Golden_Config_Generator

This program reads in the configuration file from a Cisco router or switch running IOS-XE extracts the unique
information and inserts it into a new configuration at designated locations.

This new configuration is then rendered with a Jinja template with site specific configuration parameters and a
golden configuration Jinja template that consists of best practice configurations standard across all site.

Use Case

This program was developed to meet the need to upgrade switch configurations during platform upgrades using the latest
industry best practices and enterprise security standards in an automated fashion.

Features

• Leverages Jinja templating in a .j2 template per site with macros for config blocks like DNS, SNMP, etc.
• Certain unique configurations are extracted as unstructured code blocks, such as interface configurations and routing
  configurations.
  • These configurations are currently just pasted into the new configuration at set locations in the config
    designated by !!![config_name]!!!.
    • i.e !!!Interfaces is used to designate where the interface configuration goes.
  • These copied configurations should be peer-reviewed for relevance and application to the new platform.
    Specifically interfaces names might change, VLANs might no longer be needed, etc.
  • Future releases will include parsers for these configurations for easier transfer to the new configuration

Installation

[Step 1] Clone repo:

git clone git@github.com:jconwell3115/Golden_Config_Generator.git

[Step 2] Navigate to the project directory

cd Golden_Config_Generator

[Step 3] Install required dependencies:

pip install -r requirements.txt

[Step 4] (Optional) Install pre-commit:

pre-commit install

Usage

(GoldenConfigGenerator) jconw483@Jons-PC ~/Work_Environments/GoldenConfigGenerator/Golden_Config_Generator $ python3 golden_config_generator.py -h
usage: golden_config_generator.py [-h] [-c CONFIG]

This program reads in an old configuration file and then converts it to a new 'golden' 
configuration using industry standard best practices for Cisco Catalyst switches running 
IOS-XE versions 16.9 and up.

options:
  -h, --help            show this help message and exit
  -c CONFIG, --config CONFIG
                        Configuration file to convert

Thanks for using golden_config_generator!

This program can be ran with the -c {{ switch_config }} or with no argument. If run
with no
argument the program will ask for the name of the switch configuration

Future release will include the option to convert all configurations in a given
directory.

Run the program on the test configurations for proof of concept:

Sample configurations files are located in the configuration_files/old_configurations directory.

(.venv) $ golden_config_generator.py -c S1-AS-3320-104-1.cfg

This will output the new configurations in the configuration_files/new_configurations directory.

There will be a template rendered with the {{ hostname }}.j2 located in the
templates/new_switch_templates directory

Directory Structure

.
├── configuration_files
│   ├── new_configurations
│   │   ├── S1-AS-3320-104-1_2025_03_14.cfg
│   │   └── S3-CS-2015-321-1_2025_03_14.cfg
│   └── old_configurations
│       ├── S1-AS-3320-104-1.cfg
│       ├── S2-AS-527-109-1.cfg
│       └── S3-CS-2015-321-1.cfg
├── golden_config_generator.py
├── LICENSE
├── pipdeptree_current.txt
├── pyproject.toml
├── README.md
├── requirements.txt
└── templates
    ├── new_switch_templates
    │   ├── S1-AS-3320-104-1.j2
    │   └── S3-CS-2015-321-1.j2
    ├── site_1.j2
    ├── site_2.j2
    ├── site_3.j2
    └── switch_template.j2
    

• configuration_files - Directory to store old and new configurations

  • new_configurations - Directory that holds the new golden configs created by the
    program
  • old_configurations - Directory that the program searches for the
    configurations to be converted

• templates - Directory that stores the site specific templates and the base
  golden config switch template

  • new_switch_templates - These are the templates created during the program run,
    these aren't really needed, but are good reference to see the workflow.

Possible Automation Enhancements

This is a general idea and the details would need to be defined a bit more

• Create Ansible Playbook that orchestrates the following

  1. Login to a live network device and gather the configuration.
  2. Save the file locally and to the flash on the network device.
  3. Copy the configuration to flash:[hostname]_automated_reconfigure.cfg.
  4. Run the configuration through the golden_config_generator.py program to generate a new configuration.
  5. Copy the new configuration to the live network device
  6. Create an eem script that will copy the new configuration into startup and reload the device.
     • The EEM script needs to be in the new configuration as well.
  7. The EEM script will run checkouts after the reboot to ensure everything is working fine, else it will revert the
     configuration to the old config and reload again.

TODO:

• Add Jinja tempaltes for sites
• Add base configuration template
• Modularize the code into smaller methods
• Add generic old configuration files for testing and proof of concept
• CLI arguments to take the file name
• Add a CLI switch to read and convert all files in a given directory

Author

Jonathan Conwell

Email: jconwell3115@gmail.com

Phone: 867-5309

DISCLAIMER

Please note: This script is meant for demo purposes only. All tools/ scripts in this repo are released for use "AS IS" without any warranties of any kind, including, but not limited to their installation, use, or performance. Any use of these scripts and tools is at your own risk. There is no guarantee that they have been through thorough testing in a comparable environment and we are not responsible for any damage or data loss incurred with their use.
You are responsible for reviewing and testing any scripts you run thoroughly before use in any non-testing environment.