search

dmulyalin / salt-nornir

SALTSTACK Nornir based proxy minion, execution, state and runner modules
MIT License
27 stars 3 forks source link

[REQUEST] Add parameter options for Cred Retry to accept different plugins #27

Closed gcasella closed 1 year ago

gcasella commented 1 year ago

Hey!

As we discussed on Slack. This is a request to include the logic for looking at different plugin configurations when it comes to the retry runner (credential retry).

this use case is if someone would like to use Public Key Authentication as their primary method instead of Tacacs. But if public key authentication is not available to still attempt to use Tacacs or local credentials.

With your help I was able to make this work with napalm only by using;

defaults: 
   data: 
      credentials:
         ssh_key_auth:
            username: "rsa-user"
         tacacs_account:
            username: "{{ salt['environ.get']('USERNAME') }}"
            password: "{{ salt['environ.get']('PASSWORD') }}"
            extras:
              optional_args:
                key_file: False
         local_account_1:
            username: admin
            password: "{{ salt['environ.get']('ADMIN_PASSWORD') }}"
            extras:
              optional_args:
                key_file: False

What I am suggesting if doable is to add the logic to allow other methods such as ncclient, scrapli_netconf, pyez, etc.

Snippet of the pillar configuration I was thinking of is like this (below is in the json format of the yaml file. apologies for that);

'defaults': {
    'data': {
        'credentials': {
            'ssh_key_auth': {
                'username': 'rsa-user'
            },
            'tacacs_account': {
                'username': "user",
                'password': "password",
                'extras': {
                    'napalm': {
                        'optional_args': {
                            'key_file': False
                        },
                    },
                    'scrapli_netconf': {
                        'auth_private_key': None
                    },
                    'ncclient': {
                        'key_filename': None
                    }
                }
            },
dmulyalin commented 1 year ago

How about:

'defaults': {
    'data': {
        'credentials': {
            'ssh_key_auth': {
                'username': 'rsa-user'
            },
            'tacacs_account': {
                'username': "user",
                'password': "password",
                'platform': 'junos',
                'connection_options': {
                    'napalm': {
                        'platform': 'juniper',
                        'extras': {
                          'optional_args': {
                              'key_file': False
                          },
                      },
                    },
                    'scrapli_netconf': {
                        'platform': 'juniper-junos',
                        'extras': {},
                    },
                    'ncclient': {
                        'port': 830,
                        'extras': {}
                    }
                }
            },

In essence follow same structure we use to define connections options for Nornir hosts' inventory.

dmulyalin commented 1 year ago

Added support in latest commit to specify per-connection retry parameters - https://github.com/dmulyalin/nornir-salt/blob/fb57c199625deac3efc47a2a7c6b35518229c938/nornir_salt/plugins/tasks/connections.py#L189 - please try installing nornir-salt and salt-nornir from github to test it if you'd like.