Professional Documents
Culture Documents
Release 1.5.4
2 Installation Guide 9
2.1 Install Setup Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.2 Install via Vagrant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.3 Install via Ansible Playbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.4 Configure DHCP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.5 Enable DHCP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3 Operations Guide 13
3.1 Device Tracking Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.2 Device Progress States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.3 The WebGUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.4 REST/JSON API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.5 Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.6 Maintenance Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
i
ii
Aeon-ZTPS Documentation, Release 1.5.4
Aeon-ZTPS is a universal Zero-Touch-Provisioning server for data center infrastructure systems. Aeon-ZTPS was
developed specifically to address the need for network engineers to bootstrap their data center switches without having
to deal with the differences in the underlying NOS mechanisms.
Aeon-ZTPS runs as an Ubuntu 16.04LTS server using the Flask framework and a simple SQLite database. Aeon-ZTPS
provides both a REST/JSON API and a GUI. Aeon-ZTPS can optionally provide the DHCP service (included, but not
enabled by default).
Contents:
Contents 1
Aeon-ZTPS Documentation, Release 1.5.4
2 Contents
CHAPTER 1
This document provides all of the instructions to help you get started setting up your Aeon-ZTP server to operate in
your environment. A setup checklist is provided in this document to assist in this process.
• General Overview
• Aeon-ZTPS Setup Checklist
• Aeon-ZTP Directories and Files
• NOS Boot and Model-Specific Configurations
• Vendor Image Files
• Group-Policy ZTP
General Overview
The purpose of the Aeon-ZTP framework is to provide a “universal” approach to bootstrapping your network devices
and deploying them into your known good state. While each vendor/NOS has a unique and specific mechanism for
doing a ZTP process, they are different enough to make it very difficult for a network team to handle a multi-vendor
network. Aeon-ZTP takes the following approach - In the context of the initial on-box NOS bootup process do the
minimal setup to enable remote management, and defer all of the complex bootstrapping to be done by the Aeon-ZTP
server once a remote-connection back to the device is established.
This approach leads to a three-stage design:
Device-ZTP: Begins execution on the device when the device boot-ups for the first time and starts the
device specific ZTP process. A ZTP bootscript is downloaded and executed on the device. This script
will configure the device for remote management by Aeon-ZTP, and signals Aeon-ZTP to start remote-
bootstrapping. As part of the device-ZTP process, the device may or may not automatically reboot.
Remote-Bootstrap: Aeon-ZTP runs a per-device background process to remotely bootstrap the device.
This process allows you to identify the specific NOS version that the device must run - and install it if it
is not running it. Additionally this process allows you to push basic / static configuration based on the
device model. At the conclusion of this stage, the device is considered to be in an initial “known good
state” per your intent of NOS version and basic configuration.
Finally-Provision: Aeon-ZTP optionally runs a finally script that allows you to perform any further
configuration and or installation process. The Aeon-ZTP framework is designed such that you can have
different finally scripts for different group-policy and NOS environments.
3
Aeon-ZTPS Documentation, Release 1.5.4
This section provides you a task checklist that you need to complete before using the Aeon-ZTP system. Each of these
tasks are further explain later in the document, as referred to by the section reference link
Copy your vendor NOS image file(s) into the vendor_images subdirectory. See section Vendor
Image Files for details.
Setup the Aeon-ZTP control files to indicate which version of NOS you want loaded. See section Group-
Policy ZTP for details.
Setup the NOS+model specific basic configuration files you want Aeon-ZTP to automatically install.
See NOS Boot and Model-Specific Configurations for details.
Copy your finally provisioner scripts into the profiles subdirectory. Any files used by this script
should either be copied into the downloads directory or the vendor_images directory
The Aeon-ZTP files that you will need to understand are found under /opt/aeonztps/. You will need to setup
contents in the following subdirectories.
vendor_images Contain the vendor/NOS binary files, and any other files provided by the NOS ven-
dor, e.g. rpms, debs, etc. You will need to place these files onto the Aeon-ZTPs
downloads Contains files that you want to download as part of your “finally” script processing. You
would put anything you want to download that is not from your vendor/NOS here
etc\profiles Contains the group-policy definitions. Currently only default is implemented. Future
versions of Aeon-ZTPS will support multiple group-policy definitions.
etc\configs Contains the group-policy NOS configuration files.
The following directories exist within the Aeon-ZTPS framework, but you should not need to make modifications:
webapp Contains the actual Aeon-ZTP web application.
bin Contains programs that are used by the Aeon-ZTP framework
run Contains runtime files created / managed by the Aeon-ZTP framework. For example the database
that stores state information
tftpboot Contains files that need to be provided to the devices via TFTP
Finally, if you have setup the Aeon-ZTPS to also provide DHCP service, the ISC-DHCP-Server is used. The configu-
raiton file is located in /etc/dhcp/dhcpd.conf
admin@aeon-ztps:/opt/aeonztps/etc/configs$ tree
.
-- eos
| -- all.conf
| -- eos-boot.conf
-- nxos
-- all.conf
-- N3K-C3164PQ.conf
-- N3K-C3164Q-40GE.conf
-- N9K-C9332PQ.conf
-- N9K-C9372PX.conf
-- N9K-C9396PX.conf
-- N9K-NXOSV.conf
-- nxos-boot.conf
Remote-Bootstrap: All other files are loaded when the Aeon-ZTP makes a remote connection back to
the device. The Aeon-ZTP framework will push two configuration files, the first all.conf, and the second
is <hw-model>.conf.
You can modify any of these files, as well as create additional model specific files. Again, refer to the specific NOS
getting started guide for any specific requirements / limitation details.
Stages: Remote-Bootstrap
The /opt/aeonztps/vendor_images/<NOS> directory must contain the files you get from your NOS vendor
(e.g.Cisco, Arista, etc.). For example, if you want to use the Arista EOS image “EOS-4.15.1F.swi” and you also plan
to use the EOS SDK, then your directory would look like:
vendor_images/
-- eos
-- EOS-4.15.1F.swi
-- EosSdk-1.6.0-4.15.0F.i686.rpm
The mechanism to instruct Aeon-ZTP to load a specific version file is explained in the next section.
Group-Policy ZTP
admin@aeon-ztps:/opt/aeonztps/etc$ tree
.
-- profiles
-- cumulus
| -- finally -> ../../../../bin/finally/aztp-finally-aos-cumulus.sh
| -- os-selector.cfg
-- eos
| -- finally -> ../../../../bin/finally/aztp-finally-aos-eos.sh
| -- os-selector.cfg
-- nxos
-- finally -> ../../../../bin/finally/aztp-finally-aos-nxos.sh
-- os-selector.cfg
The file os-selector.cfg allows you to identify which version of NOS should be installed, and which finally
script should be run. The following is an example for /opt/aeonztps/etc/profiles/eos:
#
# 'default' means match hardware models not explicitly configured
#
default:
exact_match: 4.15.1F
image: EOS-4.15.1F.swi
finally: finally
This os-selector.cfg file instructs the Aeon-ZTP to check the current OS version and match exactly to
“4.15.1F”. If the device does not have this version, then Aeon-ZTPS should install the image “EOS-4.15.1F.swi”.
This file would be located in the /opt/aeonztps/vendor_images/eos directory.
The finally script named “finally” would be run. Finally scripts can be created and placed into the relevant vendor
directory.
Regular expressions can also be used to match the NOS version. The following example would not perform a NOS
upgrade if either version 3.1.1 or 3.1.2 was installed on the device:
default:
regex_match: 3\.1\.[12]
image: CumulusLinux-3.1.2-amd64.bin
matches:
vendor:
- CumulusVendor
serial_number:
- 1111111111
- 2222222222
regex_match: 2\.5\.[67]
image: CumulusLinux-2.5.7-amd64.bin
Installation Guide
This document outlines the steps required to build the Aeon-ZTPS from the files located in the github repository. The
total time required to build the Aeon-ZTPS could take some time (20m -> 1hr), depending on your existing installed
tools, and your connection speed to the Internet. You can easily install Aeon-ZTPS into VirtualBox using the provided
Vagrant file in the install directory. If you are not using VirtualBox, you can use the Ansible playbook file to perform
the installation process on any other Ubuntu 16.04 LTS system.
9
Aeon-ZTPS Documentation, Release 1.5.4
Fig. 2.1: Edit the file install/vars/dhcp-server.yml and set the values specific to your operational needs.
The DHCP server only supports one NIC interface. By default eth0 is the VirtualBox/NAT interface, and eth1 is the
interface intended to be connected to your network equipment.
Fig. 2.2: If you want to make any changes to the DHCP server configuration file (template), edit the file
install/roles/dhcp-server/templates/dhcpd.conf
The current installation process is designed to install the Aeon-ZTPS into a Vagrant environment using Vagrant and
an Ansible playbook.
The process uses a combination of the following tools, and associated versions. This process has been verified using
a MacOS running Yosemite and ElCaptain. If you are using a different set of versions, you may run into issues. Note
that many of these versions are not the “latest”, even at the time of this writing.
Vagrant 1.8.4 or later — use “vagrant –version” to check You will need the Vagrant “vbguest” pluging
installed. To install, use: “vagrant plugin install vagrant-vbguest”
VirtualBox 5.0.24, or later 5.0.x — use “VBoxManage –version” to check. Note: For those running
Mac OSX El Capital and needing a VirtualBox update, you may need to disable Apple’s System
Integrity Protection, as described here
Ansible version 2.0 or later — use “ansible –version” to check. Installation instructions are located here.
Edit the install/Vagrantfile file to also assign the eth1 value as part of the Vagrant provision process.
To perform the build and installation into Vagrant, do the following on your host machine:
cd install
vagrant up
Once the VM build is complete, and the VM has been automatically rebooted, you can login to the VM by typing:
vagrant ssh
Login Info
If you are not using VirtualBox, you can still use the same Ansible playbook to perform the installation process. You
will need to create an Ansible hosts file that contains the IP-address of your target system, or the hostname if the
IP-address is a known host via DNS.
For example, if your target host has the IP-address 192.168.59.254, then your host file would look simply like
the following:
Let’s assume that the target host has an account call admin, and this user has sudo rights. You would then do the
following to install Aeon-ZTPS on that server:
cd install
echo "192.168.59.265" > hosts
ansible-playbook via-ansible.yml -i hosts -u admin -kK
AEON-ZTPS includes isc-dhcp-server, and also supports external DHCP servers. An example DHCP configuration is
shown below.
ddns-update-style none;
option domain-name-servers {{ DNS server }}, {{ DNS Server }};
default-lease-time 7200;
max-lease-time 7200;
authoritative;
log-facility local7;
class "eos-switch" {
match if (substring(option vendor-class-identifier, 0, 6) = "Arista");
option bootfile-name "ztp-eos.sh";
}
class "nxos-switch" {
match if (substring(option vendor-class-identifier, 0, 5) = "Cisco");
option bootfile-name "ztp-nxos.py";
}
If you installed Aeon-ZTPS with the DHCP server disabled you can later enable the service. From the Aeon-ZTPS
bash prompt you can run the following commands:
Operations Guide
The purpose of this document is to provide information on using the Aeon-ZTPS system once you have installed the
server and setup the system files necessary for each of the network OS you plan to use. Information on those topics
are provided in other document pages. Refer to the Main Table of Conents for a complete listing.
Once you’ve properly setup the Aeon-ZTPS for your environment, the primary user-experience is providing visibility
into the devices going through the ZTP process. This document covers the information you’ll need to know when
using the Aeon-ZTPS and any known gotchas.
Aeon-ZTPS maintains a database of every device that is processed through the system. The record key is
the IP-address assigned by the DHCP server.
Attention: If the Aeon-ZTPS sees a device attempt to register with an existing IP-address, even if it is the same
device, the Aeon-ZTPS will not bootstrap that device. If you have a scenario where you want to re-bootstrap a
device, or re-use IP-addresses, then you MUST clear that IP-address from use. Refer to Maintenance Operations
for how to take this action.
13
Aeon-ZTPS Documentation, Release 1.5.4
As Aeon-ZTPS is processing a device, the system will update the device record with the current state and
status message. The following is the list of defined device states and their meaning. Understanding these
states will help you undestand the progress and troubleshoot any issues.
• START This state is set during the initial Device-ZTP stage when the ztp script registers the device
with Aeon-ZTPS.
• DONE This state indicates that the device has successfully completed the ZTP process. This state
is set after the finally script is executed, if you have provided one.
• CONFIG: This state indicates that Aeon-ZTPS is pushing the static configuration files as part of
the Remote-Bootstrap stage.
• AWAIT-ONLINE: This state indicates that Aeon-ZTPS is waiting for the device to come back
online and is reachable via the remote management mechanism; e.g. for Arista via eAPI.
• AWAIT-SYSTEM-READY: Some network OS may become remotely reachable (AWAIT-
ONLINE completed), but the NOS system management software is not yet ready. For this
type of NOS, e.g. NX-OS, this state indicates that Aeon-ZTPS is waiting for the NOS system
management to become available.
• OS-INSTALL: This state indicates that Aeon-ZTPS is in the process of installing a new version of
the NOS. The specific new version information is provided in the status field.
• OS-REBOOTING: This state indicates that Aeon-ZTPS has initiated a device reboot, and the de-
vice is in the process of rebooting.
• FAILED: This state indicates that the Aeon-ZTPS failed to properly process the device. You will
need to examine the message field for details. You may also need to examine the logfiles for
further details.
The WebGUI
You can access the WebGUI here: http://<yourztps>:8080. At present there is no login/authentication built
into the WebGUI. The following is a screen-shot of the “ZTP Status” dashboard page:
REST/JSON API
There are a number of APIs available, which are fully described in a separate reference document. Many of the APIs
are used by the Aeon-ZTPS bootstrap scripts; ie. not something you, the User, would have interest in. The following
APIs would be of User interest, and they form the basis of providing information:
• GET /api/about - get information about the Aeon-ZTPS system, e.g. version
• GET /api/devices - retrieve device(s) status information
• DELETE /api/devices - remove one or all device entries from the database
Log Files
All of the AEON-ZTPS logs detailing the actual bootstrap process are sent to syslog in the following format: .. code:
The Aeon-ZTPS system maintains a number of logs in the directory: /var/log/aeon-ztp, as follows:
• worker1.log This logfile used by the background scheduling system, celeryd. This file may be of interest
as it shows you when NOS specific bootstrap scripts are launch for each device.
• nginx.access.log This logifle is maintained by the Nginx system. It may be of interest as it shows all of
the HTTP commands executed on Aeon-ZTPS.
• nginx.error.log This logifle is maintained by the Nginx system. It may be of interest as it shows any
errors experienced by the Nginx system.
Maintenance Operations
• Flush the Entire Aeon-ZTPS device database You can clear the Aeon-ZTPS devices database by using the
following command at the Linux prompt:
• Delete Specific IP-Address from Aeon-ZTPS device database You can remove a specific device from the
database using the following command at the Linux prompt:
{
"count": 1,
"message": "1 records deleted",
"ok": true
}
• Flush the DHCP Leases If your Aeon-ZTPS is also providing DHCP service, you can use the following com-
mand at the Linux prompt to clear the dhcpd.leases file and restart the DHCP service.
This document describes information and usage of the Aeon-ZTPS system with the Cumulus Linux network operating
system. At the time of this writing, Cumulus support has been tested with Cumulus version 2.x release, started with
2.5.6. Cumulus 3.x support has not been tested. This document is organized by the Aeon-ZTPS process stages, as
described in the Getting Started Guide.
• Device-ZTP
– ZTP-Script
– ZTP-Boot-Configuration
• Remote-Bootstrap
– Static / Model Configuration
– NOS Version Selection
Device-ZTP
ZTP-Script
The DHCP server returns the cumulus-provision-url DHCP indicating how the switch can obtain the ZTP script. By
default, this file is located in downloads/ztp-cumulus.sh. If you’ve changed the DHCP server configuration,
you will need to update the location of this script accordingly.
The ZTP script, ztp-cumulus.sh is executed in the context of the Cumulus AutoProvisioning process.
• The following files are installed:
– Cumulus License file
– Cumulus VRF package file
Warning: You must put your Cumulus license file on the Aeon-ZTPS in downloads/cumulus/license.
If you want to change the location or filename, you will need to modify the ztp-cumulus.sh script file.
19
Aeon-ZTPS Documentation, Release 1.5.4
Warning: You are responsible for providing a copy of the Cumulus VRF debian package. You need to put this
file on the Aeon-ZTPS in vendor_images/cumulus/cl-mgmtvrf.deb. If you do not want to install the
VRF package, or want to change the location/filename, you will need to modify the ztp-cumulus.sh script
file.
ZTP-Boot-Configuration
At present, there is no Cumulus boot configuration files; applied as part of the the ZTP script execution.
Remote-Bootstrap
At present, there is no static configuration applied to the Cumulus device as part of the remote-bootstrap processing.
The Aeon-ZTPS ships with a default NOS version selection configuration, located in
etc/profiles/default/cumulus/os-selector.cfg
#
# 'default' means match hardware models not explicitly configured
#
default:
regex_match: 2\.5\.[67]
image: CumulusLinux-2.5.7-amd64.bin
The above configuration checks the running device to ensure that it is either 2.5.6 or 2.5.7. If the device is not
running either of those version, then this file instructs Aeon-ZTPS to install the 2.5.7 image from the location:
vendor_images/cumulus/CumulusLinux-2.5.7-amd64.bin
If you want to change this configuration, you will need to modify this os-selector.cfg file and copy over the
necessary Cumulus software images.
This document describes information and usage of the Aeon-ZTPS system with the Arista EOS network operating
system. This document is organized by the Aeon-ZTPS process stages, as described in the Getting Started Guide.
• Device-ZTP
– ZTP-Script
– ZTP-Boot-Configuration
• Remote-Bootstrap
– Static / Model Configuration
– NOS Version Selection
Device-ZTP
ZTP-Script
The DHCP server returns the bootfile-name DHCP option the name of the ZTP script. By default, this file is
located in tftpboot/ztp-eos.sh. If you’ve changed the DHCP server configuration, you will need to update the
location of this script accordingly. The ZTP script is a Bash script.
The ZTP script is executed in the context of the Arista ZeroTouchProvisioning process:
• Install the contents of the eos-boot.conf file from Aeon-ZTPS
• Statically assign the IP-address / gateway information obtained from DHCP
• Assign the Ma1 interface into a VRF called management
• Signals the Aeon-ZTPS for remote-bootstrap
Once the Arista device completes the EOS ZeroTouchProvisioning process, the device will NOT reboot.
ZTP-Boot-Configuration
The EOS boot configuration file is located at etc/configs/eos/eos-boot.conf. The primary purpose of this
configuration is to enable remote management via the eAPI over HTTP. Aeon-ZTPS will access the device using the
hardcoded user=admin, password=admin.
21
Aeon-ZTPS Documentation, Release 1.5.4
Remote-Bootstrap
The Arista EOS static configuration files are located in the etc/configs/eos directory. The file all.conf,
if exists, will be first applied to all device models. Then if a model specific file exists it will be applied.
The model value is taken from the output of “show version”, the JSON field modelName. The resulting model-
specific filename would be <modelName>.conf. For example, the following device would yield the Aeon-ZTPS to
look for a file called: etc/configs/eos/DCS-7050QX-32-F.conf using the modelName value indicated
on line 3.
The Aeon-ZTPS ships with a default NOS version selection configuration, located in
etc/profiles/default/eos/os-selector.cfg
#
# 'default' means match hardware models not explicitly configured
#
default:
exact_match: 4.15.1F
image: EOS-4.15.1F.swi
The above configuration checks the running device to ensure that is running 4.15.1F. If the device is not
running that exact version, then this file instructs Aeon-ZTPS to install the that image from the location:
vendor_images/eos/EOS-4.15.1F.swi
If you want to change this configuration, you will need to modify this os-selector.cfg file and copy over the
necessary Arista software images.
This document describes information and usage of Aeon-ZTPS with the Cisco NX-OS network operating system for
the 9K and 3K product model families. This document is organized by the Aeon-ZTPS process stages, as described in
the Getting Started Guide.
• Device-ZTP
– ZTP-Script
– ZTP-Boot-Configuration
• Remote-Bootstrap
– Static / Model Configuration
– NOS Version Selection
Device-ZTP
ZTP-Script
The DHCP server returns the bootfile-name DHCP option the name of the ZTP script. By default, this file is
located in tftpboot/ztp-nxos.py. If you’ve changed the DHCP server configuration, you will need to update
the location of this script accordingly. This script is written in Python.
The ZTP script is executed in the context of the Cisco POAP process:
• Install the contents of the nxos-boot.conf file from Aeon-ZTPS
• Sets up the scheduled-config to be executed on next reboot
• Signals the Aeon-ZTPS for remote-bootstrap
Once the Cisco device completes the POAP process, the device WILL reboot.
Warning: If you change the ztp-nxos.py file for any reason, you MUST run the script poap-md5sum ztp-nxos.py
to regenerate the MD5 checksum value that is located at the top of the ztp-nxos.py file. This poap-md5sum script
is also located in the tftpboot directory
23
Aeon-ZTPS Documentation, Release 1.5.4
ZTP-Boot-Configuration
The NX-OS boot configuration file is located at etc/configs/nxos/nxos-boot.conf. The primary purpose
of this configuration is to enable remote management via the NXAPI over HTTP. Aeon-ZTPSwill access the device
using the hardcoded user=admin, password=admin.
Remote-Bootstrap
The Cisco NX-OS static configuration files are located in the etc/configs/nxos directory. The file all.conf,
if exists, will be first applied to all device models. Then if a model specific file exists it will be applied.
The model value is taken from the output of show hardware from the Switch hardware ID block of output (as shown
on line 9 below). The resulting model-specific filename would be <model>.conf. For example, the following device
would yield Aeon-ZTPS to look for a file called: etc/configs/nxos/N9K-C9396PX.conf
7 Switch is booted up
8 Switch type is : Nexus9000 C9396PX Chassis
9 Model number is N9K-C9396PX
10 H/W version is 2.2
11 Part Number is 73-15605-04
12 Part Revision is D0
13 Manufacture Date is Year 2014 Week 42
14 Serial number is ABCD12345
15 CLEI code is CMMPE00DRB
#
# 'default' means match hardware models not explicitly configured
#
default:
exact_match: 7.0(3)I2(2d)
image: nxos.7.0.3.I2.2d.bin
The above configuration checks the running device to ensure that is running 7.0(3)I2(2d). If the device is not
running that specific version, then this file instructs Aeon-ZTPS to install the that image from the location:
vendor_images/nxos/nxos.7.0.3.I2.2d.bin
If you want to change this configuration, you will need to modify this os-selector.cfg file and copy over the
necessary Cisco NX-OS software images.
• genindex
• modindex
• search
25