State module for Cisco NX-OS Switch Proxy and Native minions
For documentation on setting up the nxos proxy minion look in the documentation
for salt.proxy.nxos
.
salt.states.nxos.
config_absent
(name)Ensure a specific configuration line does not exist in the running config
config line to remove
Examples:
add snmp group:
nxos.config_absent:
- names:
- snmp-server community randoSNMPstringHERE group network-operator
- snmp-server community AnotherRandomSNMPSTring group network-admin
Note
For certain cases extra lines could be removed based on dependencies. In this example, included after the example for config_present, the ACLs would be removed because they depend on the existence of the group.
salt.states.nxos.
config_present
(name)Ensure a specific configuration line exists in the running config
config line to set
Examples:
add snmp group:
nxos.config_present:
- names:
- snmp-server community randoSNMPstringHERE group network-operator
- snmp-server community AnotherRandomSNMPSTring group network-admin
add snmp acl:
nxos.config_present:
- names:
- snmp-server community randoSNMPstringHERE use-acl snmp-acl-ro
- snmp-server community AnotherRandomSNMPSTring use-acl snmp-acl-rw
salt.states.nxos.
replace
(name, repl, full_match=False)Replace all instances of a string or full line in the running config
String to replace
The replacement text
Whether name will match the full line or only a subset of the line. Defaults to False. When False, .* is added around name for matching in the show run config.
Examples:
replace snmp string:
nxos.replace:
- name: randoSNMPstringHERE
- repl: NEWrandoSNMPstringHERE
replace full snmp string:
nxos.replace:
- name: ^snmp-server community randoSNMPstringHERE group network-operator$
- repl: snmp-server community NEWrandoSNMPstringHERE group network-operator
- full_match: True
Note
The first example will replace the SNMP string on both the group and the ACL, so you will not lose the ACL setting. Because the second is an exact match of the line, when the group is removed, the ACL is removed, but not readded, because it was not matched.
salt.states.nxos.
user_absent
(name)Ensure a user is not present
username to remove if it exists
Examples:
delete:
nxos.user_absent:
- name: daniel
salt.states.nxos.
user_present
(name, password=None, roles=None, encrypted=False, crypt_salt=None, algorithm='sha256')Ensure a user is present with the specified groups
Name of user
Encrypted or Plain Text password for user
List of roles the user should be assigned. Any roles not in this list will be removed
Whether the password is encrypted already or not. Defaults to False
Salt to use when encrypting the password. Default is None (salt is randomly generated for unhashed passwords)
Algorithm to use for hashing password. Defaults to sha256. Accepts md5, blowfish, sha256, sha512
Examples:
create:
nxos.user_present:
- name: daniel
- roles:
- vdc-admin
set_password:
nxos.user_present:
- name: daniel
- password: admin
- roles:
- network-admin
update:
nxos.user_present:
- name: daniel
- password: AiN9jaoP
- roles:
- network-admin
- vdc-admin