A plugin for Nautobot that intends to provide context around golden configuration.

In addition to this overview, documentation can be found for:

• Navigating Overview
• Navigating Backup
• Navigating Compliance
• Navigating Intended
• Navigating SoTAgg
• FAQ

The golden configuration plugin performs four primary actions, each of which can be toggled on with a respective enable_* setting, covered in detail later in the readme.

• Configuration Backup - Is a Nornir process to connect to devices, optionally parse out lines/secrets, backup the configuration, and save to a Git repository.
• Configuration Intended - Is a Nornir process to generate configuration based on a Git repo of Jinja files and a Git repo to store the intended configuration.
• Source of Truth Aggregation - Is a GraphQL query per device with that creates a data structure used in the generation of configuration.
• Configuration Compliance - Is a Nornir process to run comparison of the actual (via backups) and intended (via Jinja file creation) cli configurations.

The operator's of their own Nautobot instance are welcome to use any combination of these features. Though the appearance may seem like they are tightly coupled, they are not actually. As an example, one can obtain backup configurations from their current RANCID/Oxidized process and simply provide a Git Repo of the location of the backup configurations and the compliance process would work the same way. Another user may only want to generate configurations.

There are many features and capabilities the plugin provides, the following is intended to provide a quick visual overview of some of those features.

The golden configuration is driven by jobs that run a series of tasks and the result is captured in this overview.

The compliance report provides a high-level overview on the compliance of your network.

The compliance overview will provide a per device and feature overview on the compliance of your network devices.

Drilling into a specific device and feature, you can get an immediate detailed understanding of your device.

There are three primary controls to determine the inclusion of a device within one of the four given components.

• The allowed_os will allow list the specific operating systems that can be included.
• The enable_backup, enable_compliance, enable_intended, and enable_sotagg will toggle inclusion of the entire component.
• Coming Soon: There is the ability to manage on a per device.

The plugin is compatible with Nautobot 1.0.0 and higher

The plugin relies on nautobot_plugin_nornir to be installed and both plugins to be enabled in your configuration settings.

PLUGINS = ["nautobot_plugin_nornir", "nautobot_golden_config"]

PLUGINS_CONFIG = {
    "nautobot_plugin_nornir": {
        "nornir_settings": {
            "credentials": "nautobot_plugin_nornir.plugins.credentials.env_vars.CredentialsEnvVars",
            "runner": {
                "plugin": "threaded",
                "options": {
                    "num_workers": 20,
                },
            },
        },
    },
    "nautobot_golden_config": {
        "allowed_os": ["all"], # Should be limited to list of supported network operating systems
        "per_feature_bar_width": 0.15,
        "per_feature_width": 13,
        "per_feature_height": 4,
        "enable_backup": True,
        "enable_compliance": True,
        "enable_intended": True,
        "enable_sotagg": True,
        "sot_agg_transposer": None,
    },
}

The plugin behavior can be controlled with the following list of settings.

Note: Over time the intention is to make the compliance report more dynamic, but for now allow users to configure in a way that fits best for them.

Pull requests are welcomed and automatically built and tested against multiple version of Python and multiple version of Nautobot through TravisCI.

The project is packaged with a light development environment based on docker-compose to help with the local development of the project and to run the tests within TravisCI.

The project is following Network to Code software development guideline and is leveraging:

• Black, Pylint, Bandit, flake8, and pydocstyle for Python linting and formatting.
• Django unit test to ensure the plugin is working properly.

The project is coming with a CLI helper based on invoke to help setup the development environment. The commands are listed below in 3 categories dev environment, utility and testing.

Each command can be executed with invoke <command>. All commands support the arguments --nautobot-ver and --python-ver if you want to manually define the version of Python and Nautobot to use. Each command also has its own help invoke <command> --help

  build            Build all docker images.
  debug            Start Nautobot and its dependencies in debug mode.
  destroy          Destroy all containers and volumes.
  restart          Restart Nautobot and its dependencies in detached mode.
  start            Start Nautobot and its dependencies in detached mode.
  stop             Stop Nautobot and its dependencies.

  cli              Launch a bash shell inside the running Nautobot container.
  create-user      Create a new user in django (default: admin), will prompt for password.
  makemigrations   Run Make Migration in Django.
  nbshell          Launch a nbshell session.

  bandit           Run bandit to validate basic static code security analysis.
  black            Run black to check that Python files adhere to its style standards.
  flake8           Run flake8 to check that Python files adhere to its style standards.
  pylint           Run pylint code analysis.
  pydocstyle       Run pydocstyle to validate docstring formatting adheres to NTC defined standards.
  tests            Run all tests for this plugin.
  unittest         Run Django unit tests for the plugin.