Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI(eos_cli_config_gen): Restructure molecule host vars #4694

Draft
wants to merge 2 commits into
base: devel
Choose a base branch
from
Draft

CI(eos_cli_config_gen): Restructure molecule host vars #4694

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
40d4c2a
Refactor(eos_cli_config_gen): Restructure molecule host vars
Nov 12, 2024
6cb77e1
Adding certificate key and cert
Nov 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
301 changes: 301 additions & 0 deletions ...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,20 @@
- [System Control-Plane](#system-control-plane)
- [Management SSH](#management-ssh)
- [Management Tech-Support](#management-tech-support)
- [Management Accounts](#management-accounts)
- [Management API gNMI](#management-api-gnmi)
- [Management CVX Summary](#management-cvx-summary)
- [Management Console](#management-console)
- [Management API HTTP](#management-api-http)
- [Management API Models](#management-api-models)
- [CVX](#cvx)
- [CVX Services](#cvx-services)
- [CVX Device Configuration](#cvx-device-configuration)
- [Authentication](#authentication)
- [Local Users](#local-users)
- [Roles](#roles)
- [Enable Password](#enable-password)
- [Management defaults](#management-defaults)
- [TACACS Servers](#tacacs-servers)
- [IP TACACS Source Interfaces](#ip-tacacs-source-interfaces)
- [RADIUS Server](#radius-server)
Expand Down Expand Up @@ -248,22 +255,45 @@ agent KernelFib environment KERNELFIB_PROGRAM_ALL_ECMP=true

| Management Interface | Description | Type | VRF | IP Address | Gateway |
| -------------------- | ----------- | ---- | --- | ---------- | ------- |
| Management0 | - | oob | default | 10.0.0.0 | - |
| Management1 | OOB_MANAGEMENT | oob | MGMT | 10.73.255.122/24 | 10.73.255.2 |
| Management42 | - | oob | default | - | - |
| Vlan123 | inband_management | inband | default | 10.73.0.123/24 | 10.73.0.1 |

##### IPv6

| Management Interface | Description | Type | VRF | IPv6 Address | IPv6 Gateway |
| -------------------- | ----------- | ---- | --- | ------------ | ------------ |
| Management0 | - | oob | default | - | - |
| Management1 | OOB_MANAGEMENT | oob | MGMT | - | - |
| Management42 | - | oob | default | - | - |
| Vlan123 | inband_management | inband | default | - | - |

#### Management Interfaces Device Configuration

```eos
!
interface Management0
mac-address 00:1c:73:00:00:aa
ip address 10.0.0.0
!
interface Management1
description OOB_MANAGEMENT
vrf MGMT
ip address 10.73.255.122/24
!
interface Management42
shutdown
speed forced 1000full
no lldp transmit
no lldp receive
lldp tlv transmit ztp vlan 666
!
interface Vlan123
description inband_management
mtu 1500
ip address 10.73.0.123/24
ip virtual-router address 10.73.0.1
```

### IP Domain-list
Expand Down Expand Up @@ -494,6 +524,265 @@ management tech-support
exit
```

### Management Accounts

#### Password Policy

The password policy set for management accounts is: AVD_POLICY

#### Management Accounts Device Configuration

```eos
!
management accounts
password policy AVD_POLICY
```

### Management API gNMI

#### Management API gNMI Summary

| Transport | SSL Profile | VRF | Notification Timestamp | ACL | Port |
| --------- | ----------- | --- | ---------------------- | --- | ---- |
| MGMT | gnmi | MGMT | send-time | acl1 | 6030 |
| mytransport | - | - | send-time | acl1 | 6032 |

| Transport | Destination | Destination Port | gNMI SSL Profile | Tunnel SSL Profile | VRF | Local Interface | Local Port | Target ID |
| --------- | ----------- | ---------------- | ---------------- | ------------------ | --- | --------------- | ---------- | --------- |
| onetarget | 10.1.1.100 | 10000 | ssl_profile | ssl_profile | management | Management1 | 10001 | testid100 |
| multipletargets | 10.1.1.100 | 10000 | ssl_profile | ssl_profile | management | Management1 | 10001 | testid1 testid2 testid3 testid4 |
| serialandtargets | 10.1.1.100 | 10000 | ssl_profile | ssl_profile | management | Management1 | 10001 | Serial-Number testid10 testid20 |
| noserialnotargets | - | - | - | - | - | - | - | |
| serialonly | - | - | - | - | - | - | - | Serial-Number |

Provider eos-native is configured.

#### Management API gNMI Device Configuration

```eos
!
management api gnmi
transport grpc MGMT
ssl profile gnmi
vrf MGMT
ip access-group acl1
notification timestamp send-time
!
transport grpc mytransport
port 6032
ip access-group acl1
notification timestamp send-time
!
transport grpc-tunnel multipletargets
no shutdown
vrf management
tunnel ssl profile ssl_profile
gnmi ssl profile ssl_profile
destination 10.1.1.100 port 10000
local interface Management1 port 10001
target testid1 testid2 testid3 testid4
!
transport grpc-tunnel noserialnotargets
!
transport grpc-tunnel onetarget
shutdown
vrf management
tunnel ssl profile ssl_profile
gnmi ssl profile ssl_profile
destination 10.1.1.100 port 10000
local interface Management1 port 10001
target testid100
!
transport grpc-tunnel serialandtargets
no shutdown
vrf management
tunnel ssl profile ssl_profile
gnmi ssl profile ssl_profile
destination 10.1.1.100 port 10000
local interface Management1 port 10001
target serial-number testid10 testid20
!
transport grpc-tunnel serialonly
target serial-number
provider eos-native
```

### Management CVX Summary

| Shutdown | CVX Servers |
| -------- | ----------- |
| False | 10.90.224.188, 10.90.224.189, leaf1.atd.lab |

#### Management CVX Source Interface

| Interface | VRF |
| --------- | --- |
| Loopback0 | MGMT |

#### Management CVX Device Configuration

```eos
!
management cvx
no shutdown
server host 10.90.224.188
server host 10.90.224.189
server host leaf1.atd.lab
source-interface Loopback0
vrf MGMT
```

### Management Console

#### Management Console Timeout

Management Console Timeout is set to **15** minutes.

#### Management Console Device Configuration

```eos
!
management console
idle-timeout 15
```

### Management API HTTP

#### Management API HTTP Summary

| HTTP | HTTPS | Default Services |
| ---- | ----- | ---------------- |
| False | True | True |

Management HTTPS is using the SSL profile SSL_PROFILE

#### Management API VRF Access

| VRF Name | IPv4 ACL | IPv6 ACL |
| -------- | -------- | -------- |
| default | ACL-API | ACL-API6 |
| MGMT | ACL-API | - |

HTTPS certificate and private key are configured.

#### Management API HTTP Device Configuration

```eos
!
management api http-commands
protocol https
no protocol http
default-services
protocol https ssl profile SSL_PROFILE
no shutdown
!
vrf default
no shutdown
ip access-group ACL-API
ipv6 access-group ACL-API6
!
vrf MGMT
no shutdown
ip access-group ACL-API
protocol https certificate
'\n-----BEGIN CERTIFICATE-----\nMIIFNjCCAx4CCQCVGSFu9M4dNDANBgkqhkiG9w0BAQsFADBdMQswCQ
YDVQQGEwJD\nQTELMAkGA1UECAwCQkMxEjAQBgNVBAcMCVZhbmNvdXZlcjEPMA0GA1UECgwGQXJp\nc3RhMQwwC
gYDVQQLDANBVkQxDjAMBgNVBAMMBWhvc3QxMB4XDTI0MTExMzE3NTAw\nN1oXDTM0MTExMTE3NTAwN1owXTELMA
kGA1UEBhMCQ0ExCzAJBgNVBAgMAkJDMRIw\nEAYDVQQHDAlWYW5jb3V2ZXIxDzANBgNVBAoMBkFyaXN0YTEMMAo
GA1UECwwDQVZE\nMQ4wDAYDVQQDDAVob3N0MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB\nAJz2e
UVD/4u+nmz0Ak6QJqPrQSJ6spZtxnfgSD3ETGhWgVO+aV7UbnpCAvKB+G7B\nX3WEHl2zphFE+O4HhRCBiDFB9
LXZ2fiiBKcPmFMuJChL15wLaa5yP99trMX3wxSL\nZIFKVmD5kxjtqZOjst+dPDm1v4KIXZxCuMhu8hpviZLhL
Gq+eFlYV4scIMgOSuOo\n8HBoqGkHmmOJmO+KlaLdXPQcqOqJIjwL++ZjP46eHa9fyaea1ZqmYC11syNTesVS
\n4G7v4fvd+rFi+ZAWu5Iuv6vbllLKqwHOiMcQ+Y4IbzDaqCk5VBh0PnxI+PWGDeUl\nlx83p3+o0zi7HHeI9
uTumRV8b7sc++9qaaPDtzD4wzJFwVJWIiHjdfCTQ0mRraz6\nuYbk2Kwo7rjmOQnby3K4+Lx+eylihzc3bWsDe9
6YUYVRi7Xsg56lz+SPSlxvBUjL\nuQ6TQHMgg7/AMrwnHVcgvJozM7eDGnwt6eYxoJZGiw+W60KjQcxlV4tt5HC
iGHIO\npCajVDjeN3quBCpCOlTCCoPQXjFB14EJagjS5QzFeRwrZcegKFKx61jClp0L4X8t\nEgCuTRlQtMdwvx
4sBKqND+RqE9YlC2ktQHpOyRtKlj3fZ1behzrO50rtKDZzrqOS\n/PpifGh3ZcJDsO3qt9xq3kUJm8rHKDuGgtE
yXGkXUd7RAgMBAAEwDQYJKoZIhvcN\nAQELBQADggIBAH0vpyvehlfjKmMMv5S05ruEW1La0+m2CypdxvgQ9IGH
FnsUqSzl\nhMsR5mISyhfaHSlYTE8YxiSoHUL7lMsIi6G+tEXglad3KJEpqVi2tg9GbteaBONN\nP7mjnDnHRhV
xodSUVOJvZmtGFv7lKRvGXYgwwCHq93Z3iyXvkFMNO6aYU3ghwYci\n1gMRXsWG/K8r4TzAC87RBTSXaFEIvrVY
NwhL61fRPvIvFzdf5I0Zi7LSKRDZ6Ks/\nAwMOQaTwF9W0a/dBc4twbmbajcTbXDcUA/Jxr97XrtlNioHe3itlwJ
aQ2LgSkfM9\nh5CJ+wcCmWLanHpeCoXu6kj17mZScfxHmHyuNXugq8Ryj23qndN37ZDADh0rqRKm\nXxVai6s0K
BZENiUiastKolA3CL27/312Wv5cPSi66NDdrNqwDZVS0d5QZd3Motni\n1aX/+GmOURX5O3xDMJZTx/lP2zRwId
fwEgBntBSipzmv73y5aMJqUCl3w980pLTj\nkc6u4R7x93bWtRedCtL8SroKgg3iSP+MNvjh7GRVrisKi1mHq37
xBFbfcKWQ8Fux\nxak6B5u7Dkwio2KGtQAzUTw8GNrG8ix6wYbCxRTorl0qtxWKqB1sqPkxVmo73PkO\nsVbhuz
XgHBzA4RNdl/qmwSKlL7pKfpQUm3jSzewJm224QTYODTF8KRpf\n-----END CERTIFICATE-----'
EOF
'\n-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCc9nlF
Q/+Lvp5s\n9AJOkCaj60EierKWbcZ34Eg9xExoVoFTvmle1G56QgLygfhuwV91hB5ds6YRRPju\nB4UQgYgxQfS1
2dn4ogSnD5hTLiQoS9ecC2mucj/fbazF98MUi2SBSlZg+ZMY7amT\no7LfnTw5tb+CiF2cQrjIbvIab4mS4Sxqvn
hZWFeLHCDIDkrjqPBwaKhpB5pjiZjv\nipWi3Vz0HKjqiSI8C/vmYz+Onh2vX8mnmtWapmAtdbMjU3rFUuBu7+H7
3fqxYvmQ\nFruSLr+r25ZSyqsBzojHEPmOCG8w2qgpOVQYdD58SPj1hg3lJZcfN6d/qNM4uxx3\niPbk7pkVfG+7
HPvvammjw7cw+MMyRcFSViIh43Xwk0NJka2s+rmG5NisKO645jkJ\n28tyuPi8fnspYoc3N21rA3vemFGFUYu17I
Oepc/kj0pcbwVIy7kOk0BzIIO/wDK8\nJx1XILyaMzO3gxp8LenmMaCWRosPlutCo0HMZVeLbeRwohhyDqQmo1Q4
3jd6rgQq\nQjpUwgqD0F4xQdeBCWoI0uUMxXkcK2XHoChSsetYwpadC+F/LRIArk0ZULTHcL8e\nLASqjQ/kahPW
JQtpLUB6TskbSpY932dW3oc6zudK7Sg2c66jkvz6Ynxod2XCQ7Dt\n6rfcat5FCZvKxyg7hoLRMlxpF1He0QIDAQ
ABAoICAEPrCtKD9+G6G8c9Vno0OeQX\n+dk3ims5GPXqIJhJhl5ngBKChAm6lgtk4O2ae6tBFVM+Vf1prOQwGh61
NkjMI+hc\nh8zgdUb2pFi9kMX9YzvkhWlKLvKDEUxWoroO2WTcZCLlzbash4/z1rrBzLahzNuT\n30hWRVtGK7re
9velZ7wcnyGZRW4zob3Z7/1g4drc0R1yy9yWo6GKepi8OL9+Vahz\ndkv2BtBAx0ELlQbbODEYm6Nghiki8N763Q
beKnOTxvV56ykXBlEXaLGGhKdefyWY\nINW2SITBn8GzgKiK0cIr+zPLUK48LoWM9d0Xoo+S0m95n4rHvI4BuPGo
XFz3OVm7\nPFPbNIptq6/kavkWzbASMhL8NZVV/KAj0ik5vrTcb+sa5PEeNjqxUVbX852SGk2I\ngrjNTfQNiBff
jTXGRlS8zIC6NPaWiW4UU76kpspcaWExzip0SR92nHURolIyiFVL\nxcDEsNzRVCvB0kDYrgBobIWJ0ZdwTPhueq
O6YVngOaOm92JPXxy7dK+gS9Jm3VAD\nmlrbS5OCwoI929XyTIZWhHYbr5nASDO90oudg5Jzo4EJrPx3JK9IXt5l
+wf915Cx\nEJWHVnvZHNZYBRSFFS/tbxNPhfPnRfkEtm1S4b5G3M/gtuxCbG1dmEn3Rn0rnxTl\niABt70XREoln
DlRu3rWhAoIBAQDLvaxDeb0iTcp4rhzSjRmoLeWZOdzyZeUpHitO\n6uLocCOrFVXZPK1WFRManS7CvmqOLABNPT
TcwIHFQIxToDsiqoKnYm2QQoAWbkMr\nrq0tKptW1iAre+v6BPUQ2+KksHHS9fc/oY4hKzK4JCZpVGdIrteZQ9Ye
J36JCIMv\nPNYdv4CeTQFjhvbLIT8ia+Dt/ZxAbeVXwQOmEuwuv/eDutigXkuwqZ2F8D1RKBQz\nsBhwNTfivX3P
MORPvH00CT2PCh7cd4PGLynZIoX+qVkJK5ecDY/Biolk9XnGJAkS\nJv5qhMBqfJg9xe9kKpcXwEFl7VSgvwK1MU
kO2oSScjwPxeMtAoIBAQDFOTBYfCIe\n43MHhT8ak7PoEadcCazHclDr/i61qabIKhWnkoREwpfju/dkl1lgoFVX
/vwpk3G0\nBxUeoDxx1CmjVygyLMH6oeESKk26Fx4pzEYIsaNxEkPltA380maqNYFCVTesqdOw\nHVEcl/uQdGCR
3HTytYhXy2NKn+3orJeKF9XOL6qJPzhNr6tBW32k24jbMCJoz6Kd\nOVkxo+JXQqeKIygWXqW3x7kLOHcdNL3lTk
Vq0qA3kfK4BRPKPHpKc+ttNWv0ex6Z\nR25pC4Oxpff5THJSeOXMSmQ9PzLEfz06kZ96PWhlvoTW/OjR1/zJEaZc
brzJVSRC\ndu7Z8g1sMUC1AoIBAC6amV/p5fCF2M2YDjG/YuIMdZuCF98+nZe1NfTcV8ERfacx\nvyxs671oHrGU
yNB1HAyfVgZU/NWOF2EWbcLnQP+h/zboleVMwN3gpO7GCwjs2RGY\n80zfENBk9+W+Vm6TicXWy5K7krZVmklyw3
KOgv2mONzvHnhRUmloEBHrGZM+bd5I\nAQxSH/vBBB8MjCwEOgym1rInDX2ckHf1I1n3kHvGdgvYEJdFp9D7mPtl
yYFJOxpb\ne/670U3H8N/JSVKB3yNRF0xrF2h6tCnXdO1bElf45ixAU0NLv2oqbgS/9KxK53S0\nQWLH9wVzlJIz
QQJesl/+sVDfEDYcl/yjssds3ZUCggEBAInUutXMAuiFWnmSBJTl\nTqDL3aNz230Thjw3SpuIsddHmhSfT7LiL9
ZnIbD6GOtvgdVajQ3dTmRbYsYhg7yl\nYmgV3DCcmQA4q5vPVrzLtTfO287tnmTCOBNLL09WF4uykuAxwBP6J8f3
5RzPlm7Q\n9kBZyp1ogp2gtYaMmG64V7uZhsFvDIaYWRfpwgyODRPunQlZ7WJEYcfxMUWA3AjR\nu1bN1RE1GimC
+e4+ivgtSNz9Q4QxKOlNJUy3t6npdCmeM5UB9a1Jcgv7IM1mz6WS\ncOeYJnk+ppKMFtu61BcBOWA6LzL1wYUBjc
LVwzwL70zx+cq1VVh7GTkd9zT3dav8\nC9UCggEAKud0g9RkaLpJXtH37C6byeCuvw2MA7h0LmjK0lQ5pljxc7bG
oEeWYZMT\nx9TBkzgHVedKpgPUQiZAZqIkDx5JOJOh4gswoNq4kzhCZXOM2gqECMwFHn9paq9E\nCfyGgAASHlnG
6MBdmhRtCIdTvXD7nTnTHAHS3IHybkvpP/C+FvPSnpFl5kmad/52\nxEnBkzW4rhGpE+D72RC0Z4wOurE+pLxJpH
nPu3lqVmD8m/AaxUzGdiRWPCLkx2G1\nlRIvIpbuqzZ1QzAdWwCX/5mgBk/xoI88N3EcxvgEJJhiXihYwW/630Kk
KETqnu64\n9ZBLoqoLmPhKxDHZuwO7re9GxVZ1HQ==\n-----END PRIVATE KEY-----'
EOF
```

### Management API Models

#### Management API Models Summary

| Provider | Path | Disabled |
| -------- | ---- | ------- |
| smash | flexCounters | False |
| smash | forwarding/srte/status/fec | False |
| smash | routing6/status | False |
| smash | routing/bgp/export/allPeerAdjRibIn | False |
| smash | routing/status | True |
| smash | tunnel/tunnelFib/entry | False |
| sysdb | /Sysdb/sys/logging/config/vrfLoggingHost/mgmt | True |
| sysdb | cell/1/agent | True |

#### Management API Models Device Configuration

```eos
!
management api models
!
provider smash
path flexCounters
path forwarding/srte/status/fec
path routing6/status
path routing/bgp/export/allPeerAdjRibIn
path routing/status disabled
path tunnel/tunnelFib/entry
!
provider sysdb
path /Sysdb/sys/logging/config/vrfLoggingHost/mgmt disabled
path cell/1/agent disabled
```

## CVX

| Peer Hosts |
Expand Down Expand Up @@ -589,6 +878,18 @@ enable password sha512 <removed>
!
```

### Management defaults

Default secret hash is set to md5

#### Management defaults Device Configuration

```eos
!
management defaults
secret hash md5
```

### TACACS Servers

#### TACACS Servers
Expand Down
Loading
Loading