This fork allows FreeZTP to support multiple switch types
2021 Update: This project relies on older nornir, which can be installed via pip3 install 'nornir<3'. I plan to address this when time allows, please feel free to file bugs and discussion.
Note: This is a fork of ztp-watcher which uses SNMPv3 to properly query the model number of IOS and IOS-XE switches allowing upgrade according to model. In short, it provides the ability to support different switches, different copy methods (bin or tar) and different protocols (tftp, ftp, scp). Each switch model has a unique identifier that can be identified via 1.3.6.1.2.1.1.2.0. (To view yours try: snmpwalk -v 3 -u my_snmp_user -l authPriv -A my_password -a sha -X my_password -x AES 192.0.2.1 1.3.6.1.2.1.1.2.0 The added python library hnmp is required as it saved me time. Many thanks the authors of freeztp and to the author of ztp-watcher for giving me the opportunity to work on this fun diversion. The following is the original author's (slightly modified) project readme:
Watches specified directory for FreeZTP custom merged-config files which are created after a switch is successfully provisioned. File name is parsed for hostname and host IP address to initiate a TFTP transfer of the specified IOS image.
TFTP preferred over SCP due to speed (include
ip tftp blocksize 8192in the switch template) and because FreeZTP has TFTP built-in so no additional services are required.
Use-case: Copy IOS image .bin file to C2960S/X/XR switches post FreeZTP provisioning to avoid the auto-install function using a .tar file (lengthy process).
-
Ensure that FreeZTP imagediscoveryfile-option is set to disable.
ztp set dhcpd INTERFACE-{dhcp_interface} imagediscoveryfile-option disable -
Custom merged-config file syntax must begin with {{keystore_id}}_{{ipaddr}}; e.g.
{{keystore_id}}_{{ipaddr}}_{{idarray|join("-")}}_merged.cfgFull custom log file config example...
ztp set logging merged-config-to-custom-file '/etc/ztp/logs/merged/{{keystore_id}}_{{ipaddr}}_{{idarray|join("-")}}_merged.cfg'
*Suggestion: Disable logging merged configs to the main log file via;
ztp set logging merged-config-to-mainlog disable
-
Clone repo to desired location.
sudo git clone {URL} /var/git/ztp-watcher sudo pip3 install hnmp -
Make a copy of ztpconfig_sample.yaml as ztpconfig.yaml and edit for environment.
sudo cp /var/git/ztp-watcher/ztpconfig_sample.yaml /var/git/ztp-watcher/ztpconfig.yaml sudo nano /var/git/ztp-watcher/ztpconfig.yaml
-
Edit values accordingly
watch_dir must match path from the
ztp set logging merged-config-to-custom-filepath.logfile: /etc/ztp/logs/ztpwatcher.log watch_dir: /etc/ztp/logs/merged/ ssh_method: ip tftpaddr: 172.17.251.251 imgfile: c2960x-universalk9-mz.152-4.E8.bin username: cisco password: cisco snmp_username: snmp-user snmp_authproto: sha snmp_authkey: goykyanBu123 snmp_privproto: aes128 snmp_privkey: goykyanBu123 copy_method: ftp:// # 2960CG-8TC-L 1.3.6.1.4.1.9.1.1316: c2960c405ex-universalk9-tar.152-2.E10.tar # 2960G-8TC-L 1.3.6.1.4.1.9.1.799: c2960-lanbasek9-tar.122-55.SE12.tar # 2960-24TT-L 1.3.6.1.4.1.9.1.716: c2960-lanbasek9-tar.122-55.SE12.tar # Yada Yada
-
-
Edit ztp-watcher.service systemd unit file with path.
sudo nano /var/git/ztp-watcher/ztp-watcher.service
-
Edit
ExecStartandWorkingDirectorypaths accordingly... ExecStart=/bin/bash -c 'cd /var/git/ztp-watcher; python3 ztp-watcher.py' WorkingDirectory=/var/git/ztp-watcher/ ...
-
-
Copy .service file to /etc/systemd/system/, then enable and start it.
sudo cp /var/git/ztp-watcher/ztp-watcher.service /etc/systemd/system/ sudo systemctl enable ztp-watcher.service sudo systemctl start ztp-watcher.service