Cumulus Linux is a flexible network operating system for bare metal switches. It is based on Linux and gives you all the automation and orchestration capabilities at your disposal on Linux systems.

In this blog post we are going to look into how to install Salt minion on Cumulus Linux switch that has mgmt VRF (virtual routing and forwarding) enabled. Couple quick things to unpack before we proceed.

VRF is a feature that allows you to run multiple routing tables in a network system, this was not available in Linux in the past so the clever developers at Cumulus Network figured out to extended this capability to Linux.
Salt (sometimes referred to as the SaltStack Platform) is a Python-based open-source configuration management software and remote execution engine. Supporting the “Infrastructure as Code” approach to deployment and cloud management, it competes primarily with Puppet, Chef, and Ansible.

This following blog post on Cumulus Networks by Pete Lumbis covers the all the steps needed to install Salt minion on Cumulus Linux. This blog post will extend this process with couple things.

https://support.cumulusnetworks.com/hc/en-us/articles/215248118-Configuring-SaltStack-on-Cumulus-Linux

Install Salt minion on a switch that has it’s management interface on mgmt VRF.
Extend the simple ZTP script from Cumulus Linux to install Salt minion and configure the minion to communicate with the master server

Installation process

Installing Salt on a master is very simple. Below is what you need to run on your master server.

curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P -M

To install Salt minion on Cumulus Linux, run the following commands. Substitute 1.2.3.4 with the IP address of your Salt master server.

# Edit /etc/apt/sources.list and add the Debian repository
sh -c 'echo "deb http://ftp.us.debian.org/debian/ jessie main contrib non-free" >> /etc/apt/sources.list'

# Download and execute Salt Bootstrap and point to the Salt Master
curl -L https://bootstrap.saltstack.com -o install_salt.sh && sudo sh install_salt.sh -P -X -A 1.2.3.4


# Stop and disable salt-minion service
sudo systemctl stop salt-minion.service && sudo systemctl disable salt-minion.service

# Add salt-minion to systemd vrf based services and reload systemd daemon to regenerate systemd files
sudo sh -c 'echo "salt-minion" >> /etc/vrf/systemd.conf' && sudo systemctl daemon-reload

# Start and enable salt-minion on the mgmt VRF
sudo systemctl start salt-minion@mgmt && sudo systemctl enable salt-minion@mgmt

Verify Salt minion on the switch is registered with the Salt master

On your master server verify that Salt minion key on the switch is in pending state and accept it.

myuser@master-server$ sudo salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
leaf01
Rejected Keys:

myuser@master-server$ sudo salt-key -a leaf01
The following keys are going to be accepted:
Unaccepted Keys:
leaf01
Proceed? [n/Y] Y
Key for minion leaf01 accepted.

Incorporating the commands above into a simple ZTP script

Here is a Simple ZTP from Cumlus Networks GitHub that adds the commands above.

#!/bin/bash

###################
# Simple ZTP Script
###################

function error() {
echo -e "\e[0;33mERROR: The Zero Touch Provisioning script failed while running the command \$BASH_COMMAND at line \$BASH_LINENO.\e[0m" >&2
}
trap error ERR

sed -i '/iface eth0/a \ vrf mgmt' /etc/network/interfaces
cat <<EOT >> /etc/network/interfaces
auto mgmt
iface mgmt
address 127.0.0.1/8
vrf-table auto
EOT

echo "cumulus ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/10_cumulus

# Setup NTP
sed -i '/^server [1-3]/d' /etc/ntp.conf
sed -i 's/^server 0.cumulusnetworks.pool.ntp.org iburst/server 1.2.3.4 iburst/g' /etc/ntp.conf

ping 8.8.8.8 -c2
if [ "\$?" == "0" ]; then
apt-get update -qy
apt-get install ntpdate -qy
fi
# Edit /etc/apt/sources.list and add the Debian repository
sh -c 'echo "deb http://ftp.us.debian.org/debian/ jessie main contrib non-free" >> /etc/apt/sources.list'

# Download and execute Salt Bootstrap and to point to the Salt Master
curl -L https://bootstrap.saltstack.com -o install_salt.sh && sudo sh install_salt.sh -P -X -A 1.2.3.4

# Stop and disable salt-minion service
systemctl stop salt-minion.service && systemctl disable salt-minion.service

# Add salt-minion to systemd vrf based services and reload systemd daemon to regenerate systemd files
sh -c 'echo "salt-minion" >> /etc/vrf/systemd.conf' && systemctl daemon-reload

# Start and enable salt-minion on the mgmt VRF
systemctl start salt-minion@mgmt && systemctl enable salt-minion@mgmt

nohup bash -c 'sleep 2; shutdown now -r "Rebooting to Complete ZTP"' &
exit 0