Managing network devices in Puppet Enterprise
With the release of Puppet Enterprise 2019.2, we've added several new features to enhance our user experience. One of the features we're most excited to share is our improvement to managing network devices. In the 2019.1 release we introduced the inventory service, which allows users to add nodes without installing a Puppet agent on them. In 2019.2, we added to the inventory service to enable better workflows for network devices.
Previously, managing network devices required the use of a proxy agent. Device credentials were stored on the proxy, which was a vulnerable and fragile mechanism. In 2019.2, we expose the resource API to enable tasks and Puppet runs on network devices. This means network devices are like any other infrastructure node in PE. Your device credentials are more secure, and adding network devices is faster than ever. We simplified the process so that no knowledge of the underlying mechanisms is required.
See it in action
Imagine that you want to add a new network device to your infrastructure, run a task on it, and then run Puppet. We made this process simpler in 2019.2.
When you first navigate to the inventory page, you’ll see a third tab which allows you to add network switches, firewalls, or other device transports. In order to do this, you first need to install a device transport module from the Forge. Some of the available modules support Cisco IOS devices, Cisco Nexus switches, and Palo Alto firewalls.
First, install the cisco_ios module from the Forge using:
Now that cisco_ios is installed, you can see that it has been added to the network devices tab on the inventory page. You can then add your Cisco IOS device.
To add a cisco_ios device, you first go to the setup inventory page.
Once on the network devices tab, you’ll fill out some information about the node. A few fields are required:
- The certname.
- The enable password. This is the password required to enter into enable mode on the device.
- The host address of the device. This can be either a FQDN or the IP address of your device.
- The user and password. These are the credentials used to authenticate connections to the device.
Once your device is added, a link to your new node appears. This will take you to the inspect nodes page, where you can see all of the information about your node.
You’re now ready to run a task on your device. The cisco_ios module comes with three tasks, which can help with one off changes or troubleshooting.
First, navigate to the tasks page. Select the
cisco_ios::config_save task, which allows you to save the running-config to the starting-config. Select the Cisco IOS device that you’d like to run it on, and then run the job.
Finally, you can perform a Puppet run on your network device.
After navigating to inspect nodes, select your network device. After selecting the run puppet dropdown, you can set options for running Puppet on your node. Once the run is completed, you can navigate to the run report to confirm that your changes were made.
We hope that this demonstrates how fast and simple managing network devices is in 2019.2, and we look forward to hearing your feedback!
Amy Rose is a software engineer at Puppet.