ON THIS PAGE
ztp.json Keys
The Apstra ZTP configuration file (ztp.json
) includes all configuration for
the Apstra ZTP script (ztp.py
). Never modify ztp.py
directly. You can use several methods for configuring ztp.json
. First,
familiarize yourself with the keys in the file, as described below, then configure the file,
as needed for your devices (as described in later pages).
Key Categories
Contents of the ztp.json
file are organized from more general sections to
more specific sections as follows:
-
defaults - Configured values in the
defaults
section are used for all devices unless more specific sections use the same keys. The more specific section values take precedence. Here's an example of what you might put in the defaults section:"defaults": { "device-root-password": "root-password-123", "device-user": "admin", "device-user-password": "admin-password-123", "system-agent-params": { "agent_type": "onbox", "install_requirements": false } }
-
platform-specific - Configured values in each of the vendor platform sections (
junos
,junos-evo
,eos
,nxos
,sonic
,linux
) are used for all devices from that vendor unless the same keys in more specific sections are defined. Here's an example for devices using SONiC OS:"sonic": { "sonic-versions": ["SONiC-OS-3.4.0-Enterprise_Advanced"], "sonic-image": "http://10.85.24.52/sonic/3.4.0/sonic-3.4.0-GA-adv-bcm.bin", "device-root-password": "admin", "device-user": "admin", "device-user-password": "admin", "custom-config": "sonic_custom.sh", "system-agent-params": { "agent_type": "onbox", "job_on_create": "install" } }
-
model-specific - Configured values in a specific model number section are used for all devices of that model, unless, of course, the same keys are used in a serial number section. Then the value in the serial number section would be used. Here's an example for a specific Juniper device:
"QFX10002-36Q": { "junos-versions": ["21.2R1-S2.2"], "junos-image": "http://10.85.24.52/juniper/21.2R1-S2.2/jinstall-host-qfx-10-f-x86-64-21.2R1-S2.2-secure-signed.tgz" }
-
serial number-specific - Configured values under a specific serial number (system ID) are used for that one device. For example:
"TH0TFD6TCET0015G0015": { "sonic-versions": ["SONIC-OS-4.0.5-Enterprise_Advanced"], "sonic-image": "http://10.85.24.52/sonic/4.0.5/sonic-broadcom-enterprise-advanced-4.0.5-GA.bin" }
Keys List
See descriptions and examples below for all keys in the ztp.json
file. All
keys are included in each category, whether or not they apply specifically to that category.
For example, you may notice the junos
section includes the key
nxos-version
. This is to allow all keys to be included in the
defaults
category. You can ignore or remove keys that don't apply to your
devices.
- nxos-versions
- nxos-image(-location)
- eos-versions
- eos-image(-location)
- junos-versions
- junos-image(-location)
- junos-evo-versions
- junos-evo-image(-location)
- sonic-versions
- sonic-image(-location)
- device-root-password
- device-user
- device-user-password
- custom-config
- dual-routing-engine (check box)
- system-agent-params
- agent_type (system-agent-params)
- platform (system-agent-params)
- job_on_create (system-agent-params)
- operation_mode (system-agent-params)
- profile (system-agent-params)
- packages (system-agent-params)
- force_package_install (system-agent-params)
- install_requirements (system-agent-params)
- enable_monitor (system-agent-params)
- open_options (is this still relevant?)
nxos-versions
The nxos-versions
parameter includes valid OS versions for Cisco NX-OS
devices.
Example: "nxos-versions": [ "10.2(5)", "9.3(11)" ]
nxos-image(-location)
In the Configurator is called nxos-image-location
and in the code editor
and CLI it's called nxos-image
.
If the version running on the device doesn't match a version in
nxos-versions
, then the Cisco NX-OS image location specified in the
nxos-image
field is uploaded.
By default, the image is loaded via TFTP. You can also load the image via HTTP by specifying the HTTP/HTTPS server URL with the IP address. You can also upload NX-OS images to Devices / OS images on the Apstra server.
TFTP Example (default): "nxos-image": [ "nxos.10.2.5.bin" ]
HTTP Server Example: "nxos-image": "http://192.168.59.4/nxos.10.2.5.bin"
Devices / OS Images Example: "nxos-image": "https://192.168.59.3/dos_images/nxos.10.2.5.bin"
eos-versions
The eos-versions
parameter includes valid OS versions for Arista EOS
devices.
Example: "eos-versions": [ "4.27.6M" ]
eos-image(-location)
In the Configurator is called eos-image-location
and in the code editor
and CLI it's called eos-image
.
If the version running on the device doesn't match a version in
eos-versions
, then the Arista EOS SWI image location specified in the
eos-image
field is uploaded.
By default, the image is loaded via TFTP. You can also load the image via HTTP by specifying the HTTP/HTTPS server URL with the IP address. You can also upload NX-OS images to Devices / OS images on the Apstra server.
TFTP Example (default): "eos-image": [ "EOS-4.24.5M.swi" ]
HTTP Server Example: "eos-image": "http://192.168.59.3/dos_images/EOS-4.21.51F.swi"
Devices / OS Images Example: "nxos-image": "https://192.168.59.3/dos_images/nxos.10.2.5.bin"
To use any HTTP server for image transfer, enter a valid HTTP or HTTPS URL with
IP address. For example: "eos-image":
"http://192.168.59.3/dos_images/EOS-4.27.6M.swi"
This example uses HTTP from the Apstra ZTP server (192.168.59.4) to transfer
the Arista EOS image from the Apstra ZTP /container_data/tftp/
directory.
You can also upload Arista EOS images to the Apstra controller Devices / OS Images. For example:
"nxos-image": "https://192.168.59.3/dos_images/EOS-4.27.6M.swi"
junos-versions
The junos-versions
parameter includes valid OS versions for Juniper
Junos OS devices.
Example: "junos-versions": [ "22.4R2" ]
junos-image(-location)
In the Configurator is called junos-image-location
and in the code
editor and CLI it's called junos-image
.
If the running Junos OS version doesn't match a version in the
junos-versions
list, then the image in the junos-image
field is uploaded.
By default, the image is loaded from the ZTP server's
/container_data/tftp/
directory via TFTP. To use any HTTP server for
transferring the image, enter a valid HTTP URL with IP address. For example:
"junos-image": "http://192.168.59.4/jinstall-host-qfx-5-18.4R3-S4.2-signed.tgz"
To use any HTTP server for image transfer, enter a valid HTTP or HTTPS URL with IP address. For example:
"junos-image": "http://192.168.59.4/jinstall-host-qfx-5e-x86-64-21.4R3-S4.13-secure-signed.tgz"
This example uses HTTP from the Apstra ZTP server (192.168.59.4) to transfer
the Juniper Junos image from the Apstra ZTP /container_data/tftp/
directory.
You can also upload Juniper Junos images to the Apstra controller Devices / OS Images. For example:
"junos-image": "https://192.168.59.3/dos_images/jinstall-host-qfx-5e-x86-64-21.4R3-S4.13-secure-signed.tgz"
junos-evo-versions
The junos-evo-versions
parameter includes valid OS versions for Juniper
Junos OS Evolved devices.
Example: "junos-versions": [ "22.4R2-EVO" ]
junos-evo-image(-location)
sonic-versions
The sonic-versions
parameter includes valid OS versions for Enterprise
SONiC devices.
Example: "sonic-versions": [ "SONiC-OS-4.0.5-Enterprise_Advanced" ]
sonic-image(-location)
In the Configurator is called sonic-image-location
and in the code
editor and CLI it's called sonic-image
.
This is the filename of the SONiC ONIE BIN image to load if the running version does not
match a version in the sonic-versions
list.
To use any HTTP server for image transfer, enter a valid HTTP or HTTPS URL with IP address. For example:
"sonic-image": "http://192.168.59.3/sonic-broadcom-enterprise-advanced-4.0.5-GA.bin"
This example uses HTTP from the Apstra ZTP server (192.168.59.4) to transfer
the SONiC image from the Apstra ZTP /container_data/tftp/
directory.
You can also upload SONiC images to the Apstra controller Devices / OS Images. For example:
"sonic-image": "https://192.168.59.3/dos_images/sonic-broadcom-enterprise-advanced-4.0.5-GA.bin"
device-root-password
The ZTP process sets the device root password to this value. For Arista EOS and Cisco
NX-OS devices, the device-root-password
is used to set the password for
the system admin
password.
Example: "device-root-password": "root-admin-password"
device-user
Username for the device system agent. Also, if necessary, the ZTP process creates a user
on the device with this username and and the device-user-password
.
Example:
"device-user": "aosadmin", "device-user-password": "aosadmin-password"
device-user-password
Password for the device system agent. Also, if necessary, the ZTP process creates a user
on the device with the device-user
and this password.
Example:
"device-user": "aosadmin", "device-user-password": "aosadmin-password"
custom-config
This is the filename of the custom configuration shell script in the TFTP directory or a URL pointing to the file on a HTTP server. This shell script runs during the ZTP process allowing you to add custom configuration to the device. See Platform Specific Information for more information.
Example: "custom-config": "junos_custom.sh"
dual-routing-engine (check box)
system-agent-params
System agent parameters are used to create new users and device system agents on each
device. (For all available system-agent-params
options, see the REST API
documentation for /api/system-agents
.)
"system-agent-params": { "id": "", "agent_type": "", "platform": "", "job_on_create": "", "operation_mode": "", "profile": "", "packages": [], "force_package_install": false, "install_requirements": false, "enable_monitor": false
The individual system agent parameters are described below.
agent_type (system-agent-params)
Agent type is either onbox or offbox
Example: "agent_type": "onbox"
platform (system-agent-params)
This field is used only for offbox agents only. Set it to the device platform ("eos", "nxos", "junos"). Lowercase only
Example: "platform": "junos"
job_on_create (system-agent-params)
To have the onbox agent installed on the device, set job_on_create
to
install
Example: "job_on_create": "install"
operation_mode (system-agent-params)
profile (system-agent-params)
The device agent profile as defined in Apstra to use during agent creation. The value must be the ID of the agent profile, not the agent profile name.
Example: “profile”: “8d68d1ec-c168-4ef3-8ffd-09389c17a3e4”
Requirements for Juniper on Apstra version 4.2.0: If you need to provide “profile” parameters, you must use UUID instead of the profile name/label.
The parameters force_package_install
,
install_requirements
, and enable_monitor
are always
visible in the ZTP server. These will cause agent creation failure during the ZTP process.
You must remove these parameters from system-agent-params
for Juniper
agent creation to work. However, due to a bug, when you remove these parameters from the
ztp.json file via the Apstra GUI, they aren't actually removed. The configurator adds them
back in. To prevent this from happening, use the CLI instead of the Apstra ZTP GUI, and
log in via an SSH connection to the ZTP server. Then restart the tftp container.
packages (system-agent-params)
Set to configure the additional SDK or extended telemetry packages to upload to the system agent.
Example:
"packages": [ "aos-deployment-helper-nxos", "aosstdcollectors-builtin-nxos", "aosstdcollectors-custom-nxos" ]
force_package_install (system-agent-params)
For Juniper devices used in Apstra 4.2.0, you must remove this parameter via CLI. If you use the Apstra ZTP GUI, the parameter will be added back in.
install_requirements (system-agent-params)
Always set to false. Not currently needed for any supported Network Operating System.
Example: "install_requirements": false
For Juniper devices used in Apstra 4.2.0, you must remove this parameter via CLI. If you use the Apstra ZTP GUI, the parameter will be added back in.
enable_monitor (system-agent-params)
For Juniper devices used in Apstra 4.2.0, you must remove this parameter via CLI. If you use the Apstra ZTP GUI, the parameter will be added back in.
open_options (is this still relevant?)
Example:
"open_options": { "proto": "https", "port": "443" }
Offbox agents only. Set to enable HTTPS between offbox agent to device API interface. If open_options isn't defined, the connection defaults to HTTP.
Examples
See the sections below for some examples of ztp.json
values.
- Defaults
- Cisco Onbox Agent on Apstra ZTP 4.2.0 Example
- Cisco Offbox Agent with HTTP on Apstra ZTP 4.2.0 Example
- Arista Onbox Agent on Apstra ZTP 4.2.0 Example
- Junos Offbox Agent on Apstra ZTP 4.2.0 Example
- Junos Evolved Onbox Agent on Apstra ZTP 4.2.0 Example
- Juniper OS Evolved
- Enterprise SONiC Onbox Agent on Apstra ZTP 4.2.0 Example
- Model-specific Example
Defaults
An example of values you might want to include as defaults include the following:
"defaults": { "nxos-image": "http://buildfiles.dc1.apstra.com/apstrktr/switch_images/cisco/nxos.10.2.5.bin", "eos-image": "http://buildfiles.dc1.apstra.com/apstrktr/switch_images/arista/EOS-4.27.6M.swi", "junos-image": "http://10.24.128.10/apstrktr/switch_images/juniper/junos-5e-22.2R3.15.tgz", "junos-evo-image": "http://10.24.128.10/apstrktr/switch_images/juniper/junos-evo-install-qfx-ms-fixed-x86-64-22.2R3.13-EVO.iso", "sonic-image": "http://buildfiles.dc1.apstra.com/apstrktr/switch_images/sonic/sonic-4.0.5-GA-adv-bcm.bin", "device-root-password": "strongrootpassword", "device-user": "admin", "device-user-password": "stronguserpassword" "system-agent-params": { "agent_type": "onbox", "install_requirements": false }
All devices would use these values unless values for more specific categories are
configured, then those would take precedence. More specific categories include
platform-specific, such as "junos"
, "junos-evo"
,
"eos"
, "nxos"
, and "sonic"
;
model-specific, such as "QFX10002-60C"
; and serial number-specific, such
as "TH0TFD6TCET0015G0015"
.
Cisco Onbox Agent on Apstra ZTP 4.2.0 Example
{ "nxos": { "nxos-versions": [ "10.2(5)" ], "nxos-image": "http://192.168.59.4/nxos.10.2.5.bin", "device-root-password": "strongrootpassword", "custom-config": "nxos_custom.sh", "device-user": "admin", "device-user-password": "stronguserpassword", "system-agent-params": { "agent_type": "onbox", "job_on_create": "install" } } }
Cisco Offbox Agent with HTTP on Apstra ZTP 4.2.0 Example
{ "nxos": { "nxos-versions": [ "10.2(5)" ], "nxos-image": "http://192.168.59.4/nxos.10.2.5.bin", "custom-config": "nxos_custom.sh", ]"device-user": "admin", "device-user-password": "admin-password", "system-agent-params": { "username": "admin", "password": "admin", "agent_type": "offbox", "platform": "nxos", "open_options": { "proto": "https", "port": "443" }, "packages": [ "aos-deployment-helper-nxos", "aosstdcollectors-builtin-nxos", "aosstdcollectors-custom-nxos" ] } } }
This configuration enables secure offbox agent HTTPS (port 443) between the offbox agent on the server and the device API.
open_options" can't be configured from the Apstra ZTP UI configurator. You must use the GUI code editor or edit the ztp.json file from the CLI.
Arista Onbox Agent on Apstra ZTP 4.2.0 Example
{ "eos": { "eos-versions": [ "4.27.6M" ], "eos-image": "http://192.168.59.3/EOS-4.27.6M.swi", "custom-config": "eos_custom.sh", "device-root-password": "admin-password", "device-user": "admin", "device-user-password": "admin-password", "system-agent-params": { "agent_type": "onbox", "job_on_create": "install" } } }
Junos Offbox Agent on Apstra ZTP 4.2.0 Example
{ "junos": { "junos-versions": [ "21.4R3-S4.13" ], "junos-image": "http://192.168.59.4/jinstall-host-qfx-5e-x86-64-21.4R3-S4.13-secure-signed.tgz", "device-root-password": "root-password", "device-user": "admin", "device-user-password": "admin-password", "custom-config": "junos_custom.sh", "system-agent-params": { "platform": "junos", "agent_type": "offbox", "job_on_create": "install" } } }
{ "junos": { "junos-versions": ["21.2R1-S2.2"], "junos-image": "http://10.85.24.52/juniper/21.2R1-S2.2/jinstall-host-qfx-5e-x86-64-21.2R1-S2.2-secure-signed.tgz", "device-root-password": "root123", "device-user": "admin", "device-user-password": "admin", "system-agent-params": { "platform": "junos", "agent_type": "offbox", "job_on_create": "install" } }, "QFX10002-36Q": { "junos-versions": ["21.2R1-S2.2"], "junos-image": "http://10.85.24.52/juniper/21.2R1-S2.2/jinstall-host-qfx-10-f-x86-64-21.2R1-S2.2-secure-signed.tgz" }, "JNP10002-60C [QFX10002-60C]": { "junos-versions": ["21.2R1-S1.3"], "junos-image": "http://10.85.24.52/juniper/21.2R1-S1.3/junos-vmhost-install-qfx-x86-64-21.2R1-S1.3.tgz" } }
Junos Evolved Onbox Agent on Apstra ZTP 4.2.0 Example
{ "junos-evo": { "junos-evo-versions": [ "22.4R2.11-EVO" ], "junos-evo-image": "http://192.168.59.4/junos-evo-install-qfx-ms-x86-64-22.4R2.11-EVO.iso", "device-root-password": "root-password", "device-user": "admin", "device-user-password": "admin-password", "custom-config": "junos_custom.sh", "system-agent-params": { "agent_type": "onbox", "job_on_create": "install" } } }
You can use the following additional fields for dual RE platforms, such as PTX10004.
"dual-routing-engine": true, "management-ip": "10.161.37.7", "management-gw-ip": "10.161.39.254", "management-subnet-prefixlen": "21", "management-master-ip": "10.161.37.8", "management-backup-ip": "10.161.37.9",
Juniper OS Evolved
Enterprise SONiC Onbox Agent on Apstra ZTP 4.2.0 Example
{ "sonic": { "sonic-versions": [ "SONiC-OS-4.0.5-Enterprise_Advanced" ], "sonic-image": "http://192.168.59.4/sonic-broadcom-enterprise-advanced-4.0.5-GA.bin", "device-root-password": "root-password", "device-user": "admin", "device-user-password": "admin-password", "custom-config": "sonic_custom.sh", "system-agent-params": { "agent_type": "onbox", "job_on_create": "install" } } }
If you use another device-user
besides admin
(aosadmin
for example) Apstra ZTP creates this new user, but it
doesn't change the password for the default SONiC admin
user (password
set to YourPaSsWoRd
by default).
Model-specific Example
"JNP10002-60C [QFX10002-60C]": { "junos-versions": [ "21.2R1-S1.3" ], "junos-image": "http://10.85.24.52/juniper/21.2R1-S1.3/junos-vmhost-install-qfx-x86-64-21.2R1-S1.3.tgz",