Download the deployment script written by Damien Garros:
https://github.com/dgarros/juniper-ztp-campus
ZTP process
Lab setup
Juniper EX3300 switch - always run > request system zeroize to reset to factory default and ticks off the imaging processFTP server with anonymous access to the files. I am using vsftpd for this lab
Syslog server receives the output from the script ztp-dga.slax
DHCP server
This is one off setup. You shouldn't need to change it for different image or switch model.
dhcpd.conf if you running your isc-dhcpd server
ref:
http://www.juniper.net/techpubs/en_US/junos12.3/topics/task/configuration/software-image-and-configuration-automatic-provisioning-confguring.html
or
Infoblox DHCP server in my case, but it doesn't support DHCP suboption at this time, so we have to do some conversion on this.
DHCP option-150 points to my DHCP server 10.104.103.111
DHCP option-43 01:11:2f:70:75:62:2f:6e:65:74:77:6f:72:6b:2e:63:6f:6e:66:03:03:66:74:70
Option-43 is Hex format:
suboption code (01) + string length + path of config file + suboption code (03) + string length + ftp
Notes for manipulating option-43:
00 = The sub option code "00"
33 = Length of the URL "/pub/jinstall-ex-3300-12.3R12.4-domestic-signed.tgz" in Hex format (i.e. 51 becomes 33 in Hex)
Rest is the URL "/pub/jinstall-ex-3300-12.3R12.4-domestic-signed.tgz" itself in Hex format.
03 = The sub option code "03"
03 = Length of the word "ftp"
66:74:70 = FTP in Hex format
network.conf
This is the only file you will need to detail with once the lab is fully functional. In terms of changing the version of software and switch model.
E.X.
system {
host-name ex_juniper;
root-authentication {
encrypted-password "$1$Hu5R7lEG$U8lAwHVnejaH8XgWWAKcw/"; ## SECRET-DATA
}
services {
ssh;
}
syslog {
host 10.104.193.111{
external any;
}
}
}
interfaces {
me0 {
unit 0 {
family inet {
dhcp;
}
}
}
}
#-----------------------------------------
# ZTP bootstrap
#-----------------------------------------
system { delete: autoinstallation; }
event-options {
# time-interval is the problem where most of people encountering
# the time is too short to set 60sec hence more than one ztp-dga instance
# disrupt each other, in my case I use 360s to cope my imaging cycle
# I will explain this problem in ztp-dga.slax script
generate-event { ztp-dga time-interval 360; }
policy ztp-dga {
events ztp-dga ;
then {
execute-commands {
commands {
"op url ftp://10.104.193.111/pub/ztp-dga.slax server 10.104.193.111 ex2200 12.3R12.4 ex3300 12.3R12.4";
}
}
}
}
}
ztp-dga.slax
This is script does the magic. I don't copy the full script here, it is avaiable on github url above. I'm only hightlighing few sections from the script which you might need to fit your lab environment.
Change the path to match your ftp structure.
var $CONFIG-DIR = "ftp://" _ $server _ "/pub/";
var $UPLOAD-DIR = "ftp://" _ $server _ "/pub/";
var $JUNOS-DIR = "ftp://" _ $server _ "/pub/";
Remove the syslog server configure if you have something different in your production configs.
/*** We remove unnecessary part of the configuration ***/
var $load-config-rpc = <load-configuration action = "merge" format = "xml"> {
<configuration> {
<system> {
<syslog> {
<host delete="delete"> {
<name> "172.26.5.116";
}
This is my problem here....
My understanding:
1. ztp-dga.splax script starts
2. check if is-already-running
3. if not, the script will do > request snmp utility-mib set instance ztp-dga object-type integer object-value 1
In your ex switch you can run:
> show snmp mib walk jnxUtil
jnxUtilIntegerValue.112.116.112.45.100.103.97 = 0
In the script, it runs through the following if statements and functions
if it is, we stop the script
If not, we set the tracker within the Utility mib
*/
if( ztp:is-already-running( $jnx ) )
{
expr jcs:syslog( $SYSLOG, $SYSLOG_TAG, "Script already running - STOP" );
<xsl:message terminate="yes">;
}
else{
expr jcs:syslog( $SYSLOG, $SYSLOG_TAG, "Set instance value to 1" );
expr ztp:set-tracker( $jnx );
}
...
...
...
/* ------------------------------------------------- */
/* this function is used to set activity tracker to 1 */
/* ------------------------------------------------- */
<func:function name="ztp:set-tracker">
{
param $jnx;
var $cmd = <request-snmp-utility-mib-set> {
<object-type> "integer";
<instance> "ztp-dga";
<object-value> "1";
}
var $res = jcs:execute( $jnx, $cmd );
<func:result select="true()">;
}
/* ------------------------------------------------- */
/* this function is used to set activity tracker to 0 */
/* ------------------------------------------------- */
<func:function name="ztp:remove-tracker">
{
param $jnx;
var $cmd = <request-snmp-utility-mib-set> {
<object-type> "integer";
<instance> "ztp-dga";
<object-value> "0";
}
var $res = jcs:execute( $jnx, $cmd );
<func:result select="true()">;
}
/* ------------------------------------------------- */
/* this function is used to get activity tracker */
/* ------------------------------------------------- */
<func:function name="ztp:is-already-running">
{
param $jnx;
var $cmd = <get-snmp-object> {
<snmp-object-name>"jnxUtilIntegerValue.112.116.112.45.100.103.97";
/*<snmp-object-name>"1.3.6.1.4.1.2636.3.47.1.1.3.1.2.106.101.97.112.45.100.101.105";*/
}
var $res = jcs:execute( $jnx, $cmd )//snmp-object/object-value;
if( $res == "1" ){
/* expr jcs:syslog( $SYSLOG, $SYSLOG_TAG, "Check if the script is running: ", $res );*/
<func:result select="true()">;
}
else{
/* expr jcs:syslog( $SYSLOG, $SYSLOG_TAG, "Check if the script is running: ", $res );*/
<func:result select="false()">;
}
}
No comments:
Post a Comment