cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

EEM script for Installation and Activation of IPsec/CGN OVA package on ASR9K routers

1088
Views
0
Helpful
0
Comments

Introduction :
This EEM script will simplify the process of installing and activating OVA  which involves following steps :
Remove existing service interface configurations
Deactivate existing OVA
Uninstall existing OVA
Copy the new OVA to router
Install the OVA on the required VSM
Add bundle configs and bundle member configurations (Incase of IPSec)
Add vnic interfaces under virtual service
Activating the OVA
Adding CP VM configuration incase of IPSec service
Validation in each above step


How the script simplifies above steps :

The steps mentioned in above step can reduced to easy process by using the EEM script by and can be done without any user intervention.
Steps to do this are as follows,
1. Copy the EEM script to the router (one time for one router)
2. Register the script (one time for one router)
3. Set the environmental variables.
4. Run the script.
Steps 3 and 4 only needs to repeated for each installation/activation.

What steps the script does internally :

The script follows following steps for Installing and activating OVA
Check whether the VSM is in RUN state.
If VSM is in RUN state, it will check whether any service is in either Installed/Activated/Deactivated state
If service is in Installed state, script will uninstall the  existing OVA
If service is in Deactivated state, it will check whether any service related configurations are present.
If service related configurations present in deactivated state, those configurations will be removed and then OVA will be uninstalled
If service is in Activated state, script removes service related configurations and then uninstall the OVA
Now copy of new OVA to router will happen
Then Install of OVA on provided VSM will happen
The above step is followed by adding VNIC members and service activation.
If bundle configurations and bundle member configurations are required (for IPSec case), this also will be done.
Base configurations for Control plane VM  incase of IPSec will be done.


Procedure to copying and registering EEM Script :

1. Create directories for EEM script and library

mkdir eem_scripts
mkdir eem_lib

2. Copy the script from tftp to router

copy tftp://202.153.144.25/auto/tftp-blr-users2/pjeyapal/eem_scripts/ipsec_ova_inst_act/no_ova_install_activate.tcl disk0a:/usr/eem_scripts/no_ova_install_activate.tcl

3. Create a username for eem users (not mandatory)

admin
conf t
username eem_user
group root-system
group cisco-support
commit

4. Configuring AAA :

conf t
aaa authorization eventmanager default local
commit

5. Registering EEM script :

conf t
event manager directory user policy disk0a:/usr/eem_scripts
event manager directory user library disk0a:/usr/eem_lib
event manager policy no_ova_install_activate.tcl username eem_user persist-time infinite
commit

Please see attachment "EEM_base_configurations" for router log of above steps


Environmental Variables :

Mandatory :

_eem_tftp_ova_file  : tftp path where ova file exists
  default : none
_eem_vsm_slot :  VSM slot number
  default : none
_eem_ova_type :  ipsec | cgn
  default : ipsec
_eem_ova_profile :  half | full   è not required for cgn
  default : full


Optional :

_eem_router_ova_path :  path in router where ova will be copied
  default : <home directory>/eem_ova
_eem_service_members : bundle members incase of ipsec ova
  default : interfaces "2 3 4 5 6 7 8 9" for ipsec fullprofile
                interfaces "2 3 4 5" for ipsec half profile
                interface "0 1 2 3 4 5 6 7 8 9 10 11" for cgn
_eem_bundle_number : interface number for bundle incase of ipsec
  default : 1
_eem_need_bundle_config : 0 | 1 , do we need bunde configurations incase of ipsec
  default : 0
_eem_bundle_address :  ipv4 address on bundle interface incase of ipsec
  default : 192.168.1.2
_eem_bundle_mask : mask for _eem_bundle_address
  default : 255.255.255.0
_eem_service_name : service name
  default : ipsecf_<_eem_vsm_slot> for ipsec full profile
                  ipsech_<_eem_vsm_slot> for ipsec full profile
                  cgn_<_eem_vsm_slot> for cgn

How to trigger the script :


event manager run no_ova_install_activate.tcl

 

Examples :

Example 1 : Triggering script for IPSec full profile with only mandatory arguments and letting the script assume default values for rest of the optional arguments
Env Setting :

RP/0/RSP0/CPU0:R1#sh running-config event manager environment
event manager environment _eem_vsm_slot 2
event manager environment _eem_tftp_ova_file tftp://202.153.144.25//auto/tftp-blr-users3/pjeyapal/images/522_23i/asr9k-vsm-ipsec-fp-DT-5.2.2.18i.ova

Triggering the script :

RP/0/RSP0/CPU0:R1#event manager run no_ova_install_activate.tcl

See the attachment "Logs_EEM_IPsec_full_profile" for more detail

Example 2 : Triggering script for IPSec half profile with only mandatory arguments and letting the script assume default values for rest of the optional arguments
Env Setting :

RP/0/RSP0/CPU0:R1#sh running-config event manager environment
event manager environment _eem_vsm_slot 2
event manager environment _eem_ova_profile half
event manager environment _eem_tftp_ova_file tftp://202.153.144.25//auto/tftp-blr-users3/pjeyapal/images/522_23i/asr9k-vsm-ipsec-hp-DT-5.2.2.18i.ova

Triggering the script :

RP/0/RSP0/CPU0:R1#event manager run no_ova_install_activate.tcl

See the attachment "Logs_EEM_IPsec_half_profile" for more detail

Example 3 : Triggering script for CGN profile with only mandatory arguments and letting the script assume default values for rest of the optional arguments
Env Setting :

RP/0/RSP0/CPU0:R1#sh running-config event manager environment
event manager environment  _eem_ova_type cgn
event manager environment _eem_vsm_slot 2
event manager environment _eem_tftp_ova_file tftp://202.153.144.25//auto/tftp-blr-users3/pjeyapal/images/522_23i/vsmcgv6_ivybridge_522_17i.ova

Triggering the script :

RP/0/RSP0/CPU0:R1#event manager run no_ova_install_activate.tcl

See the attachment "Logs_EEM_CGN_profile" for more detail

Example 4 : Triggering script for IPSec full profile with only mandatory arguments and mentioning to configure bundle configurations as well
Env Setting :

RP/0/RSP0/CPU0:R1#sh running-config event manager environment
event manager environment  _eem_ova_type cgn
event manager environment _eem_vsm_slot 2
event manager environment _eem_tftp_ova_file tftp://202.153.144.25//auto/tftp-blr-users3/pjeyapal/images/522_23i/vsmcgv6_ivybridge_522_17i.ova

Triggering the script :

RP/0/RSP0/CPU0:R1#event manager run no_ova_install_activate.tcl
See the attachment "Logs_EEM_IPsec_full_profile_with_bundle_config" for more detail

Example 5 : Triggering script for IPSec half profile with all possible arguments
Env Setting :

RP/0/RSP0/CPU0:R1#sh running-config event manager environment
event manager environment _eem_ova_type ipsec
event manager environment _eem_vsm_slot 0
event manager environment _eem_bundle_mask 255.255.255.252
event manager environment _eem_ova_profile half
event manager environment _eem_service_name IPsec_H
event manager environment _eem_bundle_number 5
event manager environment _eem_tftp_ova_file tftp://202.153.144.25//auto/tftp-blr-users3/pjeyapal/images/522_23i/asr9k-vsm-ipsec-hp-DT-5.2.2.18i.ova
event manager environment _eem_bundle_address 192.168.5.1
event manager environment _eem_router_ova_path harddisk:
event manager environment _eem_service_members 6 7 8 9
event manager environment _eem_need_bundle_config 1
RP/0/RSP0/CPU0:R1#

Triggering the script :

RP/0/RSP0/CPU0:R1#event manager run no_ova_install_activate.tcl
See the attachment "Logs_EEM_IPsec_half_profile_with_all_parameters" for more detail

 

Sample EEM logs :

RP/0/RSP0/CPU0:Dec 16 09:16:32.200 : tclsh[65861]: %HA-HA_EEM-6-ACTION_SYSLOG_LOG_INFO : no_ova_install_activate.tcl: |*| _eem_tftp_ova_file  : tftp://202.153.144.25//auto/tftp-blr-users3/pjeyapal/images/522_23i/asr9k-vsm-ipsec-fp-DT-5.2.2.18i.ova |*| _eem_router_ova_path : disk0a:/usr |*| _eem_vsm_slot : 0 |*| _eem_ova_type : ipsec |5| _eem_ova_profile : full
RP/0/RSP0/CPU0:Dec 16 09:16:32.200 : tclsh[65861]: %HA-HA_EEM-6-ACTION_SYSLOG_LOG_INFO : no_ova_install_activate.tcl: |*| _eem_service_members : 2 3 4 5 6 7 8 9 |*| _eem_need_bundle_config : 1 |*| _eem_bundle_number : 1 |*| _eem_bundle_address : 192.168.1.1 |*| _eem_bundle_mask : 255.255.255.0 |*| _eem_service_name : ipsecf_0
RP/0/RSP0/CPU0:Dec 16 09:16:32.200 : tclsh[65861]: %HA-HA_EEM-6-ACTION_SYSLOG_LOG_INFO : no_ova_install_activate.tcl: Please press ctrl+c to abort if the above arguments needs to be  changed and policy needs to be rerun  
RP/0/RSP0/CPU0:Dec 16 09:29:21.850 : tclsh[65861]: %HA-HA_EEM-6-ACTION_SYSLOG_LOG_INFO : no_ova_install_activate.tcl: OVA Installed and Activated successfully
RP/0/RSP0/CPU0:R1#

Script file :

See attachment "no_ova_install_activate.tcl_.rtf"