EOS Extension – autoipcfg

With the release of the pyeapi library, its even easier to use the EOS eAPI interface to write some custom functionality to help with deployments, provisioning, configurations and many other things.

Arista’s EOS+ organization has developed a full turn-key solution for provisioning new nodes on your network, known as ZTP server.  This is a full featured server that provides a bootstrap environment for Arista switches.  Its highly customizable and if you are looking for a lot of bells and whistles this would be the way to go.

However the eAPI interface allows for extensions to be written really quickly if you are looking to accomplish just a small automated task.  The autoipcfg extension is a good example of this.

The autoipcfg script uses EOS’s eAPI infrastructure to take the output of show lldp neighbors and look for a user-defined delimiter and an IP address in the remote port description. It then configures the local port with that IP address. For example if your delimiter is configured to be “:” the following port description would configure 1.1.1.1 with a 24 bit mask on the port connected to Ethernet1:

 interface Ethernet1
         description This should be my neighbors ip address: 1.1.1.1/24

Installation:

  • The script can be download from github here.
  • Once the package is unzipped you can run python setup.py install and an executable called autoipcfg will be generated.  This setup process will also download and install the pyeapi library if its not already installed on the system.

Initial Configuration:

The first setup is to configure the pyeapi library to connect to the correct node.  The important step here is to make a config file per the pyeapi guidlines which can be found here.  An example configuration file would look like:

/mnt/flash/eapi.conf

[connection:switchA]
host: localhost
username: eapi 
protocol: https
password: password

Intuitively, the user and password that you configure in the pyeapi configuration file will be the credentials used to make the eAPI calls on the node.  Therefore this user must have sufficient privileges to make configuration changes.  This can be accomplished via configuring a local user:

    switch# configure terminal
    switch(config)# username eapi secret password privilege 15

Or you can use a AAA authentication server (TACACS+/RADIUS) for authentication and authorization.

The eAPI interface needs to be turned for autoipcfg to make the needed configuration changes:

     switch# configure terminal
     switch(config)# management api http-commands
     switch(config-mgmt-api-http-cmds)# no shutdown

eAPI defaults to using https as the transport protocol but that is configurable and should match the protocol you have configured in your pyeapi configuration file. The options are:

     switch(config-mgmt-api-http-cmds)# protocol ?
       http         Configure HTTP server options
       https        Configure HTTPS server options
       unix-socket  Configure Unix Domain Socket

To you can get the script running in bash, or a better way would be to configure a deamon process.  This has the advantage of making sure EOS’s ProcMgr will restart the script if were to stop running unexpectedly.  An example daemon configuration looks like:

switch# configure terminal
switch(config)# daemon autoipcfg
switch(config-daemon-autoipcfg)# command /usr/bin/autoipcfg <(flags)

The possible flags are:

 usage: autoipcfg [-h] [--node NODE] [--delim DELIM] [--interval INTERVAL]
                   [--no_syslog] [--config CONFIGFILE]

                   Automatically configure IP address via LLDP neighbor information

                   optional arguments:
                     -h, --help           show this help message and exit
                     --node NODE          Node to connect to
                     --delim DELIM        Delimiter in port description
                     --interval INTERVAL  Waiting period
                     --no_syslog          Turn off syslog messages
                     --config CONFIGFILE

   Flag         Description         Default Value
   ==============================================
   --node       DUT's hostame/IP            localhost
   --delim      ip address delimiter        : (colon)
   --interval   wait time between cycels    30 seconds
   --no_syslag   turns off syslog messages  False
   --config      config file for pyeapi     NULL (will use pyeapi defaults)

 Example:

This is example we have switchA connected to switchB via ports Ethernet1 and Ethernet2 respecitvely.

SwitchA:

  • Using http as a eAPI transport protcol
  • Local user
  • Running the autoipcfg script every 10 seconds

Switch B

  • Using https as a eAPI transport protocol
  • Local user
  • Using “+” as the delimiter
  • Custom eapi config location
  • Running script every 5 seconds

switchA(Eternet1)——(Ethernet2>)switchB.

Relevant configuration on switchA:

user eapi password password privilege 15

interface Ethernet1
     description link to switchB+1.1.1.2/30

management api http-commands
      no shutdown
      protocol http

daemon autoipcfg
     command /usr/bin/autoipcfg --interval 10 --node switchA

Relevant configuration on switchB:

user eapi password password privilege 15

interface Etherenet2
     description link to switchA:1.1.1.1/30

management api http-commands          //uses protocol https by default
      no shutdown

daemon autoipcfg
     command /usr/bin/autoipcfg --interval 5 --node switchB --delim * --config /mnt/flash/custom_eapi.conf

After the script has completed Ethernet1 on switchA will read:

      interface Etherenet1
           description link to switchB+1.1.1.2/30
           no switchport
           ip address 1.1.1.1/30

Ethernet2 on switchB will read:

      interface Etherenet2
         description link to switchA:1.1.1.1/30
         no switchport
         ip address 1.1.1.2/30

Notifications from the script will be sent to the /var/log/messages file. You can see the messages using the following command:

switchA# bash sudo cat /var/log/messages | grep 'AUTOIPCFG\|pyeapi'