Sunday, May 24, 2015

Juniper, Zero Touch Provisioning, and Raspberry Pi

Recently, a client had the need to replace about 500 switches at multiple remote sites. ZTP came to mind as a possible shortcut to getting this done with the littlest possible work effort. After doing some reading about automation and Junos, I started playing around with python, jinja, and yaml. During this time period, it turned out that a colleague of mine was actually going through the same exercise with one of his clients. Special thanks to Vince Loschiavo, who came up with a way to build device-specific configuration files while also leveraging ZTP. His Git repository can be found here, which goes over all the steps one must take to get things working. I would highly recommend reading through his, and other documentation prior to moving forward, but in a nutshell, here's how ZTP works:
  1. By default, when a new Juniper switch's management interface is plugged in, it attempts to go through the ZTP process.
    1. It requests an IP address.
    2. It attempts to download and upgrade the Junos OS.
    3. It attempts to download and install a configuration.
 This process can be manipulated to satisfy more complex requirements. Below is a brief overview:
  1. A user scans/enters the MAC address of each switch's management interface into a CSV file, along with other device-specific data (i.e. host name, IP addressing, VLANs, etc.).
  2. This CSV file is then placed on a server somewhere on the network where python, jinja2, apache2, the required Junos OS version, and a DHCP server are installed/loaded.
  3. Two jinja templates exist on this server that allow for the generation of device-specific configuration files.
    1. A configuration template that contains variables for all data that differs per device.
    2. A DHCP reservation template that contains variables for certain device-specific information (i.e MAC address of a switch's management interface).
  4. A single python script exists on this server, which when executed, analyzes the CSV file, generates configuration files, as well as creates DHCP reservations for each switch.
  5. Upon plugging each switch into the network, the ZTP process is triggered, and switches are deployment-ready in minutes.
This is awesome! However, in my case the customer did not have a management network built, and time constraints would not allow it...

Discussing my constraints with Vince and other team members, we came to the conclusion that a small, portable mini-computer just might work for this type of scenario. Enter Raspberry Pi!

Together we were able to validate that a Raspberry Pi gets the job done. It is super cheap and can be powered via a USB port on a switch. Once everything is loaded and the python script is executed, it is very plug and play. The Raspberry Pi can then be shipped from site to site to perform OS upgrades and provision configuration data.

In effort to make things a little simpler for network engineers that would like to try this out, I have taken a snapshot of my 8GB microSD with all the necessary applications installed and configured. It even has a sample CSV file, and generated samples from the python script. If you would like a copy just let me know. If you would like to build your own, here is what I installed:
  • Snappy Ubuntu Core - https://wiki.ubuntu.com/ARM/RaspberryPi
  • apache2 - used to transfer files via http
  • python - used to generate files
  • jinja2 - used to create templates
  • isc-dhcp-server - used to serve IP addresses
  • openssh-server - used to allow SSH access
 Enjoy!

38 comments:

  1. hey Spencer,

    Let me know how to get a copy of your 8GB microSD please.

    ReplyDelete
    Replies
    1. greyhunter, send me your email and I will send you a link.

      Delete
  2. how can i send it privately to you? could not find any contact me link

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
    2. Thanks. You may delete the file as i finished downloading.

      Appreciate your support.

      Delete
  3. Hi Spencer,

    This is exactly like a project I've been trying to get working. Can you send me your snapshot? I can't find any contact information on this page.

    Thanks!

    ReplyDelete
    Replies
    1. Here is a link. It will be valid for 48 hours and then I will remove it.

      https://drive.google.com/file/d/0B3xuJU9ioNLJWGhyQ0paemRlOWs/view?usp=sharing

      Delete
  4. Hi Spencer,

    Is your snapshot working on Pi 3? I am having a tough time of running on Pi 3.

    ReplyDelete
  5. No this image is for Pi 2. That could be why you are having issues.

    ReplyDelete
  6. hey Spencer,

    Let me know how to get a copy of your 8GB microSD please.

    Here is my email address

    yanlouze@gmail.com

    Thanks so much

    ReplyDelete
    Replies
    1. Hello, you should have access now. Please let me know if it is not working.

      Delete
    2. Hi Spencer,

      Ran across this post. Could I try out your image? You can get a hold of me at cis.rmullaney@gmail.com.

      Thank you!

      Delete
    3. Ryan,

      You should now have access.

      Spencer

      Delete
  7. i am interested in your image as well. theisgroup@gmail.com

    ReplyDelete
  8. any chance i got get a copy of the image avrillafuze@gmail.com

    ReplyDelete
  9. Hi Spencer, I would like to have copy of your card please
    email jupekki16@gmail.com

    ReplyDelete
  10. Hi Spencer, great project!
    Could you send me a copy of your card please
    email: david.benoudiz@gmail.com
    Thanks!

    ReplyDelete
  11. Hi Spencer,

    I'm very interested in this image as well. Can you please share? webnetwiz@gmail.com

    ReplyDelete
  12. Hi Spencer,

    Late to the party, but can I also have access to your image? - gquinones83@gmail.com

    ReplyDelete
  13. I would like to check out the image as well bcording@cordingley.net

    ReplyDelete
  14. This comment has been removed by the author.

    ReplyDelete
  15. Hi Spencer, could you please grant me access as well (if it's still available!) many thanks: sjd113@gmail.com

    ReplyDelete
  16. Four and a half years on... I did a google search looking for a solution and found this Blog site. Would you be able to grant ma access as well to try out your image? Thank you, Pat G.

    ReplyDelete
    Replies
    1. Hey Pat, send me your email address and I will give you access.

      Delete
  17. Hi Spencer, extremely late to this party but if possible may I get a copy of the scripts on your SD card. Would love to try this out.

    Many thanks.

    J

    ReplyDelete
  18. Hi Spencer, Great post. I am super late but I would appreciate if you can share a copy of the scripts on your sd card if you still have them . Thank you.

    ReplyDelete
  19. I would also like a copy if you can provide it please!
    been messing around with juniper ztp, and want to try it on the raspberry pi.
    Thanks!

    ReplyDelete
  20. Samesies :) Would be great to get a copy. Thanks

    ReplyDelete