Open NX-OS

Puppet Master Setup

The Puppet Master must be setup in order to manage the configuration of the network switches. This is done once:

  1. Download, install and configure the Puppet master software
  2. Install the Cisco Puppet module directly from GitHub
  3. Optionally, set up certificate auto-signing for Puppet agent nodes in your data center

Switch Native Puppet Agent Setup

Puppet Agents must be installed on each switch to enable communications with the Puppet Master. These steps are done once per switch:

  • Ensure basic networking is configured, and communication is established between switch and Puppet master in the management namespace.
  1. Enter Bash Shell

In NX-OS, Puppet Agent gets installed in the Bash Shell of the Cisco Nexus Switch

shell
Copy  n9k-sw-1# run bash  
  bash-4.2$ whoami  
  admin
  1. Change to the "management" namespace in the linux shell

This will result in changing the vrf to the management vrf.

shell
Copy  bash-4.2# sudo ip netns exec management bash  
  bash-4.2# whoami  
  root  
  bash-4.2#
  1. Add the DNS server to resolv.conf
shell
Copy  bash-4.2# vi /etc/resolv.conf  
  
  nameserver <<DNS Server>>
  1. Download puppet release agent rpm from yum.puppetlabs.com

Note: For the latest Puppet Agent info please refer to https://github.com/cisco/cisco-network-puppet-module/blob/master/docs/README-agent-install.md#agent-config

This step configures the yum repository on the switch for the agent, imports linux GPG encryption keys and copies the agent RPM to the switch.
bash-4.2# yum install https://yum.puppetlabs.com/puppetlabs-release-pc1-cisco-wrlinux-5.noarch.rpm
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching, protect-packages

groups-repo 1.1 kB 00:00 ...
localdb 951 B 00:00 ...
patching 951 B 00:00 ...
thirdparty 951 B 00:00 ...

Setting up Install Process

puppetlabs-release-pc1-cisco-wrlinux-5.noarch.rpm 5.8 kB 00:00

Examining /var/tmp/yum-root-g33Fyq/puppetlabs-release-pc1-cisco-wrlinux-5.noarch.rpm: puppetlabs-release-pc1-0.9.4-1.cisco_wrlinux5.noarch

Marking /var/tmp/yum-root-g33Fyq/puppetlabs-release-pc1-cisco-wrlinux-5.noarch.rpm to be installed

Resolving Dependencies
--> Running transaction check
---> Package puppetlabs-release-pc1.noarch 0:0.9.4-1.cisco_wrlinux5 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

Package Arch Version Repository Size

============================================================================================================

Installing:

puppetlabs-release-pc1 noarch 0.9.4-1.cisco_wrlinux5 /puppetlabs-pc1-cisco-lnx-5.noarch 2.2 k

Transaction Summary

============================================================================================================
Install 1 Package

Total size: 2.2 k
Installed size: 2.2 k
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : puppetlabs-release-pc1-0.9.4-1.cisco_wrlinux5.noarch 1/1

Installed: puppetlabs-release-pc1.noarch 0:0.9.4-1.cisco_wrlinux5

Complete!

  1. Installing the Puppet Agent from the yum repository

bash-4.2# yum install puppet
Loaded plugins: downloadonly, importpubkey, localrpmDB, patchaction, patching, protect-packages
groups-repo | 1.1 kB 00:00 ...
localdb | 951 B 00:00 ...
patching | 951 B 00:00 ...
thirdparty | 951 B 00:00 ...
puppetlabs-pc1 | 2.5 kB 00:00
puppetlabs-pc1/primary_db | 6.6 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package puppet-agent.x86_64 0:1.2.5-1.cisco_wrlinux5 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

Package Arch Version Repository Size

Installing:
puppet-agent x86_64 1.2.5-1.cisco_wrlinux5 puppetlabs-pc1 39 M

Transaction Summary

Install 1 Package

Total download size: 39 M
Installed size: 139 M
Is this ok [y/N]: y
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs Downloading Packages:
puppet-agent-1.2.5-1.cisco_wrlinux5.x86_64.rpm | 39 MB 00:11
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : puppet-agent-1.2.5-1.cisco_wrlinux5.x86_64 1/1

Installed:
puppet-agent.x86_64 0:1.2.5-1.cisco_wrlinux5

Complete!
bash-4.2#

Install net_http_unix, cisco_nxapi, and cisco_nodeutil gem modules either individually on the switch, or as part of the Puppet manifest for the switch. ​ Download these packages as part of the Cisco agent software from https://forge.puppetlabs.com/puppetlabs/ciscopuppet

Additional information regarding installation instructions is available at https://puppetlabs.com/solutions/cisco

  1. Edit the switch manifest on the Puppet Master to enable tenant on-boarding

For tenant on-boarding in data center environments, typical operations are creating VLAN, SVI, assigning ports to VLANs. An example manifest that on-boards a new Tenant A in VLAN 220 would appear as:

Provision Tenant A:

shell
Copy   cisco_vlan { "220":  
       ensure => present,  
       vlan_name => 'TenantA',  
       shutdown => 'true',  
       state => 'active',  
  }

Provision VLAN Interface for Tenant A:

shell
Copy  cisco_interface { "Vlan220" :  
          svi_autostate => false,  
  
  }

Provision Tenant A Switch Port:

shell
Copy  cisco_interface { "Ethernet1/2" :  
          description => 'default',  
          shutdown    => 'default',  
          access_vlan => '220',  
  }
  1. When applied to a switch the resulting configuration would be:
shell
Copy  interface Ethernet1/2  
    switchport access vlan 220  
  
  vlan 220  
    name TenantA  
  
  interface Vlan220  
    no shutdown
Next