I’ve been long waiting for the latest version of IOS-XE to ship, and on April 13th IOS-XE 16.5 “Everest” posted to https://cisco.com/go/software for the ISR, ASR, and CSR routing platforms (still to come are the Catalyst Switching lines). The “Everest" release of IOS-XE is jam packed with new programmability features that I think everyone will agree are excellent additions as network programmability is becoming a mainstream topic for us all. Some of the highlights of this release include
A modular approach to YANG Data Models for Cisco IOS-XE Features (ISR, CSR, ASR)
Support for Zero Touch Provisioning (ZTP) for Day 0 infrastructure setup (ISR)
New Application Hosting capabilities provided by a Linux Guest Shell (ISR)
Ability to develop and execute Python scripts On-Box (ISR)
Note: Not all IOS-XE platforms support all features in release 16.5. Future software releases will extend features to other platforms.
In future blog posts I’ll dive deeper into all of these features, but today we’re going to look at the new Python execution capabilities.
Python and GuestShell
The ability to execute Python code directly on an end device is a part of the Application Hosting capabilities provided by GuestShell. We’ll go deeper into GuestShell on another day, but for now it is important to understand just some of the basics. GuestShell is a containerized Linux runtime that can be enabled on your IOS-XE device. On the ISR 4000 platforms, Guest Shell provides a CentOS 7 environment in which you can install and run applications, such as Python scripts. From within Guest Shell you and your applications have access to the networks of the host platform, bootflash, and IOS CLI. Guest Shell is isolated from the underlying host software to prevent interference of the core network functions of the device.
And I can’t go any further without mentioning that though a new feature to IOS-XE, Open NX-OS has offered Guest Shell and Python for awhile now. In fact the feature within IOS-XE is modeled after how it works within NX-OS so much of what we’ll look at here applies to NX-OS as well!
Guest Shell Quick Start
Enough talk… let’s get into some config and code! For this blog post I am using an ISR 4431 running 16.5.1b. The router was recently upgraded to 16.5 and has little other configuration in place. Before we can jump into doing something interesting with Python, we need to get Guest Shell up and running.
Step 1: Enable IOX
IOX is the manager that handles guest shell and other 3rd party applications in IOS-XE.
Enter configuration commands, one per line. End with CNTL/Z.
Virtual Service Global State and Virtualization Limits:
Okay, running live Python commands on a router is interesting, but not very powerful all by itself. Let’s take a look at how we can combine this new feature with EEM for new and interesting options. With the addition of Python and Guest Shell, you can now have EEM execute a Python Script as an action. This provides the power of Python, with the event driven actions of EEM… Awesome! For this example we’ll take a step into “Chat Ops” and our Router send a Spark message every time the configuration is changed.
Step 1: Create a Spark Bot Account for our Router
In order to send a message with Spark, our router will need an account to use. Rather than create a full account for every device, I’ll just create a Bot under my own Spark Account for this router. From https://developer.ciscospark.com, I create a new bot account. I grab the Authentication Token because I’ll need that for my script.
Step 2: The Python Code
For this demo, I created a very simple Python Script that can be used to send a message to someone. Here is the script.
from ciscosparkapi import CiscoSparkAPI
# Use ArgParse to retrieve command line parameters.
Because this directory is on bootflash, I could create the script from my local machine and upload it using any available method to get it onto the box. For now, I’m just going to use “vi” from within Guest Shell to create the script.
Before I tie it into EEM, let’s test it real quick to make sure it works. The script uses the common “argparse” module for Python to take in command line arguments for the token, email to send to, and message to send.
Now each time I make a configuration change, I receive the notification in Cisco Spark. This is a very basic implementation of the “Chat Ops” idea, but highlights how quick and easy this type of thing can be leveraged with very little time, or programming skill needed.
With the power of Python, I could use ncclient and NETCONF to leverage the model drive programmability options under the hood as an alternative to the CLI options we looked at earlier this post.
If this kind of thing has you interested, be sure to join us at Cisco Live 2017 in Vegas. We've several sessions in DEVNET discussing the new programmability features of IOS-XE and all our platforms. A few suggestions to take a look at include: