/
How Zero Touch Provisioning Works

How Zero Touch Provisioning Works

Owned by Tracy Yang (Unlicensed)
May 27, 2022

The following graphic describes the operation of ZTP (Zero Touch Provisioning):




When a PicOS switch boots up, a DHCP client starts to contact a DHCP server. ZTP obtains values for three parameters from the DHCP server: tftp-server-name, boot-file-name, and log-servers.

If the log-servers option is set, ZTP will send the ZTP log to the server and local syslog at the same time.

ZTP then starts a TFTP client to get an upgrade script from the TFTP server defined in tftp-server-name. The script name is defined in boot-file-name. The upgrade script defines all upgrade procedures. The provision script is a Linux shell script, which is automatically run once it is downloaded from the TFTP server.

A typical PicOS provision target may include the following tasks:

  1. Back up L2/L3 configuration file, OVS configuration database, and boot list file.
  2. Back up user data files and application configuration files.
  3. Download PicOS image from TFTP server.
  4. Upgrade PicOS image.
  5. Reboot into new image.
  6. Update PicOS configuration files.
  7. Start PicOS application (L2/L3 or OVS).
  8. Configure PicOS application.

Upgrade Process Flow Chart  

DHCP Server Setup

ZTP depends on a DHCP server for obtaining the IP address of TFTP server, file name of the shell script, and IP address(es) of syslog server(s) in the following format:

host pica8-pxxxx {
hardware ethernet 08:9e:01:62:d5:62;
option bootfile-name "pica8/provision.script";
option tftp-server-name "xx.xx.xx.xx";
option log-servers xx.xx.xx.xx;
fixed-address xx.xx.xx.xx;
}

The elements of the segment above are described below:

  • host: Host name of the PicOS switch.
  • hardware ethernet: MAC address of the PicOS switch.
  • bootfile-name: File name of the shell scripts and its path relative to the TFTP root directory. 
  • tftp-server-name: IP address of the TFTP server.
  • log-servers: IP address of the log server that will receive logs from ZTP.
  • fixed-address: Optional. Configure a fixed IP address as management IP of the switch. 

PicOS switches send a vendor-class-identifier to the DHCP server in the format of pica8-pxxxx where xxxx is the switch model. It is possible for the customer to use the vendor-class-identifier to identify PicOS switches.

The Provision Script

Before using ZTP, the switch must be configured in two partitions (active partition and backup partition). The whole disk image needs to migrate to a different format. In the meantime, Pica8 has added some features to help users automatically provision the image and recover from a failed upgrade.

The provision script describes what PicOS software upgrade and configuration is required, as well as how it is executed. The script also defines the customer specific upgrade process.

There is a shell script named ztp-functions.sh, which provides some functions for ZTP. The ztp-functions.sh script is located in the /usr/local/bin directory.

The following variables are used in the provision scripts:

  1. version: PicOS software version.
  2. revision: PicOS software revision.
  3. sn: Serial number of the switch.
  4. eth0_mac: MAC address of the management interface eth0.
  5. switch_mac: MAC address of the switch.

Sample Provision Script

The following provision script is provided as a reference:

#!/bin/bash
source /usr/local/bin/ztp-functions.sh
if [ "$revision" != "151db4c" ]; then
        tftp_get_picos_image picos-2.10.0-as4610-151db4c.tar.gz
        if [ $? -ne 0 ]; then
                exit 1
        fi
        reboot
else
        #start l2/l3 mode
        picos_l2l3_start
        if [ $? -ne 0 ]; then
                exit 1
        fi
        #load xorp configuration
        l2l3_load_config ztpl2l3_cfg.sh
        if [ $? -ne 0 ]; then
                exit 1
        fi
        #stop l2/l3 mode
        picos_l2l3_stop
        if [ $? -ne 0 ]; then
                exit 1
        fi
        # start ovs mode
        picos_ovs_start 192.168.2.50/24 192.168.2.1
        if [ $? -ne 0 ]; then
                exit 1
        fi
        #load ovs configuration
        ovs_load_config 192.168.2.50/24 192.168.2.1 ztpovs_cfg.sh
        if [ $? -ne 0 ]; then
                exit 1
        fi
        #stop ovs mode
        picos_ovs_stop
        if [ $? -ne 0 ]; then
                exit 1
        fi
fi

Here is an example of xorp_cfg.cli:

show version;configure;run show vlans;set vlans vlan-id 20;commit;set vlans vlan-id 30;commit

Here is an example of ovs_cfg.cli:

ovs-vsctl add-br br0 - set bridge br0 datapath_type=pica8
ovs-vsctl set Bridge br0 stp_enable=true
ovs-vsctl add-port br0 ge-1/1/1 - set interface ge-1/1/1 type=pica8
ovs-vsctl add-port br0 ge-1/1/2 - set interface ge-1/1/2 type=pica8
ovs-ofctl add-flow br0 in_port=1,actions=output:2
ovs-ofctl add-flow br0 in_port=2,actions=output:1

Copyright © 2025 Pica8 Inc. All Rights Reserved.