Closed falkowich closed 5 years ago
I'm using an EEM applet in the template to accomplish this. The applet can be triggered by a syslog message of your choosing and can perform commands (and other things) depending on your needs/configuration.
There should be a %SYS-5-CONFIG_I
syslog message for the configuration change via TFTP.
Our 3650's show the following:
%SYS-5-CONFIG_I: Configured from tftp://255.255.255.255/ZTP-23C907A492-confg by console
I have an EEM applet called post_ztp
that watches for this syslog message and then performs configuration commands;
tftp_addr
is configured and assigned in the template, but could also be in your keystore.
_To set in the J2 template, use !{% set tftp_addr = "1.2.3.4" %}
where 1.2.3.4 is the address of your TFTP server; e.g. FreeZTP or some other server reachable on the network._
hostname
and keystore_id
are pulled from the external-keystore (CSV file) we're using.
You'll need to have file prompt quiet
in your template/config for the TFTP copy to work, either that or add a couple ""
action cli commands after the copy command to emulate hitting enter twice.
I created a subdirectory in FreeZTP's tftproot directory to push configs to; i.e. /etc/ztp/tftproot/provisioned
. The final configuration is pushed as /etc/ztp/tftproot/provisioned/hostname_serialno.cfg
.
Example config that can be tweaked and added to your template if desired.
!{% set tftp_addr = "1.2.3.4" %}
!
file prompt quiet
!
event manager applet post_ztp
event syslog occurs 1 pattern "%SYS-5-CONFIG_I: Configured from tftp" maxrun 300
action 001 wait 30
action 002 cli command "enable"
action 005 cli command "conf t"
action 010.1 cli command "no vstack"
action 010.2 cli command "no ip http ser"
action 010.3 cli command "no ip http secure-s"
action 010.4 cli command "no ip http authen"
action 010.5 cli command "cry key gen rsa mod 2048"
action 010.6 cli command "no event man app post_ztp"
action 015 cli command "do write mem"
action 020 cli command ""
action 025 cli command "copy run tftp://{{ tftp_addr }}/{{ hostname }}_{{ keystore_id }}.cfg"
To verify/troubleshoot via console connection, add the following to the applet; note the action sequence numbers and insert accordingly.
action 003 cli command "debug event man act cli"
...
action 030 cli command "undebug all"
Put this in your switch template.
event manager applet post_ztp
event syslog occurs 1 pattern "%SYS-5-CONFIG_I: Configured from tftp" maxrun 300
action 001 wait 30
action 002 cli command "enable"
action 003 cli command "conf t"
action 004 cli command "no event man app post_ztp"
action 005 cli command "do write mem"
action 006 cli command ""
The best way (currently) is the solution from @derek-shnosh. Eventually I will build in a feature to run a script upon the completion of a provisioning action. This could be used to log in and save the config.
Closing this issue
Hi,
This is not an issue or an request, it's a more of a question :) I have looked into cisco ztp docs, but there are really little documented about writing config to startup-config when doing a ztp?
Any ideas here?
-- Regards Falk