You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Difference between revisions of "Homer"

From Wikitech-static
Jump to navigation Jump to search
imported>Ayounsi
imported>Quiddity
(lang=text)
Line 83: Line 83:


==== Done ====
==== Done ====
<syntaxhighlight>
<syntaxhighlight lang=text>
groups {}
groups {}
system {}
system {}
Line 100: Line 100:


==== TODO ====
==== TODO ====
<syntaxhighlight>
<syntaxhighlight lang=text>
interfaces {}  # (Partial) https://gerrit.wikimedia.org/r/c/operations/homer/public/+/547584
interfaces {}  # (Partial) https://gerrit.wikimedia.org/r/c/operations/homer/public/+/547584
routing-options {}  # (Partial) https://gerrit.wikimedia.org/r/c/operations/homer/public/+/547587
routing-options {}  # (Partial) https://gerrit.wikimedia.org/r/c/operations/homer/public/+/547587
Line 116: Line 116:


==== Done ====
==== Done ====
<syntaxhighlight>
<syntaxhighlight lang=text>
system {}
system {}
snmp {}
snmp {}
Line 123: Line 123:


==== TODO ====
==== TODO ====
<syntaxhighlight>
<syntaxhighlight lang=text>
chassis {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/550389
chassis {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/550389
interfaces {}
interfaces {}
Line 134: Line 134:


==== Done ====
==== Done ====
<syntaxhighlight>
<syntaxhighlight lang=text>
system {} (Partial)
system {} (Partial)
snmp {}
snmp {}
Line 144: Line 144:


==== TODO ====
==== TODO ====
<syntaxhighlight>
<syntaxhighlight lang=text>
groups {}
groups {}
interfaces {}
interfaces {}
Line 164: Line 164:


==== Done ====
==== Done ====
<syntaxhighlight>
<syntaxhighlight lang=text>
system {}
system {}
snmp {}
snmp {}
Line 173: Line 173:


==== TODO ====
==== TODO ====
<syntaxhighlight>
<syntaxhighlight lang=text>
interfaces {}
interfaces {}
vlans {}  # https://gerrit.wikimedia.org/r/#/c/operations/homer/public/+/549938
vlans {}  # https://gerrit.wikimedia.org/r/#/c/operations/homer/public/+/549938
</syntaxhighlight><br />
</syntaxhighlight>
 
== Common/known issues ==
== Common/known issues ==
(Almost) None.
(Almost) None.


* The "commit" action doesn't work on the SRXs and the MX104, it will do the Juniper's "commit confirmed 2", but not the "commit check" to make the change permanent.
* The "commit" action doesn't work on the SRXs and the MX104, it will do the Juniper's "commit confirmed 2", but not the "commit check" to make the change permanent.

Revision as of 06:12, 14 November 2019

Homer (previously jnt) is our homemade network configuration manager.

It takes variables from Netbox and yaml files, run them through jinja templates to generate Juniper compatible configuration.

Homer can then send those configurations to selected network devices, for a diff or a safe commit.

The tool is written to not be Wikimedia specific. It only supports Junos but can easily be extended to other platforms.

Its doc is available on https://doc.wikimedia.org/homer/master/

Its code on Gerrit https://gerrit.wikimedia.org/g/operations/software/homer

Its bug and feature requests on Phabricator: https://phabricator.wikimedia.org/tag/homer/

This page focuses on Wikimedia's deployment.

Deployment

Homer is deployed via Puppet and Scap to the cumin (fleet management) hosts.

You can find its deploy repository here https://gerrit.wikimedia.org/g/operations/software/homer/deploy

And its Puppet module there https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/production/modules/homer

In addition it's available on Pypi: https://pypi.org/project/homer/

Releasing a new version

Riccardo?

Daily diffs (not ready yet)

A cron job will run Homer every day to compare the live network configuration with our intended state. Any discrepancies will be emailed to someone (ideally a list) to be fixed.

Usage 🚀

From cumin hosts (recommended, but not ready yet)

Get familiar with the command line: https://doc.wikimedia.org/homer/master/homer.html everything else is taken care of.

The public repository is regularly updated by Puppet.

When pushing configurations, homer will ssh to the network devices using the Homer user. You need to be in the ops group to be able to use its private key.

From your local machine (less recommended, but your only option so far)

When pushing configurations, your machine will ssh directly to the network devices, which mean that you have to have an account there, with the proper permissions.

It's common to test a change locally with the "diff" option. Once satisfied with the result, please merge your change on Gerrit before pushing them with the "commit" action.

Making changes

Note that Homer explicitly asks you when its about to modify the live network configuration (Type "yes" to commit, "no" to abort.) and will prompt you with a diff of the changes beforehand.

Editing the private repository

Manually edit then commit the files on ssh://cumin1001.eqiad.wmnet:/srv/homer/private .

git will sync them with the other cumin host. And will email a summary of the changes to Riccardo (TODO: change it to SREs).

Make sure to mirror all your changes on the mock-private repo: https://gerrit.wikimedia.org/g/operations/homer/mock-private

This repository doesn't have CI, please be extra careful.

Editing the public repository

Similar to our other public repositories, send CRs to https://gerrit.wikimedia.org/g/operations/homer/public , try not to +2 your changes.

This repository doesn't have CI yet, please be extra careful.

Style guides

YAML files

TBD

Templates

It's ok to give up on indentation.

Network configuration coverage

CR

Done

groups {}
system {}
logical-systems {}
services {}
snmp {}
forwarding-options {}
protocols {
    ospf {}
    ospf3 {}
    lldp {}
}
policy-options {}
firewall {}

TODO

interfaces {}  # (Partial) https://gerrit.wikimedia.org/r/c/operations/homer/public/+/547584
routing-options {}  # (Partial) https://gerrit.wikimedia.org/r/c/operations/homer/public/+/547587
apply-groups [ re0 re1 ];  # https://gerrit.wikimedia.org/r/#/c/operations/homer/public/+/549690
chassis {}  # (Partial) https://gerrit.wikimedia.org/r/c/operations/homer/public/+/550389
protocols {
    router-advertisement {}
    bgp {}  # Out of scope
    pim {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/549689
}
routing-instances {}

ASW

Done

system {}
snmp {}
protocols {}

TODO

chassis {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/550389
interfaces {}
routing-options {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/549933
virtual-chassis {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/550370
vlans {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/550376

MR

Done

system {} (Partial)
snmp {}
protocols {}
security {
    zones {}
}

TODO

groups {}
interfaces {}
routing-options {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/550576
policy-options {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/550576
security {
    address-book {}  # Capirca?
    alg {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/550356
    forwarding-options {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/550356
    screen {}  # https://gerrit.wikimedia.org/r/c/operations/homer/public/+/550356
    nat {}
    policies {}  # Capirca?
}
routing-instances {}
applications {}  # Capirca?

MSW

Done

system {}
snmp {}
protocols {}
routing-options {}

TODO

interfaces {}
vlans {}  # https://gerrit.wikimedia.org/r/#/c/operations/homer/public/+/549938

Common/known issues

(Almost) None.

  • The "commit" action doesn't work on the SRXs and the MX104, it will do the Juniper's "commit confirmed 2", but not the "commit check" to make the change permanent.