ZTPServer Overview¶

Objective¶

I want to install ZTPServer from source.

Solution¶

To install the latest code in development:

# Change to desired download directory
mkdir -p ~/arista
cd ~/arista
git clone https://github.com/arista-eosplus/ztpserver.git
cd ztpserver
python setup.py build
python setup.py install

Or, to install a specific tagged release:

# Change to desired download directory
mkdir -p ~/arista
cd ~/arista
git clone https://github.com/arista-eosplus/ztpserver.git
cd ztpserver
git checkout v1.2.0
python setup.py build
python setup.py install

Explanation¶

Github is used to store the source code for the ZTPServer and the develop branch always contains the latest publicly available code. The first method above clones the git repo and automatically checks out the develop branch. We then build and install using Python.

The second method uses the git checkout command to set your working directory to a specific release of the ZTPServer. Both methods of installation will produce the files below.

Important Installation Files

• ZTPServer Global Configuration File: /etc/ztpserver/ztpserver.conf
• ZTPServer WSGI App: /etc/ztpserver/ztpserver.wsgi
• ZTPServer Provisioning Files: /usr/share/ztpserver/ known as data_root
• Bootstrap Config File: /usr/share/ztpserver/bootstrap/bootstrap.conf
• Bootstrap Python Script: /usr/share/ztpserver/bootstrap/bootstrap

Objective¶

Install ZTPServer using PyPI(pip)

Solution¶

This option assumes you have a server with Python and pip pre-installed. See installing pip.

Once pip is installed, type:

pip install ztpserver

Explanation¶

The pip install process will install all dependencies and run the install script, leaving you with a ZTPServer instance ready to configure.

Important Installation Files

• ZTPServer Global Configuration File: /etc/ztpserver/ztpserver.conf
• ZTPServer WSGI App: /etc/ztpserver/ztpserver.wsgi
• ZTPServer Provisioning Files: /usr/share/ztpserver/ known as data_root
• Bootstrap Config File: /usr/share/ztpserver/bootstrap/bootstrap.conf
• Bootstrap Python Script: /usr/share/ztpserver/bootstrap/bootstrap

Objective¶

I want to send client logs to a syslog server or a local file during provisioning.

Solution¶

# Edit the bootstrap configuration file
admin@ztpserver:~# vi /usr/share/ztpserver/bootstrap/bootstrap.conf

Add any syslog servers or files, be sure to choose the level of logging:

---
logging:
  -
    destination: <SYSLOG-URL>:<PORT>
    level: DEBUG
  -
    destination: file:/tmp/ztps-log
    level: INFO

Explanation¶

The node will request the contents of the bootstrap.conf when it performs GET /bootstrap/config. Once the node retrieves this information it will send logs to the destination(s): listed under logging:.

Objective¶

I want to send client logs to specific XMPP server rooms.

Solution¶

# Edit the bootstrap configuration file
admin@ztpserver:~# vi /usr/share/ztpserver/bootstrap/bootstrap.conf

Add any XMPP servers and associated rooms:

---
xmpp:
  domain: <XMPP-SERVER-URL>
  username: bootstrap
  password: eosplus
  rooms:
    - ztps
    - devops
    - admins

Explanation¶

The node will request the contents of the bootstrap.conf when it performs GET /bootstrap/config file and try to join the rooms listed with the credentials provided. Typically when joining a room, you would use a string like, ztps@conference.xmpp-server.example.com. Be sure to just provide the domain: xmpp-server.example.com leaving out the conference prefix.

Objective¶

When running the ZTPServer in Standalone Mode, the logs just fill up my console so I’d like to be able to redirect the output to a file.

Solution¶

With INFO level logging:

admin@ztpserver:~# ztps >~/ztps-console.log 2>&1 &

With DEBUG level logging:

admin@ztpserver:~# ztps --debug >~/ztps-console.log 2>&1 &

Explanation¶

Here we invoke the ztps process as usual, however we redirect the stdout messages to a predefined file. Of course, be sure that you have permission to write to the file you have listed.

Objective¶

I’m running the ZTPServer as a WSGI under Apache, so where do the logs go?

Solution¶

Typically, you can see each transaction in:

# Ubuntu
admin@ztpserver:~# more /var/log/apache2/access.log

# Fedora
admin@ztpserver:~# more /var/log/httpd/access_log

And the ZTPServer logs will be in:

# Ubuntu
admin@ztpserver:~# more /var/log/apache2/error.log

# Fedora
admin@ztpserver:~# more /var/log/httpd/error_log

Explanation¶

These locations are the default on most standard Apache installs. It might be misleading, but all levels of ZTPServer logging will end up as an Apache error.

Example

[Fri Dec 12 10:49:42.186976 2014] [:error] [pid 864] INFO: [app:115] Logging started for ztpserver
[Fri Dec 12 10:49:42.187112 2014] [:error] [pid 864] INFO: [app:116] Using repository /usr/share/ztpserver

Objective¶

I’d like the ZTPServer to use the switch’s serial number for provisioning. This implies that all node directories in nodes/ will be named using the serial number.

Solution¶

Open up the global ZTPServer configuration file:

admin@ztpserver:~# vi /etc/ztpserver/ztpserver.conf

Look for the line identifier and confirm it’s set to serialnumber:

identifier = serialnumber

Restart the ztps process:

# If using Apache WSGI
admin@ztpserver:~# service apache2 restart

# If running in Standalone Mode, stop ztps
admin@ztpserver:~# pkill ztps

# Then start it again
admin@ztpserver:~# ztps

Explanation¶

The ZTPServer will use either the System MAC Address or the Serial Number of the switch as its System ID. The System ID is used to match statically provisioned nodes. Also, when a node is dynamically provisioned, the ZTPServer will create a new node directory for it in nodes/ and it will be named using the System ID.

Objective¶

I’d like the ZTPServer to use the switch’s System MAC Address for provisioning. This implies that all node directories in nodes/ will be named using the System MAC Address.

Solution¶

Open up the global ZTPServer configuration file:

admin@ztpserver:~# vi /etc/ztpserver/ztpserver.conf

Look for the line identifier and confirm it’s set to systemmac:

identifier = systemmac

Restart the ztps process:

# If using Apache WSGI
admin@ztpserver:~# service apache2 restart

# If running in Standalone Mode, stop ztps
admin@ztpserver:~# pkill ztps

# Then start it again
admin@ztpserver:~# ztps

Explanation¶

The ZTPServer will use either the System MAC Address or the Serial Number of the switch as its System ID. The System ID is used to match statically provisioned nodes. Also, when a node is dynamically provisioned, the ZTPServer will create a new node directory for it in nodes/ and it will be named using the System ID.

Objective¶

Topology Validation uses LLDP Neighbor information to make sure you have everything wired up correctly. Topology Validation is enabled/disabled in the main ztpserver.conf configuration file.

Solution¶

Open up the global ZTPServer configuration file:

admin@ztpserver:~# vi /etc/ztpserver/ztpserver.conf

Look for the line disable_topology_validation

# To disable Topology Validation
disable_topology_validation = True

# To enable Topology Validation
disable_topology_validation = False

Restart the ztps process:

# If using Apache WSGI
admin@ztpserver:~# service apache2 restart

# If running in Standalone Mode, stop ztps
admin@ztpserver:~# pkill ztps

# Then start it again
admin@ztpserver:~# ztps

Explanation¶

This configuration option enables/disables Topology Validation. This feature is extremely powerful and can help you confirm all of your nodes are wired up correctly. See the recipes under Topology Validation to learn more about the flexibility of Topology Validation.

Objective¶

I only want the ZTPServer process to listen on a specific network interface.

Solution¶

Open up the global ZTPServer configuration file:

admin@ztpserver:~# vi /etc/ztpserver/ztpserver.conf

Look for the line interface in the [server] group.

# To listen on all interfaces
interface = 0.0.0.0

# To listen on a specific interface
interface = 192.0.2.100

Restart the ztps process:

# If running in Standalone Mode, stop ztps
admin@ztpserver:~# pkill ztps

# Then start it again
admin@ztpserver:~# ztps &

Explanation¶

This recipe helps you define a specific interface for the ZTPServer to listen on.

Objective¶

I want to define which port the ZTPServer listens on.

Solution¶

Open up the global ZTPServer configuration file:

admin@ztpserver:~# vi /etc/ztpserver/ztpserver.conf

Look for the line port in the [server] group.

# Choose a port of your liking
port = 8080

Restart the ztps process:

# If running in Standalone Mode, stop ztps
admin@ztpserver:~# pkill ztps

# Then start it again
admin@ztpserver:~# ztps &

Explanation¶

This recipe helps you define a specific port for the ZTPServer to listen on.

Objective¶

I don’t want to run the ZTPServer at the root of my domain, I want it in a sub-directory.

Solution¶

Open up the global ZTPServer configuration file:

admin@ztpserver:~# vi /etc/ztpserver/ztpserver.conf

Look for the line server_url in the [default] group.

# Choose a subdirectory
server_url = http://ztpserver:8080/not/in/root/anymore

Restart the ztps process:

# If running in Standalone Mode, stop ztps
admin@ztpserver:~# pkill ztps

# Then start it again
admin@ztpserver:~# ztps &

Explanation¶

The server_url key defines where the REST API lives. You do not need to change any of your file locations to affect change. Simply change the key above.

Objective¶

I’m running ZTPServer as a WSGI with Apache and want to change what port it listens on.

Solution¶

Apache configurations can vary widely, and the ZTPServer has no control over this, so view this simply as a suggestion.

Open up your Apache configuration file:

# Apache
admin@ztpserver:~# vi /etc/apache2/sites-enabled/ztpserver.conf

# HTTPd
admin@ztpserver:~# vi /etc/httpd/conf.d/ztpserver.conf

Change the Listen and VirtualHost values to the desired port.

LoadModule wsgi_module modules/mod_wsgi.so
Listen 8080

<VirtualHost *:8080>

    WSGIDaemonProcess ztpserver user=www-data group=www-data threads=50
    WSGIScriptAlias / /etc/ztpserver/ztpserver.wsgi
    # Required for RHEL
    #WSGISocketPrefix /var/run/wsgi

    <Location />
        WSGIProcessGroup ztpserver
        WSGIApplicationGroup %{GLOBAL}

        # For Apache <= 2.2, use Order and Allow
        Order deny,allow
        Allow from all
        # For Apache >= 2.4, Allow is replaced by Require
        Require all granted
    </Location>

    # Override default logging locations for Apache
    #ErrorLog /path/to/ztpserver_error.log
    #CustomLog /path/to/ztpserver_access.log
</VirtualHost>

Restart the ztps process:

# Restart Apache
admin@ztpserver:~# service apache2 restart

Explanation¶

When you run ZTPServer as a WSGI under Apache or like server, the interface and port that are used for listening for HTTP requests are controlled by the web server. The config snippet above shows how this might be done with Apache, but note that variations might arise in your own environment.

Objective¶

I’m running ZTPServer as a WSGI with Apache and I want to change the path that the REST API resides.

Solution¶

WSGI-compliant webserver configurations can vary widely, so here’s a sample of how this is done with Apache.

Open up the global ZTPServer configuration file:

admin@ztpserver:~# vi /etc/ztpserver/ztpserver.conf

Look for the line server_url in the [default] group.

# Choose a subdirectory
server_url = http://ztpserver:8080/not/in/root/anymore

You might think that you have to change your Apache conf to move this to a sub-directory, but you don’t. Your config should look like the block below. Note the <Location />.

LoadModule wsgi_module modules/mod_wsgi.so
Listen 8080

<VirtualHost *:8080>

    WSGIDaemonProcess ztpserver user=www-data group=www-data threads=50
    WSGIScriptAlias / /etc/ztpserver/ztpserver.wsgi
    # Required for RHEL
    #WSGISocketPrefix /var/run/wsgi

    <Location />
        WSGIProcessGroup ztpserver
        WSGIApplicationGroup %{GLOBAL}

        # For Apache <= 2.2, use Order and Allow
        Order deny,allow
        Allow from all
        # For Apache >= 2.4, Allow is replaced by Require
        Require all granted
    </Location>

    # Override default logging locations for Apache
    #ErrorLog /path/to/ztpserver_error.log
    #CustomLog /path/to/ztpserver_access.log
</VirtualHost>

Restart the ztps process:

# Restart Apache
admin@ztpserver:~# service apache2 restart

Explanation¶

It might seem counter-intuitive but the Apache configuration should use the Location directive to point at root. The desired change to the path is done by the ZTPServer server_url configuration value in /etc/ztpserver/ztpserver.conf.

Objective¶

I’d like all of the ZTPServer provisioning files to be owned by a particular user/group.

Solution¶

admin@ztpserver:~# chown -R myUser:myGroup /usr/share/ztpserver
admin@ztpserver:~# chmod -R ug+rw /usr/share/ztpserver

Explanation¶

The shell commands listed above set ownership and permissions for the default data_root location /usr/share/ztpserver. Be mindful that if you are running the ZTPServer WSGI App, the mod_wsgi daemon user must be able to read/write to these files.

Objective¶

My server has SELinux enabled and I’d like to set the ZTPServer file type so that Apache can read/write files in the data_root.

Solution¶

# For Fedora - httpd
admin@ztpserver:~# chcon -Rv --type=httpd_sys_script_rw_t /usr/share/ztpserver

# For Ubuntu - Apache
admin@ztpserver:~# chcon -R -h system_u:object_r:httpd_sys_script_rw_t /usr/share/ztpserver

Explanation¶

The shell commands listed above set the SELinux file attributes so that Apache can read/write to the files. This is often the case since /usr/share/ztpserver is not in the normal operating directory /var/www/. Note that the commands above are suggestions and you might consider tweaking them to suit your own environment.

Objective¶

I want to prepare my test device (vEOS or EOS) for use with the ZTPServer. This will put your switch into ZTP Mode, so backup any configs you want to save.

Solution¶

Log into your (v)EOS node, then:

switch-name> enable
switch-name# write erase
Proceed with erasing startup configuration? [confirm] y
switch-name# reload now

Explanation¶

ZTP Mode is enabled when a switch boots and there is no startup-config (or it’s empty) found in /mnt/flash/. Therefore, we use the write erase command to clear the current startup-config and use reload now to reboot the switch. When the switch comes up you will see it enter ZTP Mode and begin sending DHCP requests on all interfaces.

Objective¶

I want to provision my switch based upon its System MAC Address.

Solution¶

Log into your (v)EOS node to get its MAC Address. If it’s in ZTP Mode, just log in with username admin:

switch-name> show version

Confirm your ZTPServer Configuration will identify a node based upon its MAC:

admin@ztpserver:~# vi /etc/ztpserver/ztpserver.conf

Look for the line identifier and confirm it’s set to systemmac:

identifier = systemmac

Finally, let’s create a nodes directory for this device:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Move to the nodes directory, where all node information is stored
admin@ztpserver:~# cd nodes

# Create a directory using the MAC Address you found earlier
admin@ztpserver:~# mkdir 001122334455

Explanation¶

A node is considered to be statically provisioned when a directory with its System ID is already located in the nodes/ directory.

Note that the System ID can be the node’s System MAC Address or its Serial Number. In this case we chose to use the systemmac since vEOS nodes don’t have a Serial Number by default.

Just adding this directory is not enough to provision the node. The remaining recipes will finish off the task.

Objective¶

When my node is provisioned, I want it to be passed a static startup-config. This config will include some basic Management network info including syslog and ntp. It will set the admin user’s password to admin, and enable eAPI.

Solution¶

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Move to the specific node directory that you created earlier
admin@ztpserver:~# cd nodes/001122334455

# Create a startup-config
admin@ztpserver:~# vi startup-config

Copy and paste this startup-config, changing values where you see fit:

!
hostname test-node-1
ip name-server vrf default <DNS-SERVER-IP>
!
ntp server <NTP-SERVER-IP>
!
username admin privilege 15 role network-admin secret admin
!
interface Management1
 ip address <MGMT-IP-ADDRESS>/<SUBNET>
!
ip access-list open
 10 permit ip any any
!
ip route 0.0.0.0/0 <DEFAULT-GW>
!
ip routing
!
management api http-commands
 no shutdown
!
banner login
Welcome to $(hostname)!
This switch has been provisioned using the ZTPServer from Arista Networks
Docs: http://ztpserver.readthedocs.org/
Source Code: https://github.com/arista-eosplus/ztpserver
EOF
!
end

Explanation¶

When the ZTPServer receives a request from your node to begin provisioning, it will find the directory nodes/001122334455 and know that this node is statically configured. In this case, a startup-config must be present. In practice, the ZTPServer tells the node to perform the config_replace action with this file as the source.

Objective¶

I want to backup the latest startup-config from my node so that if I make changes or have to replace the node I have the latest copy.

Solution¶

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Move to the specific node directory that you created earlier
admin@ztpserver:~# cd nodes/001122334455

# Edit your startup-config
admin@ztpserver:~# vi startup-config

Add the following lines to your startup-config, changing values where needed:

event-handler configpush
 trigger on-startup-config
 ! For default VRF, make sure to update the ztpserver url
 action bash export SYSMAC=`FastCli -p 15 -c 'show ver | grep MAC | cut -d" " -f 5' | sed 's/[.]*//g'`; curl http://<ZTPSERVER-URL>:<PORT>/nodes/$SYSMAC/startup-config -H "content-type: text/plain" --data-binary @/mnt/flash/startup-config -X PUT
 ! For non-default VRF, update and use:
 ! action bash export SYSMAC=`FastCli -p 15 -c 'show ver | grep MAC | cut -d" " -f 5' | sed 's/[.]*//g'`; ip netns exec ns-<VRF-NAME> curl http://<ZTPSERVER-URL>:<PORT>/nodes/$SYSMAC/startup-config -H "content-type: text/plain" --data-binary @/mnt/flash/startup-config -X PUT

Explanation¶

By adding this line to the startup-config, this configuration will be sent down to the node during provisioning. From that point onward, the node will perform and HTTP PUT of the startup-config and the ZTPServer will overwrite the startup-config file in the node’s directory.

Objective¶

I want a specific (v)EOS version to be automatically installed when I provision my node.

Solution¶

Let’s create a place on the ZTPServer to host some SWIs:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Create an images directory
admin@ztpserver:~# mkdir -p files/images

# SCP your SWI into the images directory, name it whatever you like
admin@ztpserver:~# scp admin@otherhost:/tmp/vEOS.swi files/images/vEOS_4.14.5F.swi

Now let’s create a definition that performs the install_image action:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Move to the specific node directory that you created earlier
admin@ztpserver:~# cd nodes/001122334455

# Create a definition file
admin@ztpserver:~# vi definition

Add the following lines to your definition, changing values where needed:

---
name: static node definition
actions:
  -
    action: install_image
    always_execute: true
    attributes:
      url: files/images/vEOS_4.14.5F.swi
      version: 4.14.5F
    name: "Install 4.14.5F"

Explanation¶

The definition is where we list all of the actions we want the node to execute during the provisioning process. In this case we are hosting the SWI on the ZTPServer, so we just define the url in relation to the data_root. We could change the url to point to another server altogether - the choice is yours. The benefit in hosting the file on the ZTPServer is that we perform an extra checksum step to validate the integrity of the file.

In practice, the node requests its definition during the provisioning process. It sees that it’s supposed to perform the install_image action, so it requests the install_image python script. It then performs an HTTP GET for the url. Once it has these locally, it executes the install_image script.

Objective¶

Okay, enough reading and typing; let’s push some buttons!

Solution¶

Let’s run the ZTPServer in Standalone Mode since this is just a small test. Login to your ZTPServer:

# Start the ZTPServer - console loggin will appear
admin@ztpserver:~# ztps
INFO: [app:115] Logging started for ztpserver
INFO: [app:116] Using repository /usr/share/ztpserver
Starting server on http://<ZTPSERVER-URL>:<PORT>

Explanation¶

The easiest way to run the ZTPServer is in Standalone Mode - which is done by typing ztps in a shell. This will cause the configured interface and port to start listening for HTTP requests. Your DHCP server will provide the node with option bootfile-name "http://<ZTPSERVER-URL>:<PORT>/bootstrap" in the DHCP response, which lets the node know where to grab the bootstrap script.

A Quick Overview of the Provisioning Process for this Node

1. GET /bootstrap: The node gets the bootstrap script and begins executing it. The following requests are made while the bootstrap script is being executed.
2. GET /bootstrap/config: The node gets the bootstrap config which contains XMPP and Syslog information for the node to send logs to.
3. POST /nodes: The node sends information about itself in JSON format to the ZTPServer. The ZTPServer parses this info and finds the System MAC. It looks in the nodes/ directory and finds a match.
4. GET /nodes/001122334455: The node requests its definition and learns what resources it has to retrieve.
5. GET /actions/install_image: The node retrieves the install_image script.
6. GET /files/images/vEOS_4.14.5F.swi: The node retrieves the SWI referenced in the definition.
7. GET /meta/files/images/vEOS_4.14.5F.swi: The node retrieves the checksum of the SWI for validation and integrity.
8. GET /actions/replace_config: The node retrieves the replace_config script.
9. GET /nodes/001122334455/startup-config: The node retrieves the startup-config we created earlier.
10. GET /meta/nodes/001122334455/startup-config: The node retrieves the checksum of the startup-config.
11. Node Applies Config and Reboots
12. PUT /nodes/001122334455/startup-config: The node uploads its current startup-config.

Objective¶

I want to provision my switch based upon its System ID (System MAC Address or Serial Number).

Solution¶

Log into your (v)EOS node to get its System ID. If it’s in ZTP Mode, just log in with username admin:

switch-name> show version

Let’s create a node directory for this device:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Move to the nodes directory, where all node information is stored
admin@ztpserver:~# cd nodes

# Create a directory using the MAC Address you found earlier
admin@ztpserver:~# mkdir <SYSTEM_ID>

Explanation¶

A node is considered to be statically provisioned when a directory with its System ID is already located in the nodes/ directory.

Note that the System ID can be the node’s System MAC Address or its Serial Number.

Just adding this directory is not enough to provision the node. The remaining recipes will finish off the task. To successfully provision a node statically, you will need to create:

• startup-config
• pattern file - if Topology Validation is enabled
• definition - if you choose to apply other actions during provisioning

and place them in [data_root]/nodes/<SYSTEM_ID>.

Objective¶

I want the node to receive a startup-config during provisioning.

Solution¶

Create a file named startup-config in [data_root]/nodes/<SYSTEM_ID>/.

# Go to your data_root - by default it’s /usr/share/ztpserver admin@ztpserver:~# cd /usr/share/ztpserver

# Move to the node directory you created above. admin@ztpserver:~# cd nodes/<SYSTEM_ID>

# Create/edit the startup-config file admin@ztpserver:~# vi startup-config

Place the desired configuration into the startup-config. Here’s an example. Please change values where you see fit:

!
hostname test-node-1
ip name-server vrf default <DNS-SERVER-IP>
!
ntp server <NTP-SERVER-IP>
!
username admin privilege 15 role network-admin secret admin
!
interface Management1
 ip address <MGMT-IP-ADDRESS>/<SUBNET>
!
ip access-list open
 10 permit ip any any
!
ip route 0.0.0.0/0 <DEFAULT-GW>
!
ip routing
!
management api http-commands
 no shutdown
!
banner login
Welcome to $(hostname)!
This switch has been provisioned using the ZTPServer from Arista Networks
Docs: http://ztpserver.readthedocs.org/
Source Code: https://github.com/arista-eosplus/ztpserver
EOF
!
end

Explanation¶

A startup-config file is required when you statically provision a node. The format of the startup-config is the same as you are used to, which can be found on your switch at file:startup-config (/mnt/flash/startup-config)

Objective¶

I have created a static node directory and Topology Validation is enabled, so I would like to make sure everything is wired up correctly before provisioning a node.

Solution¶

Create a file named pattern in [data_root]/nodes/<SYSTEM_ID>/ and define the LLDP associations.

# Go to your data_root - by default it’s /usr/share/ztpserver admin@ztpserver:~# cd /usr/share/ztpserver

# Move to the node directory you created above. admin@ztpserver:~# cd nodes/<SYSTEM_ID>

# Create/edit the pattern file admin@ztpserver:~# vi pattern

Example 1: Match any neighbor

This pattern essentially disables Topology Validation.

---
name: Match anything
interfaces:
  - any: any:any

Example 2: Match any interface on a specific neighbor

This pattern says, the node being provisioned must be connected to a neighbor with hostname pod1-spine1 but it can be connected to any peer interface.

---
name: Anything on pod1-spine1
interfaces:
  - any: pod1-spine1:any

Example 3: Match specific interface on a specific neighbor

This pattern says, the node being provisioned must be connected to a neighbor with hostname pod1-spine1 on Ethernet1.

---
name: Anything on pod1-spine1
interfaces:
  - any: pod1-spine1:Ethernet1

Example 4: Make sure I’m not connected to a node

This pattern is the same as Example #2, but we add another check to make sure the node being provisioned is not connected to any spines in pod2.

---
name: Not connected to anything in pod2
interfaces:
  - any: pod1-spine1:any
  - any: regex('pod2-spine\d+'):none
  - none: regex('pod2-spine\d+'):any #equivalent to line above

Example 5: Using variables in the pattern

This pattern is similar to what you’ve seen above except we use variables to make things easier.

---
name: Not connected to any spine in pod2
variables:
  - not_pod2: regex('pod2-spine\d+')
interfaces:
  - any: pod1-spine1:any
  - any: $not_pod2:none

Explanation¶

Pattern files are YAML-based and are the underpinnings of Topology Validation. A node will not be successfully provisioned if it cannot pass all of the interface tests contained within the pattern file. The examples above are just a small sample of the complex associations you can create. Take a look at the neighbordb section to learn more.

Objective¶

Aside from sending the node a startup-config, I’d like to upgrade the node to a specific v(EOS) version.

Solution¶

These types of system changes are accomplished via the definition file. The definition is a YAML-based file with a section for each action that you want to execute.

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Create an images directory
admin@ztpserver:~# mkdir -p files/images

# SCP your SWI into the images directory, name it whatever you like
admin@ztpserver:~# scp admin@otherhost:/tmp/vEOS.swi files/images/vEOS_4.14.5F.swi

Now let’s create a definition that performs the install_image action:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Move to the specific node directory that you created earlier
admin@ztpserver:~# cd nodes/<SYSTEM_ID>

# Create a definition file
admin@ztpserver:~# vi definition

Add the following lines to your definition, changing values where needed:

---
name: static node definition
actions:
  -
    action: install_image
    always_execute: true
    attributes:
      url: files/images/vEOS_4.14.5F.swi
      version: 4.14.5F
    name: "Install 4.14.5F"

Explanation¶

The definition is where we list all of the actions we want the node to execute during the provisioning process. In this case we are hosting the SWI on the ZTPServer, so we just define the url in relation to the data_root. We could change the url to point to another server altogether - the choice is yours. The benefit in hosting the file on the ZTPServer is that we perform an extra checksum step to validate the integrity of the file.

In practice, the node requests its definition during the provisioning process. It sees that it’s supposed to perform the install_image action, so it requests the install_image python script. It then performs an HTTP GET for the url. Once it has these locally, it executes the install_image script.

Objective¶

I want to use variables in my definition and abstract the values to a unique file. These variables will be sent down to the node during provisioning and be used while the node is executing the actions listed in the definition.

Solution¶

Create a file named attributes in [data_root]/nodes/<SYSTEM_ID>/.

# Go to your data_root - by default it’s /usr/share/ztpserver admin@ztpserver:~# cd /usr/share/ztpserver

# Move to the node directory you created above. admin@ztpserver:~# cd nodes/<SYSTEM_ID>

# Move to the node directory you created above. admin@ztpserver:~# vi attributes

Here’s the different type of ways to define the attributes:

Example 1: A simple key/value pair

---
ntp_server: ntp.example.com
dns_server: ns1.example.com

Example 2: key/dictionary

---
system_config:
  ntp: ntp.example.com
  dns: ns1.example.com

Example 3: key/list (note the hyphens)

---
dns_servers:
  - ns1.example.com
  - ns2.example.com
  - ns3.example.com
  - ns4.example.com

Example 4: Referencing another variable

---
ntp_server: ntp.example.com
other_var: $ntp_server

Borrowing from the definition recipe above, we can replace some values with variables from the attributes file:

nodes/<SYSTEM_ID>/definition

---
name: static node definition
actions:
  -
    action: install_image
    always_execute: true
    attributes:
      url: $swi_url
      version: $swi_version
    name: $swi_name

and the nodes/<SYSTEM_ID>/attributes

---
swi_url: files/images/vEOS_4.14.5F.swi
swi_version: 4.14.5F
swi_name: "Install 4.14.5F"

Explanation¶

The attributes file is optional. The variables that are contained within it are sent to the node during provisioning. In the final example above you can see how the attributes file and definition work in concert. Note that the ZTPServer performs variable substitution when the node requests the definition via GET /nodes/<SYSTEM_ID>. By removing the static values from the definition, we can use the same definition for multiple nodes (using symlink) and just create unique attributes files in the node’s directory.

It’s important to note that these variables can exist in different places and accomplish the same task. In this recipe we created a unique attributes file, which lives in the node’s directory. You can also put these attributes directly into the definition file like the example below.

Example: At the global scope of the definition

---
name: static node definition
actions:
  -
    action: install_image
    always_execute: true
    attributes:
      url: $swi_url
      version: $swi_version
    name: $swi_name
attributes:
  swi_url: files/images/vEOS_4.14.5F.swi
  swi_version: 4.14.5F
  swi_name: "Install 4.14.5F"

Objective¶

I’d like to use the same definition for multiple static node directories without manually updating each one.

Solution¶

Create one definition in the [data_root]/definitions folder and create a symlink to the specific [data_root]/nodes/<SYSTEM_ID>/ folder.

``[data_root]/definitions/static_node_definition

---
name: static node definition
actions:
  -
    action: install_image
    always_execute: true
    attributes:
      url: $swi_url
      version: $swi_version
    name: $swi_name

and the nodes/<SYSTEM_ID>/attributes

---
swi_url: files/images/vEOS_4.14.5F.swi
swi_version: 4.14.5F
swi_name: "Install 4.14.5F"

then create the symlink

# Go to your node's unique directory
admin@ztpserver:~# cd /usr/share/ztpserver/nodes/<SYSTEM_ID>

# Create the symlink
admin@ztpserver:~# ln -s /usr/share/ztpserver/definitions/static_node_definition ./definition

Explanation¶

The steps above let you reuse a single definition file for many static nodes. Note that the variables are located in the attributes file in the nodes/<SYSTEM_ID>/ folder.

Objective¶

I want to provision a node without knowing anything about it. I just want it to receive a default configuration.

Solution¶

You can accomplish this by using neighbordb. Neighbordb contains associations between LLDP neighbor patterns and definitions. So if we use a pattern that matches anything, we can use it to assign a simple, default definition.

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Modify your neighbordb
admin@ztpserver:~# vi neighbordb

Add the following lines to your definition, changing values where needed:

---
patterns:
  - name: Default Pattern
    definition: default
    interfaces:
      - any: any:any

If you happen to be provisioning a node in isolation and the node does not have any neighbors, use the following pattern:

---
patterns:
  - name: Default Pattern
    definition: default
    interfaces:
      - none: none:none

Then add a definition to [data_root]/definitions/default

Explanation¶

By placing this pattern in your neighbordb, the ZTPServer will allow this node to be provisioned and will assign it the default definition. Use caution when placing this pattern in your neighbordb as it might allow nodes to receive the default definition when you intend them to receive another pattern.

Objective¶

I want my node to be dynamically provisioned based upon a specific LLDP neighbor association.

Solution¶

Modify your neighbordb:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Modify your neighbordb
admin@ztpserver:~# vi neighbordb

Then add the pattern that includes the required match.

---
patterns:
  - name: tora for pod1
    definition: tora
    interfaces:
      - Ethernet1: dc1-pod1-spine1:Ethernet1

This pattern says that the node being provisioned must have a connection between its Ethernet1 and dc1-pod1-spine1’s Ethernet1.

Explanation¶

In this recipe we use neighbordb to link a pattern with a definition. When a node executes the bootstrap script it will send the ZTPServer some information about itself. The ZTPServer will not find any existing directory with the node’s System-ID (System MAC or Serial Number depending upon your configuration) so it next checks neighbordb to try and find a match. The ZTPServer will analyze the nodes LLDP neighbors, find the match in neighbordb and then apply the tora definition.

Objective¶

I want my node to be dynamically provisioned and I’d like to match certain neighbors using regex.

Solution¶

Modify your neighbordb:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Modify your neighbordb
admin@ztpserver:~# vi neighbordb

Then add the pattern that includes the required match.

---
patterns:
  - name: tora for pod1
    definition: tora
    interfaces:
      - Ethernet1: regex('dc1-pod1-spine\D+'):Ethernet1

This pattern says that the node being provisioned must have a connection between its Ethernet1 and any dc1-pod1-spines Ethernet1.

Explanation¶

In this recipe we use neighbordb to link a pattern with a definition. When a node executes the bootstrap script it will send the ZTPServer some information about itself. The ZTPServer will not find any existing directory with the node’s System-ID (System MAC or Serial Number depending upon your configuration) so it next checks neighbordb to try and find a match. The ZTPServer will analyze the nodes LLDP neighbors, find the match in neighbordb and then apply the tora definition.

Objective¶

Topology Validation uses LLDP Neighbor information to make sure you have everything wired up correctly. Topology Validation is enabled/disabled in the main ztpserver.conf configuration file.

Solution¶

Open up the global ZTPServer configuration file:

admin@ztpserver:~# vi /etc/ztpserver/ztpserver.conf

Look for the line disable_topology_validation

# To disable Topology Validation
disable_topology_validation = True

#To enable Topology Validation
disable_topology_validation = False

Restart the ztps process:

# If using Apache WSGI
admin@ztpserver:~# service apache2 restart

# If running in Standalone Mode, stop ztps
admin@ztpserver:~# pkill ztps

# Then start it again
admin@ztpserver:~# ztps

Explanation¶

This configuration option enables/disables Topology Validation. This feature is extremely powerful and can help you confirm all of your nodes are wired up correctly. See the recipes below to learn more about the flexibility of Topology Validation.

Objective¶

I want to provision a node without knowing anything about it. I just want it to receive a default configuration.

Solution¶

You can accomplish this by using neighbordb. Neighbordb contains associations between LLDP neighbor patterns and definitions. So if we use a pattern that matches anything, we can use it to assign a simple, default definition.

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Modify your neighbordb
admin@ztpserver:~# vi neighbordb

Add the following lines to your definition, changing values where needed:

---
patterns:
  - name: Default Pattern
    definition: default
    interfaces:
      - any: any:any

If you happen to be provisioning a node in isolation and the node does not have any neighbors, use the following pattern:

---
patterns:
  - name: Default Pattern
    definition: default
    interfaces:
      - none: none:none

Then add a definition to [data_root]/definitions/default

Explanation¶

By placing this pattern in your neighbordb, the ZTPServer will allow this node to be provisioned and will assign it the default definition. Use caution when placing this pattern in your neighbordb as it might allow nodes to receive the default definition when you intend them to receive another pattern.

Objective¶

I want my node to be dynamically provisioned based upon a specific LLDP neighbor association.

Solution¶

Modify your neighbordb:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Modify your neighbordb
admin@ztpserver:~# vi neighbordb

Then add the pattern that includes the required match.

---
patterns:
  - name: tora for pod1
    definition: tora
    interfaces:
      - Ethernet1: dc1-pod1-spine1:Ethernet1

This pattern says that the node being provisioned must have a connection between its Ethernet1 and dc1-pod1-spine1’s Ethernet1.

Explanation¶

In this recipe we use neighbordb to link a pattern with a definition. When a node executes the bootstrap script it will send the ZTPServer some information about itself. The ZTPServer will not find any existing directory with the node’s System-ID (System MAC or Serial Number depending upon your configuration) so it next checks neighbordb to try and find a match. The ZTPServer will analyze the nodes LLDP neighbors, find the match in neighbordb and then apply the tora definition.

Objective¶

I want my node to be dynamically provisioned and I’d like to match certain neighbors using regex.

Solution¶

Modify your neighbordb:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Modify your neighbordb
admin@ztpserver:~# vi neighbordb

Then add the pattern that includes the required match.

---
patterns:
  - name: tora for pod1
    definition: tora
    interfaces:
      - Ethernet1: regex('dc1-pod1-spine\D+'):Ethernet1

This pattern says that the node being provisioned must have a connection between its Ethernet1 and any dc1-pod1-spines Ethernet1.

Explanation¶

In this recipe we use neighbordb to link a pattern with a definition. When a node executes the bootstrap script it will send the ZTPServer some information about itself. The ZTPServer will not find any existing directory with the node’s System-ID (System MAC or Serial Number depending upon your configuration) so it next checks neighbordb to try and find a match. The ZTPServer will analyze the nodes LLDP neighbors, find the match in neighbordb and then apply the tora definition.

Objective¶

I want my node to be dynamically provisioned and I’d like to match certain neighbors as long as the neighbor hostname includes a certain string.

Solution¶

Modify your neighbordb:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Modify your neighbordb
admin@ztpserver:~# vi neighbordb

Then add the pattern that includes the required match.

---
patterns:
  - name: tora for pod1
    definition: tora
    interfaces:
      - Ethernet1: includes('dc1-pod1'):Ethernet1

This pattern says that the node being provisioned must have a connection between its Ethernet1 and any hostname that includes dc1-pod1 Ethernet1.

Explanation¶

In this recipe we use neighbordb to link a pattern with a definition. When a node executes the bootstrap script it will send the ZTPServer some information about itself. The ZTPServer will not find any existing directory with the node’s System-ID (System MAC or Serial Number depending upon your configuration) so it next checks neighbordb to try and find a match. The ZTPServer will analyze the nodes LLDP neighbors, find the match in neighbordb and then apply the tora definition.

Objective¶

I want my node to be dynamically provisioned and I’d like to match certain neighbors as long as the neighbor hostname excludes a certain string.

Solution¶

Using the excludes() function allows you to match the inverse of the includes() function.

Modify your neighbordb:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Modify your neighbordb
admin@ztpserver:~# vi neighbordb

Then add the pattern that includes the required match.

---
patterns:
  - name: tora for pod1
    definition: tora
    interfaces:
      - Ethernet1: includes('dc1-pod1'):Ethernet1
      - any: excludes('spine'):Ethernet50

This pattern says that the node being provisioned must have a connection between its Ethernet1 and any hostname that includes dc1-pod1 Ethernet1.

Explanation¶

In this recipe we use neighbordb to link a pattern with a definition. When a node executes the bootstrap script it will send the ZTPServer some information about itself. The ZTPServer will not find any existing directory with the node’s System-ID (System MAC or Serial Number depending upon your configuration) so it next checks neighbordb to try and find a match. The ZTPServer will analyze the nodes LLDP neighbors, find the match in neighbordb and then apply the tora definition.

Objective¶

I want to use one of the built-in actions in my definition file.

Solution¶

You can choose any of the pre-built actions to include in your definition.

In this example we’ll copy a python script to the node and set its permissions.

---
actions:
  -
    action: copy_file
    always_execute: true
    attributes:
      dst_url: /mnt/flash/
      mode: 777
      overwrite: if-missing
      src_url: files/automate/bgpautoinf.py
    name: "automate BGP peer interface config"

Explanation¶

Here we add the copy_file action to our definition. The attributes listed in the action will be passed to the node so that it is able to retrieve the script from [SERVER_URL]/files/automate/bgpautoinf.py. Since we are using overwrite: if-missing, the action will only copy the file to the node if it does not already exist.

Objective¶

I want to use a variable throughout my definition without having to define it more than once.

Solution¶

You can accomplish this by adding an attributes section at the root level of your definition file.

In this example, we have two different actions that reference the same $mode and $dst variables.

---
actions:
  -
    action: copy_file
    always_execute: true
    attributes:
      dst_url: $dst
      mode: $mode
      overwrite: if-missing
      src_url: files/automate/bgpautoinf.py
    name: "Copy automate BGP script to node"
  -
    action: copy_file
    always_execute: true
    attributes:
      dst_url: $dst
      mode: $mode
      overwrite: if-missing
      src_url: files/automate/superautomate.py
    name: "Copy awesome script to my node"
  -
    action: add_config
    attributes:
      url: files/templates/ma1.template
      variables:
        ipaddress: $ip
    name: "configure ma1"
  -
    action: add_config
    attributes:
      url: files/templates/xmpp.template
      variables: $variables
    name: "configure ma1"

attributes:
  dst: /mnt/flash
  mode: 777
  ip: 192.168.0.50
  variables:
    domain: im.example.com
    user: myXmmpUser
    passwd: secret
    room: myAwesomeRoom

Explanation¶

This example shows how to use global variables within the definition. It’s important to see the difference between using variables to define attributes of the action versus variables that get used within the template in an add_config action. See how the ipaddress variable is nested within a variables key? Also, you can create a list in the attributes section and pass the entire list into the action as shown in the XMPP config action.

Objective¶

I want to send specific messages to my syslog and/or XMPP servers while an action is executing. Especially, if something goes wrong, I’d like to add a helpful message so the engineer knows who to contact.

Solution¶

The node being provisioned will send predefined logs to the endpoints defined in [data_root]/bootstrap/bootstrap.conf, but you can send additional client-side logs by adding a few attributes to your definition.

Let’s add some specific status messages to the definition below.

---
actions:
  -
    action: copy_file
    always_execute: true
    attributes:
      dst_url: $dst
      mode: $mode
      overwrite: if-missing
      src_url: files/automate/bgpautoinf.py
    name: "Copy automate BGP script to node"
    onstart: "Starting the action to copy the BGP script"
    onsuccess: "SUCCESS: The BGP script has been copied"
    onfailure: "ERROR: Failed to copy script - contact admin@example.com"
attributes:
  dst: /mnt/flash
  mode: 777

Explanation¶

Here we make use of three specific keywords: onstart, onsuccess and onfailure. By adding these keys to your definition, the node will generate this message while it is being provisioned. As mentioned above, this message will be sent to all of the logging destinations defined in [data_root]/bootstrap/bootstrap.conf.

Objective¶

In order to keep your provisioning data modular, you may want to break apart configuration blocks into small code blocks. You can use the add_config action to place a block on code on the node.

Solution¶

Example 1: Add a static block of configuration to your node

First, create a template file with the desired configuration.

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Make sure you have a directory for templates
admin@ztpserver:~# mkdir -p files/templates

# Create a static config block
admin@ztpserver:~# vi files/templates/east-dns.template

!
ip name-server vrf default east.ns1.example.com
!

Then add the add_config action to your definition:

---
actions:
  -
    action: add_config
    attributes:
      url: files/templates/east-dns.template
    name: "Add East DNS Server"

Explanation¶

Here we defined a simple action that adds configuration to the node during provisioning. The url in this case is relative to [data_root]/url. It’s important to realize that the ZTPServer does not compile these configuration blocks into a startup-config and then send a single file to the node. Rather, the node executes each action independently, building the configuration in a module fashion. If you are interested in performing variable substitution in your templates to make them more flexible, see the next recipe.

Objective¶

I want to keep my templates flexible by using variables. In some cases, I’d like to assign a variable from a resource pool.

Solution¶

First, create a template file with the desired configuration. In this recipe let’s configure interface Management1.

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Make sure you have a directory for templates
admin@ztpserver:~# mkdir -p files/templates

# Create a static config block
admin@ztpserver:~# vi files/templates/ma1.template

Paste this config into the template:

!
interface Management1
  ip address $ipaddress
  no shutdown
!

Then add the add_config action to your definition:

---
actions:
  -
    action: add_config
    attributes:
      url: files/templates/ma1.template
      variables:
        ipaddress: allocate("mgmt_subnet")
    name: "Configure Ma1"

Then create a resource pool called mgmt_subnet:

# Create a resource pool
admin@ztpserver:~# vi resources/mgmt_subnet

Paste the following into mgmt_subnet:

192.0.2.10/24: null
192.0.2.11/24: null
192.0.2.12/24: null
192.0.2.13/24: null

Explanation¶

This recipe ties a few different concepts together. From a high-level, the definition contains an action, add_config, which references a configuration block, ma1.template. Further, we use a variable, $ipaddress in the template file so that the template can be used for all nodes being provisioned. The final piece is the use of the allocate() plugin, which dynamically assigns a key from the associated file-based resource pool.

In practice, when a node requests its definition the ZTPServer will execute the allocate("mgmt_subnet") plugin and assign a key from the pool. The ZTPServer will then write the SYSTEM_ID as the value, overwriting null.

If you wanted to use the assigned value elsewhere in the definition, simply call allocate(mgmt_subnet) and the plugin will not assign a new value, rather it will return the key already assigned. Note that this is an implementation-detail specific to this particular plugin - other plugins might vary (please read the associated documentation for each).

The result would look like:

192.0.2.10/24: <SYSTEM_ID>
192.0.2.11/24: null
192.0.2.12/24: null
192.0.2.13/24: null

Objective¶

I have a complete startup-config that I want to apply during provisioning. I want to completely replace what’s already on the node.

Solution¶

First, create the startup-config with the desired configuration.

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Make sure you have a directory for templates
admin@ztpserver:~# mkdir -p files/configs

# Create a startup-config
admin@ztpserver:~# vi files/configs/tor-startup-config

!
hostname test-node-1
ip name-server vrf default <DNS-SERVER-IP>
!
ntp server <NTP-SERVER-IP>
!
username admin privilege 15 role network-admin secret admin
!
interface Management1
 ip address <MGMT-IP-ADDRESS>/<SUBNET>
!
ip access-list open
 10 permit ip any any
!
ip route 0.0.0.0/0 <DEFAULT-GW>
!
ip routing
!
management api http-commands
 no shutdown
!
banner login
Welcome to $(hostname)!
This switch has been provisioned using the ZTPServer from Arista Networks
Docs: http://ztpserver.readthedocs.org/
Source Code: https://github.com/arista-eosplus/ztpserver
EOF
!
end

Then add the replace_config action to your definition:

---
actions:
  -
    action: replace_config
    attributes:
      url: files/configs/tor-startup-config
    name: "Replace entire startup-config"

Explanation¶

This action simply replaces the startup-config which lives in /mnt/flash/startup-config.

Objective¶

I want to copy a file to the node during the provisioning process and then set its permissions.

Solution¶

In this example we’ll copy a python script to the node and set its permissions.

---
actions:
  -
    action: copy_file
    always_execute: true
    attributes:
      dst_url: /mnt/flash/
      mode: 777
      overwrite: if-missing
      src_url: files/automate/bgpautoinf.py
    name: "automate BGP peer interface config"

Explanation¶

Here we add the copy_file action to our definition. The attributes listed in the action will be passed to the node so that it is able to retrieve the script from [SERVER_URL]/files/automate/bgpautoinf.py. Since we are using overwrite: if-missing, the action will only copy the file to the node if it does not already exist.

You could define the url as any destination the node can reach during provisioning - the file does not need to exist on the ZTPServer.

Objective¶

I want a specific (v)EOS version to be automatically installed when I provision my node.

Solution¶

Let’s create a place on the ZTPServer to host some SWIs:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Create an images directory
admin@ztpserver:~# mkdir -p files/images

# SCP your SWI into the images directory, name it whatever you like
admin@ztpserver:~# scp admin@otherhost:/tmp/vEOS.swi files/images/vEOS_4.14.5F.swi

Now let’s create a definition that performs the install_image action:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Create a definition file
admin@ztpserver:~# vi definitions/tor-definition

Add the following lines to your definition, changing values where needed:

---
name: static node definition
actions:
  -
    action: install_image
    always_execute: true
    attributes:
      url: files/images/vEOS_4.14.5F.swi
      version: 4.14.5F
    name: "Install 4.14.5F"

Explanation¶

In this case we are hosting the SWI on the ZTPServer, so we just define the url in relation to the data_root. We could change the url to point to another server altogether - the choice is yours. The benefit of hosting the file on the ZTPServer is that we perform an extra checksum step to validate the integrity of the file.

In practice, the node requests its definition during the provisioning process. It sees that it’s supposed to perform the install_image action, so it requests the install_image python script. It then performs an HTTP GET for the url. Once it has these locally, it executes the install_image script.

Objective¶

I want to install an extension on my node automatically.

Solution¶

Let’s create a place on the ZTPServer to host the RPMs:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Create an images directory
admin@ztpserver:~# mkdir -p files/rpms

# SCP your SWI into the images directory, name it whatever you like
admin@ztpserver:~# scp admin@otherhost:/tmp/myRPM.rpm files/rpms/myRPM.rpm

Now let’s create a definition that performs the install_extension action:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Create a definition file
admin@ztpserver:~# vi definitions/tor-definition

Add the following lines to your definition, changing values where needed:

---
name: static node definition
actions:
  -
    action: install_extension
    always_execute: true
    attributes:
      url: files/rpms/myRPM.rpm
    name: "Install myRPM extension"

Explanation¶

The install_extension will copy the RPM defined in the url parameter and copy it to the default extension directory, /mnt/flash/.extensions

Objective¶

I’d like to add a new resource pool of IP addresses so that I can assign a new IP to each node that gets provisioned.

Solution¶

Create the resource pool

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Create a resource pool file
admin@ztpserver:~# vi resources/mgmt_ip

192.168.0.2/24: null
192.168.0.3/24: null
192.168.0.4/24: null
192.168.0.5/24: null
192.168.0.6/24: null
192.168.0.7/24: null
192.168.0.8/24: null
192.168.0.9/24: null
192.168.0.10/24: null

Explanation¶

Resource Pool files are just key: value files. The default value for each key should be null. This makes the key available for assignment. If you would like to pre-assign a specific node with a particular key, then just put the node’s node_id in place of null. Resource Pools are analyzed when the allocate(pool_name) function is run from a definition. Note that you can also use the allocate() function to perform a lookup when a node has already been assigned a key.

Objective¶

I’d like to reset the values of a resource pool so that all values return to null.

Solution¶

You can use the ztps command line to perform this action.

admin@ztpserver:~# ztps --clear-resources

Explanation¶

Clearing all resource pools can be done via the command line on the ZTPServer. The command will analyze data_root/resources and any file that exists in that directory that resembles a ZTPServer resource pool will be cleared.

Objective¶

I want to automatically push the startup-config from each node to the corresponding /nodes/ folder whenever changes are made on the node.

Solution¶

The ZTPServer accepts HTTP PUT requests at nodes/<node_id>/startup-config. Therefore, we can configure and event-handler on the node during provisioning which will perform this PUT anytime the startup-config is saved.

1. Create event-handler template

Choose the option that best fits your deployment. The variations are Serial Number or System Mac Address, and Default VRF or Non-Default VRF.

Copy and paste the option text into a new template in:

# Go to your data_root - by default it's /usr/share/ztpserver
admin@ztpserver:~# cd /usr/share/ztpserver

# Make sure you have a directory for templates
admin@ztpserver:~# mkdir -p files/templates

# Create a static config block
admin@ztpserver:~# vi files/templates/config-push.template

Option 1: Using SystemMac and Default VRF

event-handler configpush
 trigger on-startup-config
 action bash export SYSMAC=`FastCli -p 15 -c 'show ver | grep MAC | cut -d" " -f 5' | sed 's/[.]*//g'`; curl http://$ztpserver:$port/nodes/$SYSMAC/startup-config -H "content-type: text/plain" --data-binary @/mnt/flash/startup-config -X PUT

Option 2: Using SystemMac and Non-Default VRF

event-handler configpush
 trigger on-startup-config
 ! For non-default VRF, use:
 action bash export SYSMAC=`FastCli -p 15 -c 'show ver | grep MAC | cut -d" " -f 5' | sed 's/[.]*//g'`; sudo ip netns exec ns-$vrf_name curl http://$ztpserver:$port/nodes/$SYSMAC/startup-config -H "content-type: text/plain" --data-binary @/mnt/flash/startup-config -X PUT

Option 3: Using Serial Number and Default VRF

event-handler configpush
 trigger on-startup-config
 ! For serial number, default VRF:
 action bash export SERIAL=`FastCli -p 15 -c 'show ver' | grep Serial | tr -s ' ' | cut -d ' ' -f 3 | tr -d '\r'`; curl http://$ztpserver:$port/nodes/$SERIAL/startup-config -H "content-type: text/plain" --data-binary @/mnt/flash/startup-config -X PUT

Option 4: Using Serial Number and Non-Default VRF

event-handler configpush
 trigger on-startup-config
 ! For serial number, non-default VRF:
 action bash export SERIAL=`FastCli -p 15 -c 'show ver' | grep Serial | tr -s ' ' | cut -d ' ' -f 3 | tr -d '\r'`; sudo ip netns exec ns-$vrf_name curl http://$ztpserver:$port/nodes/$SERIAL/startup-config -H "content-type: text/plain" --data-binary @/mnt/flash/startup-config -X PUT

Explanation¶

(add explanation here)

Objective¶

I want to use a single USB key to bootstrap my entire data center fabric.

Solution¶

Follow the steps below:

1. Obtain an USB key that’s at least 4GB and format it with either MS-DOS or FAT file system
2. Copy all the files listed in the “Files Needed” section onto the USB key
3. Plug the USB key into the USB port on the first SPINE switch
4. Sit back and watch your data center network fabric bring itself up!

Explanation¶

The USB key method leverages the Arista Password Recovery mechanism. When the fullrecover and boot-config file is present on the USB key, the system will check the timestamp on the boot-config file.If the timestamp is different, all files on the USB key will be copied to the flash on the switch, and the switch will be rebooted and come up with the startup-config and the EOS.swi included on the USB key.

Action attributes¶

The bootstrap script will pass in as argument to the main method of each action a special object called ‘attributes’. The only API the action needs to be aware for this object is the ‘get’ method, which will return the value of an attribute, as configured on the server:

• the value can be local to a particular action or global
• if an attribute is defined at both the local and global scopes, the local value takes priority
• if an attribute is not defined at either the local or global level, then the ‘get’ method will return None

e.g. (action code)

def main(attributes):
    print attributes.get(‘software_image’)

Besides the values coming from the server, a couple of special entries* (always upper case) are also contained in the attributes object:

• ‘NODE’: a node object for making eAPI calls to localhost. See the Bootstrap Client documentation.

e.g. (action_code)

def main(attributes):
    print attributes.get(‘NODE’).api_enable_cmds([‘show version’])

Bootstrap URLs¶

1. DHCP response contains the URL pointing to the bootstrap script on the server

2. The location of the server is hardcoded in the bootstrap script, using the SERVER global variable. The bootstrap script uses this base address in order to generate the URL to use in order to GET the logging details: BASE_URL/config e.g.

   SERVER = ‘http://my-bootstrap-server:80’   # Note that the port and the transport mechanism
                                              # is included in the URL
   

3. The bootstrap script uses the SERVER base address in order to compute the URL to use in order to POST the node’s information: BASE_URL/config

4. The bootstrap script uses the ‘location’ header in the POST reply as the URL to use in order to request the definition

5. Actions and resources URLs& are computed by using the base address in the bootstrap script: BASE_URL/actions/, BASE_URL/files/

GET bootstrap script¶

GET /bootstrap¶

Returns the default bootstrap script

Request

GET /bootstrap HTTP/1.1

Response

Content-Type: text/x-python
<contents of bootstrap client script>

Response Headers:
	Content-Type – text/x-python
Status Codes:	200 OK – OK

• if the server_url variable is missing from the server’s global configuration file, ‘http://ztpserver:8080‘ is used by default
• if the $SERVER string is missing from the bootstrap script, the controller will log a warning message and continue

GET bootstrap logging configuration¶

GET /bootstrap/config¶

Returns the logging configuration from the server.

Request

GET /bootstrap/config HTTP/1.1

Response

Content-Type: application/json
{
    “logging”*: [ {
        “destination”: “file:/<PATH>” | “<HOSTNAME OR IP>:<PORT>”,   //localhost enabled
                                                                    //by default
        “level”*:        <DEBUG | CRITICAL | ...>,
    } ]
},
    “xmpp”*:{
        “server”:           <IP or HOSTNAME>,
        “port”:             <PORT>,                 // Optional, default 5222
        “username”*:        <USERNAME>,
        “domain”*:          <DOMAIN>,
        “password”*:        <PASSWORD>,
        “nickname”:         <NICKNAME>,             // Optional, default ‘username’
        “rooms”*:           [ <ROOM>, … ]
        }
    }
}

Note: * Items are mandatory (even if value is empty list/dict)

Response Headers:
	Content-Type – application/json
Status Codes:	200 OK – OK

POST node details¶

Send node information to the server in order to check whether it can be provisioned.

POST /nodes¶

Request

Content-Type: application/json
{
    “model”*:             <MODEL_NAME>,
    “serialnumber”*:      <SERIAL_NUMBER>,
    “systemmac”*:         <SYSTEM_MAC>,
    “version”*:           <INTERNAL_VERSION>,
    “neighbors”*: {
        <INTERFACE_NAME(LOCAL)>: [ {
            'device':             <DEVICE_NAME>,
            'remote_interface':   <INTERFACE_NAME(REMOTE)>
        } ]
    },
}

Note: * Items are mandatory (even if value is empty list/dict)

Response

Status: 201 Created OR 409 Conflict will both return:

Content-Type: text/html
Location: <url>

Status Codes:	201 Created – Created 409 Conflict – Conflict 400 Bad Request – Bad Request

GET node definition¶

Request definition from the server.

GET /nodes/(ID)¶

Request

GET /nodes/{ID} HTTP/1.1
Accept: application/json

Response

Content-Type: application/json
{
    “name”*: <DEFINITION_NAME>

    “actions”*: [{ “action”*:         <NAME>*,
                “description”:     <DESCRIPTION>,
                “onstart”:         <MESSAGE>,
                “onsuccess”:       <MESSAGE>,
                “onfailure”:       <MESSAGE>,
                “always_execute”:  [True, False],
                “attributes”: { <KEY>: <VALUE>,
                                <KEY>: { <KEY> : <VALUE>},
                                <KEY>: [ <VALUE>, <VALUE> ]
                                }
                },...]
}

Note: * Items are mandatory (even if value is empty list/dict)

Response Headers:
	Content-Type – application/json
Status Codes:	200 OK – OK 400 Bad Request – Bad Request 404 Not Found – Not Found

PUT node startup-config¶

This is used to backup the startup-config from a node to the server.

PUT /nodes/(ID)/startup-config¶

Request

Content-Type: text/plain
<startup-config contents>

Status Codes:	201 Created – Created 400 Bad Request – Bad Request

GET node startup-config¶

This is used to retrieve the startup-config that was backed-up from a node to the server.

GET /nodes/(ID)/startup-config¶

Request

Content-Type: text/plain

Response

Status: 201 Created OR 409 Conflict will both return:

Content-Type: text/plain
<startup-config contents>

Response Headers:
	Content-Type – text/plain
Status Codes:	200 OK – OK 400 Bad Request – Bad Request

GET actions/(NAME)¶

GET /actions/(NAME)¶

Request action from the server.

Request Example

GET /actions/add_config HTTP/1.1

Response

Content-Type: text/x-python
<raw action content>

Response Headers:
	Content-Type – text/x-python
Status Codes:	200 OK – OK 404 Not Found – Not Found

GET resource files¶

GET /files/(RESOURCE_PATH)¶

Request action from the server.

Request Examples

GET /files/images/vEOS.swi HTTP/1.1
GET /files/templates/ma1.template HTTP/1.1

Response

<raw resource contents>

:resheader Content-Type:text/plain :statuscode 200: OK :statuscode 404: Not Found

GET meta data for a resource or file¶

GET /meta/(actions|files|nodes)/(PATH_INFO)¶

Request meta-data on a file.

Example Requests

GET /meta/actions/add_config HTTP/1.1
GET /meta/files/images/EOS-4.14.5F.swi HTTP/1.1
GET /meta/nodes/001122334455/.node HTTP/1.1

Response

{
  sha1: "d3852470a7328a4aad54ce030c543fdac0baa475"
  size: 160
}

:resheader Content-Type:application/json :statuscode 200: OK :statuscode 500: Server Error