1

23. Cisco IOS XE 环境下的 Python EEM

教主技术进化论 2021

翻越下一座技术的高峰

6. IOS-XE Shell and Scripting

教主年费VIP

强化班DevNet

http://pygitlab.qytang.com/root/devnet_ccna_guestshell.git

目录

1. IOS-XE Guest Shell

2. CLI Python Module

3. EEM Python Module

3

教主年费VIP

强化班DevNet

6.1 IOS-XE Guest Shell

教主年费VIP

强化班DevNet

5

GuestShell

IOS-XE Guest Shell

GuestShell is a containerized Linux runtime that can be enabled on your IOS-XE device. On the ISR 4000 platforms, Guest Shell provides a CentOS 7 environment in which you can install and run applications, such as Python scripts. From within Guest Shell you and your applications have access to the networks of the host platform, bootflash, and IOS CLI. Guest Shell is isolated from the underlying host software to prevent interference of the core network functions of the device.

6.1 教主年费VIP

强化班DevNet

6

Cisco IOxThe Cisco® IoT portfolio integrates the essential IoT elements required for customer

success. IOx combines IoT application execution within the fog, secure connectivity with Cisco IOS® Software, and powerful services for rapid, reliable integration with IoT sensors and the cloud.

IOS + Linux

Fog(分布式边缘计算)

利用IOS网络和安全服务

快速的系统整合和应用管理

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

7

Cisco IOx Application Environment

IOS + Linux

容器服务

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

8

Accelerate Time to Value for IoT-Driven Digital Business

Fog applications offer customers and ecosystem partners the ability to transform IoT sensor data and perform control functions within the distributed network infrastructure. With the support of IOx resident on routers, switches, and compute modules, the distributed IoT network functions as the compute environment for fog applications. With the secure connectivity services and common application framework offered by IOx and fog applications, customers have delivered business outcomes rapidly with their IoT initiatives.

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

9

IoT实例

Manufacturing companies connect machines, transform sensor data, and perform real-time analytics to predict when maintenance is necessary and increase overall equipment effectiveness (OEE).

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

10

Alleantia for Cisco IOx

http://marketplace.cisco.com/catalog/search?keyword=alleantia

思科应用市场

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

11

Cisco IOx Components• Cisco IOx: Cisco IOx brings together Cisco IOS software, the industry-leading networking operating system, and Linux, the leading open-source platform. With Cisco IOx, your developers benefit from familiar processes and open-source tools prevalent with Linux while generating applications that execute on Cisco IoT network infrastructure.

• Fog Director: Cisco Fog Director allows administrators to manage, administer, monitor, and troubleshoot fog applications running in the Cisco IOx environment remotely over the network.

• SDK and development tools: Cisco IOx SDK is a collection of tools and methodology guidelines to help developers package their applications for execution on IOx-enabled network infrastructure products.

• Fog applications: Fog applications ready for execution on IOx-enabled infrastructure may be supplied by ecosystem partners and/or Cisco or developed with a range of common programming languages.

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

12

激活Cisco IOx

IOSXE-Server(config)#ioxIOSXE-Server#show iox-service detail

IOx Infrastructure Summary:---------------------------IOx service (CAF) 1.8.1.7 : RunningIOx service (HA) : Not SupportedIOx service (IOxman) : RunningLibvirtd 1.3.4 : Running

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

13

配置Guestshell

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

vrf definition GS!address-family ipv4exit-address-family

!!Iox !app-hosting appid guestshellapp-vnic gateway1 virtualportgroup 0 guest-interface

0guest-ipaddress 30.1.1.1 netmask 255.255.255.0app-default-gateway 30.1.1.254 guest-interface 0name-server0 114.114.114.114

!interface VirtualPortGroup0vrf forwarding GSip address 30.1.1.254 255.255.255.0ip nat inside

interface GigabitEthernet1Ip add 10.1.1.252 255.255.255.0ip nat outside!ip access-list standard GS_NAT_ACLpermit 30.1.1.0 0.0.0.255

!ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload! ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 10.1.1.254 global!end!guestshell enable

启动guestshell要等待1分钟

14

Guestshell网络

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

CSR1000v

IOS XE

Guest ShellContainer

Other APPContainer

Other APPContainer

Other APPContainer

BridgeNetwork

GigabitEthernet2192.168.1.4

VirtualPortGroup030.1.1.254

eth030.1.1.1

eth030.1.1.x

eth030.1.1.x

eth030.1.1.x

Internet

app-hosting appid guestshell app-vnic gateway1 virtualportgroup 0 guest-interface 0 guest-ipaddress 30.1.1.1 netmask 255.255.255.0 app-default-gateway 30.1.1.254 guest-interface 0 name-server0 114.114.114.114

interface GigabitEthernet1 ip add 192.168.1.4 255.255.255.0 ip nat outside

interface VirtualPortGroup0 vrf forwarding GS ip address 30.1.1.254 255.255.255.0 ip nat inside

15

进入GuestShellIOSXE-Server#guestshell enable [可能需要一分钟后才能进行配置]Interface will be selected if configured in app-hostingPlease wait for completionguestshell activated successfullyCurrent state is: ACTIVATEDguestshell started successfullyCurrent state is: RUNNINGGuestshell enabled successfully

IOSXE-Server#guestshell[guestshell@guestshell ~]$

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

16

测试GuestShell网络# 进入GuestShell,测试一下网络IOSXE-Server#guestshell[guestshell@guestshell ~]$ ping 114.114.114.114[guestshell@guestshell ~]$ ping www.baidu.com

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

17

GuestShell基本操作# 进入IOSXE-Server#guestshell# 退出[guestshell@guestshell ~]$ exit

# 禁用IOSXE-Server#guestshell disable # 激活IOSXE-Server#guestshell enable

# 销毁IOSXE-Server#guestshell destroy# 重新创建IOSXE-Server#guestshell enable

IOS-XE Guest Shell6.1 教主年费VIP

强化班DevNet

6.2 CLI Python Module

教主年费VIP

强化班DevNet

19

模块介绍

CLI Python Module

[guestshell@guestshell ~]$ pythonPython 2.7.5 (default, Jun 17 2014, 18:11:42) [GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2Type "help", "copyright", "credits" or "license" for more information.>>> from cli import *>>> help(configure)>>> help(configurep)>>> help(execute)>>> help(executep) >>> help(cli) >>> help(clip)

6.2 教主年费VIP

强化班DevNet

17.X后内置python3，但是推荐使用内置的python2

20

configure vs configurep

# 只能使用“set of Cisco IOS CLI config-mode commands”>>> configure('show ver')Traceback (most recent call last):File "<stdin>", line 1, in <module>File "/usr/lib/python2.7/site-packages/cli/__init__.py", line 185, in configureraise CLIConfigurationError(results)

cli.CLIConfigurationError: ConfigError: There was a problem with 1 commands while configuring the device.

# configure返回结果>>> result = configure('router ospf 1')>>> print(result)[ConfigResult(success=True, command='router ospf 1', line=1, output='', notes=None)]

# configurep打印结果>>> configurep('router rip')Line 1 SUCCESS: router rip

多命令:cmds = "router ospf 1\nnetwork 1.1.1.0 0.0.0.0 area 0"result = configure(cmds)

多命令:cmds = "router ospf 1\nnetwork 1.1.1.0 0.0.0.0 area 0"configurep(cmds)

CLI Python Module6.2 教主年费VIP

强化班DevNet

21

execute vs executep# 只能使用“Cisco IOS CLI exec-mode command”>>> execute('router rip')Traceback (most recent call last):

File "<stdin>", line 1, in <module>File "/usr/lib/python2.7/site-packages/cli/__init__.py", line 100, in execute

raise CLISyntaxError(response.sent)cli.CLISyntaxError: SyntaxError: There was a problem running the command: "router rip“# execute 返回结果>>> result = execute('show ip inter brie')>>> print(result)Interface IP-Address OK? Method Status ProtocolGigabitEthernet1 192.168.1.1 YES manual up upGigabitEthernet2 unassigned YES unset administratively down downGigabitEthernet3 unassigned YES unset administratively down downVirtualPortGroup0 10.1.1.254 YES manual up up# executep 打印结果>>> executep('show ip inter brie')Interface IP-Address OK? Method Status ProtocolGigabitEthernet1 192.168.1.1 YES manual up upGigabitEthernet2 unassigned YES unset administratively down downGigabitEthernet3 unassigned YES unset administratively down downVirtualPortGroup0 10.1.1.254 YES manual up up

只能运行一个命令

CLI Python Module6.2 教主年费VIP

强化班DevNet

22

cli vs clip# 不区分configure-mode与exec-mode命令# cli返回结果>>> output = cli("show version")>>> output = cli("show version ; show ip interface brief")>>> output = cli("configure terminal ; interface gigabitethernet 1 ; no shutdown")

# clip打印结果>>> clip("show version")>>> cli("show version ; show ip interface brief")>>> cli("configure terminal ; interface gigabitethernet 1 ; no shutdown")

CLI Python Module6.2 教主年费VIP

强化班DevNet

23

安装第三方模块# 安装requests模块sudo pip install requests

>>> import requests>>> r = requests.get('http://www.qytang.com')>>> print(r)<Response [200]>

CLI Python Module6.2 教主年费VIP

强化班DevNet

24

使用rz传文件到guestshell

CLI Python Module6.2 教主年费VIP

强化班DevNet

项目位置

25

使用rz传文件到guestshell

CLI Python Module6.2 教主年费VIP

强化班DevNet

#!/usr/bin/python# -*- coding=utf-8 -*-from cli import execute, configureimport re

# exec show ip inter briefresult = execute('show ip inter brie')

# use regex get interface listinterface_name_list = []

for x in result.split('\n'):re_result = re.match(r'(\w\S+\d)\s+((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|(unassigned))\s+.*', x)if re_result:

interface_name_list.append(re_result.groups()[0])# print(interface_name_list)

# configure interface descriptionfor if_name in interface_name_list:

configure('interface %s\ndescrip qytang script test %s\nno shutdown' % (if_name, if_name))

26

测试脚本

运行脚本:IOSXE-Server#guestshell run python /home/guestshell/show_if_result.py

CLI Python Module6.2 教主年费VIP

强化班DevNet

如果出现问题!请重启

注意：运行的位置，并不在guestshell内

此脚本的主要用途为找到所有接口名，然后为每一个接口配置描述，并no shutdown

6.3 EEM Python Module

教主年费VIP

强化班DevNet

28

Python Scripting in EEM

EEM Python Module

Embedded Event Manager (EEM) policies support Python scripts. You can register Python scripts as EEM policies, and execute the registered Python scripts when a corresponding event occurs.

6.3 教主年费VIP

强化班DevNet

29

rz上传相关代码

EEM Python Module6.3 教主年费VIP

强化班DevNet

项目位置

delete_bak_route.py

no_shut_lo55.py

config_bak_route.py

30

自动打开接口

event manager applet interface_shutdownevent syslog pattern "Interface Loopback55, changed state to administratively down"action 1.0 cli command "en"action 2.0 cli command "guestshell run python /home/guestshell/no_shut_lo55.py"

#!/usr/bin/python# -*- coding=utf-8 -*-

"""event manager applet interface_shutdownevent syslog pattern "Interface Loopback55, changed state to administratively down"action 1.0 cli command "en"action 2.0 cli command "guestshell run python /home/guestshell/no_shut_lo55.py""""from cli import configure

configure('interface lo55\nno shutdown')

EEM Python Module6.3 教主年费VIP

强化班DevNet

如果出现问题!请重启

项目位置

IOS EEM配置

31

测试自动打开接口

EEM Python Module6.3 教主年费VIP

强化班DevNet

EEM触发Python脚本自动打开了接口

32

追踪SLA状态ip sla 1icmp-echo 192.168.1.254threshold 2000timeout 2000frequency 2ip sla schedule 1 life forever start-time now

track 11 ip sla 1 reachabilitydelay down 1 up 1

event manager applet ipslaevent track 11 state downaction 1.0 cli command "en"action 2.0 cli command "guestshell run python /home/guestshell/config_bak_route.py"event manager applet ipsla_upevent track 11 state upaction 1.0 cli command "en"action 2.0 cli command "guestshell run python /home/guestshell/delete_bak_route.py"

EEM Python Module6.3 教主年费VIP

强化班DevNet

33

追踪SLA状态

from cli import configure

configure('no ip route 0.0.0.0 0.0.0.0 192.168.1.254')configure('ip route 0.0.0.0 0.0.0.0 192.168.1.123')

from cli import configure

configure('no ip route 0.0.0.0 0.0.0.0 192.168.1.123')configure('ip route 0.0.0.0 0.0.0.0 192.168.1.254')

config_bak_route.py

delete_bak_route.py

EEM Python Module6.3 教主年费VIP

强化班DevNet

34

测试

IOSXE-Server#sh run | in ip routeip route 0.0.0.0 0.0.0.0 192.168.1.254

*Nov 8 13:30:58.021: %TRACK-6-STATE: 11 ip sla 1 reachability Up -> Down

IOSXE-Server#sh run | in ip routeip route 0.0.0.0 0.0.0.0 192.168.1.123

*Nov 8 13:31:23.021: %TRACK-6-STATE: 11 ip sla 1 reachability Down -> Up

IOSXE-Server#sh run | in ip routeip route 0.0.0.0 0.0.0.0 192.168.1.254

EEM Python Module6.3 教主年费VIP

强化班DevNet

点掉试验台的VyOS下联接口即可