salt.states.nxos module

State module for Cisco NX-OS Switch Proxy and Native minions

For documentation on setting up the nxos proxy minion look in the documentation for salt.proxy.nxos.

salt.states.nxos.config_absent(name)

Ensure a specific configuration line does not exist in the running config

name

config line to remove

Examples:

add snmp group:
  nxos.config_absent:
    - names:
      - snmp-server community randoSNMPstringHERE group network-operator
      - snmp-server community AnotherRandomSNMPSTring group network-admin

Note

For certain cases extra lines could be removed based on dependencies. In this example, included after the example for config_present, the ACLs would be removed because they depend on the existence of the group.

salt.states.nxos.config_present(name)

Ensure a specific configuration line exists in the running config

name

config line to set

Examples:

add snmp group:
  nxos.config_present:
    - names:
      - snmp-server community randoSNMPstringHERE group network-operator
      - snmp-server community AnotherRandomSNMPSTring group network-admin

add snmp acl:
  nxos.config_present:
    - names:
      - snmp-server community randoSNMPstringHERE use-acl snmp-acl-ro
      - snmp-server community AnotherRandomSNMPSTring use-acl snmp-acl-rw
salt.states.nxos.replace(name, repl, full_match=False)

Replace all instances of a string or full line in the running config

name

String to replace

repl

The replacement text

full_match

Whether name will match the full line or only a subset of the line. Defaults to False. When False, .* is added around name for matching in the show run config.

Examples:

replace snmp string:
  nxos.replace:
    - name: randoSNMPstringHERE
    - repl: NEWrandoSNMPstringHERE

replace full snmp string:
  nxos.replace:
    - name: ^snmp-server community randoSNMPstringHERE group network-operator$
    - repl: snmp-server community NEWrandoSNMPstringHERE group network-operator
    - full_match: True

Note

The first example will replace the SNMP string on both the group and the ACL, so you will not lose the ACL setting. Because the second is an exact match of the line, when the group is removed, the ACL is removed, but not readded, because it was not matched.

salt.states.nxos.user_absent(name)

Ensure a user is not present

name

username to remove if it exists

Examples:

delete:
  nxos.user_absent:
    - name: daniel
salt.states.nxos.user_present(name, password=None, roles=None, encrypted=False, crypt_salt=None, algorithm='sha256')

Ensure a user is present with the specified groups

name

Name of user

password

Encrypted or Plain Text password for user

roles

List of roles the user should be assigned. Any roles not in this list will be removed

encrypted

Whether the password is encrypted already or not. Defaults to False

crypt_salt

Salt to use when encrypting the password. Default is None (salt is randomly generated for unhashed passwords)

algorithm

Algorithm to use for hashing password. Defaults to sha256. Accepts md5, blowfish, sha256, sha512

Examples:

create:
  nxos.user_present:
    - name: daniel
    - roles:
      - vdc-admin

set_password:
  nxos.user_present:
    - name: daniel
    - password: admin
    - roles:
      - network-admin

update:
  nxos.user_present:
    - name: daniel
    - password: AiN9jaoP
    - roles:
      - network-admin
      - vdc-admin