Page MenuHomePhabricator
Create Task
Maniphest T297784

Improve Netbox PuppetDB import script to set switch trunk port Vlans as needed
Open, LowestPublic
Actions

Description

The Puppet DB Netbox import script works very well and, once interfaces are set up on a host, properly adds them in Netbox, and attaches IP objects as needed.

This is true for all interfaces on Linux hosts, including vlan / 802.1q sub-interfaces.

If a host has vlan sub-interfaces, however, the switch port it's connected to needs to be configured as a trunk, usually with the primary interface untagged ("native vlan" on the switch side), and the remaining tagged. Switch configuration is controlled by the port settings in Netbox (for example https://netbox.wikimedia.org/dcim/interfaces/23749/). The port's attributes in Netbox are set so that the "802.1q mode" is "tagged", and the "untagged" and "tagged" vlan fields are populated as needed.

Currently setting the switch port mode and allowed vlans is done manually if required. Which is not a big deal as the number of devices with sub-ints is very low. An improvement could be made by which the Netbox PuppetDB import script would evaluate if tagged sub-interfaces are present, and make sure that the corresponding switch port is configured to match. Likely this would be easier if T296832 was also completed, to properly represent the interface relationships in Netbox, as opposed to evaluating based on names.

Not urgent by any means, but creating task to record the gap that could be filled at some stage.

Related Objects

Event Timeline

cmooney triaged this task as Lowest priority.Dec 15 2021, 1:42 PM
cmooney created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 15 2021, 1:42 PM
Volans added a project: netbox.Dec 15 2021, 3:41 PM
ayounsi subscribed.Apr 14 2022, 2:32 PM

In the current state of our infra I don't think that part should be dynamic.

Switch ports are configured by DCops (or service owners when knowledgeable) at provisioning time and shouldn't change during the server's lifecycle. Special cases are infrequent enough to be changed manually and verifying that the change is expected.

Having that part dynamic I'd worry that:

  • It makes automation more complex by adding new dependencies (DCops says one thing, the server another, who is right?)
  • It creates outstanding and unexpected changes after a server is re-imaged or similar

That said, improving the PuppetDB Netbox report to highlight this kind of discrepancies would be welcome, although not urgent.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL