aboutsummaryrefslogtreecommitdiffstats
path: root/examples/tg25/templates
diff options
context:
space:
mode:
Diffstat (limited to 'examples/tg25/templates')
-rw-r--r--examples/tg25/templates/README.md3
-rw-r--r--examples/tg25/templates/juniper-els.j2166
-rw-r--r--examples/tg25/templates/juniper-global.j2277
-rw-r--r--examples/tg25/templates/juniper.j2281
4 files changed, 727 insertions, 0 deletions
diff --git a/examples/tg25/templates/README.md b/examples/tg25/templates/README.md
new file mode 100644
index 0000000..ac730be
--- /dev/null
+++ b/examples/tg25/templates/README.md
@@ -0,0 +1,3 @@
+# TG25 Templates
+
+These are Netbox templates used to generate Juniper configuration. \ No newline at end of file
diff --git a/examples/tg25/templates/juniper-els.j2 b/examples/tg25/templates/juniper-els.j2
new file mode 100644
index 0000000..6f7cec0
--- /dev/null
+++ b/examples/tg25/templates/juniper-els.j2
@@ -0,0 +1,166 @@
+{% include 'templates/juniper-global.j2' %}
+
+{% set interfaces = [] %}
+{% if device.virtual_chassis %}
+ {% for vc_member in dcim.VirtualChassis.objects.get(id=device.virtual_chassis.id).members.all() %}
+ {% for vc_interfaces in dcim.Interface.objects.filter(device_id=vc_member.id) %}
+ {% do interfaces.append(vc_interfaces) %}
+ {% endfor %}
+ {% endfor %}
+{% else %}
+ {% set interfaces = device.interfaces.filter() %}
+{% endif %}
+
+interfaces {
+{% for interface in interfaces %}
+ {% if interface.type in ["virtual"] %}
+ {% set interface_name_parts = interface.name.split(".") %}
+ {{ interface_name_parts[0] }} {
+ unit {{ interface_name_parts[1] }} {
+ {% if interface.description %}
+ description "{{ interface.description }}";
+ {% endif %}
+ {% if interface.count_ipaddresses > 0 %}
+ {% for ip in interface.ip_addresses.all() %}
+ {% if ip.family == 4 %}
+ family inet {
+ filter {
+ input mgmt-v4;
+ }
+ {% elif ip.family == 6 %}
+ family inet6 {
+ filter {
+ input mgmt-v6;
+ }
+ {% endif %}
+ address {{ ip.address }};
+ }
+ {% endfor %}
+ {% endif %}
+ }
+ }
+ {% elif interface.type in ["40gbase-x-qsfpp","10gbase-x-sfpp", "1000base-t", "lag", "1000base-x-sfp"] %}
+ {{ interface.name }} {
+ {% if interface.description %}
+ description "{{ interface.description }}";
+ {% endif %}
+ {% if interface.untagged_vlan %}
+ native-vlan-id {{ interface.untagged_vlan.vid }};
+ {% endif %}
+ {% if interface.type == "lag" %}
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ {% endif %}
+ {% if 'template-no-interface-autoneg' in interface.tags.slugs() %}
+ ether-options {
+ no-auto-negotiation;
+ }
+ {% endif %}
+ {% if interface.lag %}
+ ether-options {
+ {% if 'fap-interface' in interface.tags.slugs() %}
+ 802.3ad {
+ lacp {
+ force-up;
+ }
+ {{ interface.lag.name }};
+ }
+ {% else %}
+ 802.3ad {{ interface.lag.name }};
+ {% endif %}
+ }
+ {% else %}
+ unit 0 {
+ {% if interface.count_ipaddresses > 0 %}
+ family inet {
+ address 185.110.148.13/31;
+ }
+ family inet6 {
+ address 2a06:5841:f:106::2/64;
+ }
+ {% elif interface.mode == "access" %}
+ family ethernet-switching {
+ interface-mode access;
+ vlan {
+ members {{ interface.untagged_vlan.name }};
+ }
+ }
+ {% elif interface.mode == "tagged" or interface.mode == "tagged-all" %}
+ family ethernet-switching {
+ interface-mode trunk;
+ vlan {
+ {% if interface.mode == "tagged-all" %}
+ members all;
+ {% else %}
+ members [ {% for vlan in interface.tagged_vlans.all() %}{{ vlan.name }} {% endfor -%} ];
+ {% endif %}
+ }
+ }
+ {% endif %}
+ }
+ {% endif %}
+ }
+ {% endif %}
+{% endfor %}
+}
+
+
+{% set vlans = [] %}
+{% for interface in interfaces %}
+ {% for vlan in interface.tagged_vlans.all() %}
+ {% if vlan not in vlans %}
+ {% do vlans.append(vlan) %}
+ {% endif %}
+ {% endfor %}
+ {% if interface.untagged_vlan and interface.untagged_vlan not in vlans %}
+ {% do vlans.append(interface.untagged_vlan) %}
+ {% endif %}
+{% endfor %}
+
+{% set aes_to_utskutt = [] %}
+{% for interface in interfaces %}
+ {% if interface.connected_endpoints | length > 0 and interface.connected_endpoints[0].device.role.slug == "utskutt-distro" %}
+ {% if interface.lag.name not in aes_to_utskutt %}
+ {% do aes_to_utskutt.append(interface.lag.name) %}
+ {% endif %}
+ {% endif %}
+{% endfor %}
+
+vlans {
+{% for vlan in vlans %}
+ {{ vlan.name }} {
+ vlan-id {{ vlan.vid }};
+ {% if vlan.name == "d1-ring" %}
+ l3-interface irb.{{ vlan.vid }};
+ {% endif %}
+ {% if vlan.name == "juniper-mgmt" %}
+ forwarding-options {
+ dhcp-security {
+ {% if aes_to_utskutt | length > 0 %}
+ group utskutt {
+ overrides {
+ trusted;
+ no-option82;
+ }
+ {% for ae in aes_to_utskutt %}
+ interface {{ ae }}.0;
+ {% endfor %}
+ }
+ {% endif %}
+ option-82 {
+ circuit-id {
+ prefix {
+ host-name;
+ }
+ use-vlan-id;
+ }
+ }
+ }
+ }
+ {% endif %}
+ }
+{% endfor %}
+}
diff --git a/examples/tg25/templates/juniper-global.j2 b/examples/tg25/templates/juniper-global.j2
new file mode 100644
index 0000000..903579e
--- /dev/null
+++ b/examples/tg25/templates/juniper-global.j2
@@ -0,0 +1,277 @@
+system {
+{% if device.virtual_chassis %}
+ host-name {{ device.virtual_chassis.name }};
+{% else %}
+ host-name {{ device.name }};
+{% endif %}
+ auto-snapshot;
+ domain-name {{ domainName }};
+ time-zone Europe/Oslo;
+ /* tacacs primary, failbacks to local users */
+ authentication-order tacplus;
+ ports {
+ console log-out-on-disconnect;
+ }
+ root-authentication {
+ encrypted-password "{{ hashes.handle_root }}";
+ }
+ name-server {
+{% for server in nameServers %}
+ {{ server }};
+{% endfor %}
+ }
+ tacplus-server {
+{% for server in tacacsServers %}
+ {{ server }} {
+ secret "{{ hashes.tacacs }}";
+ }
+{% endfor %}
+ }
+ login {
+ user admin {
+ uid 2000;
+ class super-user;
+ authentication {
+ encrypted-password "{{ hashes.handle_tech }}";
+ }
+ }
+ user tech {
+ uid 2001;
+ class super-user;
+ authentication {
+ encrypted-password "{{ hashes.handle_tech }}";
+ }
+ }
+ }
+ services {
+ ssh {
+ root-login deny;
+ protocol-version v2;
+ client-alive-count-max 2;
+ client-alive-interval 300;
+ connection-limit 50;
+ rate-limit 5;
+ }
+ netconf {
+ ssh {
+ port 830;
+ }
+ }
+ }
+ syslog {
+ user * {
+ any emergency;
+ }
+ host log.{{ domainName }} {
+ any warning;
+ authorization info;
+ daemon warning;
+ user warning;
+ change-log any;
+ interactive-commands any;
+ match "!(.*License.*)";
+ allow-duplicates;
+ facility-override local7;
+ explicit-priority;
+ }
+ /* Oxidized syslog */
+{% for server in oxidizedServers %}
+ host {{ server }} {
+ interactive-commands notice;
+ match UI_COMMIT_COMPLETED;
+ }
+{% endfor %}
+ /* Local logging of syslog messages */
+ file messages {
+ any notice;
+ authorization info;
+ /* Fjerner mye graps i loggene */
+ match "!(.*License.*|.*EX-BCM PIC.*|.*mojito_i2c_read.*|.*qsfp_tk_read_mem_page.*)";
+ }
+ /* Local logging of all user-commands typed in the CLI */
+ file interactive-commands {
+ interactive-commands any;
+ match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED";
+ }
+ }
+ commit synchronize;
+ ntp {
+{% for server in ntpServers %}
+ server {{ server }};
+{% endfor %}
+ }
+}
+chassis {
+ redundancy {
+ graceful-switchover;
+ }
+ aggregated-devices {
+ ethernet {
+ device-count 32;
+ }
+ }
+ alarm {
+ management-ethernet {
+ link-down ignore;
+ }
+ }
+}
+snmp {
+ contact "{{ SNMP.contact }}";
+ location "{{ SNMP.location }}";
+ community "{{ SNMP.community }}" {
+ authorization read-only;
+ client-list-name mgmt;
+ }
+}
+policy-options {
+ prefix-list mgmt-v4 {
+ {% for x in mgmt_addresses_v4 %}
+ {{ x }};
+ {% endfor %}
+ }
+ prefix-list mgmt-v6 {
+ {% for x in mgmt_addresses_v6 %}
+ {{ x }};
+ {% endfor %}
+ }
+ /* Merged separate v4- og v6-lister */
+ prefix-list mgmt {
+ apply-path "policy-options prefix-list <mgmt-v*> <*>";
+ }
+}
+firewall {
+ family inet {
+ filter mgmt-v4 {
+ term accept-ssh {
+ from {
+ source-prefix-list {
+ mgmt-v4;
+ }
+ destination-port 22;
+ }
+ then accept;
+ }
+ term discard-ssh {
+ from {
+ destination-port 22;
+ }
+ then {
+ discard;
+ }
+ }
+ term accept-all {
+ then accept;
+ }
+ }
+ }
+ family inet6 {
+ filter mgmt-v6 {
+ term accept-ssh {
+ from {
+ source-prefix-list {
+ mgmt-v6;
+ }
+ destination-port 22;
+ }
+ then accept;
+ }
+ term discard-ssh {
+ from {
+ destination-port 22;
+ }
+ then discard;
+ }
+ term accept-all {
+ then accept;
+ }
+ }
+ }
+}
+protocols {
+ igmp-snooping {
+ vlan all {
+ immediate-leave;
+ }
+ }
+ mld-snooping {
+ vlan all {
+ immediate-leave;
+ }
+ }
+}
+
+protocols {
+ rstp {
+ {% if device.role.slug == "access-switch" %}
+ bridge-priority 32k;
+ interface edge-ports {
+ edge;
+ no-root-port;
+ }
+ {% elif device.role.slug == "utskutt-distro" %}
+ bridge-priority 8k;
+ {% elif device.role.slug == "distro" %}
+ bridge-priority 4k;
+ interface all;
+ {% endif %}
+
+ }
+ lldp {
+ port-id-subtype interface-name;
+ port-description-type interface-description;
+ interface all;
+ }
+}
+
+
+poe {
+ interface all;
+}
+
+routing-options {
+ rib inet.0 {
+ static {
+{% if "d1-ring" in device.name %}
+ route 0.0.0.0/0 next-hop 185.110.148.12;
+{% else %}
+ route 0.0.0.0/0 next-hop 185.110.149.1;
+{% endif %}
+ }
+ }
+ rib inet6.0 {
+ static {
+{% if "d1-ring" in device.name %}
+ route ::/0 next-hop 2a06:5841:f:106::1;
+{% else %}
+ route ::/0 next-hop 2a06:5841:f:0::1;
+{% endif %}
+ }
+ }
+ nonstop-routing;
+}
+
+{% if device.virtual_chassis %}
+{#
+ VC mastership logikk:
+ vc-priority angir hvem som blir routing-engine, backup-routing-engine og line-cards. 0-255. Jo høyere, jo bedre. Alt over 200 blir satt til "master"
+ 128 = default
+#}
+virtual-chassis {
+ preprovisioned;
+ vcp-snmp-statistics;
+ {% for member in dcim.Device.objects.filter(virtual_chassis_id=device.virtual_chassis.id) %}
+ member {{ member.vc_position }} {
+ serial-number {{ member.serial }};
+ {% if member.vc_priority is not none and member.vc_priority > 200 %}
+ role routing-engine;
+ {% else %}
+ role line-card;
+ {% endif %}
+ {% if member.location is defined %}
+ location {{ member.location }};
+ {% endif %}
+ }
+ {% endfor %}
+}
+{% endif %}
diff --git a/examples/tg25/templates/juniper.j2 b/examples/tg25/templates/juniper.j2
new file mode 100644
index 0000000..5787500
--- /dev/null
+++ b/examples/tg25/templates/juniper.j2
@@ -0,0 +1,281 @@
+{% include 'templates/juniper-global.j2' %}
+
+{% set interfaces = [] %}
+{% if device.virtual_chassis %}
+ {% for vc_member in dcim.VirtualChassis.objects.get(id=device.virtual_chassis.id).members.all() %}
+ {% for vc_interfaces in dcim.Interface.objects.filter(device_id=vc_member.id) %}
+ {% do interfaces.append(vc_interfaces) %}
+ {% endfor %}
+ {% endfor %}
+{% else %}
+ {% set interfaces = device.interfaces.filter() %}
+{% endif %}
+
+{% set edge_interfaces = [] %}
+{% for interface in interfaces if interface.type not in ["virtual", "lag"] %}
+ {% if interface.mode == "access" %}
+ {% do edge_interfaces.append(interface) %}
+ {% endif %}
+{% endfor %}
+
+interfaces {
+{% if edge_interfaces | length > 0 %}
+ interface-range edge-ports {
+ description "edge-ports";
+ {% for interface in edge_interfaces %}
+ member {{ interface.name }};
+ {% endfor %}
+ }
+{% endif %}
+{% for interface in interfaces %}
+ {% if interface.type in ["virtual"] %}
+ {% set interface_name_parts = interface.name.split(".") %}
+ {{ interface_name_parts[0] }} {
+ unit {{ interface_name_parts[1] }} {
+ {% if interface.description %}
+ description "{{ interface.description }}";
+ {% endif %}
+ {% if interface.count_ipaddresses > 0 %}
+ {% for ip in interface.ip_addresses.all() %}
+ {% if ip.family == 4 %}
+ family inet {
+ filter {
+ input mgmt-v4;
+ }
+ {% elif ip.family == 6 %}
+ family inet6 {
+ filter {
+ input mgmt-v6;
+ }
+ {% endif %}
+ address {{ ip.address }};
+ }
+ {% endfor %}
+ {% endif %}
+ }
+ }
+ {% elif interface.type in ["1000base-t", "lag", "10gbase-x-sfpp"] %}
+ {{ interface.name }} {
+ {% if interface.description %}
+ description "{{ interface.description }}";
+ {% endif %}
+ {% if interface.type == "lag" %}
+ aggregated-ether-options {
+ lacp {
+ active;
+ }
+ }
+ {% endif %}
+ {% if interface.lag and 'fap-interface' in interface.tags.slugs() and interface.connected_endpoints[0].device.status == "active" %}
+ ether-options {
+ 802.3ad {{ interface.lag.name }};
+ }
+ inactive: unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members juniper-mgmt;
+ }
+ }
+ }
+ {% elif interface.lag and 'fap-interface' in interface.tags.slugs() and interface.connected_endpoints[0].device.status == "staged" %}
+ inactive: ether-options {
+ 802.3ad {{ interface.lag.name }};
+ }
+ unit 0 {
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members juniper-mgmt;
+ }
+ }
+ }
+ {% elif interface.lag %}
+ ether-options {
+ 802.3ad {{ interface.lag.name }};
+ }
+ {% else %}
+ unit 0 {
+ {% if interface.count_ipaddresses > 0 %}
+ {% for ip in interface.ip_addresses.all() %}
+ {% if ip.family == 4 %}
+ family inet {
+ filter {
+ input mgmt-v4;
+ }
+ {% elif ip.family == 6 %}
+ family inet6 {
+ filter {
+ input mgmt-v6;
+ }
+ {% endif %}
+ address {{ ip.address }};
+ }
+ {% endfor %}
+ {% elif interface.mode == "access" %}
+ family ethernet-switching {
+ port-mode access;
+ vlan {
+ members {{ interface.untagged_vlan.name }};
+ }
+ }
+ {% elif interface.mode == "tagged" or interface.mode == "tagged-all" %}
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ {% if interface.mode == "tagged-all" %}
+ members all;
+ {% else %}
+ members [ {% for vlan in interface.tagged_vlans.all() %}{{ vlan.name }} {% endfor -%} ];
+ {% endif %}
+ }
+ {% if interface.untagged_vlan %}
+ native-vlan-id {{ interface.untagged_vlan.vid }};
+ {% endif %}
+ }
+ {% endif %}
+ }
+ {% endif %}
+ }
+ {% else %}
+ {% endif %}
+{% endfor %}
+}
+
+ethernet-switching-options {
+ secure-access-port {
+ vlan juniper-mgmt {
+ dhcp-option82 {
+ circuit-id {
+ prefix hostname;
+ use-vlan-id;
+ }
+ }
+ }
+ }
+}
+
+{% set vlans = [] %}
+{% for interface in interfaces %}
+ {% for vlan in interface.tagged_vlans.all() %}
+ {% if vlan not in vlans %}
+ {% do vlans.append(vlan) %}
+ {% endif %}
+ {% endfor %}
+ {% if interface.untagged_vlan and interface.untagged_vlan not in vlans %}
+ {% do vlans.append(interface.untagged_vlan) %}
+ {% endif %}
+{% endfor %}
+ethernet-switching-options {
+ secure-access-port {
+ vlan juniper-mgmt {
+ dhcp-option82 {
+ circuit-id {
+ prefix hostname;
+ use-vlan-id;
+ }
+ }
+ }
+{% if device.role.slug == "access-switch" %}
+ interface edge-ports {
+ no-dhcp-trusted;
+ }
+ {% for vlan in vlans if not vlan.name == "juniper-mgmt" %} {# TOOD maybe also ignore wifi vlans #}
+ vlan {{ vlan.name }} {
+ arp-inspection;
+ examine-dhcp;
+ examine-dhcpv6;
+ inactive: neighbor-discovery-inspection;
+ ip-source-guard;
+ ipv6-source-guard;
+ dhcp-option82 {
+ circuit-id {
+ use-vlan-id;
+ }
+ }
+ no-option-37;
+ /* inactive due to DHCP drops on MX platform */
+ inactive: dhcpv6-option18 {
+ use-option-82;
+ }
+ }
+ {% endfor %}
+ ipv6-source-guard-sessions {
+ max-number 128;
+ }
+ {% endif %}
+ }
+ port-error-disable {
+ /* 30 minutes in seconds */
+ disable-timeout 1800;
+ }
+ storm-control {
+ {% if device.role.slug == "access-switch" %}
+ action-shutdown;
+ interface edge-ports {
+ bandwidth 20000;
+ multicast;
+ }
+ {% else %}
+ {% for interface in interfaces if interface.type == "lag" and interface.name != "ae0" %}
+ interface {{ interface }}.0;
+ {% endfor %}
+ {% endif %}
+ }
+}
+vlans {
+{% for vlan in vlans %}
+ {{ vlan.name }} {
+ vlan-id {{ vlan.vid }};
+ {% if vlan.name == "juniper-mgmt" %}
+ l3-interface vlan.{{ vlan.vid }};
+ {% endif %}
+ }
+{% endfor %}
+}
+
+{% if device.role.slug == "utskutt-distro" %}
+event-options {
+ {% for interface in interfaces if interface.type == "lag" and interface.name != "ae0" %}
+ {% set fap_interface = dcim.Interface.objects.filter(lag_id=interface.id) %}
+ policy {{ interface.name }}down {
+ events snmp_trap_link_down;
+ attributes-match {
+ snmp_trap_link_down.interface-name matches "{{ interface.name }}$";
+ }
+ then {
+ change-configuration {
+ retry count 10 interval 10;
+ commands {
+ "activate interfaces {{ fap_interface[0].name }} unit 0";
+ "deactivate interfaces {{ fap_interface[0].name }} ether-options";
+ }
+ user-name tech;
+ commit-options {
+ log "Autoconfig-script: {{ interface.name }}went down so removed {{ fap_interface[0].name }} from bundle";
+ }
+ }
+ }
+ }
+ policy {{ interface.name }}up {
+ events snmp_trap_link_up;
+ attributes-match {
+ snmp_trap_link_up.interface-name matches "{{ interface.name }}$";
+ }
+ then {
+ change-configuration {
+ retry count 10 interval 10;
+ commands {
+ "deactivate interfaces {{ fap_interface[0].name }} unit 0";
+ "activate interfaces {{ fap_interface[0].name }} ether-options";
+ }
+ user-name tech;
+ commit-options {
+ log "Autoconfig-script: {{ interface.name }} came up so added {{ fap_interface[0].name }} to bundle";
+ }
+ }
+ }
+ }
+ {% endfor %}
+}
+{% endif %}
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 17:29:22 +0000