From 1fd6a618b60d7168fd8f37585d5d39d22d775afd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 28 Mar 2024 07:11:39 +0100 Subject: Adding upstream version 0.13.0. Signed-off-by: Daniel Baumann --- examples/README.md | 12 ++ examples/eos-commands.yaml | 53 +++++ examples/inventory.yaml | 28 +++ examples/template.j2 | 3 + examples/tests.yaml | 477 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 573 insertions(+) create mode 100644 examples/README.md create mode 100644 examples/eos-commands.yaml create mode 100644 examples/inventory.yaml create mode 100644 examples/template.j2 create mode 100644 examples/tests.yaml (limited to 'examples') diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..5c24087 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,12 @@ +## Device Inventory + +The file [inventory.yaml](inventory.yaml) is an example of [device inventory](https://www.anta.ninja/usage-inventory-catalog/#create-an-inventory-file). + +## Test Catalog + +The file [tests.yaml](tests.yaml) is an example of a [test catalog](https://www.anta.ninja/usage-inventory-catalog/#test-catalog). +This file should contain all the tests implemented in [anta.tests](../anta/tests) with arbitrary parameters. + +## eos-commands.yaml file + +The file [eos-commands.yaml](eos-commands.yaml) is an example of input given with the `--commands-list` option to the [anta exec snapshot](https://www.anta.ninja/cli/exec/#collect-a-set-of-commands) command. diff --git a/examples/eos-commands.yaml b/examples/eos-commands.yaml new file mode 100644 index 0000000..c45d49d --- /dev/null +++ b/examples/eos-commands.yaml @@ -0,0 +1,53 @@ +--- +# list of EOS commands to collect in JSON format +json_format: + - show version + - show bgp evpn summary + - show system environment temperature transceiver + +# list of EOS commands to collect in text format +text_format: + - show version + - show version detail + - show extensions + - show boot-extensions + - show inventory + - show zerotouch + - show running-config diffs + - show agent logs crash + - show logging last 7 days threshold warnings + - show uptime + - show reload cause + - show system environment temperature + - show system environment temperature transceiver + - show system environment cooling + - show system environment power + - show processes top once + - show ntp status + - show platform trident forwarding-table partition + - show hardware tcam profile + - show hardware counter drop + - show interfaces counters rates + - show interfaces counters errors + - show interfaces counters discards + - show interfaces status + - show port-channel + - show lacp counters all-ports + - show spanning-tree blockedports + - show ip interface brief + - show interfaces description + - show ip route summary + - show bfd peers + - show bgp ipv4 unicast summary vrf all + - show bgp ipv6 unicast summary vrf all + - show bgp evpn summary + - show bgp rt-membership summary + - show mlag + - show mlag config-sanity + - show vxlan config-sanity detail + - show vlan dynamic + - show ip igmp snooping vlan 10 + - show vrf + - show ip ospf neighbor + - show running-config + - show lldp neighbors diff --git a/examples/inventory.yaml b/examples/inventory.yaml new file mode 100644 index 0000000..f68a903 --- /dev/null +++ b/examples/inventory.yaml @@ -0,0 +1,28 @@ +--- +anta_inventory: + hosts: + - name: spine1 + host: clab-evpn-vxlan-fabric-spine1 + tags: ['clab', 'spine'] + - name: spine2 + host: clab-evpn-vxlan-fabric-spine2 + tags: ['clab', 'spine'] + - name: leaf1 + host: clab-evpn-vxlan-fabric-leaf1 + tags: ['clab', 'leaf'] + - name: leaf2 + host: clab-evpn-vxlan-fabric-leaf2 + tags: ['clab', 'leaf'] + - name: leaf3 + host: clab-evpn-vxlan-fabric-leaf3 + tags: ['clab', 'leaf'] + - name: leaf4 + host: clab-evpn-vxlan-fabric-leaf4 + tags: ['clab', 'leaf'] + networks: + - network: 192.168.110.0/24 + ranges: + - start: 10.0.0.9 + end: 10.0.0.11 + - start: 10.0.0.100 + end: 10.0.0.101 diff --git a/examples/template.j2 b/examples/template.j2 new file mode 100644 index 0000000..e8820fe --- /dev/null +++ b/examples/template.j2 @@ -0,0 +1,3 @@ +{% for d in data %} +* {{ d.test }} is [green]{{ d.result | upper}}[/green] for {{ d.name }} +{% endfor %} diff --git a/examples/tests.yaml b/examples/tests.yaml new file mode 100644 index 0000000..6b5875f --- /dev/null +++ b/examples/tests.yaml @@ -0,0 +1,477 @@ +--- +anta.tests.aaa: + - VerifyTacacsSourceIntf: + intf: Management0 + vrf: default + - VerifyTacacsServers: + servers: + - 1.1.1.1 + - 2.2.2.2 + vrf: default + - VerifyTacacsServerGroups: + groups: + - admin + - user + - VerifyAuthenMethods: + methods: + - local + - none + - logging + types: + - login + - enable + - dot1x + - VerifyAuthzMethods: + methods: + - local + - none + - logging + types: + - commands + - exec + - VerifyAcctDefaultMethods: + methods: + - local + - none + - logging + types: + - system + - exec + - commands + - dot1x + - VerifyAcctConsoleMethods: + methods: + - local + - none + - logging + types: + - system + - exec + - commands + - dot1x + +anta.tests.bfd: + - VerifyBFDSpecificPeers: + bfd_peers: + - peer_address: 192.0.255.8 + vrf: default + - peer_address: 192.0.255.7 + vrf: default + - VerifyBFDPeersIntervals: + bfd_peers: + - peer_address: 192.0.255.8 + vrf: default + tx_interval: 1200 + rx_interval: 1200 + multiplier: 3 + - peer_address: 192.0.255.7 + vrf: default + tx_interval: 1200 + rx_interval: 1200 + multiplier: 3 + - VerifyBFDPeersHealth: + down_threshold: 2 + +anta.tests.configuration: + - VerifyZeroTouch: + - VerifyRunningConfigDiffs: + +anta.tests.connectivity: + - VerifyReachability: + hosts: + - source: Management0 + destination: 1.1.1.1 + vrf: MGMT + - source: Management0 + destination: 8.8.8.8 + vrf: MGMT + - VerifyLLDPNeighbors: + neighbors: + - port: Ethernet1 + neighbor_device: DC1-SPINE1 + neighbor_port: Ethernet1 + - port: Ethernet2 + neighbor_device: DC1-SPINE2 + neighbor_port: Ethernet1 + +anta.tests.field_notices: + - VerifyFieldNotice44Resolution: + - VerifyFieldNotice72Resolution: + +anta.tests.hardware: + - VerifyTransceiversManufacturers: + manufacturers: + - Not Present + - Arista Networks + - Arastra, Inc. + - VerifyTemperature: + - VerifyTransceiversTemperature: + - VerifyEnvironmentSystemCooling: + - VerifyEnvironmentCooling: + states: + - ok + - VerifyEnvironmentPower: + states: + - ok + - VerifyAdverseDrops: + +anta.tests.interfaces: + - VerifyInterfaceUtilization: + - VerifyInterfaceErrors: + - VerifyInterfaceDiscards: + - VerifyInterfaceErrDisabled: + - VerifyInterfacesStatus: + interfaces: + - interface: Ethernet1 + state: up + - interface: Port-Channel100 + state: down + line_protocol_status: lowerLayerDown + - interface: Ethernet49/1 + state: adminDown + line_protocol_status: notPresent + - VerifyStormControlDrops: + - VerifyPortChannels: + - VerifyIllegalLACP: + - VerifyLoopbackCount: + number: 3 + - VerifySVI: + - VerifyL3MTU: + mtu: 1500 + ignored_interfaces: + - Vxlan1 + specific_mtu: + - Ethernet1: 2500 + - VerifyIPProxyARP: + interfaces: + - Ethernet1 + - Ethernet2 + - VerifyL2MTU: + mtu: 1500 + ignored_interfaces: + - Management1 + - Vxlan1 + specific_mtu: + - Ethernet1/1: 1500 + - VerifyInterfaceIPv4: + interfaces: + - name: Ethernet2 + primary_ip: 172.30.11.0/31 + secondary_ips: + - 10.10.10.0/31 + - 10.10.10.10/31 + - VerifyIpVirtualRouterMac: + mac_address: 00:1c:73:00:dc:01 + +anta.tests.logging: + - VerifyLoggingPersistent: + - VerifyLoggingSourceIntf: + interface: Management0 + vrf: default + - VerifyLoggingHosts: + hosts: + - 1.1.1.1 + - 2.2.2.2 + vrf: default + - VerifyLoggingLogsGeneration: + - VerifyLoggingHostname: + - VerifyLoggingTimestamp: + - VerifyLoggingAccounting: + - VerifyLoggingErrors: + +anta.tests.mlag: + - VerifyMlagStatus: + - VerifyMlagInterfaces: + - VerifyMlagConfigSanity: + - VerifyMlagReloadDelay: + reload_delay: 300 + reload_delay_non_mlag: 330 + - VerifyMlagDualPrimary: + detection_delay: 200 + errdisabled: True + recovery_delay: 60 + recovery_delay_non_mlag: 0 + - VerifyMlagPrimaryPriority: + primary_priority: 3276 + +anta.tests.multicast: + - VerifyIGMPSnoopingVlans: + vlans: + 10: False + 12: False + - VerifyIGMPSnoopingGlobal: + enabled: True + +anta.tests.profiles: + - VerifyUnifiedForwardingTableMode: + mode: 3 + - VerifyTcamProfile: + profile: vxlan-routing + +anta.tests.security: + - VerifySSHStatus: + - VerifySSHIPv4Acl: + number: 3 + vrf: default + - VerifySSHIPv6Acl: + number: 3 + vrf: default + - VerifyTelnetStatus: + - VerifyAPIHttpStatus: + - VerifyAPIHttpsSSL: + profile: default + - VerifyAPIIPv4Acl: + number: 3 + vrf: default + - VerifyAPIIPv6Acl: + number: 3 + vrf: default + - VerifyAPISSLCertificate: + certificates: + - certificate_name: ARISTA_SIGNING_CA.crt + expiry_threshold: 30 + common_name: AristaIT-ICA ECDSA Issuing Cert Authority + encryption_algorithm: ECDSA + key_size: 256 + - certificate_name: ARISTA_ROOT_CA.crt + expiry_threshold: 30 + common_name: Arista Networks Internal IT Root Cert Authority + encryption_algorithm: RSA + key_size: 4096 + - VerifyBannerLogin: + login_banner: | + # Copyright (c) 2023-2024 Arista Networks, Inc. + # Use of this source code is governed by the Apache License 2.0 + # that can be found in the LICENSE file. + - VerifyBannerMotd: + motd_banner: | + # Copyright (c) 2023-2024 Arista Networks, Inc. + # Use of this source code is governed by the Apache License 2.0 + # that can be found in the LICENSE file. + - VerifyIPv4ACL: + ipv4_access_lists: + - name: default-control-plane-acl + entries: + - sequence: 10 + action: permit icmp any any + - sequence: 20 + action: permit ip any any tracked + - sequence: 30 + action: permit udp any any eq bfd ttl eq 255 + - name: LabTest + entries: + - sequence: 10 + action: permit icmp any any + - sequence: 20 + action: permit tcp any any range 5900 5910 + +anta.tests.services: + - VerifyHostname: + hostname: s1-spine1 + - VerifyDNSLookup: + domain_names: + - arista.com + - www.google.com + - arista.ca + - VerifyDNSServers: + dns_servers: + - server_address: 10.14.0.1 + vrf: default + priority: 1 + - server_address: 10.14.0.11 + vrf: MGMT + priority: 0 + - VerifyErrdisableRecovery: + reasons: + - reason: acl + interval: 30 + - reason: bpduguard + interval: 30 + +anta.tests.snmp: + - VerifySnmpStatus: + vrf: default + - VerifySnmpIPv4Acl: + number: 3 + vrf: default + - VerifySnmpIPv6Acl: + number: 3 + vrf: default + - VerifySnmpLocation: + location: New York + - VerifySnmpContact: + contact: Jon@example.com + +anta.tests.software: + - VerifyEOSVersion: + versions: + - 4.25.4M + - 4.26.1F + - VerifyTerminAttrVersion: + versions: + - v1.13.6 + - v1.8.0 + - VerifyEOSExtensions: + +anta.tests.stp: + - VerifySTPMode: + mode: rapidPvst + vlans: + - 10 + - 20 + - VerifySTPBlockedPorts: + - VerifySTPCounters: + - VerifySTPForwardingPorts: + vlans: + - 10 + - 20 + - VerifySTPRootPriority: + priority: 32768 + instances: + - 10 + - 20 + +anta.tests.system: + - VerifyUptime: + minimum: 86400 + - VerifyReloadCause: + - VerifyCoredump: + - VerifyAgentLogs: + - VerifyCPUUtilization: + - VerifyMemoryUtilization: + - VerifyFileSystemUtilization: + - VerifyNTP: + +anta.tests.vlan: + - VerifyVlanInternalPolicy: + policy: ascending + start_vlan_id: 1006 + end_vlan_id: 4094 + +anta.tests.vxlan: + - VerifyVxlan1Interface: + - VerifyVxlanConfigSanity: + - VerifyVxlanVniBinding: + bindings: + 10010: 10 + 10020: 20 + - VerifyVxlanVtep: + vteps: + - 10.1.1.5 + - 10.1.1.6 + - VerifyVxlan1ConnSettings: + source_interface: Loopback1 + udp_port: 4789 + +anta.tests.routing: + generic: + - VerifyRoutingProtocolModel: + model: multi-agent + - VerifyRoutingTableSize: + minimum: 2 + maximum: 20 + - VerifyRoutingTableEntry: + vrf: default + routes: + - 10.1.0.1 + - 10.1.0.2 + bgp: + - VerifyBGPPeerCount: + address_families: + - afi: "evpn" + num_peers: 2 + - afi: "ipv4" + safi: "unicast" + vrf: "PROD" + num_peers: 2 + - afi: "ipv4" + safi: "unicast" + vrf: "default" + num_peers: 3 + - afi: "ipv4" + safi: "multicast" + vrf: "DEV" + num_peers: 3 + - VerifyBGPPeersHealth: + address_families: + - afi: "evpn" + - afi: "ipv4" + safi: "unicast" + vrf: "default" + - afi: "ipv6" + safi: "unicast" + vrf: "DEV" + - VerifyBGPSpecificPeers: + address_families: + - afi: "evpn" + peers: + - 10.1.0.1 + - 10.1.0.2 + - afi: "ipv4" + safi: "unicast" + peers: + - 10.1.254.1 + - 10.1.255.0 + - 10.1.255.2 + - 10.1.255.4 + - VerifyBGPExchangedRoutes: + bgp_peers: + - peer_address: 172.30.255.5 + vrf: default + advertised_routes: + - 192.0.254.5/32 + received_routes: + - 192.0.255.4/32 + - peer_address: 172.30.255.1 + vrf: default + advertised_routes: + - 192.0.255.1/32 + - 192.0.254.5/32 + received_routes: + - 192.0.254.3/32 + - VerifyBGPPeerMPCaps: + bgp_peers: + - peer_address: 172.30.11.1 + vrf: default + capabilities: + - ipv4Unicast + - VerifyBGPPeerASNCap: + bgp_peers: + - peer_address: 172.30.11.1 + vrf: default + - VerifyBGPPeerRouteRefreshCap: + bgp_peers: + - peer_address: 172.30.11.1 + vrf: default + - VerifyBGPPeerMD5Auth: + bgp_peers: + - peer_address: 172.30.11.1 + vrf: default + - peer_address: 172.30.11.5 + vrf: default + - VerifyEVPNType2Route: + vxlan_endpoints: + - address: 192.168.20.102 + vni: 10020 + - address: aac1.ab5d.b41e + vni: 10010 + - VerifyBGPAdvCommunities: + bgp_peers: + - peer_address: 172.30.11.17 + vrf: default + - peer_address: 172.30.11.21 + vrf: default + - VerifyBGPTimers: + bgp_peers: + - peer_address: 172.30.11.1 + vrf: default + hold_time: 180 + keep_alive_time: 60 + - peer_address: 172.30.11.5 + vrf: default + hold_time: 180 + keep_alive_time: 60 + ospf: + - VerifyOSPFNeighborState: + - VerifyOSPFNeighborCount: + number: 3 -- cgit v1.2.3