Feat(eos_cli_config_gen): Add support for monitor server radius (#4595

)
aristanetworks · Nov 13, 2024 · 059f886 · 059f886
1 parent 5300bf6
commit 059f886
Show file tree

Hide file tree

Showing 14 changed files with 298 additions and 1 deletion.
diff --git a/...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md b/...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md
@@ -58,6 +58,7 @@
   - [Event Handler](#event-handler)
   - [Object Tracking](#object-tracking)
   - [Monitor Telemetry Postcard Policy](#monitor-telemetry-postcard-policy)
+  - [Monitor Server Radius Summary](#monitor-server-radius-summary)
 - [Monitor Connectivity](#monitor-connectivity)
   - [Global Configuration](#global-configuration)
   - [VRF Configuration](#vrf-configuration)
@@ -1721,6 +1722,29 @@ monitor telemetry postcard policy
       ingress sample policy samplepo2
 ```
 
+### Monitor Server Radius Summary
+
+Monitor servers are used for 802.1x authentication.
+
+#### Server Probe Settings
+
+| Setting | Value |
+| ------- | ----- |
+| Probe interval | 100 |
+| Threshold failure | 100 |
+| Probe method | access-request |
+
+#### Monitor Server Radius Device Configuration
+
+```eos
+!
+monitor server radius
+   service dot1x
+   probe interval 100 seconds
+   probe threshold failure 100
+   probe method access-request username arista password 7 <removed>
+```
+
 ## Monitor Connectivity
 
 ### Global Configuration

diff --git a/...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host2.md b/...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host2.md
@@ -23,6 +23,8 @@
   - [DHCP Relay Device Configuration](#dhcp-relay-device-configuration)
 - [System Boot Settings](#system-boot-settings)
   - [System Boot Device Configuration](#system-boot-device-configuration)
+- [Monitoring](#monitoring)
+  - [Monitor Server Radius Summary](#monitor-server-radius-summary)
 - [Monitor Connectivity](#monitor-connectivity)
   - [Global Configuration](#global-configuration)
   - [Monitor Connectivity Device Configuration](#monitor-connectivity-device-configuration)
@@ -295,6 +297,24 @@ dhcp relay
 !
 ```
 
+## Monitoring
+
+### Monitor Server Radius Summary
+
+#### Server Probe Settings
+
+| Setting | Value |
+| ------- | ----- |
+| Probe method | status-server |
+
+#### Monitor Server Radius Device Configuration
+
+```eos
+!
+monitor server radius
+   probe method status-server
+```
+
 ## Monitor Connectivity
 
 ### Global Configuration

diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg
@@ -236,6 +236,12 @@ mcs client
       server host 10.90.224.189
       server host leaf2.atd.lab
 !
+monitor server radius
+   service dot1x
+   probe interval 100 seconds
+   probe threshold failure 100
+   probe method access-request username arista password 7 141600021F102B
+!
 ip nat translation address selection hash field source-ip
 ip nat translation address selection any
 ip nat translation tcp-timeout 7200

diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host2.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host2.cfg
@@ -23,6 +23,9 @@ queue-monitor length
 no queue-monitor length notifying
 queue-monitor length default threshold 100
 !
+monitor server radius
+   probe method status-server
+!
 !
 router adaptive-virtual-topology
    topology role edge gateway vxlan

diff --git a/...rista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/monitor-server-radius.yml b/...rista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/monitor-server-radius.yml
@@ -0,0 +1,11 @@
+---
+monitor_server_radius:
+  service_dot1x: true
+  probe:
+    interval: 100
+    threshold_failure: 100
+    method: access-request
+    access_request:
+      username: arista
+      password: 141600021F102B
+      password_type: 7
diff --git a/...rista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host2/monitor-server-radius.yml b/...rista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host2/monitor-server-radius.yml
@@ -0,0 +1,4 @@
+---
+monitor_server_radius:
+  probe:
+    method: status-server
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/input-variables.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/input-variables.md
@@ -647,6 +647,12 @@ roles/eos_cli_config_gen/docs/tables/management-api-gnmi.md
 roles/eos_cli_config_gen/docs/tables/monitor-connectivity.md
 --8<--
 
+### Monitor server Radius
+
+--8<--
+roles/eos_cli_config_gen/docs/tables/monitor-server-radius.md
+--8<--
+
 ### Monitor sessions
 
 --8<--

diff --git a/...ctions/arista/avd/roles/eos_cli_config_gen/docs/tables/monitor-server-radius.md b/...ctions/arista/avd/roles/eos_cli_config_gen/docs/tables/monitor-server-radius.md
diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/monitor-server-radius.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/monitor-server-radius.j2
@@ -0,0 +1,36 @@
+{#
+ Copyright (c) 2023-2024 Arista Networks, Inc.
+ Use of this source code is governed by the Apache License 2.0
+ that can be found in the LICENSE file.
+#}
+{# doc - monitor server radius #}
+{% if monitor_server_radius is arista.avd.defined %}
+
+### Monitor Server Radius Summary
+{%     if monitor_server_radius.service_dot1x is arista.avd.defined(true) %}
+
+Monitor servers are used for 802.1x authentication.
+{%     endif %}
+{%     if monitor_server_radius.probe is arista.avd.defined %}
+
+#### Server Probe Settings
+
+| Setting | Value |
+| ------- | ----- |
+{%         if monitor_server_radius.probe.interval is arista.avd.defined %}
+| Probe interval | {{ monitor_server_radius.probe.interval }} |
+{%         endif %}
+{%         if monitor_server_radius.probe.threshold_failure is arista.avd.defined %}
+| Threshold failure | {{ monitor_server_radius.probe.threshold_failure }} |
+{%         endif %}
+{%         if monitor_server_radius.probe.method is arista.avd.defined %}
+| Probe method | {{ monitor_server_radius.probe.method }} |
+{%         endif %}
+{%     endif %}
+
+#### Monitor Server Radius Device Configuration
+
+```eos
+{%     include 'eos/monitor-server-radius.j2' %}
+```
+{% endif %}
diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/monitoring.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/monitoring.j2
@@ -31,7 +31,8 @@
        or flow_tracking is arista.avd.defined
        or trackers is arista.avd.defined
        or sflow_interfaces | length > 0
-       or monitor_telemetry_postcard_policy is arista.avd.defined %}
+       or monitor_telemetry_postcard_policy is arista.avd.defined
+       or monitor_server_radius is arista.avd.defined %}
 
 ## Monitoring
 {## TerminAttr Daemon #}
@@ -62,4 +63,6 @@
 {%     include 'documentation/trackers.j2' %}
 {## Monitor Telemetry Postcard #}
 {%     include 'documentation/monitor-telemetry-postcard-policy.j2' %}
+{## Monitor Server Radius #}
+{%     include 'documentation/monitor-server-radius.j2' %}
 {% endif %}
diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos-intended-config.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos-intended-config.j2
@@ -86,6 +86,8 @@
 {% include 'eos/match-list-input.j2' %}
 {# mcs client #}
 {% include 'eos/mcs-client.j2' %}
+{# monitor server radius #}
+{% include 'eos/monitor-server-radius.j2' %}
 {# platform - trident#}
 {% include 'eos/platform-trident.j2' %}
 {# IP NAT - Part 1#}

diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/monitor-server-radius.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/monitor-server-radius.j2
@@ -0,0 +1,28 @@
+{#
+ Copyright (c) 2023-2024 Arista Networks, Inc.
+ Use of this source code is governed by the Apache License 2.0
+ that can be found in the LICENSE file.
+#}
+{# eos - monitor server radius #}
+{% if monitor_server_radius is arista.avd.defined %}
+!
+monitor server radius
+{%     if monitor_server_radius.service_dot1x is arista.avd.defined(true) %}
+   service dot1x
+{%     endif %}
+{%     if monitor_server_radius.probe.interval is arista.avd.defined %}
+   probe interval {{ monitor_server_radius.probe.interval }} seconds
+{%     endif %}
+{%     if monitor_server_radius.probe.threshold_failure is arista.avd.defined %}
+   probe threshold failure {{ monitor_server_radius.probe.threshold_failure }}
+{%     endif %}
+{%     if monitor_server_radius.probe.method is arista.avd.defined("status-server") %}
+   probe method status-server
+{%     elif monitor_server_radius.probe.method is arista.avd.defined("access-request") %}
+{%         if monitor_server_radius.probe.access_request.username is arista.avd.defined and
+              monitor_server_radius.probe.access_request.password is arista.avd.defined %}
+{%             set access_request = monitor_server_radius.probe.access_request %}
+   probe method access-request username {{ access_request.username }} password {{ access_request.password_type | arista.avd.default("7") }} {{ access_request.password | arista.avd.hide_passwords(hide_passwords) }}
+{%         endif %}
+{%     endif %}
+{% endif %}
diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml
diff --git a/...on-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/monitor_server_radius.schema.yml b/...on-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/monitor_server_radius.schema.yml
@@ -0,0 +1,54 @@
+# Copyright (c) 2023-2024 Arista Networks, Inc.
+# Use of this source code is governed by the Apache License 2.0
+# that can be found in the LICENSE file.
+# yaml-language-server: $schema=../../../_schema/avd_meta_schema.json
+# Line above is used by RedHat's YAML Schema vscode extension
+# Use Ctrl + Space to get suggestions for every field. Autocomplete will pop up after typing 2 letters.
+type: dict
+keys:
+  monitor_server_radius:
+    type: dict
+    description: Settings to monitor radius servers.
+    keys:
+      service_dot1x:
+        type: bool
+        description: Monitor servers used for 802.1X authentication.
+      probe:
+        type: dict
+        description: Settings for probe sent to the server.
+        keys:
+          interval:
+            type: int
+            description: Server probe interval in seconds.
+            convert_types:
+              - str
+            min: 1
+            max: 1000
+          threshold_failure:
+            type: int
+            description: Number of consecutive failed probes before a server is marked as dead.
+            convert_types:
+              - str
+            min: 1
+            max: 255
+          method:
+            type: str
+            description: Method used to probe the server. `status-server` is the EOS default method.
+            valid_values:
+              - status-server
+              - access-request
+          access_request:
+            type: dict
+            description: This can only be set when `method` is `access_request`.
+            keys:
+              username:
+                type: str
+              password:
+                type: str
+                description: Encrypted password using the `password_type`.
+              password_type:
+                type: str
+                convert_types:
+                  - int
+                valid_values: ["0", "7", "8a"]
+                default: "7"