├── node-red
    ├── serial-ip.csv
    └── flow.json
├── py-server
    ├── serial-ip.csv
    └── server.py
├── script
    ├── 01-base-ztp.py
    ├── 02-dynamic-ztp.py
    ├── 03-stack-ztd.py
    └── dynamic-restconf.py
└── README.md


/node-red/serial-ip.csv:
--------------------------------------------------------------------------------
1 | serial,ip,netmask,gw,config_url
2 | WWWWW,1.1.1.1,255.255.255.0,1.1.1.0,http://test/config_file
3 | BBBB,3.3.2.9,255.255.255.0,3.3.2.1,


--------------------------------------------------------------------------------
/py-server/serial-ip.csv:
--------------------------------------------------------------------------------
1 | serial,ip,netmask,gw,config_url
2 | WWWWW,1.1.1.1,255.255.255.0,1.1.1.0,http://test/config_file
3 | BBBB,3.3.2.9,255.255.255.0,3.3.2.1,


--------------------------------------------------------------------------------
/script/01-base-ztp.py:
--------------------------------------------------------------------------------
 1 | from cli import configure, cli
 2 | 
 3 | USER="cisco"
 4 | PASSWORD="cisco"
 5 | ENABLE="cisco"
 6 | 
 7 | def base_config():
 8 |     configure(['hostname adam-ztd'])
 9 |     configure(['username {} privilege 15 password {}'.format(USER,PASSWORD)])
10 |     configure(['enable secret {}'.format(ENABLE)])
11 |     configure(['line vty 0 4', 'login local'])
12 | 
13 | base_config()


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Sample Python Scripts of ZTP
 2 | This repo contains some sample scripts for Zero Touch Deployment on Cisco devices.  Requires IOS-XE 16.6 or
 3 | later.
 4 | 
 5 | ### script 
 6 | contains examples for the python scripts
 7 | 
 8 | ### Node-red
 9 | contains a sample server for mapping serial number to atrtibutes (such as management IP address etc) for devices
10 | 
11 | ### py-server
12 | A pure python version of this sample server
13 | 
14 | More to come


--------------------------------------------------------------------------------
/py-server/server.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | from __future__ import print_function
 3 | import csv
 4 | from flask import Flask
 5 | from flask import request, jsonify, make_response
 6 | app = Flask(__name__)
 7 | FILE ="serial-ip.csv"
 8 | 
 9 | 
10 | 
11 | @app.route('/device', methods=["GET"])
12 | def get_all():
13 |     #print (request.args)
14 |     #print("Method {}".format(request.method))
15 |     if request.method == "GET":
16 | 
17 |         # this is a list
18 |         serials = request.args.getlist('serial')
19 |         print("serial:{}".format(serials))
20 | 
21 |         if serials == []:
22 |             return jsonify({"error:" : "No serial provided as query param (?serial=aaa)"}), 404
23 |         for serial in serials:
24 |             try:
25 |                 result = db[serial]
26 |                 print(result)
27 |                 return jsonify(result), 200
28 |             except KeyError:
29 |                 pass
30 | 
31 |         return jsonify({"Error": "Cannot find serial:{}".format(serial)}), 404
32 | 
33 | 
34 | 
35 | 
36 | 
37 | if __name__ == '__main__':
38 |     global db
39 |     db = {}
40 |     with open(FILE,"r")as f:
41 |         try:
42 |             reader = csv.DictReader(f)
43 |             for row in reader:
44 |                 print(row)
45 |                 db[row['serial']] = row
46 |         except ValueError as e:
47 |             pass
48 | 
49 |     app.run(host="0.0.0.0", port="1880")
50 | 


--------------------------------------------------------------------------------
/script/02-dynamic-ztp.py:
--------------------------------------------------------------------------------
 1 | from cli import configure, cli
 2 | from xml.dom import minidom
 3 | import re
 4 | import json
 5 | import urllib2
 6 | 
 7 | CONFIG_SERVER='10.10.10.151'
 8 | 
 9 | USER="cisco"
10 | PASSWORD="cisco"
11 | ENABLE="cisco"
12 | 
13 | def base_config():
14 |     configure(['hostname adam-ztd'])
15 |     configure(['username {} privilege 15 password {}'.format(USER,PASSWORD)])
16 |     configure(['enable secret {}'.format(ENABLE)])
17 |     configure(['line vty 0 4', 'login local'])
18 | 
19 | def get_serials():
20 |     # xml formatted
21 |     inventory = cli('show inventory | format')
22 |     # skip leading newline
23 |     doc = minidom.parseString(inventory[1:])
24 |     serials =[]
25 |     for node in doc.getElementsByTagName('InventoryEntry'):
26 |         # router, what if there are several?
27 |         chassis = node.getElementsByTagName('ChassisName')[0]
28 |         if chassis.firstChild.data == "Chassis":
29 |             serials.append(node.getElementsByTagName('SN')[0].firstChild.data)
30 | 
31 |         # switch
32 |         match = re.match('"Switch ([0-9])"', chassis.firstChild.data)
33 |         if match:
34 |             serials.append(node.getElementsByTagName('SN')[0].firstChild.data)
35 | 
36 |     return serials
37 | 
38 | def get_my_config(serials):
39 |     # define your own REST API CALL
40 |     base = 'http://{}:1880/device?serial='.format(CONFIG_SERVER)
41 |     url =  base + '&serial='.join(serials)
42 |     print url
43 |     configs = json.load(urllib2.urlopen(url))
44 |     return configs
45 | 
46 | def configure_network(**kwargs):
47 |     if 'ip' in kwargs and kwargs['ip'] is not None:
48 |         print kwargs['ip']
49 |         configure(['int g0/0','ip address {} {}'.format(kwargs['ip'], kwargs['netmask'])])
50 |         configure(['ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 {}'.format(kwargs['gw'])])
51 | 
52 | 
53 | base_config()
54 | serials = get_serials()
55 | config = get_my_config(serials)
56 | configure_network(**config)
57 | 


--------------------------------------------------------------------------------
/script/03-stack-ztd.py:
--------------------------------------------------------------------------------
 1 | from cli import configure, cli
 2 | from xml.dom import minidom
 3 | import re
 4 | import json
 5 | import urllib2
 6 | import sys
 7 | 
 8 | CONFIG_SERVER='10.10.10.151'
 9 | 
10 | USER="cisco"
11 | PASSWORD="cisco"
12 | ENABLE="cisco"
13 | 
14 | def log(message, severity):
15 |     cli('send log %d "%s"' % (severity, message))
16 | 
17 | def base_config():
18 |     configure(['hostname adam-ztd'])
19 |     configure(['username {} privilege 15 password {}'.format(USER,PASSWORD)])
20 |     configure(['enable secret {}'.format(ENABLE)])
21 |     configure(['line vty 0 4', 'login local'])
22 | 
23 | def get_serials():
24 |     # xml formatted
25 |     inventory = cli('show inventory | format')
26 |     # skip leading newline
27 |     doc = minidom.parseString(inventory[1:])
28 |     serials =[]
29 |     for node in doc.getElementsByTagName('InventoryEntry'):
30 |         # router, what if there are several?
31 |         chassis = node.getElementsByTagName('ChassisName')[0]
32 |         if chassis.firstChild.data == "Chassis":
33 |             serials.append(node.getElementsByTagName('SN')[0].firstChild.data)
34 |         # switch
35 |         match = re.match('"Switch ([0-9])"', chassis.firstChild.data)
36 |         if match:
37 |             serials.append(node.getElementsByTagName('SN')[0].firstChild.data)
38 | 
39 |     return serials
40 | 
41 | def get_my_config(serials):
42 |     # define your own REST API CALL
43 |     base = 'http://{}:1880/device?serial='.format(CONFIG_SERVER)
44 |     url =  base + '&serial='.join(serials)
45 |     log('Getting config from: {}'.format(url), 5)
46 |     configs = json.load(urllib2.urlopen(url))
47 |     return configs
48 | 
49 | def renumber_stack(serials, serial):
50 |     # find position of the correct switch #1 in the list
51 |     index = serials.index(serial)
52 |     index +=1
53 |     if index <> 1:
54 |         log("Renumbering switch top of stack".format(index),5)
55 |         cli('test pnpa service stack renumber-tos {}'.format(index))
56 |         cli('reload')
57 |         sys.exit(1)
58 |     else:
59 |         log('No need to renumber stack')
60 | 
61 | def configure_network(**kwargs):
62 |     if 'ip' in kwargs and kwargs['ip'] is not None:
63 |         log('Configuring IP address: {}'.format(kwargs['ip']),5)
64 |         configure(['int g0/0','ip address {} {}'.format(kwargs['ip'], kwargs['netmask'])])
65 |         configure(['ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 {}'.format(kwargs['gw'])])
66 | 
67 | 
68 | base_config()
69 | serials = get_serials()
70 | log('platform serial numbers:{}'.format(','.join(serials)),5)
71 | config = get_my_config(serials)
72 | 
73 | # check the renumber option
74 | renumber_stack(serials, config['serial'])
75 | configure_network(**config)
76 | 


--------------------------------------------------------------------------------
/script/dynamic-restconf.py:
--------------------------------------------------------------------------------
  1 | from cli import configure, cli
  2 | import urllib2, base64
  3 | import socket, struct
  4 | import json
  5 | import time
  6 | CONFIG_SERVER="10.66.104.91"
  7 | 
  8 | USER="cisco"
  9 | PASSWORD="cisco"
 10 | ENABLE="cisco"
 11 | 
 12 | def base_config():
 13 |     configure(['hostname adam-ztd'])
 14 |     configure(['username {} privilege 15 password {}'.format(USER,PASSWORD)])
 15 |     configure(['enable secret {}'.format(ENABLE)])
 16 |     configure(['line vty 0 4', 'login local'])
 17 |     print "\n *** restconf *** \n"
 18 |     configure(['restconf'])
 19 |     print "\n *** sleeping 20 ** \n"
 20 |     time.sleep(20)
 21 | 
 22 | 
 23 | def get_default_gateway_linux():
 24 |     """Read the default gateway directly from /proc."""
 25 |     with open("/proc/net/route") as fh:
 26 |         for line in fh:
 27 |             fields = line.strip().split()
 28 |             if fields[1] != '00000000' or not int(fields[3], 16) & 2:
 29 |                 continue
 30 |             return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16)))
 31 | 
 32 | 
 33 | def get_my_serial(my_gateway):
 34 |     serials = {}
 35 |     ### switches not CSR
 36 |     url = 'https://{}/restconf/data/Cisco-IOS-XE-platform-oper:components/component?fields=cname;state/serial-no'.format(
 37 |     my_gateway)
 38 |     request = urllib2.Request(url)
 39 |     base64string = base64.b64encode('%s:%s' % ('cisco', 'cisco'))
 40 |     request.add_header("Authorization", "Basic %s" % base64string)
 41 |     request.add_header('accept', 'application/yang-data+json')
 42 |     response = json.load(urllib2.urlopen(request))
 43 | 
 44 |     for component in response['Cisco-IOS-XE-platform-oper:component']:
 45 |         if 'Switch' in component['cname'] and component['state']['serial-no'] != '':
 46 |             serials[component['cname']] = component['state']['serial-no']
 47 |     return serials
 48 | 
 49 | 
 50 | 
 51 | def get_my_config(serials):
 52 |     base = 'http://{}:1880/device?serial='.format(CONFIG_SERVER)
 53 |     url =  base + '&serial='.join(serials.values())
 54 |     print url
 55 |     configs = json.load(urllib2.urlopen(url))
 56 |     return configs
 57 | 
 58 | def configure_network(**kwargs):
 59 |     if 'ip' in kwargs and kwargs['ip'] is not None:
 60 |         print kwargs['ip']
 61 |         configure(['int g0/0','ip address {} {}'.format(kwargs['ip'], kwargs['netmask'])])
 62 |         configure(['ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 {}'.format(kwargs['gw'])])
 63 | 
 64 | 
 65 | def ending():
 66 |     # a choice of endings
 67 |     #to save config and stop ZTD process
 68 |     #cli('wr mem')
 69 | 
 70 |     # will reload and restart the process again
 71 |     # ccli('reload')
 72 | 
 73 |     # to initiate PnP to APIC-EM, does not work
 74 |     #print "Handing over to PnP"
 75 |     #configure(['pnp profile fromZTD','transport http ipv4 10.66.104.80 port 80'])
 76 | 
 77 |     print "END"
 78 | 
 79 | base_config()
 80 | my_gateway = get_default_gateway_linux()
 81 | print "GW", my_gateway
 82 | serials = get_my_serial(my_gateway)
 83 | print "Serials", serials
 84 | config = get_my_config(serials)
 85 | print "config", config
 86 | # if switch1 serial is not in the config, then need to renumber...
 87 | # and reboot
 88 | configure_network(**config)
 89 | ending()
 90 | 
 91 | 
 92 | 
 93 | 
 94 | 
 95 | 
 96 | 
 97 | 
 98 | 
 99 | 
100 | 


--------------------------------------------------------------------------------
/node-red/flow.json:
--------------------------------------------------------------------------------
  1 | [
  2 |     {
  3 |         "id": "ab36b4ca.d5e278",
  4 |         "type": "watch",
  5 |         "z": "da05c083.a06a9",
  6 |         "name": "",
  7 |         "files": "/tmp/serial-ip.csv",
  8 |         "recursive": "",
  9 |         "x": 106.5,
 10 |         "y": 196,
 11 |         "wires": [
 12 |             [
 13 |                 "7c0d0cd9.d0c174"
 14 |             ]
 15 |         ]
 16 |     },
 17 |     {
 18 |         "id": "7c0d0cd9.d0c174",
 19 |         "type": "file in",
 20 |         "z": "da05c083.a06a9",
 21 |         "name": "serial-ip",
 22 |         "filename": "/tmp/serial-ip.csv",
 23 |         "format": "utf8",
 24 |         "chunk": false,
 25 |         "sendError": false,
 26 |         "x": 264.5,
 27 |         "y": 230,
 28 |         "wires": [
 29 |             [
 30 |                 "f89cc87d.d13e68"
 31 |             ]
 32 |         ]
 33 |     },
 34 |     {
 35 |         "id": "f89cc87d.d13e68",
 36 |         "type": "csv",
 37 |         "z": "da05c083.a06a9",
 38 |         "name": "",
 39 |         "sep": ",",
 40 |         "hdrin": true,
 41 |         "hdrout": "",
 42 |         "multi": "mult",
 43 |         "ret": "\\n",
 44 |         "temp": "",
 45 |         "x": 374.5,
 46 |         "y": 329,
 47 |         "wires": [
 48 |             [
 49 |                 "dc614209.9086d"
 50 |             ]
 51 |         ]
 52 |     },
 53 |     {
 54 |         "id": "7db110b5.f89ad",
 55 |         "type": "inject",
 56 |         "z": "da05c083.a06a9",
 57 |         "name": "",
 58 |         "topic": "",
 59 |         "payload": "",
 60 |         "payloadType": "date",
 61 |         "repeat": "",
 62 |         "crontab": "",
 63 |         "once": false,
 64 |         "x": 123.5,
 65 |         "y": 270,
 66 |         "wires": [
 67 |             [
 68 |                 "7c0d0cd9.d0c174"
 69 |             ]
 70 |         ]
 71 |     },
 72 |     {
 73 |         "id": "dc614209.9086d",
 74 |         "type": "function",
 75 |         "z": "da05c083.a06a9",
 76 |         "name": "data",
 77 |         "func": "global.set('mapping', msg.payload);\nreturn msg;",
 78 |         "outputs": 1,
 79 |         "noerr": 0,
 80 |         "x": 482.5,
 81 |         "y": 419,
 82 |         "wires": [
 83 |             [
 84 |                 "e00067ca.e9ea28"
 85 |             ]
 86 |         ]
 87 |     },
 88 |     {
 89 |         "id": "e00067ca.e9ea28",
 90 |         "type": "debug",
 91 |         "z": "da05c083.a06a9",
 92 |         "name": "",
 93 |         "active": true,
 94 |         "console": "false",
 95 |         "complete": "false",
 96 |         "x": 798.5,
 97 |         "y": 408,
 98 |         "wires": []
 99 |     },
100 |     {
101 |         "id": "8e1faec9.826d6",
102 |         "type": "http in",
103 |         "z": "da05c083.a06a9",
104 |         "name": "",
105 |         "url": "/device",
106 |         "method": "get",
107 |         "upload": false,
108 |         "swaggerDoc": "",
109 |         "x": 123,
110 |         "y": 96,
111 |         "wires": [
112 |             [
113 |                 "8d07018b.cb1b1"
114 |             ]
115 |         ]
116 |     },
117 |     {
118 |         "id": "8d07018b.cb1b1",
119 |         "type": "function",
120 |         "z": "da05c083.a06a9",
121 |         "name": "process",
122 |         "func": "var mapping = global.get('mapping');\n\nvar serials = msg.req.query.serial;\nvar res = {'ip': '', 'serial' : ''};\n// need to check if query is an array or\n// just single vlaue\nif ( !Array.isArray(serials))\n    serials=[serials];\nfor (var i=0; i<mapping.length; i++) {\n    for (var si=0; si < serials.length; si++){\n        if (mapping[i].serial === serials[si])\n            res = mapping[i];\n    }\n}\nmsg.payload=res;\n\nreturn msg;",
123 |         "outputs": 1,
124 |         "noerr": 0,
125 |         "x": 424.5,
126 |         "y": 169,
127 |         "wires": [
128 |             [
129 |                 "90c5c656.ce37f8",
130 |                 "8d8e3792.f63be8"
131 |             ]
132 |         ]
133 |     },
134 |     {
135 |         "id": "90c5c656.ce37f8",
136 |         "type": "debug",
137 |         "z": "da05c083.a06a9",
138 |         "name": "",
139 |         "active": true,
140 |         "console": "false",
141 |         "complete": "payload",
142 |         "x": 650.5,
143 |         "y": 118,
144 |         "wires": []
145 |     },
146 |     {
147 |         "id": "8d8e3792.f63be8",
148 |         "type": "http response",
149 |         "z": "da05c083.a06a9",
150 |         "name": "output",
151 |         "statusCode": "200",
152 |         "headers": {},
153 |         "x": 721,
154 |         "y": 317,
155 |         "wires": []
156 |     }
157 | ]


--------------------------------------------------------------------------------