How Zero Touch Provisioning Works

Owned by Tracy Yang
Mar 19, 2024
3 min read

The following graphic describes the operation of ZTP (Zero Touch Provisioning):




When a PicOS switch boots up, a DHCP client starts to contact a DHCP server. ZTP obtains values for three parameters from the DHCP server: tftp-server-name, boot-file-name, and log-servers.

If the log-servers option is set, ZTP will send the ZTP log to the server and local syslog at the same time.

ZTP then starts a TFTP client to get an upgrade script from the TFTP server defined in tftp-server-name. The script name is defined in boot-file-name. The upgrade script defines all upgrade procedures. The provision script is a Linux shell script, which is automatically run once it is downloaded from the TFTP server.

A typical PicOS provision target may include the following tasks:

  1. Back up L2/L3 configuration file, OVS configuration database, and boot list file.
  2. Back up user data files and application configuration files.
  3. Download PicOS image from TFTP server.
  4. Upgrade PicOS image.
  5. Reboot into new image.
  6. Update PicOS configuration files.
  7. Start PicOS application (L2/L3 or OVS).
  8. Configure PicOS application.

Upgrade Process Flow Chart  

DHCP Server Setup

ZTP depends on a DHCP server for obtaining the IP address of TFTP server, file name of the shell script, and IP address(es) of syslog server(s) in the following format:

host pica8-pxxxx {
hardware ethernet 08:9e:01:62:d5:62;
option bootfile-name "pica8/provision.script";
option tftp-server-name "xx.xx.xx.xx";
option log-servers xx.xx.xx.xx;
fixed-address xx.xx.xx.xx;
}

The elements of the segment above are described below:

  • host: Host name of the PicOS switch.
  • hardware ethernet: MAC address of the PicOS switch.
  • bootfile-name: File name of the shell scripts and its path relative to the TFTP root directory. 
  • tftp-server-name: IP address of the TFTP server.
  • log-servers: IP address of the log server that will receive logs from ZTP.
  • fixed-address: Optional. Configure a fixed IP address as management IP of the switch. 

PicOS switches send a vendor-class-identifier to the DHCP server in the format of pica8-pxxxx where xxxx is the switch model. It is possible for the customer to use the vendor-class-identifier to identify PicOS switches.

The Provision Script

Before using ZTP, the switch must be configured in two partitions (active partition and backup partition). The whole disk image needs to migrate to a different format. In the meantime, Pica8 has added some features to help users automatically provision the image and recover from a failed upgrade.

The provision script describes what PicOS software upgrade and configuration is required, as well as how it is executed. The script also defines the customer specific upgrade process.

There is a shell script named ztp-functions.sh, which provides some functions for ZTP. The ztp-functions.sh script is located in the /usr/local/bin directory.

The following variables are used in the provision scripts:

  1. version: PicOS software version.
  2. revision: PicOS software revision.
  3. sn: Serial number of the switch.
  4. eth0_mac: MAC address of the management interface eth0.
  5. switch_mac: MAC address of the switch.

Sample Provision Script

The following provision script is provided as a reference:

#!/bin/bash
source /usr/bin/ztp-functions.sh
if [ "$revision" != "9a07c32881" ]; then          
        tftp_get_picos_image onie-installer-picos-4.3.1.1-9a07c32881-x86.bin         
        if [ $? -ne 0 ]; then
                exit 1
        fi
        reboot
else
        #load xorp configuration
        l2l3_load_config ztpl2l3_cfg.cli
        if [ $? -ne 0 ]; then
                exit 1
        fi        
fi

Here is an example of ztpl2l3_cfg.cli:

set vlans vlan-id 20
set vlans vlan-id 30



Copyright © 2024 Pica8 Inc. All Rights Reserved.