Continuing from the previous session.
reference: Python and Bash are now supported on Cisco popular switch Catalyst and containers running the router's new operating system (IOS-XE). Python and Bash in Cisco Catalyst IOS-XE
It was also found that the Python script on the switch can be automatically issued at any time based on the events detected internally by IOS (EEM: Issued using Embedded Event Manager). We also found that EEM can be written in Python scripts. The latter two are similar, but strictly different. This time, the operation log of the former. This time, I used Catalyst 3850.
(I really want to do it with Catalyst 9300, because 3850 is MIPS CPU, 9300 is x86, etc., it seems that there are few restrictions.)
reference: Running Tcl scripts using Cisco IOS EEM
See below. Python and Bash in Cisco Catalyst IOS-XE
Please note that the so-called front port is not supported for network connection between guestshell and the outside, only the management port.
Setting Example
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address <ipaddress> <mask>
!
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 <mgmt-gateway>
Confirmation of communication with the outside is OK.
[guestshell@guestshell ~]$ sudo ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=3.00 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=2.46 ms
Register the name server.
[guestshell@guestshell ~]$ cat /etc/resolv.conf
nameserver <ipaddress>
Name resolution is also OK.
[guestshell@guestshell ~]$ sudo ping www.cisco.com
PING origin-www.cisco.com (72.163.4.161) 56(84) bytes of data.
64 bytes from www1.cisco.com (72.163.4.161): icmp_seq=1 ttl=235 time=300 ms
64 bytes from www1.cisco.com (72.163.4.161): icmp_seq=2 ttl=235 time=292 ms
PIP is included from the beginning. I'll put in the Requests module.
[guestshell@guestshell ~]$ sudo -E pip install requests
Verification.
[guestshell@guestshell ~]$ sudo pip list install
DEPRECATION: The default format will switch to columns in the future. You can use --format=(legacy|columns) (or define a format=(legacy|columns) in your pip.conf under the [list] section) to disable this warning.
certifi (2017.7.27.1)
chardet (3.0.4)
idna (2.5)
pip (9.0.1)
requests (2.18.2)
setuptools (22.0.5)
urllib3 (1.22)
For a brief explanation of Cisco Spark and access token acquisition, see the following articles. Posted to Cisco Spark in Ansible-cisco_spark
The switch bootflash: is mounted on / flash. Go to / flash, create your own directory and create a script.
[guestshell@guestshell ~]$ pwd
/home/guestshell
[guestshell@guestshell ~]$ cd /flash
[guestshell@guestshell flash]$ mkdir kikuta
[guestshell@guestshell flash]$ cd kikuta
[guestshell@guestshell kikuta]$ touch spark_post.py
[guestshell@guestshell kikuta]$ ls
spark_post.py
You can create a script locally and transfer it to the switch bootflash, or if it's simple, you can create it with vi on the guestshell. With Cat9300, you can easily install an editor with yum, so it seems a little more convenient.
--Easy to post a message in Cisco Spark space --Messages can be passed to scripts as arguments and written in IOS config --Cat3850 only supports Python 2.7, so be careful with print (crying) --Cat9300 seems to support Python3 as well --Replace the access token and room ID with your own
spark_post.py
[guestshell@guestshell kikuta]$ cat spark_post.py
import requests
import sys
ACCESS_TOKEN = "<my_access_token>"
ROOM_ID = "<my_room_id>"
YOUR_MESSAGE = sys.argv[1]
#Header creation
def setHeaders():
accessToken_hdr = 'Bearer ' + ACCESS_TOKEN
spark_header = {'Authorization': accessToken_hdr, 'Content-Type': 'application/json; charset=utf-8'}
return spark_header
#Post a message in space
def postMsg(the_header,roomId,message):
message = '{"roomId":"' + roomId + '","text":"' + message +'"}'
uri = 'https://api.ciscospark.com/v1/messages'
resp = requests.post(uri, data=message, headers=the_header)
print resp
header=setHeaders()
postMsg(header,ROOM_ID,YOUR_MESSAGE)
Confirmed operation on the guest shell. Write the arguments appropriately.
[guestshell@guestshell kikuta]$ python ./spark_post.py "Hello from Cat3850"
<Response [200]>
I was able to post nicely.
Last time was manually tested using the NONE event, but this time it is an example of a Syslog event. Issue an event triggered by Syslog that matches the regular expression, and execute the Python script as an EEM action. For the time being, make a loopback that doesn't matter and shut / no shut.
interface Loopback100
ip address 1.1.1.1 255.255.255.255
In EEM, the system returns a built-in variable for each event issued, so I wanted to take out the entire Syslog and throw it to Spark, but I failed to put it in the command argument. The built-in variables are useful, so make a note of them.
Embedded Event Manager Built-In Environment Variables Used in EEM Applets
Interface Up / Down occurred this time, so please check it. By the way, I tried to make a sample that also guides the NMS dashboard. Since you can create various events, for example, you can post a dashboard or tool that guides each trigger, such as a broken peer, an unstable tunnel, a delay to a distant server exceeding the threshold, etc. There may be. For example, creating a ticket for the incident ticket system.
(205 and 206 are redundant, but they are samples ..)
Cat3850-3#sh run | sec event manager
event manager applet syslog
event syslog pattern "%LINEPROTO-5-UPDOWN:"
action 100 syslog msg "Syslog ## $_syslog_msg ## by EEM"
action 200 cli command "enable"
action 205 cli command "guestshell run python /bootflash/kikuta/spark_post.py Interface_UpDownEvent_Detected"
action 206 cli command "guestshell run python /bootflash/kikuta/spark_post.py Please_Confirm_theEvent_Soon"
action 208 cli command "guestshell run python /bootflash/kikuta/spark_post.py https://10.71.154.112/"
Turn on debugging for checking the behavior of EEM.
Cat3850-3#debug event manager action cli
Debug EEM action cli debugging is on
Cat3850-3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cat3850-3(config)#int loopback 100
Cat3850-3(config-if)#no shut
Cat3850-3(config-if)#end
Cat3850-3#
Cat3850-3#
*Jul 27 16:45:31.287: %SYS-5-CONFIG_I: Configured from console by console
*Jul 27 16:45:32.727: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback100, changed state to up
*Jul 27 16:45:32.728: %LINK-3-UPDOWN: Interface Loopback100, changed state to up
*Jul 27 16:45:32.738: %HA_EM-6-LOG: syslog: EEM Syslog
*Jul 27 16:45:32.727: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback100, changed state to up by EEM
*Jul 27 16:45:32.739: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : CTL : cli_open called.
*Jul 27 16:45:32.742: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : OUT : Cat3850-3>
*Jul 27 16:45:32.743: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : IN : Cat3850-3>enable
*Jul 27 16:45:32.755: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : OUT : Cat3850-3#
*Jul 27 16:45:32.756: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : IN : Cat3850-3#guestshell run python /bootflash/kikuta/spark_post.py Interface_UpDownEvent_Detected
*Jul 27 16:45:39.782: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : OUT : <Response [200]>
*Jul 27 16:45:39.783: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : OUT :
*Jul 27 16:45:39.783: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : OUT :
*Jul 27 16:45:39.784: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : OUT : Cat3850-3#
*Jul 27 16:45:39.784: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : IN : Cat3850-3#guestshell run python /bootflash/kikuta/spark_post.py Please_Confirm_theEvent_Soon
*Jul 27 16:45:46.716: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : OUT : <Response [200]>
*Jul 27 16:45:46.716: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : OUT :
*Jul 27 16:45:46.717: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : OUT :
*Jul 27 16:45:46.717: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : OUT : Cat3850-3#
*Jul 27 16:45:46.717: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : IN : Cat3850-3#guestshell run python /bootflash/kikuta/spark_post.py https://10.71.154.112/
*Jul 27 16:45:52.795: %HA_EM-6-LOG: syslog : DEBUG(cli_lib) : : CTL : cli_close called.
*Jul 27 16:45:52.798:
*Jul 27 16:45:52.798: tty is now going through its death sequence
feel well.
that's all. It seems that the range of applications is quite wide, and it seems that you can play for a while.
Programmability Configuration Guide, Cisco IOS XE Everest 16.5.1a (Catalyst 3850 Switches)
Recommended Posts