Scribd
Upload
10 views

Tacent 2005

Uploaded by

ymmkgh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views

Tacent 2005

Uploaded by

ymmkgh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

#CiscoLive

Guestshell and Python


CLUS 2023 - TAC Mini-Session

Derrick Lee – Technical Consulting Engineer


TACENT-2005

#CiscoLive
Cisco Webex App

Questions?
Use Cisco Webex App to chat
with the speaker after the session

How
1 Find this session in the Cisco Live Mobile App

2 Click “Join the Discussion”

3 Install the Webex App or go directly to the Webex space Enter your personal notes here

4 Enter messages/questions in the Webex space

Webex spaces will be moderated


by the speaker until June 9, 2023. https://ciscolive.ciscoevents.com/ciscolivebot/#BRKXXX-xxxx

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
• Introduction
• Guestshell Overview
• Why Guestshell?
• Interacting with Python
Agenda • Conclusion & Additional
Resources

TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Guestshell Overview
• Guestshell is a lightweight
linux container based off the
CentOS distribution
• Available on all IOS-XE
based routing & switching
platforms
• Based off Cisco’s
application hosting
framework (IOx)

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Guestshell Considerations

• Requires additional setup and


configuration depending on
intended deployment
scenarios
• Exclusively dedicates a CPU
core
• Designed for management
plane operations

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Guestshell and EEM Applications
IOS
IOS-XE

ARP Embedded BGP


Process Event Router
Manager Process

Guestshell

Email Syslog

IOS-XE
IOS
SNMP
ARP Embedded BGP
Process Event Router
Manager Process

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Guestshell Setup interface VirtualPortGroup0
vrf forwarding GS
Internet: 8.8.8.8
ip address 192.168.35.101 255.255.255.0
ip nat inside

interface GigabitEthernet1
ip address 172.31.12.136 255.255.240.0
ip nat outside

ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.31.0.1


XE-Host
ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.31.0.1 global
Gi1: 172.31.12.136

ip nat inside source list GS_NAT_ACL interface Gi1 vrf GS overload


VPG: 192.168.35.101 ip access-list standard GS_NAT_ACL 10 permit 192.168.35.0 0.0.0.255

iox
Eth0: 192.168.35.102
app-hosting appid guestshell
app-vnic gateway1 virtualportgroup 0 guest-interface 0
guest-ipaddress 192.168.35.102 netmask 255.255.255.0
app-default-gateway 192.168.35.101 guest-interface 0
name-server0 8.8.8.8

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Customizing
cat8kv2#show app-hosting detail
App id : guestshell

Guestshell
Owner : iox
State : RUNNING
Application
Type : lxc
Name : GuestShell
• Operational state of the Version
Description
:
:
3.3.0
Cisco Systems Guest Shell XE for x86_64
container is viewed with Author
Path
:
:
Cisco Systems
/guestshell/:guestshell.tar
show app-hosting detail URL Path :
Activated profile name : custom

• Resources are provisioned with Resource reservation


Memory : 768 MB
app-resource profile custom Disk
CPU
:
:
1 MB
2300 units
CPU-percent : 7 %
• Associated interface mappings VCPU
<snip>
: 1

assigned through sub-config


Network interfaces
app-vnic ---------------------------------------
eth0:

Port-forwarding is done via


MAC address : 52:54:dd:1b:1c:f8
• IPv4 address : 192.168.35.102

guestshell portforwarding IPv6 address


Network name
: ::
: VPG0

Port forwarding
Table-entry Service Source-port Destination-port
---------------------------------------------------
table1 tcp 888 8888

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Calling Guestshell
cat8kv1#guestshell enable Guestshell is created
Interface will be selected if configured in app-hosting
Please wait for completion and started with
guestshell installed successfully
guestshell enable and
Current state is: DEPLOYED
guestshell activated successfully made operational
Current state is: ACTIVATED
guestshell started successfully
Current state is: RUNNING
Guestshell enabled successfully

*Apr 13 15:22:57.826: %IOSXE-6-PLATFORM: R0/0: IOx: App verification successful


*Apr 13 15:23:17.859: %IOSXE-6-PLATFORM: R0/0: IOx: App verification successful
*Apr 13 15:23:24.113: %IM-6-IOX_INST_INFO: R0/0: ioxman: IOX SERVICE guestshell LOG: Guestshell is up at 03/13/2023 15:23:24

cat8kv1#guestshell
[guestshell@guestshell ~]$
Access to guestshell is
made with command
guestshell

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Inside Guestshell [guestshell@guestshell ~]$ whoami
guestshell

[guestshell@guestshell ~]$ groups


guestshell network-admin tty wheel
‘guestshell’ user is within the [guestshell@guestshell ~]$ groups guestshell
wheel group including sudo guestshell : guestshell tty wheel network-admin

privileges [guestshell@guestshell ~]$ sudo su


bash-4.4# whoami
root

[guestshell@guestshell ~]$ uname -a


Linux guestshell 5.4.216 #1 SMP Sat Nov 12 09:07:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

[guestshell@guestshell ~]$ sudo ifconfig


eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.35.102 netmask 255.255.255.0 broadcast 192.168.35.255 Linux based syntax
ether 52:54:dd:b1:1f:1f txqueuelen 1000 (Ethernet)
RX packets 54621 bytes 81214518 (77.4 MiB) and command sets
<snip>
TX packets 22336 bytes 1500793 (1.4 MiB)
available
[guestshell@guestshell ~]$ ping cisco.com
PING cisco.com (72.163.4.185) 56(84) bytes of data.
64 bytes from redirect-ns.cisco.com (72.163.4.185): icmp_seq=1 ttl=230 time=32.0 ms

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Host and Guestshell Interaction
Commands can be executed between host device or within guestshell
[guestshell@guestshell ~]$ dohost 'show version | i Cisco IOS XE'
Cisco IOS XE Software, Version 17.06.05
[guestshell@guestshell ~]$

cat8kv1#guestshell run uname -a


Linux guestshell 5.4.216 #1 SMP Sat Nov 12 09:07:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
cat8kv1#

Shared ‘guest-share’ folder is accessible from host and within guestshell


[guestshell@guestshell guest-share]$ ls -l /bootflash/guest-share/
total 8
-rw-rw-r--. 1 guestshell guestshell 7 Apr 20 13:29 somefile

cat8kv1#dir bootflash:/guest-share
Directory of bootflash:/guest-share/

524337 -rw- 7 Apr 20 2023 13:29:38 +00:00 somefile

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Incorporating
Python
Using Python within Guestshell
list of available modules:

>>> help('modules')
[guestshell@guestshell ~]$ ls /bin | grep python Please wait a moment while I gather a list of all available
python3 modules...
python3.6
python3.6m
_compression cli logging six
unversioned-python
_pydecimal eem pathlib this
_hashlib crypt ncclient string
_osx_support dohost paramiko termios
_io csv nntplib subprocess
[guestshell@guestshell ~]$ python3
<snip>
Python 3.6.8 (default, Dec 22 2020, 19:04:08)
[GCC 8.4.1 20200928 (Red Hat 8.4.1-1)] on linux
Type "help", "copyright", "credits" or "license" for >>> import subprocess
more information. >>> help(subprocess)
>>> Help on module subprocess:

NAME
subprocess - Subprocesses with accessible I/O streams

Modules are located under these directories:


/usr/lib64/python3.6/
/usr/lib/python3.6/site-packages/

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Importing Python
Libraries [guestshell@guestshell ~]$ ls /bin | grep pip
pip-3
pip-3.6
pip3

What if something is pip3.6

not included? [guestshell@guestshell ~]$ pip3 install scapy --user


Collecting scapy
Using cached
https://files.pythonhosted.org/packages/67/a1/2a60d5b
>>> import scapy 6f0fed297dd0c0311c887d5e8a30ba1250506585b897e5a662f4c
Traceback (most recent call last): /scapy-2.5.0.tar.gz
File "<stdin>", line 1, in Installing collected packages: scapy
Running setup.py install for scapy ... done
<module> Successfully installed scapy-2.5.0
ModuleNotFoundError: No module
named 'scapy’ >>> str(scapy)
"<module 'scapy' from
'/home/guestshell/.local/lib/python3.6/site-
packages/scapy/__init__.py’>”

TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Setting up Configuration Tasks
>>> import cli
>>> cli.configure("hostname test-config-change")
'Line 1 SUCCESS: hostname test-config-change\n’

>>> cmdlist = []
>>> for x in range(1,4):
... cmdlist.append(f'interface loopback{x}, ip address 1.1.1.{x}
255.255.255.255')
...
>>> for x in cmdlist:
... cli.configurep(x.split(','))

Line 1 SUCCESS: interface loopback1


Line 2 SUCCESS: ip address 1.1.1.1 255.255.255.255

Line 1 SUCCESS: interface loopback2


Line 2 SUCCESS: ip address 1.1.1.2 255.255.255.255

Line 1 SUCCESS: interface loopback3


Line 2 SUCCESS: ip address 1.1.1.3 255.255.255.255

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Polling Operational State with a Show Command
>>> cli.execute('show ip int brief’) # Returns a string
'Interface IP-Address OK? Method Status
Protocol\nGigabitEthernet1
up \nLoopback0
172.31.12.136
unassigned
YES DHCP
YES unset
up
up
Prints the
up \nLoopback1 1.1.1.1 YES manual up results with
up \nLoopback2 1.1.1.2 YES other up
up \nLoopback3 1.1.1.3 YES other up cli.executep()
up \nVirtualPortGroup0 192.168.35.101 YES TFTP up
up \n’

>>> platformMemory = cli.execute('show process memory platform sorted')

>>> for line in platformMemory.splitlines()[:8]:


... print(line)
...
System memory: 5005516K total, 4839748K used, 165768K free,
Lowest: 108576K
Pid Text Data Stack Dynamic RSS Name
----------------------------------------------------------------------
20246 374770 328744 136 460 328744 linux_iosd-imag
16852 21828 160124 132 544 160124 ucode_pkt_PQF0
18464 194 123500 132 1480 123500 cpp_cp_svr
16390 11929 92024 136 3196 92024 fman_fp_image

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Setting up a Reactive Task
cat8kv1#show run | section event
event manager applet high-memory-usage authorization bypass
event syslog pattern "%PLATFORM-3-ELEMENT_CRITICAL"
action 1.0 cli command "enable"
action 1.1 syslog msg "This is coming from EEM"
action 1.2 cli command "guestshell run python3 eem-call-example.py"
action 1.3 cli command "exit"

#CiscoLive © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Using SMTP via Amazon’s SES

Create an SMTP service


smtpObj = smtplib.SMTP('email-smtp.us-east-1.amazonaws.com’)

SMTP Credentials using the API key


smtpObj.login('AKIAZP5EBRA6STSQHK6B’,’<secret-key>’)

Policy allows API call


Ses:SendRawEmail

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Using SMTP via Amazon’s SES

Verifying an Identity
Allows for emails to be sent to the user

Network Security Group


Permits SMTP messages to be sent

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Using SMTP via Amazon’s SES

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Using TAC support APIs - CXD

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Additional Resources
DevNet Guestshell Quick Start Guide

Guestshell Configuration Guide

DevNet Github Repository

DEVLIT-2062 - Getting Started with Secure Zero Touch Provisioning


DEVNET-2122 - Secure Zero Touch Provisioning on Cisco IOS XE

LABARC-2543 -IOS-XE troubleshooting automation and orchestration using Python


and RADKit.

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Thank you

#CiscoLive
Fill out your session surveys!

Attendees who fill out a minimum of four session


surveys and the overall event survey will get
Cisco Live-branded socks (while supplies last)!

Attendees will also earn 100 points in the


Cisco Live Game for every survey completed.

These points help you get on the leaderboard and increase your chances of winning daily and grand prizes

#CiscoLive TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
• Visit the Cisco Showcase
for related demos

• Book your one-on-one


Meet the Engineer meeting

• Attend the interactive education


with DevNet, Capture the Flag,
Continue and Walk-in Labs

your education • Visit the On-Demand Library


for more sessions at
www.CiscoLive.com/on-demand

TACENT-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
#CiscoLive

You might also like