forked from coreyhines/Arista
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrc.eos-exception
More file actions
99 lines (90 loc) · 4.74 KB
/
rc.eos-exception
File metadata and controls
99 lines (90 loc) · 4.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/bin/bash
#logging will appear in /var/log/Eosinit despite the logger commands below
# EOS boot modifications to protect against inband optical network intereference
# while using DANZ in bidi environments
# To document the problem, in bidi tapping applications
# bidi transceivers carry both a Tx and Rx signal in each strand
# If Tx signal is sent from the DANZ tap port interference will occur
# In DANZ tap agg mode exclusive ports are tap/tool/errdisabled
# But in ZTP mode or in switch mode the ports will transmit light and interfere at L1
# and they can also receive frames and respond as a bridge at L2
# Author: Corey Hines Systems Engineer chines@arista.com
# Initial Git commit 7 May 2018
#
# Test whether the startup-config exists and that it is greater than 0 length
# in other words the file is not empty
if [ -s /mnt/flash/startup-config ]
then
echo ""
echo "****************************************************************"
echo "startup-config exists and is not empty... evaluating contents"
echo "****************************************************************"
echo ""
else
echo ""
echo "******************************************************************"
echo "startup-config is empty or does not exist! Restoring default configuration"
echo "default config will also be evaluated for sanity"
echo "******************************************************************"
echo ""
# The startup config has been removed or exists and is empty,
# copy the "golden" config from the hidden file ".hidden-gold-config"
# This could be a known good config, or it could be a special LOCKED DOWN
# config. As an example, this config would have the 'unidirectional receive-only'
# command applied to all ports, it would also ensure that the tap agg mode exclusive stanza is set
# it would also be wise to have the MA1 config and turn on eAPI so the device can be
# evaluated and returned to service via CVP
cp /mnt/flash/.hidden-gold-config /mnt/flash/startup-config
fi
# setup variables for the startup-config file and a regex to test for
# tap agg exclusive mode stanza
# in testing 'exclusive' was changed to 'elusive' triggering
# the exception state. Exception state is also triggered if the stanza
# does not exist protecting from "switch mode" as well as some corruption
# or malevolent modification
declare file="/mnt/flash/startup-config"
declare regex="tap\sagg.*\n\s+mode\sexclusive"
# Addition for a next verion
# add a test to verify that /mnt/flash/zerotouch-config exists and contains
# DISABLE=True
# if not we should create the file and set its contents
# potentially simpler is just clobber the zerotouch-config file with the above contents
# on every boot
# This is an additional safeguard, since this script will not let the system
# have an empty or non-existent startu-config we should never go into ZTP mode
# however, this is a failsafe we will add promptly
# read the startup-config and put the contents into file_content variable
declare file_content=$( cat "${file}" )
# look for matches of the regex pattern in the startup-config file contents
# if the tap aggregation mode exclusive stanza exists, then the config looks sane
if [[ " $file_content " =~ $regex ]]
then
echo ""
echo "****************************************************************"
echo "startup-config tap agg mode present, config appears to be sane"
echo "****************************************************************"
echo ""
/usr/bin/logger -sf /var/log/messages -i -p 7 "Config appears to be sane"
else
echo ""
echo "****************************************************************"
echo "startup-config DOES NOT HAVE tap agg mode commands"
echo "THIS DEVICE WILL NOW ENTER EXCEPTION BOOT MODE"
echo "CURRENT POSTURE: copy default config.. again"
echo "****************************************************************"
echo ""
# At this point we have verified that the startup-config exists
# At this point we are in EXCEPTION because even the hidden gold config appears to
# be missing the tap agg mode exclusive stanza. In this case we will copy the hidden config
# and reboot.
# Note: As written this could result in a reboot loop
# this can be changed but it is ultimately better than interfering and can be stopped
# with console access
# One possible alteration here is a cat << EOF approach that creates a default config
# that is even more stripped down than the so called hidden-gold-config
/usr/bin/logger -sf /var/log/messages -i -p 7 "The Configuration DOES NOT appear to be sane"
/usr/bin/logger -sf /var/log/messages -i -p 7 "Copying default config and rebooting"
cp /mnt/flash/.hidden-gold-config /mnt/flash/startup-config
/sbin/reboot
fi
exit