salt.states.nxos module

State module for Cisco NX OS Switches Proxy minions

For documentation on setting up the nxos proxy minion look in the documentation for salt.proxy.nxos.

salt.states.nxos.config_absent(name)

Ensure a specific configuration line does not exist in the running config

name
config line to remove

Examples:

add snmp group:
  nxos.config_absent:
    - names:
      - snmp-server community randoSNMPstringHERE group network-operator
      - snmp-server community AnotherRandomSNMPSTring group network-admin

Note

For certain cases extra lines could be removed based on dependencies. In this example, included after the example for config_present, the ACLs would be removed because they depend on the existance of the group.

salt.states.nxos.config_present(name)

Ensure a specific configuration line exists in the running config

name
config line to set

Examples:

add snmp group:
  nxos.config_present:
    - names:
      - snmp-server community randoSNMPstringHERE group network-operator
      - snmp-server community AnotherRandomSNMPSTring group network-admin

add snmp acl:
  nxos.config_present:
    - names:
      - snmp-server community randoSNMPstringHERE use-acl snmp-acl-ro
      - snmp-server community AnotherRandomSNMPSTring use-acl snmp-acl-rw
salt.states.nxos.replace(name, repl, full_match=False)

Replace all instances of a string or full line in the running config

name
String to replace
repl
The replacement text
full_match
Whether name will match the full line or only a subset of the line. Defaults to False. When False, .* is added around name for matching in the show run config.

Examples:

replace snmp string:
  nxos.replace:
    - name: randoSNMPstringHERE
    - repl: NEWrandoSNMPstringHERE

replace full snmp string:
  nxos.replace:
    - name: ^snmp-server community randoSNMPstringHERE group network-operator$
    - repl: snmp-server community NEWrandoSNMPstringHERE group network-operator
    - full_match: True

Note

The first example will replace the SNMP string on both the group and the ACL, so you will not lose the ACL setting. Because the second is an exact match of the line, when the group is removed, the ACL is removed, but not readded, because it was not matched.

salt.states.nxos.user_absent(name)

Ensure a user is not present

name
username to remove if it exists

Examples:

delete:
  nxos.user_absent:
    - name: daniel
salt.states.nxos.user_present(name, password=None, roles=None, encrypted=False, crypt_salt=None, algorithm='sha256')

Ensure a user is present with the specified groups

name
Name of user
password
Encrypted or Plain Text password for user
roles
List of roles the user should be assigned. Any roles not in this list will be removed
encrypted
Whether the password is encrypted already or not. Defaults to False
crypt_salt
Salt to use when encrypting the password. Default is None (salt is randomly generated for unhashed passwords)
algorithm
Algorithm to use for hashing password. Defaults to sha256. Accepts md5, blowfish, sha256, sha512

Examples:

create:
  nxos.user_present:
    - name: daniel
    - roles:
      - vdc-admin

set_password:
  nxos.user_present:
    - name: daniel
    - password: admin
    - roles:
      - network-admin

update:
  nxos.user_present:
    - name: daniel
    - password: AiN9jaoP
    - roles:
      - network-admin
      - vdc-admin