify this for me.)

FWIW: this is the documetation I'm not getting:

...

The links property will cause physical interfaces to be added or removed from the LAG.  These physical interfaces MUST be in a prior state that would allow this configuration; i.e. there must *not* be any existing units configured on the physical interface prior to attempting to assign them to a LAG/ae port.  You can use the netdev_l2_interface resource with ensure=>absent, for example, to ensure this precondition.

JUNOS requires at least one unit configured under the LAG/ae port for the links to display as part of the "show" command.  Therefore you will need to define L2 services using the netdev_l2_interface resource type.

...

/doug

p.s. the example following it in the doc references the resource "netdev_lag_interface" instead of "netdev_lag". 

Is that a typo, or am I missing something else ?

/doug

Hi Doug,

With regards to (1), the "apply-macro" is a "config-cookie" and is used only by the netdev module.  There are no config scripts that use this, if that is what you were wondering.  This config-cookie may go away, so please don't make any assumptions about it's existence/etc.

With regards to (2), the netdev_lag type models the properties of a LAG bundle.  If you take a look at the documented properties, you will see things like "links" and "lacp" and "minimum_links".  Once you've defined a LAG, say "ae0" with this type, you can then use netdev_l2_interface to assign VLANs to the interface, just as you would with any other individual interface.

As you know with Junos, if you are assigning interfaces to LAGs, then you don't use "unit 0" of the individual ports; rather "unit 0" of the LAG port.  

So if you want to make description assignments to the physical port, then you would change your manifest from

   create_resources( netdev_l2_interface, $junk_ports )

To:

   create_resources( netdev_interface, $junk_ports )

And to ensure that there is not conflicting configuration on the physical ports (i.e. stuff existing on "unit 0"), then you can ensure that configuration does not exist by using the "layer 2" type, netdev_l2_interface:

   netdev_l2_interface { $junk_ports: ensure => absent }

Hope that all makes sense.

Thanks for pointing out the doc issue on "netdev_lag_interface"; that is a typo and will be corrected.

Cheers,

-- Jeremy

Still fumbling closer, but cannot get the 'ensure=>absent' thing to work, so I'm still missing something. 

E.g. if the config is "greenfield" with no interfaces or ifl configs on them, then my manfiest works, creating vlans, and lags and members.  If there are any units configured on the link members, then it just fails.  So, my 'ensure=> absent' isn't working.

To test the 'ensure=>absent' bit, I roll back the config and intentiionally modify one of my link members (ge-0/0/10) to include "unit 0 family inet" from the switch cli.   My expectation here is that the next I run my puppet agent, the "ensure=>absent" would *remove* the "unit 0"  from ge-0/0/10 and finish correctly.  

However,  all it does is complain and fail. So, Im not doing something right.

Here's the manifest I'm using:

#
# file: test-node.pp
#

$junk_vlans = {
	'Moe'	=> {vlan_id => 501, description => "junk vlan 1"},
	'Larry'	=> {vlan_id => 502, description => "junk vlan 2"},
	'Curly'	=> {vlan_id => 503, description => "junk vlan 3"},
	'Shemp'	=> {vlan_id => 504, description => "junk vlan 4"}
	}

$junk_port_desc = "for tackle_dummy,"
$junk_ports = { 
	"ge-0/0/10" => { description => "${junk_port_desc} if 1" },
	"ge-0/0/11" => { description => "${junk_port_desc} if 2" },
	"ge-0/0/12" => { description => "${junk_port_desc} if 3" },
	"ge-0/0/13" => { description => "${junk_port_desc} if 4" },
	"ge-0/0/23" => { description => "${junk_port_desc} if 5" }	
}

# create a class that creates some base config
class tackle_dummy {
	netdev_device { $hostname: }
	create_resources( netdev_vlan, $junk_vlans )
	create_resources( netdev_interface, $junk_ports )
} 


node "wf-ps-ex4200-4" {
	# incorporate base config from tackle_dummy
	include tackle_dummy

	# Ensure we don't get any "unit 0" configuration on our link member interfaces
	netdev_l2_interface { "ge-0/0/10": ensure => absent }
	netdev_l2_interface { "ge-0/0/23": ensure => absent }

	netdev_lag { "ae0":
		links => [ 'ge-0/0/10', 'ge-0/0/11', 'ge-0/0/12', 'ge-0/0/23'  ]
    }
	
	netdev_l2_interface { "ae0": 
		tagged_vlans => [ Larry, Moe ], 
		untagged_vlan => Curly
	} 
}

So what am I doing wrong here ?

Thanks in advance.

/doug

Hi Doug,

Here is an example of a complete manifest using a lag and netdev_l2_interface with ensure => absent. 

You do need to make sure that you have you chassis stanza configured in advance.  Puppet "netdev" does *not* manage this section of the config.

puppet@ex1-puppet> show configuration chassis
aggregated-devices {
    ethernet {
        device-count 10;
    }
}

I hope this helps.

node "ex1-puppet.dcbg.juniper.net" {

   netdev_device { $hostname: }  
   
   create_resources( netdev_vlan, $vlans )
   
   $ae0_ports = [ 'ge-0/0/0', 'ge-0/0/1', 'ge-0/0/2' ]
   netdev_l2_interface { $ae0_ports: ensure => absent }
   netdev_lag { "ae0": links => $ae0_ports }
   
   netdev_interface { "ge-0/0/5":
      description => "Jeremy's Interface for his own use",
   }
   
   netdev_l2_interface { "ge-0/0/5":
      ensure => present,
      description => "VLAN testing ...",
      untagged_vlan => Yellow
   }
   

}

Here's what I was having problems with:    The "ensure => absent" clause only appears to "unconfigure" unit 0 if it's "family ethernet-switching".     If I (intentionally) set one of my lag member interfaces -- directly edit the config, not via puppet --  to "unit 0 family inet", then the "ensure=>absent" will NOT un-configure that interface and the ae0 creation fails.

If I happen to edit that same interface and set "unit 0 family ethernet-switching" and repeat the process, then the "ensure=>absent" clause *does* unconfigure that and creates the ae0 interface correctly.

Is this expected behavor ?   My understanding of the netdev module was that  "ensure=>absent" woutd unconfigure *anyhting* at the unit level.    

Is this a documentation or code issue ?

/doug

Hi Doug,

Let me look into this, I believe that netdev_lag { ensure => absent} should remove the linkage on the physical interfaces.  If that's not working correctly I need to fix it.

Hi Doug,

You were correct that the netdev_lag ensure=>absent was not removing the linkages from the IFD ports.  I have fixed this bug.  The fix will be available in the upcoming/next release.  If you (or anyone) needs this fix prior to then, please reach out to me directly.