And now automated your IOS upgrade

Started by dlots, November 09, 2017, 12:41:06 PM

Previous topic - Next topic

dlots

https://github.com/GoreNetwork/Automate-IOS-upgrade

The 'upgrade info.csv' is the heart of this program.
Column A just just for your info to make it more human readable Column B is what the program looks for in "show ver" to figure out which row to use (So make sure the info correct and specific enough to not have false positives) Column C is where the IOS will be copied to and where the boot statment says it should be (careful, some switches require flash:/ and some routers don't like that) Column D is the IOS that will be copied to the device, these IOSs will need to be in the same folder as program you are running. Column E is the output that the program will verify is in the output from the verify command. This is exactly what will be there, so if it has the hash that should be there and the generated hash if you only put the correct hash in it could pass the check incorrectly. Column F does nothing, it use to let you specify what server you would be useing, but we needed to upload directly from the PC

This program SSHs to the box and runs "show ver" on it.

It then looks in the output for columb B in 'upgrade info.csv'.

It will then enable SCP server on the router/switch and SCP over the IOS in the corosponding row.

It will then run the verify command and verify that the exact output from Colum E is in there.

Next it will remove the 'ip scp server enable' command

Then it will remove the current boot statments

It will then run boot system "upgrade info.csv column C+column D"

Then write memory

Next check the boot statment to make sure the boot statment is in the startup config

PLEASE NOTE THIS DOESN'T DO ANY RESTARTS, THAT NEEDS TO BE DONE MANUALLY.

deanwebb

Quote from: dlots on November 09, 2017, 12:41:06 PM

PLEASE NOTE THIS DOESN'T DO ANY RESTARTS, THAT NEEDS TO BE DONE MANUALLY.


Could you please write a script that will log on to all the IOS devices that were recently upgraded and to a "restart in 5" command? KTHXBAI

:steamtroll:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

dlots

https://github.com/GoreNetwork/Run-commands-on-a-cisco-device

Should be able to do that with this, just put 'restart in 5' in the lines doc (might not work since it needs conformation, not sure)

Otanx

Thank you. This was my next automation project. One question I have is why you enable and then disable scp? Why not just leave it enabled?

-Otanx

wintermute000

nice work.

an alternative approach is using ios_config and ios_command on ansible, takes care of a lot of the logic for you, though then you're forced into defining all your vars in ansible compliant YAML unless you write dynamic inventory python.

This is what I really dislike about python networking and IOS, you're reduced to a manually screen scraping and parsing exercise and catching all logic/exception errors manually, knowing that you should really be hitting an API (which you'd think would be the  case in 2017).

For CSRs and ASR1ks, check this out (why its not in ISR4k boggles the mind, no I don't want netconf!!!)

https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/restapi/restapi/RESTAPIintro.html

dlots

Quote from: Otanx on November 09, 2017, 03:42:19 PM
One question I have is why you enable and then disable scp? Why not just leave it enabled?

Mainly because we are really touchy about making changes, so I wanted to be sure I could say that my program undid any changes it made.  I should have had it check to see if it was already enabled... but I didn't.

dlots

Quote from: wintermute000 on November 10, 2017, 05:03:50 AM
nice work.

an alternative approach is using ios_config and ios_command on ansible, takes care of a lot of the logic for you, though then you're forced into defining all your vars in ansible compliant YAML unless you write dynamic inventory python.

This is what I really dislike about python networking and IOS, you're reduced to a manually screen scraping and parsing exercise and catching all logic/exception errors manually, knowing that you should really be hitting an API (which you'd think would be the  case in 2017).

For CSRs and ASR1ks, check this out (why its not in ISR4k boggles the mind, no I don't want netconf!!!)

https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/restapi/restapi/RESTAPIintro.html

Thank you

That will be quite helpful once we start getting in large amounts of gear that can do APIs, currently the only gear with APIs we have I am not allowed to edit to do API stuff with :-(.

At some point in the future (~5ish years) I want to do some stuff with ansible, hopefully by then we will have our gear/configs standardized more so I don't need the logic that comes in python, but is difficult in ansible.

At some point I should write something to take invintory of our system and puts it into an ansible format.

wintermute000

Well its getting there already


http://docs.ansible.com/ansible/latest/ios_facts_module.html


NTC ansible is good for ad-hoc show commands, leverages textfsm to automagically (with pre-canned regex templates) put the show command outputs into sane JSON


https://github.com/networktocode/ntc-ansible