142 lines
2.9 KiB
Plaintext
142 lines
2.9 KiB
Plaintext
|
version ${'.'.join(node.metadata.get('junos/version'))};
|
||
|
system {
|
||
|
host-name ${node.name.split('.')[-1]};
|
||
|
time-zone GMT;
|
||
|
root-authentication {
|
||
|
encrypted-password "$5$1hGrR8Kk$lx3CIdxqvesBrZUtDftROEoyXQuMENEu62JVtHw6WGD"; ## SECRET-DATA
|
||
|
}
|
||
|
name-server {
|
||
|
% for srv in repo.libs.defaults.nameservers_ipv4:
|
||
|
${srv};
|
||
|
% endfor
|
||
|
}
|
||
|
login {
|
||
|
% for uid, (uname, uconfig) in enumerate(sorted(users.items())):
|
||
|
user ${uname} {
|
||
|
full-name ${uname};
|
||
|
uid ${1000+uid};
|
||
|
class super-user;
|
||
|
authentication {
|
||
|
% for pubkey in sorted(uconfig['ssh_pubkey']):
|
||
|
${pubkey.split(' ', 1)[0]} "${pubkey}";
|
||
|
% endfor
|
||
|
}
|
||
|
}
|
||
|
% endfor
|
||
|
}
|
||
|
services {
|
||
|
ssh {
|
||
|
protocol-version v2;
|
||
|
}
|
||
|
netconf {
|
||
|
ssh;
|
||
|
}
|
||
|
# web-management {
|
||
|
# http;
|
||
|
# }
|
||
|
}
|
||
|
syslog {
|
||
|
user * {
|
||
|
any emergency;
|
||
|
}
|
||
|
file messages {
|
||
|
any notice;
|
||
|
authorization info;
|
||
|
}
|
||
|
file interactive-commands {
|
||
|
interactive-commands any;
|
||
|
}
|
||
|
}
|
||
|
ntp {
|
||
|
% for srv in sorted(ntp_servers):
|
||
|
server ${srv};
|
||
|
% endfor;
|
||
|
}
|
||
|
}
|
||
|
interfaces {
|
||
|
% for iface, config in sorted(interfaces.items()):
|
||
|
${iface} {
|
||
|
unit 0 {
|
||
|
% if not config['enabled']:
|
||
|
disable;
|
||
|
% endif
|
||
|
% if config['mode'] == 'trunk':
|
||
|
family ethernet-switching {
|
||
|
port-mode trunk;
|
||
|
vlan {
|
||
|
members [ ${' '.join(sorted(config['tagged_vlans']))} ];
|
||
|
}
|
||
|
% if config['untagged_vlan']:
|
||
|
native-vlan-id ${config['untagged_vlan']};
|
||
|
% endif
|
||
|
}
|
||
|
% else:
|
||
|
family ethernet-switching;
|
||
|
% endif
|
||
|
}
|
||
|
}
|
||
|
% endfor
|
||
|
vlan {
|
||
|
% for idx, (vlan, vconfig) in enumerate(sorted(vlans.items())):
|
||
|
% if vconfig['ip_address']:
|
||
|
unit ${idx} {
|
||
|
family inet {
|
||
|
address ${vconfig['ip_address']};
|
||
|
}
|
||
|
}
|
||
|
% endif
|
||
|
% endfor
|
||
|
}
|
||
|
}
|
||
|
snmp {
|
||
|
contact "${repo.libs.defaults.hostmaster_email}";
|
||
|
community public {
|
||
|
authorization read-only;
|
||
|
}
|
||
|
}
|
||
|
routing-options {
|
||
|
static {
|
||
|
route 0.0.0.0/0 next-hop ${gateway};
|
||
|
}
|
||
|
}
|
||
|
protocols {
|
||
|
igmp-snooping {
|
||
|
vlan all;
|
||
|
}
|
||
|
rstp;
|
||
|
lldp {
|
||
|
interface all;
|
||
|
}
|
||
|
lldp-med {
|
||
|
interface all;
|
||
|
}
|
||
|
}
|
||
|
ethernet-switching-options {
|
||
|
voip;
|
||
|
storm-control {
|
||
|
interface all;
|
||
|
}
|
||
|
}
|
||
|
vlans {
|
||
|
% for idx, (vlan, vconfig) in enumerate(sorted(vlans.items())):
|
||
|
${vlan} {
|
||
|
% if vconfig['id']:
|
||
|
vlan-id ${vconfig['id']};
|
||
|
% endif
|
||
|
interface {
|
||
|
% for iface, iconfig in sorted(interfaces.items()):
|
||
|
% if iconfig['untagged_vlan'] == vlan:
|
||
|
${iface}.0;
|
||
|
% endif
|
||
|
% endfor
|
||
|
}
|
||
|
% if vconfig['ip_address']:
|
||
|
l3-interface vlan.${idx};
|
||
|
% endif
|
||
|
}
|
||
|
% endfor
|
||
|
}
|
||
|
poe {
|
||
|
interface all;
|
||
|
}
|