(Free)ZTP Watcher

Watches specified directory for FreeZTP custom merged-config files which are created after a switch is successfully provisioned. File name is parsed for hostname and host IP address to initiate a TFTP transfer of the specified IOS image.

TFTP preferred over SCP due to speed (include ip tftp blocksize 8192 in the switch template) and because FreeZTP has TFTP built-in so no additional services are required.

Use-case: Copy IOS image .bin file to C2960S/X/XR switches post FreeZTP provisioning to avoid the auto-install function using a .tar file (lengthy process).

Source

Considerations

• Ensure that FreeZTP imagediscoveryfile-option is set to disable.

  ztp set dhcpd INTERFACE-{dhcp_interface} imagediscoveryfile-option disable

• It is imperative that your keystore_id value does not have an underscore (_) in it.

• Custom merged-config file syntax must begin with {{keystoreid}}{{ipaddr}}; e.g.

  {{keystore_id}}_{{ipaddr}}_{{idarray|join("-")}}_merged.cfg

  Full custom log file config example...

  ztp set logging merged-config-to-custom-file '/etc/ztp/logs/merged/{{keystore_id}}_{{ipaddr}}_{{idarray|join("-")}}_merged.cfg'

  *Suggestion: Disable logging merged configs to the main log file via;

  ztp set logging merged-config-to-mainlog disable

• Include the following configurations in the switch template.

  ip tftp blocksize 8192
  file prompt quiet

Installation/Usage

1. Install Python3 dependencies.

   Nornir v2.5.0 is required (for now) as v3.x introduces changes to inventory management.

   pip install nornir==2.5.0
   pip install pyyaml
   pip install watchdog

2. Clone repo to desired location.

   sudo git clone {URL} /var/git/ztp-watcher

3. Make a copy of ztpconfig_sample.yaml as ztpconfig.yaml and edit for environment.

   See *ztpconfig_sample.yaml file for explanation of options.

   sudo cp /var/git/ztp-watcher/ztpconfig_sample.yaml /var/git/ztp-watcher/ztpconfig.yaml
   sudo nano /var/git/ztp-watcher/ztpconfig.yaml

   • Edit values accordingly

     Be sure to create the logfile and watch_dir directories as needed.

     logfile: /etc/ztp/logs/ztpwatcher.log
     watch_dir: /etc/ztp/logs/merged/
     ssh_method: ip
     tftpaddr: 172.17.251.251
     imgfile: c2960x-universalk9-mz.152-4.E8.bin
     username: cisco
     password: cisco

4. Edit ztp-watcher.service systemd unit file with path.

   sudo nano /var/git/ztp-watcher/ztp-watcher.service

   • Edit ExecStart and WorkingDirectory paths accordingly

     ...
     ExecStart=/bin/bash -c 'cd /var/git/ztp-watcher; python3 ztp-watcher.py'
     WorkingDirectory=/var/git/ztp-watcher/
     ...

5. Copy .service file to /etc/systemd/system/, then enable and start it.

   sudo cp /var/git/ztp-watcher/ztp-watcher.service /etc/systemd/system/
   sudo systemctl enable ztp-watcher.service
   sudo systemctl start ztp-watcher.service

References

• https://github.com/PackeTsar/freeztp/
• https://github.com/torfsen/python-systemd-tutorial
• https://pynet.twb-tech.com/blog/nornir/intro.html
• https://pynet.twb-tech.com/blog/nornir/os-upgrade-p1.html
• https://www.michaelcho.me/article/using-pythons-watchdog-to-monitor-changes-to-a-directory

Feature Requests

• [ ] Add option to reboot switch after upgrade.
• [ ] Support multi-platform upgrades.