With the release of the pyeapi library, its even easier to use the EOS eAPI interface to write some custom functionality to help with deployments, provisioning, configurations and many other things.
Arista’s EOS+ organization has developed a full turn-key solution for provisioning new nodes on your network, known as ZTP server. This is a full featured server that provides a bootstrap environment for Arista switches. Its highly customizable and if you are looking for a lot of bells and whistles this would be the way to go.
However the eAPI interface allows for extensions to be written really quickly if you are looking to accomplish just a small automated task. The autoipcfg extension is a good example of this.
The autoipcfg script uses EOS’s eAPI infrastructure to take the output of show lldp neighbors and look for a user-defined delimiter and an IP address in the remote port description. It then configures the local port with that IP address. For example if your delimiter is configured to be “:” the following port description would configure 22.214.171.124 with a 24 bit mask on the port connected to Ethernet1:
interface Ethernet1 description This should be my neighbors ip address: 126.96.36.199/24
- The script can be download from github here.
- Once the package is unzipped you can run
python setup.py installand an executable called autoipcfg will be generated. This setup process will also download and install the pyeapi library if its not already installed on the system.
The first setup is to configure the pyeapi library to connect to the correct node. The important step here is to make a config file per the pyeapi guidlines which can be found here. An example configuration file would look like:
[connection:switchA] host: localhost username: eapi protocol: https password: password
Intuitively, the user and password that you configure in the pyeapi configuration file will be the credentials used to make the eAPI calls on the node. Therefore this user must have sufficient privileges to make configuration changes. This can be accomplished via configuring a local user:
switch# configure terminal switch(config)# username eapi secret password privilege 15
Or you can use a AAA authentication server (TACACS+/RADIUS) for authentication and authorization.
The eAPI interface needs to be turned for autoipcfg to make the needed configuration changes:
switch# configure terminal switch(config)# management api http-commands switch(config-mgmt-api-http-cmds)# no shutdown
eAPI defaults to using https as the transport protocol but that is configurable and should match the protocol you have configured in your pyeapi configuration file. The options are:
switch(config-mgmt-api-http-cmds)# protocol ? http Configure HTTP server options https Configure HTTPS server options unix-socket Configure Unix Domain Socket
To you can get the script running in bash, or a better way would be to configure a deamon process. This has the advantage of making sure EOS’s ProcMgr will restart the script if were to stop running unexpectedly. An example daemon configuration looks like:
switch# configure terminal switch(config)# daemon autoipcfg switch(config-daemon-autoipcfg)# command /usr/bin/autoipcfg <(flags)
The possible flags are:
usage: autoipcfg [-h] [--node NODE] [--delim DELIM] [--interval INTERVAL] [--no_syslog] [--config CONFIGFILE] Automatically configure IP address via LLDP neighbor information optional arguments: -h, --help show this help message and exit --node NODE Node to connect to --delim DELIM Delimiter in port description --interval INTERVAL Waiting period --no_syslog Turn off syslog messages --config CONFIGFILE Flag Description Default Value ============================================== --node DUT's hostame/IP localhost --delim ip address delimiter : (colon) --interval wait time between cycels 30 seconds --no_syslag turns off syslog messages False --config config file for pyeapi NULL (will use pyeapi defaults)
This is example we have switchA connected to switchB via ports Ethernet1 and Ethernet2 respecitvely.
- Using http as a eAPI transport protcol
- Local user
- Running the autoipcfg script every 10 seconds
- Using https as a eAPI transport protocol
- Local user
- Using “+” as the delimiter
- Custom eapi config location
- Running script every 5 seconds
Relevant configuration on switchA:
user eapi password password privilege 15 interface Ethernet1 description link to switchB+188.8.131.52/30 management api http-commands no shutdown protocol http daemon autoipcfg command /usr/bin/autoipcfg --interval 10 --node switchA
Relevant configuration on switchB:
user eapi password password privilege 15 interface Etherenet2 description link to switchA:184.108.40.206/30 management api http-commands //uses protocol https by default no shutdown daemon autoipcfg command /usr/bin/autoipcfg --interval 5 --node switchB --delim * --config /mnt/flash/custom_eapi.conf
After the script has completed Ethernet1 on switchA will read:
interface Etherenet1 description link to switchB+220.127.116.11/30 no switchport ip address 18.104.22.168/30
Ethernet2 on switchB will read:
interface Etherenet2 description link to switchA:22.214.171.124/30 no switchport ip address 126.96.36.199/30
Notifications from the script will be sent to the /var/log/messages file. You can see the messages using the following command:
switchA# bash sudo cat /var/log/messages | grep 'AUTOIPCFG\|pyeapi'