Junos OS

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  ZTP on EX4550-32f 15.1R7-S13 fails to execute shell script

    Posted 03-28-2023 16:36
    Edited by Michael Pappas 03-30-2023 13:47
    I am working on automation of Zero Touch Provisioning for Juniper devices. We have in our lab EX4550-32F switch with software version 15.1R7-S13, which is used for my tests and development. My task is adopt previously developed ZTP automation script to Juniper device.
    As it is described in the Junos® OS Software Installation and Upgrade Guide the ZTP process supports Shell scripts (/bin/sh) on all the devices. That is the feature that automation process relies on. But in my multiple tests and later by analyzing Junos utility script (image_load), which is invoked by the ZTP process, I found that it expects only boot image file and/or device configuration, which are supplied by DHCP server. Meaning the script option is not considered and therefore the automation process is not possible.
    Additional log information from the device (no sign of script execution or failure):

    root@:RE:0% find / -name test-juniper-script

    /var/tmp/test-juniper-script

    /packages/mnt/jweb-ex-15.1R7.9/jail/var/tmp/uploads/test-juniper-script

    root@:RE:0% /var/tmp/test-juniper-script

    /var/tmp/test-juniper-script: Authentication error.

    root@:RE:0% sh /var/tmp/test-juniper-script

    ###############

    Runnning test-junos-script Shell script on Junos device

    ###############

    root@:RE:0% ls -l /var/tmp/test-juniper-script

    -rw-r--r--  1 root  field  404 Jun 22 18:34 /var/tmp/test-juniper-script

    root@:RE:0% cd /var/log

    root@:RE:0% grep -n "test-juniper-script" *

    dhcp_logfile:361:Jun 22 18:34:28 AIU: Config Filename is test-juniper-script

    dhcp_logfile:380:Jun 22 18:34:28 AIU: Config Filename is test-juniper-script

    dhcp_logfile:431:Jun 22 18:34:36 AIU: spawn : /bin/sh /usr/sbin/image_load -G 172.22.143.63 -I vme -O install_reboot -D /var/tmp  -C test-juniper-script -F jinstall-ex-4500-15.1R7.9-domestic-signed.tgz -T http

    image_load_log:2:[Wed Jun 22 18:34:36 UTC 2022] /usr/sbin/image_load -G 172.22.143.63 -I vme -O install_reboot -D /var/tmp -C test-juniper-script -F jinstall-ex-4500-15.1R7.9-domestic-signed.tgz -T http

    image_load_log:4:[Wed Jun 22 18:34:46 UTC 2022] fetch http://172.22.143.63/test-juniper-script

    image_load_log:5:[Wed Jun 22 18:34:46 UTC 2022] test-juniper-script                                    369 kB  369 kBps

    messages:384:Jun 22 18:34:36   image_load[1854]: /usr/sbin/image_load -G 172.22.143.63 -I vme -O install_reboot -D /var/tmp -C test-juniper-script -F jinstall-ex-4500-15.1R7.9-domestic-signed.tgz -T http

    messages:393:Jun 22 18:34:46  LX0213481837 image_load[1854]: fetch http://172.22.143.63/test-juniper-script

    messages:394:Jun 22 18:34:46  LX0213481837 image_load[1854]: test-juniper-script                                    369 kB  369 kBps

    messages:420:Jun 22 18:36:46  LX0213481837 /kernel: veriexec: no signatures for device. file='/var/tmp/test-juniper-script' fsid=67 fileid=4 gen=328216438 uid=0 pid=2701

    root@:RE:0% cat image_load_log

    [Wed Jun 22 18:34:36 UTC 2022] Creating /var/run/image_load.pid with 1854

    [Wed Jun 22 18:34:36 UTC 2022] /usr/sbin/image_load -G 172.22.143.63 -I vme -O install_reboot -D /var/tmp -C test-juniper-script -F jinstall-ex-4500-15.1R7.9-domestic-signed.tgz -T http

    [Wed Jun 22 18:34:44 UTC 2022] Directory to store image is valid /var/tmp

    [Wed Jun 22 18:34:46 UTC 2022] fetch http://172.22.143.63/test-juniper-script

    [Wed Jun 22 18:34:46 UTC 2022] test-juniper-script                                    369 kB  369 kBps

    [Wed Jun 22 18:34:46 UTC 2022] File fetch done.

    [Wed Jun 22 18:34:46 UTC 2022] fetch http://172.22.143.63/jinstall-ex-4500-15.1R7.9-domestic-signed.tgz

    [Wed Jun 22 18:35:18 UTC 2022] jinstall-ex-4500-15.1R7.9-domestic-signed.tgz         4193 kB 4193 kBps

    [Wed Jun 22 18:35:18 UTC 2022] File fetch done.

    [Wed Jun 22 18:35:32 UTC 2022] /var/tmp/jinstall-ex-4500-15.1R7.9-domestic-signed.tgz is version 15.1R7.9.

    [Wed Jun 22 18:35:32 UTC 2022] This version is already installed.

    [Wed Jun 22 18:35:32 UTC 2022] Aborting install.

    [Wed Jun 22 18:35:32 UTC 2022] Removing /var/tmp/jinstall-ex-4500-15.1R7.9-domestic-signed.tgz

    [Wed Jun 22 18:35:32 UTC 2022] jinstall-ex-4500-15.1R7.9-domestic-signed.tgz not installed, committing config

    [Wed Jun 22 18:35:32 UTC 2022] /usr/sbin/cli op url /usr/sbin/commit-config.slax config_file /config/auto_image_upgrade.conf action override

    [Wed Jun 22 18:35:47 UTC 2022] Removing /var/run/image_load.pid

    root@:RE:0% 

     
    My questions: 
    1. Am I missing something and software version 15.1R7-S13 is sufficient to run ZTP scripts? If yes, what options must be supplied from DHCP?
    2. What Junos software version should be installed to support shell scripts in ES switch?
    3. What Junos software version should be installed to support Python scripts in ES switch? 

    Thank you



    ------------------------------
    Yan Gorelik
    ------------------------------



  • 2.  RE: ZTP on EX4550-32f 15.1R7-S13 fails to execute shell script

    This message was posted by a user wishing to remain anonymous
    Posted 14 days ago
    This message was posted by a user wishing to remain anonymous

    I am running into the same issue. The script_output file actually  has the script debug info. But it throws out this message

    : not foundmage_load: bin/sh


    Original Message


  • 3.  RE: ZTP on EX4550-32f 15.1R7-S13 fails to execute shell script

    Posted 13 days ago

    Hi,

    This is a common issue with ZTP Builds, some versions of ZTP will only accept Configuration files.

    To work around this you have to load a configuration file with an event script that calls your intended script. (You then use the DHCP vendor-class options to filter those trouble devices).

    It is hard for me to answer your question as the experience and tests I have performed were with slightly different versions of 15.1 and they behaved differently. i.e. some prior to D120 would not even run the auto-image-upgrade process. So I cannot provide a conclusive answer on versions without verifying in my lab.

    I had intended on making this ZTP repo publically available but I have not got around to anonymizing it. 

    Here is an example config file to load via ZTP, this allows the ZTP system to push the configuration and trigger any script to perform the upgrade for you, independent of ZTP:

    system {
    host-name ex-test;
    root-authentication {
        encrypted-password "$1"; ## SECRET-DATA
    }
    static-host-mapping {
        ftpserver inet 172.16.1.199;
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    }
    syslog {
        user * {
            any emergency;
            user info;
        }
        file messages {
            any notice;
            authorization info;
        }
        console {
            user info;
        }
    }
    inactive: autoinstallation {
    }
}
interfaces {
    me0 {
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
}
event-options {
    generate-event {
        syscheck time-interval 900;
    }
    policy syscheck {
        events syscheck;
        then {
            execute-commands {
                commands {
                    "op url ftp://anonymous@ftpserver:/pub/scripts/junos-sys-checks.slax";
                }
            output-filename syscheck-event.log;
            destination syscheck-event_log;
            output-format text;
            }
        }
    }
    destinations {
        syscheck-event_log {
            archive-sites {
                /var/tmp/;
            }
        }
    }
}


    ------------------------------
    GAVIN WHITE
    ------------------------------

    Original Message