Quick Start Guides¶
Backup Configuration¶
Follow the steps below to get up and running for the configuration backup element of the plugin.
-
Enable the feature in the
PLUGIN_SETTINGS
. The configuration should have"enable_backup": True
set in thePLUGINS_CONFIG
dictionary fornautobot_golden_config
. -
Add any git repositories that will be used to house the backup configurations.
- In the UI
Extensibility -> Git Repositories
. Click Add. - Populate the Git Repository data for the backup. Git Settings
- Make sure to select the Provides called
backup configs
. - Click Create.
- In the UI
-
Next, make sure to create new or update existing Plugins Settings with the backup details.
- Navigate to
Golden Config -> Settings
under the Golden Configuration Section. - Create new or select one of the existing
Settings
objects - Fill out the Backup Repository. (The dropdown will show the repository that was just created.)
- Fill out Backup Path Template. Typically
{{obj.site.slug}}/{{obj.name}}.cfg
, see Setting Details - Select whether or not to do a connectivity check per device.
- Click Save.
- Navigate to
-
Create Configuration Removals and Replacements.
-
Execute the Backup.
- Navigate to
Golden Config -> Home
under the Golden Configuration Section. - Click on the
Execute
button and selectBackup
. - Select what to run the backup on.
- Run the Job by clicking "Run Job" button.
- Navigate to
For in-depth details see Navigating Backup
Intended Configuration¶
Follow the steps below to get up and running for the intended configuration element of the plugin.
Note
Intended Configuration requires the enable_intended
and enabled_sotAgg
plugin features to be used.
Note
If Secret Group is used for the Repositories the secrets type HTTP(S) is required for this plugin.
-
Enable the feature in the
PLUGIN_SETTINGS
. The configuration should have"enable_intended": True
set in thePLUGINS_CONFIG
dictionary fornautobot_golden_config
. -
Add any git repositories that will be used to house the intended configurations.
- In the UI
Extensibility -> Git Repositories
. Click Add. - Populate the Git Repository data for the intended. Git Settings
- Make sure to select the Provides called
intended configs
. - Click Create.
- In the UI
-
Add the git repository that will be used to house the Jinja2 templates.
- In the UI
Extensibility -> Git Repositories
. Click Add. - Populate the Git Repository data for the jinja2 templates. Git Settings
- Make sure to select the Provides called
jinja templates
. - Click Create.
- In the UI
-
Next, make sure to create new or update existing Plugins Settings with the intended and jinja2 template details.
- Navigate to
Golden Config -> Settings
under the Golden Configuration Section. - Create new or select one of the existing
Settings
objects - Fill out the Intended Repository. (The dropdown will show the repository that was just created.)
- Fill out Intended Path Template. Typically
{{obj.site.slug}}/{{obj.name}}.cfg
, see Setting Details - Fill out Jinja Repository. (The dropdown will show the repository that was just created.)
- Fill out Jinja Path Template. Typically
{{obj.platform.slug}}.j2
.
- Navigate to
-
Determine what data(variables) the Jinja2 templates need from Nautobot.
- See Source of Truth Agg Details
- In the UI
Extensibility -> GraphQL Queries
. Click Add. - Populate the GraphQL data.
- Make sure to follow the format specified in the GraphQL section in Source of Truth Agg Details
- Click Create.
- Navigate to
Golden Config -> Settings
under the Golden Configuration Section. - Select a SoTAgg Saved Query. (The dropdown will show the GraphQL query that was just created.)
-
Execute the Intended.
- Navigate to
Golden Config -> Home
. - Click on the
Execute
button and selectIntended
. - Select what to run the intended generation on.
- Run the Job.
- Navigate to
For in-depth details see Navigating Intended
Compliance¶
Compliance requires Backups and Intended Configurations in order to be executed.
- Enable the feature in the
PLUGIN_SETTINGS
. The configuration should have"enable_compliance": True
set in thePLUGINS_CONFIG
dictionary fornautobot_golden_config
. - Follow the steps in Backup Configuration.
- Follow the steps in Intended Configuration.
-
Create a Compliance Feature.
- Navigate to
Golden Config -> Compliance Feature
. - Click Add and give the feature a name. Typically this is based on the configuration snippet or section. E.g. "aaa".
- Navigate to
-
Create a Compliance Rule.
- Navigate to
Golden Config -> Compliance Rules
. - Click Add and populate the fields, make sure the rule is linked to the feature created previously. See Configuration Compliance Settings for details.
- Navigate to
-
Execute Compliance Check.
- Navigate to
Golden Config -> Configuration Compliance
. - Click on the
Execute
button and selectCompliance
. - Select what to run the compliance on.
- Run the Job.
- Navigate to
For in-depth details see Navigating Compliance
Load Properties from Git¶
Golden Config properties include: Compliance Features, Compliance Rules, Config Removals, and Config Replacements. They can be created via the UI, API, or alternatively you can load these properties from a Git repository, defined in YAML files following the this directory structure (you can skip any of them if not apply):
├── golden_config
│ ├── compliance_features
│ ├── compliance_rules
│ ├── config_removes
│ ├── config_replaces
The files within these folders can follow any naming pattern or nested folder structure, all of them will be recursively taken into account. So it's up to you to decide how to you prefer to organize these files (within the previously stated directory structure):
├── golden_config
│ ├── compliance_features
│ │ └── all.yml
│ ├── compliance_rules
│ │ ├── my_rule_for_cisco_ios
│ │ │ ├── some_rules.yml
│ │ │ └── some_other_rules.yml
│ │ └── juniper_junos.yml
│ ├── config_removes
│ │ ├── cisco_ios.yml
│ │ └── juniper_junos.yml
│ ├── config_replaces
│ │ ├── cisco_ios.yml
│ │ └── juniper_junos.yml
The YAML
files will contain all the attributes necessary to identify an object (for instance, a ComplianceRule
is identified by the feature_slug
and the platform_slug
together) and the other attributes (the ones that are not used to identify the object). For example:
compliance_features
example:
---
- name: "aaa"
slug: "aaa"
description: "aaa feature"
````
`compliance_rules` example:
```yaml
---
- feature_slug: "aaa"
platform_slug: "cisco_ios"
config_ordered: true
match_config: |
aaa
line
username
role
tacacs
config_type: "cli"
config_removes
example:
config_replaces
example:
---
- name: "username"
platform_slug: "cisco_ios"
description: "username"
regex: '(username\s+\S+\spassword\s+5\s+)\S+(\s+role\s+\S+)'
replace: '\1<redacted_config>\2'
Note
For Foreign Key references to ComplianceFeature
and Platform
we use the keywords feature_slug
and platform_slug
respectively.
-
Add the Git repository that will be used to sync Git properties.
- In the UI
Extensibility -> Git Repositories
. Click Add. - Populate the Git Repository data for the GC properties. Git Settings
- Make sure to select the Provides called
Golden Config properties
. - Click Create (This step runs an automatic sync).
- In the UI
-
Run
sync
and all the properties will be created/updated in a declarative way and following the right order to respect the dependencies between objects. The import task will raise awarning
if the dependencies are not available yet (for instance, a referencedPlatform
is not created), so thesync
process will continue, and you could then fix these warnings by reviewing the mismatch (maybe creating the required object) and run thesync
process again.