-
Notifications
You must be signed in to change notification settings - Fork 29
/
base.j2
132 lines (128 loc) · 2.94 KB
/
base.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
system {
{% if not lookup("system", "dual-re") %}
host-name {{ host }};
{% endif %}
domain-name blade-group.net;
time-zone UTC;
location country-code {{ lookup('system', 'country') }};
ports {
console {
log-out-on-disconnect;
type vt100;
}
}
}
{% include "junos/ssh.j2" %}
system {
{% for license in lookup("system", "licenses") | tolist if license %}
replace: license {
keys {
key "{{ license }}";
}
}
{% endfor %}
replace: ntp {
{% for ntp in lookup("system", "ntp") %}
server {{ ntp }};
{% endfor %}
}
replace: name-server {
{% for dns in lookup("system", "dns") %}
{{ dns }};
{% endfor %}
}
replace: syslog {
archive size 10m files 10 world-readable;
user * {
any emergency;
}
{% for ip in lookup("system", "syslog") %}
host {{ ip }} {
any warning;
authorization notice;
firewall any;
interactive-commands any;
port 514;
source-address {{ lookup('topology', 'addresses').main | ipaddr("address") if lookup('topology', 'addresses').main is defined else lookup('topology', 'addresses').loopback }};
structured-data;
}
{% endfor %}
file * {
user emergency;
}
file messages {
any any;
authorization none;
firewall none;
change-log notice;
interactive-commands none;
match "!({{ lookup('system', 'syslog-exclude') | join('|') }})";
archive size 1m files 10;
explicit-priority;
}
file interactive-commands {
interactive-commands any;
}
file updown {
any info;
match "LINK_DOWN|LINK_UP";
}
file interfaces {
any info;
daemon info;
match .*SNMP_TRAP_LINK.*;
archive size 1m files 10;
explicit-priority;
}
file security {
authorization info;
interactive-commands info;
explicit-priority;
}
file default-log-messages {
any any;
structured-data;
}
file filter {
firewall any;
explicit-priority;
}
file commands {
interactive-commands info;
explicit-priority;
}
file console {
any critical;
authorization info;
}
console {
authorization info;
}
time-format year millisecond;
}
}
chassis {
alarm {
management-ethernet {
link-down ignore;
}
}
}
snmp {
location "{{ lookup('system', 'datacenter') }}, {{ lookup('system', 'country') }}";
community {{ lookup('system', 'snmp')['ro-community'] }} authorization read-only;
{% if "edge" in groups and lookup('system', 'sampling').type is not none %}
{% set sampling_community = lookup('system', 'sampling')['snmp-community'] %}
community {{ sampling_community }} authorization read-only;
community {{ sampling_community }} routing-instance internet;
{% endif %}
{% if "edge" in groups %}
routing-instance-access;
{% endif %}
}
protocols {
lldp {
port-id-subtype interface-name;
port-description-type interface-alias;
}
}