NAPALM: Network Automation and Programmability Abstraction Layer with Multivendor support

New in version 2016.11.0.

Proxy minion for managing network devices via NAPALM library.


Mircea Ulinic <> & Jerome Fleury <>








The napalm proxy module requires NAPALM library to be installed: pip install napalm Please check Installation for complete details.


Beginning with Salt release 2017.7.3, it is recommended to use napalm >= 2.0.0. The library has been unified into a monolithic package, as in opposite to separate packages per driver. For more details you can check this document. While it will still work with the old packages, bear in mind that the NAPALM core team will maintain only the main napalm package.

Moreover, for additional capabilities, the users can always define a library that extends NAPALM's base capabilities and configure the provider option (see below).


The napalm proxy configuration requires the following parameters in order to connect to the network device:


Specifies the network device operating system. For a complete list of the supported operating systems please refer to the NAPALM Read the Docs page.


The IP Address or FQDN to use when connecting to the device. Alternatively, the following field names can be used instead: hostname, fqdn, ip.


The username to be used when connecting to the device.


The password needed to establish the connection.


This field may not be mandatory when working with SSH-based drivers, and the username has a SSH key properly configured on the device targeted to be managed.


Dictionary with the optional arguments. Check the complete list of supported optional arguments.

always_alive: True

In certain less dynamic environments, maintaining the remote connection permanently open with the network device is not always beneficial. In that case, the user can select to initialize the connection only when needed, by specifying this field to false. Default: true (maintains the connection with the remote network device).

New in version 2017.7.0.

provider: napalm_base

The library that provides the get_network_device function. This option is useful when the user has more specific needs and requires to extend the NAPALM capabilities using a private library implementation. The only constraint is that the alternative library needs to have the get_network_device function available.

New in version 2017.7.1.

multiprocessing: False

Overrides the multiprocessing option, per proxy minion. The multiprocessing option must be turned off for SSH-based proxies. However, some NAPALM drivers (e.g. Arista, NX-OS) are not SSH-based. As multiple proxy minions may share the same configuration file, this option permits the configuration of the multiprocessing option more specifically, for some proxy minions.

New in version 2017.7.2.

Proxy pillar file example:

  proxytype: napalm
  driver: junos
  host: core05.nrt02
  username: my_username
  passwd: my_password
    port: 12201

Example using a user-specific library, extending NAPALM's capabilities, e.g. custom_napalm_base:

  proxytype: napalm
  driver: ios
  username: salt
  password: ''
  provider: custom_napalm_base


Beginning with release codename 2019.2.0, any NAPALM command executed when running under a NAPALM Proxy Minion supports the force_reconnect magic argument.

Proxy Minions generally establish a connection with the remote network device at the time of the Minion startup and that connection is going to be used forever.

If one would need execute a command on the device but connecting using different parameters (due to various causes, e.g., unable to authenticate the user specified in the Pillar as the authentication system - say TACACS+ is not available, or the DNS resolver is currently down and would like to temporarily use the IP address instead, etc.), it implies updating the Pillar data and restarting the Proxy Minion process restart. In particular cases like that, you can pass the force_reconnect=True keyword argument, together with the alternative connection details, to enforce the command to be executed over a separate connection.

For example, if the usual command is salt '*' net.arp, you can use the following to connect using a different username instead: salt '*' net.arp username=my-alt-usr force_reconnect=True.


Return the connection status with the remote device.

New in version 2017.7.0., *args, **kwargs)

Calls a specific method from the network driver instance. Please check the readthedocs page for the updated list of getters.

  • method -- specifies the name of the method to be called

  • params -- contains the mapping between the name and the values of the parameters needed to call the method


A dictionary with three keys:

  • result (True/False): if the operation succeeded

  • out (object): returns the object as-is from the call

  • comment (string): provides more details in case the call failed

  • traceback (string): complete traceback in case of exception. Please submit an issue including this traceback on the correct driver repo and make sure to read the FAQ


                            'commands': [
                                'show version',
                                'show chassis fan'

Method called by NAPALM grains module.


Returns the network device object.


Retrieve facts from the network device.


Refresh the grains.


Opens the connection with the network device.


Connection finished initializing?

Connection open successfully?


Closes connection with the device.