This script grew out of an effort to automate enabling Guest Shell on an IOS-XE router. The script is designed to allow for passing session parameters for native access to physical/virtual routers as well as a CSR running as a vagrant box. This is an initial pass at publishing the script. I've outlined my project plan to add functionality here.
As this is just the initial push of the script I have a short term plan to address the following:
This script is designed to quickly provision the required IOS-XE commands to enable GuestShell (IOX, VirtualPortGroups, NAT, App-Hosting).
Guestshell is a virtualized Linux-based environment that is designed to run custom Linux applications, including Python for automated control and management of Cisco devices. It also includes the automated provisioning (Day zero) of systems. This container shell provides a secure environment, decoupled from the host device, in which users can install scripts or software packages, and run them. While GuestShell is relatively simple to provision on a single device enabling GuestShell holistically across the network can be a time-consuming process. This script will enable the shell and prepare it so that it is ready to populate with additional Linux packages or custom python applications.
The script is designed to read in configuration details from YAML. Once the script has device details, a series of Jinja Templates are rendered. These templates create XML payloads for the configuration of the router and switch. The script leverages Netmiko to send CLI commands to provision GuestShell. You can provision additional routers by creating additional data structures in the input YAML file.
While not included in Code Exchange, a provision_gs
script can be modified to add custom applications. An operator can execute commands directly in GuestShell from Exec mode on the router or switch. Using a similar format to the Netmiko tasks in the script, an operator can add additional command sets to execute commands. Some examples include:
- Installing git:
guestshell run sudo yum install -y git
- Cloning a repo:
guestshell run git clone http://foo.git
- Executing a shell script:
guestshell run ./prep_env.sh
Leverage "getpass" to remove the need to statically set the device password in device_details.yml. Address error generated when the NAT_ACL already exists on the target device. Add framework for updating YUM in Guest Shell, installing git, and populating a repository to be used by Guest Shell.
Objectivies
- Guestshell is a virtualized Linux-based environment, designed to run custom Linux applications, including Python for automated control and management of Cisco devices.
- The script is designed to automate enabling Guest Shell on an IOS-XE router.
- Allows for passing session parameters for native access to physical/virtual routers as well as a CSR running as a Vagrant box.
- Uses jinja2 templates for creating dynamic NETCONF descriptions.
- Device details and command sets are maintained in a YAML file using netmiko for the command sets.
Requirements
IOS XE with Guestshell enabled.