Posted on January 20, 2021 12:04 pm
 |  Asked by Francois Rigault
 |  225 views
RESOLVED
0
0
Print Friendly, PDF & Email

I am trying to set-up automated upgrade of switches, so that as soon as there is a new version available of EOS on a given train, it gets picked up by a script, uploaded to CVP, and deployed onto the devices.

To download EOS, today I log on the website with my browser and navigate to https://www.arista.com/en/support/software-download and select my firmware, but this is a manual step that I want to avoid. I just want to wake up in the morning with my switches running the latest EOS version without any action on my side.

Is it possible to download EOS firmware programmatically?

2
Posted by Tamas Plugor
Answered on January 20, 2021 12:37 pm

Hi Francois,

Yes you can! Check out the eos_download.py from https://github.com/arista-netdevops-community/eos-scripts
Your SE team will also follow up with you on your project.

Thanks,
Tamas

0
Posted by Velasquez Newman
Answered on January 25, 2021 5:49 am

Thank you for updating us with the outcome.

0
Posted by Francois Rigault
Answered on September 6, 2021 6:02 am

outcome is that it works quite well, but not end to end yet.

  • a script runs every morning. I use 2 image bundles in CVP, EOS-latest, that is applied on a subset of non critical switches, and EOS-stable, applied on all the other ones.
  • I rely on https://www.arista.com/en/support/release-notes to probe for new versions. This Atom feed is not necessarily up-to-date (it's missing 4.25.5.1M as I write this)
  • eos_download works by downloading a piece of xml that contains all the deliverables, it works as long as the format of the xml file stays the same (it changed once in the past)
  • cvprac python module works fine to upload the EOS image/TerminAttr to CVP into the EOS-latest image bundle. The script additionally, verify that there is no alert on the stack and no pending task to execute. I do that through a call to a Prometheus API, that will check for any alert, and in fact we still have one remaining alert today that prevent us to go forward. For example a network interface down on a server will trigger an alert, and we won't upgrade any switch in that case.
  • once the EOS image is uploaded and part of the EOS-latest bundle, tasks are created automatically in CVP. To actually trigger the execution of the tasks we need to create a change control in CVP, which needs a little bit of coding due to https://github.com/aristanetworks/cvprac/issues/132

So providing the new TerminAttr/EOS releases are properly part of the RSS feed, I wake up in the morning with tasks waiting for me to execute in CVP. For CVP itself I'm doing everything by hand so far (call to eos_download + triggering the install), same for major upgrade (eg: EOS 4.26). For EOS-stable I am still changing the bundle and executing tasks by hand (the image is already uploaded on CVP)

The outcome is our system is kept up-to-date without much effort. We did have a few challenges: some switches refused to ugprade from time to time (CVP triggers a curl on the switch that will download the image from CVP, and the curl is not using the proper Loopback interface), and we have 3 servers that send their traffic through their 1G interface instead of their bond, so we have 3 switches we don't know how to upgrade without impact. One thing we had to do is to increase some timeouts so that we don't get alerts every time we upgrade.

Post your Answer

You must be logged in to post an answer.