Onboard Devices with Apstra ZTP
Apstra ZTP manages the bootstrap and lifecycle of devices managed by Apstra.
Before onboarding devices, make sure that your devices are set to factory default. Different vendors have different methods for setting their devices back to factory default after having added configuration.
To prevent being locked out of a device when there is a problem during the ZTP process, ZTP uses default, hard-coded credentials. These credentials are:
- root / admin
- aosadmin / aosadmin
Juniper Junos
EX switches require Junos OS version 21.2 or higher. EX switches using Junos OS versions below 21.1 are missing the Python module that's required for ZTP.
- Juniper Devices Minimum Resource Requirements
- Juniper Junos Bootstrap File
- Restart Juniper Junos ZTP
- Troubleshoot Juniper Junos ZTP
- Requirements for 4.2.0 [DOCS-1013]
Juniper Devices Minimum Resource Requirements
Apstra ZTP uses a custom script to create offbox agents, create local users and set other system configuration. The ZTP process copies a new OS image to the switch. Before installing Apstra ZTP, ensure that the switch has sufficient disk space for the OS image.
root@leaf001-001-2> show system storage Filesystem Size Used Avail Capacity Mounted on /dev/gpt/junos 6.0G 1.0G 4.5G 18% /.mount <...>
Juniper Junos Bootstrap File
Apstra ZTP uses a Python script to provision the device during ZTP. To allow the Python
script (ztp.py
) to run on a device that is not Junos OS Evolved,
additional configuration is required. Use the
junos_apstra_ztp_bootstrap.sh
script to bootstrap Apstra ZTP on Junos.
It downloads and runs the ZTP script.
Junos OS Evolved devices don't require this bootstrap; they run the Apstra ZTP python script (ztp.py) directly.
Restart Juniper Junos ZTP
To erase (zeroize) the device and restart Juniper Junos ZTP process:
root@leaf3> request system zeroize
Troubleshoot Juniper Junos ZTP
When in ZTP mode, the Juniper switch downloads the ztp.py
and
ztp.json
files to the /var/preserve/apstra
directory.
For diagnostics, take note of the /var/preserve/apstra/aosztp.log
file.
You can find additional useful messages in /var/log/messages
(search for
'ztp').
Requirements for 4.2.0 [DOCS-1013]
In ztp.json , system-agent-params, If you need to provide “profile” parameters, you must use UUID instead of the profile name/label.
In ztp.json , system-agent-params, the following additional params are always visible in the ZTP server, however these will cause agent creation failure during the ZTP process.
The parameters are force_package_install, install_requirements, enable_monitor
These must be removed from the system-agent-params for agent creation to work via ZTP, howver due to a bug when these parameters are removed from the UI ztp.json file, they are no removed and configurator add them again. The only solution is to manually modify the ztp.json file by logging via SSH connection to ZTP server, and then restarting the tftp container.
Enterprise SONiC
Enterprise SONiC Devices Minimum Resource Requirements
Apstra ZTP 4.2 used with Apstra version 4.2 has support for SONiC Enterprise Distribution devices. SONiC devices with earlier versions of Apstra ZTP, or the software, are not supported.
Apstra ZTP uses a custom script to create onbox agents, create local users and set other system configuration.
As part of the ZTP process a new OS image is copied to the switch. Before installing Apstra ZTP ensure that the switch has sufficient disk space for the OS image.
If you're using ONIE to install Enterprise SONiC on a device, you must copy the image
to the /containers_data/tftp
directory and rename it to
onie-installer
or another ONIE download name
(onie-installer-x86_64-dell_z9100_c2538-r0
for example). When
rebooting in ONIE, the device searches for this file on the HTTP then TFTP server. If it
doesn't find the file, then ZTP fails. Once ONIE SONiC installation successfully
completes, the SONiC device starts ZTP automatically.
To restart the SONiC ZTP process, use the sudo ztp enable
and
sudo ztp run
commands.
admin@sonic:~$ sudo ztp enable admin@sonic:~$ sudo ztp run ZTP will be restarted. You may lose switch data and connectivity, continue?[yes/NO] yes admin@sonic:~$
Cisco NX-OS
Cisco NX-OS Devices Minimum Resource Requirements
Ensure that sufficient disk space is available on the switch. As part of the ZTP process a new OS image is copied to the switch. Before installing Apstra ZTP ensure that the switch has sufficient disk space for the OS image.
switch1# dir bootflash: | include free|total 1296171008 bytes free 3537219584 bytes total
Restart Cisco NX-OS ZTP
If an agent is already installed on the device, before you restart the device ZTP process remove the agent either via the UI device agent installer or manually via the device CLI.
C9K-172-20-65-5# guestshell destroy Remove remaining AOS data from system Removing the guest-shell deletes most of the data left by AOS. Some files are still on the bootflash:/.aos folder. C9K-172-20-65-5# delete bootflash:.aos no-prompt
To restart Cisco NX-OS ZTP process:
switch# write erase switch# reload
Arista EOS
Arista EOS Devices Minimum Resource Requirements
Apstra ZTP has limited support and known issues for virtual Arista EOS (vEOS) devices.
- ZTP EOS upgrades are not supported on vEOS devices. EOS versions for vEOS device
must match
eos-versions
set inztp.json
file. - ZTP Logging to the controller does not work for vEOS devices due to the lack of a device serial number. This will be addressed in a future version.
As part of the ZTP process, a new OS image is copied to the switch. Before installing Apstra ZTP ensure that the switch has sufficient disk space for the OS image.
switch1#dir flash: Directory of flash:/ <...> 3957878784 bytes total (3074723840 bytes free)
Restart Arista EOS ZTP
If an agent is already installed on the device, before you restart the device ZTP process, remove the agent extension either via the UI Device Agent Installer or manually via the device CLI.
l2-virtual-001-leaf1#sho extensions Name Version/Release Status Extension ----------------------------------------- ------------------ --------- --------- aos-device-agent-3.1.0-0.1.205.i386.rpm 3.1.0/0.1.205 A, I 1 A: available | NA: not available | I: installed | NI: not installed | F: forced l2-virtual-001-leaf1#delete extension:aos-device-agent-3.1.0-0.1.205.i386.rpm l2-virtual-001-leaf1#no extension aos-device-agent-3.1.0-0.1.205.i386.rpm l2-virtual-001-leaf1#copy installed-extensions boot-extensions Copy completed successfully. l2-virtual-001-leaf1#delete /recursive flash:aos* l2-virtual-001-leaf1#
To restart Arista EOS ZTP process:
localhost# delete flash:zerotouch-config localhost# write erase Proceed with erasing startup configuration? [confirm]y localhost# reload
Monitor Onboarding Status
When executed, the ZTP script sends logs to the Apstra server via API. You can monitor the ZTP process from the Apstra GUI. From the left navigation menu, navigate to Devices > ZTP Status > Devices.
Each device that's interacting with DHCP and ZTP is listed here along with its System ID (serial number) if known, ZTP Status, ZTP Latest Event and the date and time the device status was last updated. To see the full DHCP and ZTP log for the device, click the "Show Log" button (the eye in the Actions panel).
You can download the log file. If you don't need the logs for a device anymore, click the
Delete button. Log files for all processes are retained in the
/containers_data/logs
directory.
When the ZTP process successfully onboards a device it's included in the Managed Devices page, ready to be acknowledged and assigned to a blueprint. Navigate to Devices > Managed Devices to see available devices.