When it comes to open-source network automation tools, NAPALM is one of the heavy hitters in the industry. For those of you who are new to NAPALM, it is:

... a vendor-neutral, cross-platform open-source project that provides a unified API to network devices.

Typically NAPALM is used for configuring devices, and reading device output. However, NAPALM also provides another lesser-known feature, which is extremely useful, called compliance reporting.

In short, compliance reporting provides a simplistic way (via YAML) to write a set of checks, such as the version must be X or the mgmt IP must be Y. This is then applied to your device, and you are given a JSON based report detailing if your device complies.

Quick example:

# define validator files
$ cat validate-eos.yml
---
- get_facts:
    os_version: 4.17

# run compliance_report
>>> with eos_driver(**eos_config) as eos:
...     pprint.pprint(eos.compliance_report("validate-eos.yml"))
...
{u'complies': False,
 u'skipped': [],
 'get_facts': {u'complies': False,
               u'extra': [],
               u'missing': [],
               u'present': {'os_version': {u'actual_value': u'4.15.2.1F-2759627.41521F',
                                           u'complies': False,
                                           u'nested': False}}} 

The great thing about this feature is that it isn't just limited to validating configuration. You can also validate the result of running a ping from the device, or validating CPU or memory usage! Niiice...

Master Network Automation
Join today and get access to:
  • Full deep-dive course library (inc. Batfish, pyATS, Netmiko)
  • Code repositories inc. full course code, scripts and examples
  • 24x7 Multi-vendor labs (Arista, Cisco, Juniper)
  • Private online community
  • Monthly online meetups
  • Monthly guest speakers

100% Satisfaction Guaranteed!
Cancel your membership at any time.


Join Today