Standardizing Deployment Configurations

[Fred]

Thanks to Solarwinds NCM, I have configuration management under control. I have real-time backups of the running-configuration along with email notifications, and nightly backups of startup-configs. I have compliance checks to make sure that configuration meets our standards. I'm not a huge Solarwinds fanatic, but NCM is a solid product. For those on a budget, you can do most of that with rancid, as well, and I'm a big fan of that.

What I don't have is a good way to standardize deployment configs for new devices.

At my previous employer, I wrote simple PHP forms where you could enter the relevant information and it would do string replacement to generate a config. It worked fine, but required custom form development each time a new template was written. I've seen similar things with text documents and find and replace.

I've looked at using Ansible for network configs, but it seems like overkill for what I want to do, and the documentation is pretty sparse for this use.

There's also this great article about Stretch's experience writing a very flexible version of templating using django and Python. Unfortunately, he can't release his code. I started trying to write it myself, but my Python skills are currently pretty weak, and I'm finding that even with that guidance, the hill I have to climb to recreate it is really more of a small mountain.

So, what do you guys use to standardize configurations for newly deployed routers and switches?

[deanwebb]

Copy, and also paste.

[dlots]

We use to use a FREAKING HUGE excel spread sheet that 1 colum as a varible 1 row as a site, the colums were up to CVX when we switched to a C++ based program.  Anyway there was some VB behind the spreadsheet that would open templates that had the variables and logic in it  for example
[Tunnel&!TunnelProtect&(MTSE1*16,MTSE2*16,MTSE3*16)] set peer %wan16rip%
If it this router had a tunnel and it wasn't encrypted, and it was a tunnel to any the links to site 16 than it would put in this line, and use the variable defined in the excel file as the site 16 IP address.

As you can imagine these templates are crazy big, one of our templates is 22K lines long.

If I were going to do something and wanted to make it simple I might try a mail-merge.  I have done that in the past with very good results.

[routerdork]

I would like to get some things going with Python but haven't had the time to focus on learning it. For now I just use txt files with "changeme" where needed.

We do have the Solarwinds Config add-in as well as several other modules. There is a way to check compliance with it but I have yet to take time to figure it out. Right now we use it for backups and bulk changes like passwords, snmp, etc.

[that1guy15]

We have a standard closet/IDF build which lines up with remote site builds so we only have a handful of templates. If your in the partner/VAR space then I have heard there is a config builder in the partner tools for each device.

Else I would jump on ansible. It might be overkill for this but there is so much more it can do with your network gear in terms of automation. Its on my short list to get going here.

[digitheads]

check out spiceworks, they will do all of that for you and then some....

[packetherder]

The learning curve on Django is pretty steep, but well worth it in my opinion. In the end, it's just a way to store the variables you'd end up using in your template. If you wanted to quickly start templating you can use jinja by itself and give it variables from a variety of less dynamic sources (e.g. a dictionary or keyword args you can edit each time you run or use the argparse module to let you use command-line switches).

Here's a good gist to maybe get you going.
https://gist.github.com/wrunk/1317933#file-jinja2_file_system_loader-py

Also take a look at the netaddr library, it makes IP manipulation from CIDRs super easy.

Would be happy to help out if you get stuck.