Targeting Minions

In this post, we will take a look at the common targeting techniques – that can be used over Minions.

Targeting using Minion ID

root@mrcissp-master-1:/# salt Router1 test.ping
Router1:
    True
root@mrcissp-master-1:/# salt wlc1 test.ping
wlc1:
    True
root@mrcissp-master-1:/#

Targeting using List of Minion ID

root@mrcissp-master-1:/# salt -L wlc1,Router1 test.ping
Router1:
    True
wlc1:
    True
root@mrcissp-master-1:/#

Targeting using Grains

e.g. we need to know the software version of all IOS routers in our network.

root@mrcissp-master-1:/# salt -C 'G@os:ios' napalm.call 'cli' ['show version']
Router1:
    ----------
    comment:
    out:
        ----------
        show version:
            Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.6(2)T, RELEASE SOFTWARE (fc2)
            Technical Support: http://www.cisco.com/techsupport
            Copyright (c) 1986-2016 by Cisco Systems, Inc.
            Compiled Tue 22-Mar-16 16:19 by prod_rel_team


            ROM: Bootstrap program is IOSv

            R1 uptime is 1 minute
            System returned to ROM by reload
            System restarted at 05:47:13 UTC Mon Nov 25 2019
            System image file is "flash0:/vios-adventerprisek9-m"
            Last reload reason: Unknown reason



            This product contains cryptographic features and is subject to United
            States and local country laws governing import, export, transfer and
            use. Delivery of Cisco cryptographic products does not imply
            third-party authority to import, export, distribute or use encryption.
            Importers, exporters, distributors and users are responsible for
            compliance with U.S. and local country laws. By using this product you
            agree to comply with applicable laws and regulations. If you are unable
            to comply with U.S. and local laws, return this product immediately.

            A summary of U.S. laws governing Cisco cryptographic products may be found at:
            http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

            If you require further assistance please contact us by sending email to
            export@cisco.com.

            Cisco IOSv (revision 1.0) with  with 460017K/62464K bytes of memory.
            Processor board ID 97277GPG1FLKXDX5WL1G0
            4 Gigabit Ethernet interfaces
            DRAM configuration is 72 bits wide with parity disabled.
            256K bytes of non-volatile configuration memory.
            2097152K bytes of ATA System CompactFlash 0 (Read/Write)
            0K bytes of ATA CompactFlash 1 (Read/Write)
            1024K bytes of ATA CompactFlash 2 (Read/Write)
            0K bytes of ATA CompactFlash 3 (Read/Write)



            Configuration register is 0x0
    result:
        True
root@mrcissp-master-1:/#

Targeting using Pillars

e.g. we need to know the software version of all WLC in our network. Since, WLCs are managed by NAPALM hence appropriate grains are not collected for OS type. Therefore, we cannot Target all WLC’s using grains as discussed above. To do this, we can be sure that all the WLC’s in our network must be managed by “netmiko” proxy pillar. Hence, we can target using Pillar.

root@mrcissp-master-1:/# salt -I 'proxy:device_type:cisco_wlc' netmiko.send_command 'show sysinfo'
wlc1:

    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 8.9.111.0
    RTOS Version..................................... 8.9.111.0
    Bootloader Version............................... 8.5.1.85
    Emergency Image Version.......................... 8.9.111.0

    OUI File Last Update Time........................ Tue Feb 06 10:44:07 UTC 2018
    r,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
    Build Type....................................... DATA + WPS

    System Name...................................... Cisco-0c0c.9da2.b501
    System Location..................................
    System Contact...................................
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
    IP Address....................................... 192.168.241.2
    IPv6 Address..................................... ::
    System Up Time................................... 0 days 2 hrs 0 mins 1 secs
    System Timezone Location.........................
    System Stats Realtime Interval................... 5
    System Stats Normal Interval..................... 180

    Configured Country............................... US  - United States

    State of 802.11b Network......................... Enabled
    State of 802.11a Network......................... Enabled
    Number of WLANs.................................. 1
    Number of Active Clients......................... 0

    OUI Classification Failure Count................. 0

    Memory Current Usage............................. 52
    Memory Average Usage............................. 52
    CPU Current Usage................................ 0
    CPU Average Usage................................ 1

    Flash Type....................................... Compact Flash Card
    Flash Size....................................... 1073741824

    Burned-in MAC Address............................ 0C:0C:9D:A2:B5:01
    Maximum number of APs supported.................. 200
    System Nas-Id....................................
    WLC MIC Certificate Types........................ SHA1
    Licensing Type................................... RTU
    vWLC config...................................... Small

Compound Targeting

e.g. we need to know the software version of all IOS routers of model IOSv.

root@mrcissp-master-1:/# salt -C 'G@os:ios and G@model:IOSv' napalm.call 'cli' ['show version']
Router1:
    ----------
    comment:
    out:
        ----------
        show version:
            Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.6(2)T, RELEASE SOFTWARE (fc2)
            Technical Support: http://www.cisco.com/techsupport
            Copyright (c) 1986-2016 by Cisco Systems, Inc.
            Compiled Tue 22-Mar-16 16:19 by prod_rel_team


            ROM: Bootstrap program is IOSv

            R1 uptime is 15 minutes
            System returned to ROM by reload
            System restarted at 05:47:13 UTC Mon Nov 25 2019
            System image file is "flash0:/vios-adventerprisek9-m"
            Last reload reason: Unknown reason



            This product contains cryptographic features and is subject to United
            States and local country laws governing import, export, transfer and
            use. Delivery of Cisco cryptographic products does not imply
            third-party authority to import, export, distribute or use encryption.
            Importers, exporters, distributors and users are responsible for
            compliance with U.S. and local country laws. By using this product you
            agree to comply with applicable laws and regulations. If you are unable
            to comply with U.S. and local laws, return this product immediately.

            A summary of U.S. laws governing Cisco cryptographic products may be found at:
            http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

            If you require further assistance please contact us by sending email to
            export@cisco.com.

            Cisco IOSv (revision 1.0) with  with 460017K/62464K bytes of memory.
            Processor board ID 97277GPG1FLKXDX5WL1G0
            4 Gigabit Ethernet interfaces
            DRAM configuration is 72 bits wide with parity disabled.
            256K bytes of non-volatile configuration memory.
            2097152K bytes of ATA System CompactFlash 0 (Read/Write)
            0K bytes of ATA CompactFlash 1 (Read/Write)
            1024K bytes of ATA CompactFlash 2 (Read/Write)
            0K bytes of ATA CompactFlash 3 (Read/Write)



            Configuration register is 0x0
    result:
        True

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.