• Author : Tamas Plugor


CVP RPM Installer

Introduction With the 2018 release we introduced an installer script for CVP. The script will install CVP RPMs and initialize system services. The installer will deliver all packages to make a script-installed system identical to the corresponding OVA. Requirements Operating System CVP Version CentOS Version ISO filename 2018.2.0 – 2018.2.2 CentOS Minimal 7.5.1804 CentOS-7-x86_64-Minimal-1804.iso 2018.2.3 and later CentOS Minimal 7.6.1810 CentOS-7-x86_64-Minimal-1810.iso Please do not update packages after minimal installation, the installer ships with all required updated RPMs. Installation may fail if packages not delivered by minimal install are found. Resources As of 2019.1.0 four types of install sizing is possible....
Continue reading →

How to modify the session timeout for the CVP UI

Description By default the UI session timeout is 24 hours, in some environments security policies dictate a much lower value. This article will show you how to modify the default session timeout using the CLI (in future releases this will be available as a knob on the UI). 2020.1.x 1. Create a yaml file, let’s call it: sessionTimeout.yaml which will have the following content: sessionTimeout: X, where X is the number of seconds after which the session should time out, e.g.: # cat /cvpi/apps/cvp/conf/session.yaml sessionTimeout: 60 2. For local users like cvpadmin modify the - -oidc-config=/dev/null flag in the apiserver: configuration section in /cvpi/conf/components/aeris.multinode.yaml (on all nodes in case of...
Continue reading →

Understanding subscription paths for Open-source Telemetry streaming

Introduction   The purpose of this document is to understand how the subscription paths are constructed for our openconfig connector apps (ocprometheus, ockafka, octsdb, etc.) that communicate with TerminAttr and send telemetry data to 3rd party Telemetry backends (Kafka, Prometheus, TSDB, Redis, Graphite, etc.) All our OpenConfig connectors are publicly available and can be found on the goarista github repo: https://github.com/aristanetworks/goarista/tree/master/cmd Most of these OpenConfig connectors use a yaml or json file which contains the paths it is supposed to subscribe to. ocprometheus octsdb Others like ockafka, ocredis don’t support paths from a file, so you have to enumerate the...
Continue reading →

Streaming EOS telemetry states to Prometheus

Introduction Prometheus is one of the most popular open-source monitoring and alerting systems, which scrapes and stores numeric time series data over HTTP. It has a very flexible query language, can send alerts via alertmanager to various platform and can be integrated easily with many open-source tools. For more details and use cases, please visit https://prometheus.io/docs/introduction/overview/ The purpose of this article is to show how easy it is to deploy and configure Prometheus and Grafana and configure Arista switches to send telemetry states to Prometheus using TerminAttr ( EOS streaming telemetry agent ) and one of the OpenConfig connectors that...
Continue reading →

CVP AAA TACACS+ authorization with Cisco ISE

CVP AAA TACACS+ authorization with Cisco ISE Introduction We saw last time how to correctly integrate Aruba ClearPass CPPM with CVP so TACACS+ users can authenticate with the correct network role. The purpose of this document is to show the same for Cisco ISE (successor of ACS) TACACS+. Our goal is to make Cisco ISE send us the cvp-roles=network-admin attribute in the Authorization reply packet.   NOTE If you are running CVP versions 2018.2.0 and 2018.2.1 you might hit BUG 345723 due to which in tacacs-provider authorization we are not checking for TAC_PLUS_AUTHOR_STATUS_PASS_ADD flag. We can provide a binary patch...
Continue reading →

ClearPass TACACS+ Authorization with CVP

ClearPass TACACS+ Authorization with CVP Introduction The purpose of this article is to learn how to correctly set up the TACACS+ service in Aruba ClearPass in order to successfully authenticate on the CVP GUI as a network admin. Our goal is to configure ClearPass Policy Manager [CPPM] to send us the cvp-roles=network-admin attribute in the TACACS+ Authorization reply packet. By default this does not happen, because cvp-roles is a custom attribute that has to be added to the TACACS+ dictionary on any type of TACACS+ implementation. Without this, the default role of network-operator will be allocated to the user, that...
Continue reading →

Writing your own webhook relay – sending event alerts to Discord

Writing your own webhook relay – sending event alerts to Discord   Introduction Starting from version 2018.2.0, CVP supports configuring event alerts, where receivers can be email, Slack, PagerDuty, webhooks and others. The purpose of this article is to demonstrate how easy it is to write your own webhook relay app that will forward alerts to your favorite webhook endpoint, in my case, a Discord channel. Discord is getting more and more popular, not only amongst gamers, but also lots of companies started to use it. I’ve been using it for a couple of years now, and it made sense...
Continue reading →


Get every new post on this blog delivered to your Inbox.

Join other followers: