Create Vendor-specific Custom Configuration
SUMMARY You may need to customize configuration (custom-config
) based on the
device vendor.
You can use shell scripts to add custom configuration to devices during ZTP. These files are located in the TFTP directory or on a HTTP server that you point with a URL .
When you configure the ztp.json file you'll specify the bash file name in the custom-config field of the platform-specific section.
junos_custom.sh
To customize configuration on Juniper Junos OS and Junos OS Evolved devices, add
configuration to containers_data/tftp/junos_custom.sh
, a bash
script file that's executed during the ZTP process.
It can execute Junos configuration commands, such as for Syslog, NTP, and SNMP authentication, before the device system agent is automatically installed.
Junos OS and Junos OS Evolved platforms with dual-RE setups require the
set system commit synchronize
command. Without this
configuration, the ZTP process fails. We recommend adding the command to the
junos_custom.sh
file.
Refer to the example junos_custom.sh
file.
#!/bin/sh SOURCE_IP=$(cli -c "show conf interfaces em0.0" | grep address | sed 's/.*address \([0-9.]*\).*/\1/') # Syslog SYSLOG_SERVER="192.168.59.4" SYSLOG_PORT="514" # NTP NTP_SERVER="192.168.59.4" # SNMP SNMP_NAME="SAMPLE" SNMP_SERVER="192.168.59.3" # Syslog cli -c "configure; \ set system syslog host $SYSLOG_SERVER any notice ; \ set system syslog host $SYSLOG_SERVER authorization any ; \ set system syslog host $SYSLOG_SERVER port $SYSLOG_PORT ; \ set system syslog host $SYSLOG_SERVER routing-instance mgmt_junos ; \ commit and-quit" cli -c "configure; \ set system syslog file messages any notice ; \ set system syslog file messages authorization any ; \ commit and-quit" # NTP cli -c "configure; \ set system ntp server $NTP_SERVER routing-instance mgmt_junos ; \ set system ntp source-address $SOURCE_IP routing-instance mgmt_junos ; \ commit and-quit;" # SNMP cli -c "configure; \ set snmp name $SNMP_NAME; \ set snmp community public clients $SNMP_SERVER/32 ; \ set snmp community public routing-instance mgmt_junos ; \ set snmp routing-instance-access access-list mgmt_junos ; \ commit and-quit"
If you set external AAA authentication (for example
authentication-order
), you need to replicate the device
system agent device-user
and
device-user-password
in the AAA system. Otherwise, the
device system agent generates an authentication error.
eos_custom.sh
To customize configuration on Arista EOS devices, add configuration to
containers_data/tftp/eos_custom.sh
, a bash script file that's
executed during the ZTP process.
It can execute EOS configuration commands to set the SSH login banner, or any other system configuration that needs to be set before the device system agent is automatically installed.
Refer to the example eos_custom.sh
file.
#!/bin/sh FastCli -p 15 -c $'conf t\n service routing protocols model multi-agent\n hardware tcam\n system profile vxlan-routing\n banner login\n ######################################################## UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED ########################################################\n EOF\n'
During the ZTP process, the EOS banner login is set to text saying "The device is in Zero Touch Provisioning mode ...". By default, the ZTP script copies this to the permanent configuration.
To prevent this, you must configure the custom-config
pointing to a script (eos_custom.sh
for example), which
configures a different banner login
or configure no
banner login
.
There must be a space after any \n
.
nxos_custom.sh (onbox agent)
To customize configuration on Cisco NX-OS devices, add configuration to
containers_data/tftp/nxos_custom.sh
, a bash script file that's
executed during the ZTP process.
It can execute NX-OS configuration commands that set system configuration, such as the SSH login banner, or other system configuration that needs to be set before the device system agent is automatically installed.
Refer to the example nxos_custom.sh
file.
You must use the custom-config
file to add copp profile
strict
.
#!/bin/sh /isan/bin/vsh -c "conf ; copp profile strict ; banner motd ~ ######################################################## BANNER BANNER BANNER BANNER BANNER BANNER BANNER BANNER ######################################################## Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec gravida, arcu vitae tincidunt sagittis, ligula massa dignissim blah, eu sollicitudin nisl dui at massa. Aliquam erat volutpat. Vitae pellentesque elit at pulvinar volutpat. Etiam lacinia derp lacus, non pellentesque nunc venenatis rhoncus. ######################################################## ~"
nxos_custom.sh (Offbox Agent)
If you're using Apstra ZTP to prepare a Cisco NX-OS device for use with offbox
agents, you must have the custom-config
file enable the following
NX-OS configuration commands.
feature nxapi feature bash-shell feature scp-server feature evmed copp profile strict nxapi http port 80
You can use the following nxos_custom.sh
to add these along with a
banner.
#!/bin/sh /isan/bin/vsh -c "conf ; feature nxapi ; nxapi http port 443 ; feature bash-shell ; feature scp-server ; feature evmed ; copp profile strict ; banner motd ~ ######################################################## BANNER BANNER BANNER BANNER BANNER BANNER BANNER BANNER ######################################################## Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec gravida, arcu vitae tincidunt sagittis, ligula massa dignissim blah, eu sollicitudin nisl dui at massa. Aliquam erat volutpat. Vitae pellentesque elit at pulvinar volutpat. Etiam lacinia derp lacus, non pellentesque nunc venenatis rhoncus. ######################################################## ~"
sonic_custom.sh
To customize configuration on Enterprise SONiC devices, add configuration to
containers_data/tftp/sonic_custom.sh
, a bash script file that's
executed during the ZTP process.
It can execute EOS configuration commands, such as for settting Radius authentication, before the device system agent is automatically installed.
Refer to the example sonic_custom.sh
file.
#!/bin/bash sed -i s/"#Banner.*"/"Banner \/etc\/issue.net"/ /etc/ssh/sshd_config cat >& /etc/issue.net << EOF Provisioned by AOS Date: $(date) EOF service ssh restart