Quick Start¶
Bootstrapping a switch¶
There are a number of ways to bootstrap the necessary components on to a switch, and automatically load the minimal, initial configuration. We strongly suggest ZTP Server to automate the steps from initial power-on to contacting the Puppet master.
Sample minimal configuration on a switch includes basic IP connectivity, hostname and domain-name which are used to generate the switch’s SSL certificate, a name-server or host entry for “puppet”, the default master name unless otherwise specified, and enabling eAPI (management api http-commands):
!
hostname my-switch
ip domain-name example.com
!
ip name-server vrf default 8.8.8.8
! OR
ip host puppet 192.2.2.5
!
interface Management1
ip address 192.2.2.101/24
no shutdown
!
ip route 0.0.0.0/0 192.2.2.1
!
From EOS 4.15.5 and up, it is recommended configure EOS to use unix-sockets for eAPI:
management api http-commands
no protocol https
protocol unix-socket
no shutdown
!
In EOS versions below 4.15.5, it is recommended to configure EOS to use https for eAPI. This also requires the creation of a flash:eapi.conf in which to store user credentials to login to eAPI:
username eapi privilege 15 secret icanttellyou
!
management api http-commands
no shutdown
!
If you configured eAPI (management api http-commands) for anything other than
unix-socket, then an flash:eapi.conf is also required. Ensure that the connection is localhost and enter the transport, port, username, and password required for the puppet module to connect to eAPI. See more about configuring eapi.conf [1].
Example flash:eapi.conf:
[connection:localhost]
transport: https
port: 1234
username: eapi
password: password
enablepwd: itsasecret
Install the puppet agent from PuppetLabs [4] (previous releases [5]):
Arista#copy http://myserver/puppet-enterprise-3.8.2-eos-4-i386.swix extensions:
Arista#extension puppet-enterprise-3.8.2-eos-4-i386.swix
Install the rbeapi extension [6]:
Arista#copy http://myserver/rbeapi-0.3.0.swix extensions:
Arista#extension rbeapi-0.3.0.swix
Save the installed extensions:
Arista#copy installed-extensions boot-extensions
EOS Command Aliases¶
If working with puppet manually from the CLI, it may be convenient to add the following aliases to your systems
alias pa bash sudo puppet agent --environment demo --waitforcert 30 --onetime true
alias puppet bash sudo puppet
With the above aliases, repetitive typing can be reduced to, for example:
Arista#pa --test
Arista#puppet resource eos_vlan
Arista#puppet describe eos_vlan
Configuring the Puppet Master¶
Follow the standard instructions for installing either a Puppet Enterprise or Puppet Open-source master server and setup your environment(s). (Standalone Puppet, also known as headless or masterless puppet, is covered in a separate section.) As the paths to various items and specifics may vary from system to system, you may need to make minor adjustments to the ommands, below, to conform to your particular system. Use puppet config print to locate the correct paths.
On the master, install the Forge: puppet-eos [2] module (Source: GitHub: puppet-eos [3]). This module is self-contained including the types and providers specific to EOS.
Note
There is also a netdev_stdlib module in which PuppetLabs maintains a cross-platform set of Types in netdev_stdlib and the EOS-specific providers are in netdev_stdlib_eos.
Install the rbeapi rubygem on the server:
$ sudo gem install rbeapi
Add the puppet-eos module to your server’s modulepath:
Puppet installer:
$ sudo puppet module install puppet-eos [--environment production ] [--modulepath $basemodulepath ]
Install from source:
$ sudo git clone https://github.com/arista-eosplus/puppet-eos.git <environment>/modules/eos
$ cd <environment>/modules/eos/
$ sudo git checkout <version or branch>
Link using Git submodules:
$ cd $moduledir
$ git submodule add https://github.com/arista-eosplus/puppet-eos.git eos
$ git submodule status
$ git submodule init
$ git status
Verifying the agent on EOS¶
Run the puppet agent on EOS. This performs several key tasks: * Generate a keypair and request a certificate from the master * Retrieve the CA and Master certificates * Run pluginsync (enabled by default) to download the types and providers * Run the defined manifests, if configured
Arista#bash sudo puppet agent [--environment <env_name>] --test --onetime --no-daemonize --waitforcert 30
On the Master, sign the node’s certificate request:
$puppet cert list
$puppet cert sign <certname>
If you did not include waitforcert, above, then re-run the puppet agent command to install the signed certificate from the server:
Arista#bash sudo puppet agent [--environment <env_name>] --test --onetime --waitforcert 30
Verify that the eos_* types are available on the switch:
Arista#bash sudo puppet resource --types [| grep eos]
View the current state of a type:
Arista#bash sudo puppet resource eos_vlan
eos_vlan { '1':
ensure => 'present',
enable => 'true',
vlan_name => 'default',
}
View the description for a type:
Arista#bash sudo puppet describe eos_vlan
If the steps, above, were not successful, proceed to the Troubleshooting chapter.
| [1] | https://github.com/arista-eosplus/rbeapi#example-eapiconf-file |
| [2] | https://forge.puppetlabs.com/aristanetworks/puppet-eos |
| [3] | https://github.com/arista-eosplus/puppet-eos |
| [4] | https://puppetlabs.com/download-puppet-enterprise-all#eos |
| [5] | https://puppetlabs.com/misc/pe-files/previous-releases |
| [6] | https://github.com/arista-eosplus/rbeapi |