Upload
others
View
15
Download
0
Embed Size (px)
Citation preview
6. IOS-XE Shell and Scripting
教主年费VIP
强化班DevNet
http://pygitlab.qytang.com/root/devnet_ccna_guestshell.git
5
GuestShell
IOS-XE Guest Shell
GuestShell is a containerized Linux runtime that can be enabled on your IOS-XE device. On the ISR 4000 platforms, Guest Shell provides a CentOS 7 environment in which you can install and run applications, such as Python scripts. From within Guest Shell you and your applications have access to the networks of the host platform, bootflash, and IOS CLI. Guest Shell is isolated from the underlying host software to prevent interference of the core network functions of the device.
6.1 教主年费VIP
强化班DevNet
6
Cisco IOxThe Cisco® IoT portfolio integrates the essential IoT elements required for customer
success. IOx combines IoT application execution within the fog, secure connectivity with Cisco IOS® Software, and powerful services for rapid, reliable integration with IoT sensors and the cloud.
IOS + Linux
Fog(分布式边缘计算)
利用IOS网络和安全服务
快速的系统整合和应用管理
IOS-XE Guest Shell6.1 教主年费VIP
强化班DevNet
8
Accelerate Time to Value for IoT-Driven Digital Business
Fog applications offer customers and ecosystem partners the ability to transform IoT sensor data and perform control functions within the distributed network infrastructure. With the support of IOx resident on routers, switches, and compute modules, the distributed IoT network functions as the compute environment for fog applications. With the secure connectivity services and common application framework offered by IOx and fog applications, customers have delivered business outcomes rapidly with their IoT initiatives.
IOS-XE Guest Shell6.1 教主年费VIP
强化班DevNet
9
IoT实例
Manufacturing companies connect machines, transform sensor data, and perform real-time analytics to predict when maintenance is necessary and increase overall equipment effectiveness (OEE).
IOS-XE Guest Shell6.1 教主年费VIP
强化班DevNet
10
Alleantia for Cisco IOx
http://marketplace.cisco.com/catalog/search?keyword=alleantia
思科应用市场
IOS-XE Guest Shell6.1 教主年费VIP
强化班DevNet
11
Cisco IOx Components• Cisco IOx: Cisco IOx brings together Cisco IOS software, the industry-leading networking operating system, and Linux, the leading open-source platform. With Cisco IOx, your developers benefit from familiar processes and open-source tools prevalent with Linux while generating applications that execute on Cisco IoT network infrastructure.
• Fog Director: Cisco Fog Director allows administrators to manage, administer, monitor, and troubleshoot fog applications running in the Cisco IOx environment remotely over the network.
• SDK and development tools: Cisco IOx SDK is a collection of tools and methodology guidelines to help developers package their applications for execution on IOx-enabled network infrastructure products.
• Fog applications: Fog applications ready for execution on IOx-enabled infrastructure may be supplied by ecosystem partners and/or Cisco or developed with a range of common programming languages.
IOS-XE Guest Shell6.1 教主年费VIP
强化班DevNet
12
激活Cisco IOx
IOSXE-Server(config)#ioxIOSXE-Server#show iox-service detail
IOx Infrastructure Summary:---------------------------IOx service (CAF) 1.8.1.7 : RunningIOx service (HA) : Not SupportedIOx service (IOxman) : RunningLibvirtd 1.3.4 : Running
IOS-XE Guest Shell6.1 教主年费VIP
强化班DevNet
13
配置Guestshell
IOS-XE Guest Shell6.1 教主年费VIP
强化班DevNet
vrf definition GS!address-family ipv4exit-address-family
!!Iox !app-hosting appid guestshellapp-vnic gateway1 virtualportgroup 0 guest-interface
0guest-ipaddress 30.1.1.1 netmask 255.255.255.0app-default-gateway 30.1.1.254 guest-interface 0name-server0 114.114.114.114
!interface VirtualPortGroup0vrf forwarding GSip address 30.1.1.254 255.255.255.0ip nat inside
interface GigabitEthernet1Ip add 10.1.1.252 255.255.255.0ip nat outside!ip access-list standard GS_NAT_ACLpermit 30.1.1.0 0.0.0.255
!ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload! ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 10.1.1.254 global!end!guestshell enable
启动guestshell要等待1分钟
14
Guestshell网络
IOS-XE Guest Shell6.1 教主年费VIP
强化班DevNet
CSR1000v
IOS XE
Guest ShellContainer
Other APPContainer
Other APPContainer
Other APPContainer
BridgeNetwork
GigabitEthernet2192.168.1.4
VirtualPortGroup030.1.1.254
eth030.1.1.1
eth030.1.1.x
eth030.1.1.x
eth030.1.1.x
Internet
app-hosting appid guestshell app-vnic gateway1 virtualportgroup 0 guest-interface 0 guest-ipaddress 30.1.1.1 netmask 255.255.255.0 app-default-gateway 30.1.1.254 guest-interface 0 name-server0 114.114.114.114
interface GigabitEthernet1 ip add 192.168.1.4 255.255.255.0 ip nat outside
interface VirtualPortGroup0 vrf forwarding GS ip address 30.1.1.254 255.255.255.0 ip nat inside
15
进入GuestShellIOSXE-Server#guestshell enable [可能需要一分钟后才能进行配置]Interface will be selected if configured in app-hostingPlease wait for completionguestshell activated successfullyCurrent state is: ACTIVATEDguestshell started successfullyCurrent state is: RUNNINGGuestshell enabled successfully
IOSXE-Server#guestshell[guestshell@guestshell ~]$
IOS-XE Guest Shell6.1 教主年费VIP
强化班DevNet
16
测试GuestShell网络# 进入GuestShell,测试一下网络IOSXE-Server#guestshell[guestshell@guestshell ~]$ ping 114.114.114.114[guestshell@guestshell ~]$ ping www.baidu.com
IOS-XE Guest Shell6.1 教主年费VIP
强化班DevNet
17
GuestShell基本操作# 进入IOSXE-Server#guestshell# 退出[guestshell@guestshell ~]$ exit
# 禁用IOSXE-Server#guestshell disable # 激活IOSXE-Server#guestshell enable
# 销毁IOSXE-Server#guestshell destroy# 重新创建IOSXE-Server#guestshell enable
IOS-XE Guest Shell6.1 教主年费VIP
强化班DevNet
19
模块介绍
CLI Python Module
[guestshell@guestshell ~]$ pythonPython 2.7.5 (default, Jun 17 2014, 18:11:42) [GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2Type "help", "copyright", "credits" or "license" for more information.>>> from cli import *>>> help(configure)>>> help(configurep)>>> help(execute)>>> help(executep) >>> help(cli) >>> help(clip)
6.2 教主年费VIP
强化班DevNet
17.X后内置python3,但是推荐使用内置的python2
20
configure vs configurep
# 只能使用“set of Cisco IOS CLI config-mode commands”>>> configure('show ver')Traceback (most recent call last):File "<stdin>", line 1, in <module>File "/usr/lib/python2.7/site-packages/cli/__init__.py", line 185, in configureraise CLIConfigurationError(results)
cli.CLIConfigurationError: ConfigError: There was a problem with 1 commands while configuring the device.
# configure返回结果>>> result = configure('router ospf 1')>>> print(result)[ConfigResult(success=True, command='router ospf 1', line=1, output='', notes=None)]
# configurep打印结果>>> configurep('router rip')Line 1 SUCCESS: router rip
多命令:cmds = "router ospf 1\nnetwork 1.1.1.0 0.0.0.0 area 0"result = configure(cmds)
多命令:cmds = "router ospf 1\nnetwork 1.1.1.0 0.0.0.0 area 0"configurep(cmds)
CLI Python Module6.2 教主年费VIP
强化班DevNet
21
execute vs executep# 只能使用“Cisco IOS CLI exec-mode command”>>> execute('router rip')Traceback (most recent call last):
File "<stdin>", line 1, in <module>File "/usr/lib/python2.7/site-packages/cli/__init__.py", line 100, in execute
raise CLISyntaxError(response.sent)cli.CLISyntaxError: SyntaxError: There was a problem running the command: "router rip“# execute 返回结果>>> result = execute('show ip inter brie')>>> print(result)Interface IP-Address OK? Method Status ProtocolGigabitEthernet1 192.168.1.1 YES manual up upGigabitEthernet2 unassigned YES unset administratively down downGigabitEthernet3 unassigned YES unset administratively down downVirtualPortGroup0 10.1.1.254 YES manual up up# executep 打印结果>>> executep('show ip inter brie')Interface IP-Address OK? Method Status ProtocolGigabitEthernet1 192.168.1.1 YES manual up upGigabitEthernet2 unassigned YES unset administratively down downGigabitEthernet3 unassigned YES unset administratively down downVirtualPortGroup0 10.1.1.254 YES manual up up
只能运行一个命令
CLI Python Module6.2 教主年费VIP
强化班DevNet
22
cli vs clip# 不区分configure-mode与exec-mode命令# cli返回结果>>> output = cli("show version")>>> output = cli("show version ; show ip interface brief")>>> output = cli("configure terminal ; interface gigabitethernet 1 ; no shutdown")
# clip打印结果>>> clip("show version")>>> cli("show version ; show ip interface brief")>>> cli("configure terminal ; interface gigabitethernet 1 ; no shutdown")
CLI Python Module6.2 教主年费VIP
强化班DevNet
23
安装第三方模块# 安装requests模块sudo pip install requests
>>> import requests>>> r = requests.get('http://www.qytang.com')>>> print(r)<Response [200]>
CLI Python Module6.2 教主年费VIP
强化班DevNet
#!/usr/bin/python# -*- coding=utf-8 -*-from cli import execute, configureimport re
# exec show ip inter briefresult = execute('show ip inter brie')
# use regex get interface listinterface_name_list = []
for x in result.split('\n'):re_result = re.match(r'(\w\S+\d)\s+((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|(unassigned))\s+.*', x)if re_result:
interface_name_list.append(re_result.groups()[0])# print(interface_name_list)
# configure interface descriptionfor if_name in interface_name_list:
configure('interface %s\ndescrip qytang script test %s\nno shutdown' % (if_name, if_name))
26
测试脚本
运行脚本:IOSXE-Server#guestshell run python /home/guestshell/show_if_result.py
CLI Python Module6.2 教主年费VIP
强化班DevNet
如果出现问题!请重启
注意:运行的位置,并不在guestshell内
此脚本的主要用途为找到所有接口名,然后为每一个接口配置描述,并no shutdown
28
Python Scripting in EEM
EEM Python Module
Embedded Event Manager (EEM) policies support Python scripts. You can register Python scripts as EEM policies, and execute the registered Python scripts when a corresponding event occurs.
6.3 教主年费VIP
强化班DevNet
29
rz上传相关代码
EEM Python Module6.3 教主年费VIP
强化班DevNet
项目位置
delete_bak_route.py
no_shut_lo55.py
config_bak_route.py
30
自动打开接口
event manager applet interface_shutdownevent syslog pattern "Interface Loopback55, changed state to administratively down"action 1.0 cli command "en"action 2.0 cli command "guestshell run python /home/guestshell/no_shut_lo55.py"
#!/usr/bin/python# -*- coding=utf-8 -*-
"""event manager applet interface_shutdownevent syslog pattern "Interface Loopback55, changed state to administratively down"action 1.0 cli command "en"action 2.0 cli command "guestshell run python /home/guestshell/no_shut_lo55.py""""from cli import configure
configure('interface lo55\nno shutdown')
EEM Python Module6.3 教主年费VIP
强化班DevNet
如果出现问题!请重启
项目位置
IOS EEM配置
32
追踪SLA状态ip sla 1icmp-echo 192.168.1.254threshold 2000timeout 2000frequency 2ip sla schedule 1 life forever start-time now
track 11 ip sla 1 reachabilitydelay down 1 up 1
event manager applet ipslaevent track 11 state downaction 1.0 cli command "en"action 2.0 cli command "guestshell run python /home/guestshell/config_bak_route.py"event manager applet ipsla_upevent track 11 state upaction 1.0 cli command "en"action 2.0 cli command "guestshell run python /home/guestshell/delete_bak_route.py"
EEM Python Module6.3 教主年费VIP
强化班DevNet
33
追踪SLA状态
from cli import configure
configure('no ip route 0.0.0.0 0.0.0.0 192.168.1.254')configure('ip route 0.0.0.0 0.0.0.0 192.168.1.123')
from cli import configure
configure('no ip route 0.0.0.0 0.0.0.0 192.168.1.123')configure('ip route 0.0.0.0 0.0.0.0 192.168.1.254')
config_bak_route.py
delete_bak_route.py
EEM Python Module6.3 教主年费VIP
强化班DevNet
34
测试
IOSXE-Server#sh run | in ip routeip route 0.0.0.0 0.0.0.0 192.168.1.254
*Nov 8 13:30:58.021: %TRACK-6-STATE: 11 ip sla 1 reachability Up -> Down
IOSXE-Server#sh run | in ip routeip route 0.0.0.0 0.0.0.0 192.168.1.123
*Nov 8 13:31:23.021: %TRACK-6-STATE: 11 ip sla 1 reachability Down -> Up
IOSXE-Server#sh run | in ip routeip route 0.0.0.0 0.0.0.0 192.168.1.254
EEM Python Module6.3 教主年费VIP
强化班DevNet
点掉试验台的VyOS下联接口即可