I've used this approach in the past when extending the ZTP process. Using ZTP to get a basic configuration applied to the device which included an off-box event script to leverage a Python script stored in Git.
That script could then make an API call to Ansible Tower or AWX using the template callback feature to then generate and apply the full blown production configuration and apply it as and when necessary.
The base ZTP configuration would include the usual stuff, authentication etc, and then it would include the following which would permit off-box python script execution via a URL, and the event that would be triggered every 60 seconds. Once the trigger was able to successfully execute the script then the final configuration would be applied to the device by Ansible Tower/AWX etc.
system {
scripts {
op {
allow-url-for-python;
}
language python;
}
}
event-options {
generate-event {
ztp-autoi time-interval 60;
}
policy ztp-autoi {
events ztp-autoi;
then {
execute-commands {
commands {
"op url http://192.168.56.1/scripts/foo.py -server https://192.168.56.10:443 -api v2 blah blah blah";
}
}
}
}
}
To prevent the Python script from being executed multiple times if it was already executed, then the off-box script would leverage the jcs.dampen() function that could be used prevent the script from executing too often. e.g.
import jcs
from sys import exit
.
.
.
# prevent operation from being repeatedly called
# exit if exceeds 1 call in 10 minutes
if not (jcs.dampen('callback-provisioning', 1, 10)):
print('Callback provisioning: dampen exit OK.')
jcs.syslog("external.notice", "Callback provisioning: dampen exit OK.")
exit()
.
.
.
Once the production configuration has been generated and committed to the device by Ansible then the event trigger would be overwritten/removed and the device would be ready for validation tests and so forth.
Regards,
Andy
------------------------------
Andy Sharp
------------------------------
Original Message:
Sent: 02-01-2021 23:50
From: Unknown User
Subject: anyone can help me understand this statement ?
Ensure that Python commit scripts are allowed to be stored off-box. Other commit scripts should only be allowed to be stored on-box.
What does the statement mean exactly ?
thanks !!