barf, a horrible set of scripts that generate network switch and virtual router configs for our mesh
it used to have a meaning but scope creep led to it absorbing some scripts and starting to take over responsbilites for generating configs from Netbox in general
this name was brought to life when the author quite literally barfed when messing with the network and the horror sticks around in this script's name
a lot of these scripts are opiniated towards our setup but is a good starting point for others looking at generating network configurations from Netbox!
- Netbox install
- HashiCorp Vault deployment
- Vault is used to store the following
- TACACS keys
- shared passwords
- global shared R/O SNMP secrets
- admin password
- enable password
- wireguard privkey/pubkey pairs
- Vault is used to store the following
for devices, this set of scripts expect the following for your devices
interfaces are to be named just like they are named in the switch OS with the exception for port channels. port channels are to be named with numbers and are set as type "Link Aggregation Group (LAG)"
interface access/trunk mode is determined via the 802.1q mode as set in Netbox. native VLAN, untagged VLAN, tagged VLANs are also set depending on the netbox configuration.
interface description will be set as is alongside the cable information if connected on Netbox.
- Cisco IOS 15 (partially)
- 3750X with autogenerated interfaces and TACACS configs is a cool win
- Arista EOS (partially)
- interfaces and basic TACACS config have been pushed to a 7050QX-32S running 4.26.4M
- DNOS 6 devices
- i got this to generate a config for the N1524 with zero manual configuration on my part!
- automate routing between multiple providers and personal networks
- wireguard + bgp + a cursed vpn spine/leaf setup is how this happens
- reproducable configurations for routers!
- consistent switch configurations too!
- dhcp + dns config generation from a single source of truth - Netbox
- config pushing via cli with napalm + netmiko magic! \o/
- less manual changes of TACACS and other volatile settings so that erin cannot isolate FMT2 and SEA69 from the network again