Apstra ZTP - Cisco
Cisco NX-OS and ZTP Disk Space
Ensure that sufficient disk space is available on the switch. As part of the ZTP process a new OS image is copied to the switch. Before installing Apstra ZTP ensure that the switch has sufficient disk space for the OS image.
switch1# dir bootflash: | include free|total 1296171008 bytes free 3537219584 bytes total
If ZTP is installing Cisco NX-OS image, the image (nxos.7.0.3.I7.7.bin for example)
must be copied to the /containers_data/tftp directory ensuring
correct file permissions.
Example: Cisco NX-OS ztp.json
{
"nxos": {
"nxos-versions": [ "9.2(2)" ],
"nxos-image": "http://192.168.0.6/nxos.9.2.2.bin",
"device-root-password": "admin-password",
"custom-config": "nxos_custom.sh",
"device-user": "admin",
"device-user-password": "admin-password",
"system-agent-params": {
"agent_type": "onbox",
"job_on_create": "install"
}
}
}This configuration enables secure off-box agent HTTPS (port 443) between the off-box agent on the server and the device API.
Cisco NX-OS Custom Config File
When configuring custom-config for Cisco NX-OS devices, refer to the
example nxos_custom.sh, a bash executable file executed during the
ZTP process. It can execute NX-OS configuration commands to set the SSH login banner
or other system configuration to be set prior to device system agent
installation.
You must add copp profile strict via the NX-OS custom-config
file.
#!/bin/sh /isan/bin/vsh -c "conf ; copp profile strict ; banner motd ~ ######################################################## BANNER BANNER BANNER BANNER BANNER BANNER BANNER BANNER ######################################################## Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec gravida, arcu vitae tincidunt sagittis, ligula massa dignissim blah, eu sollicitudin nisl dui at massa. Aliquam erat volutpat. Vitae pellentesque elit at pulvinar volutpat. Etiam lacinia derp lacus, non pellentesque nunc venenatis rhoncus. ######################################################## ~"
Cisco NX-OS Off-box Agent Custom Config File
If using Apstra ZTP to prepare a Cisco NX-OS device for use with off-box agents, you must have the custom-config file enable the following NX-OS configuration commands.
feature nxapi feature bash-shell feature scp-server feature evmed copp profile strict nxapi http port 80
The following nxos_custom.sh can be used to add these along with a
banner.
#!/bin/sh /isan/bin/vsh -c "conf ; feature nxapi ; nxapi http port 443 ; feature bash-shell ; feature scp-server ; feature evmed ; copp profile strict ; banner motd ~ ######################################################## BANNER BANNER BANNER BANNER BANNER BANNER BANNER BANNER ######################################################## Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec gravida, arcu vitae tincidunt sagittis, ligula massa dignissim blah, eu sollicitudin nisl dui at massa. Aliquam erat volutpat. Vitae pellentesque elit at pulvinar volutpat. Etiam lacinia derp lacus, non pellentesque nunc venenatis rhoncus. ######################################################## ~"
Restart Cisco NX-OS ZTP
If an agent is already installed on the device, before you restart the device ZTP process remove the agent either via the UI device agent installer or manually via the device CLI.
C9K-172-20-65-5# guestshell destroy Remove remaining AOS data from system Removing the guest-shell deletes most of the data left by AOS. Some files are still on the bootflash:/.aos folder. C9K-172-20-65-5# delete bootflash:.aos no-prompt
See Cisco Device Agents for more information.
To restart Cisco NX-OS ZTP process:
switch# write erase switch# reload