Configuring a Guest Shell on Cisco Routers.
Step 1: Enable IOx
- On cisco IOS XE CRS1000v router configure the following command.
config t
iox
endIox will take some time to start. So wait about 5 minutes
- Issue following command to check status of IOx service
show iox-serviceFollowing output will be seen
IOx Infrastructure Summary:
---------------------------
IOx service (CAF) 1.8.0.3 : Running
IOx service (HA) : Not Supported
IOx service (IOxman) : Running
Libvirtd 1.3.4 : RunningIOxman and Libvirtd services must be running to enable GuestShell successfully.
Step 2: Enabling Guest Shell
Configuration must be done to enable communication of Guest Shell container with outside network and ISO-XE router.
To enable the communication between container and IOS XE router it is necessary to create a new VirtualPortGroup interface,
VirtualPortGroup interface should be in same broadcast domain as the Guest Shell container.
Network configuration on the host router.
- Configure following commands:
conf t
interface VirtualPortGroup0
ip address 172.16.1.1 255.255.255.0
endNetwork configuration of the Container.
Guest Shell should be configured with IP address, default gateway and DNS server.
- Configure following commands:
conf t
app-hosting appid guestshell
vnic gateway1 virtualportgroup 0 guest-interface 0 guest-ipaddress 172.16.1.2 netmask 255.255.255.0 gateway 172.16.1.1 name-server 8.8.8.8
endNAT configuration of the host.
- Container should be connected to internet and to achieve this NAT should be configured:
conf t
interface VirtualPortGroup0
ip nat inside
!
interface GigabitEthernet3
ip nat outside
!
ip access-list extended NAT-ACL
permit ip 172.16.1.0 0.0.0.255 any
!
ip nat inside source list NAT-ACL interface GigabitEthernet3 overload
endAll required configurations are done and router is ready to start Guest Shell:
Stating Guest Shell
- To enable the Guest Shell, Type the following command:
guestshell enablefollowing output will be seen:
Interface will be selected if configured in app-hosting
Please wait for completion
guestshell activated successfully
Current state is: ACTIVATED
guestshell started successfully
Current state is: RUNNING
Guestshell enabled successfullyVerify your Guest Shell
- Type the following command:
#show app-hosting detail
App id : guestshell
Owner : iox
State : RUNNING
Application
Type : lxc
Name : GuestShell
Version : 2.5.1
Description : Cisco Systems Guest Shell XE for x86_64
Path : /guestshell/:guestshell.tar
Activated profile name : custom
Resource reservation
Memory : 512 MB
Disk : 1 MB
CPU : 800 units
VCPU : 1
Attached devices
Type Name Alias
---------------------------------------------
serial/shell iox_console_shell serial0
serial/aux iox_console_aux serial1
serial/syslog iox_syslog serial2
serial/trace iox_trace serial3
Network interfaces
---------------------------------------
eth0:
MAC address : 52:54:dd:55:f2:70
IPv4 address : 192.168.1.2
Network name : VPG0
Port forwarding
Table-entry Service Source-port Destination-port
---------------------------------------------------Step 3: Working with the Guest Shell
- To enter Guest Shell, give following command:
guestshellGuest Shell container provides CentOS flavor and shell.
sudo command are allowed without a password as the guestshell user is member of sudo group.
- Let us play around with the shell:
[guestshell@guestshell ~]$ pwd
/home/guestshell
[guestshell@guestshell ~]$ whoami
guestshell
[guestshell@guestshell ~]$ hostnamectl
Static hostname: guestshell
Icon name: computer-container
Chassis: container
Machine ID: d1133315e44e4ef0b1baef5c0d0eecc9
Boot ID: 36e84546a1b147ec928b2f9036d87ec3
Virtualization: lxc-libvirt
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 4.19.64
Architecture: x86-64
[guestshell@guestshell ~]$
[guestshell@guestshell ~]$ cat /etc/centos-release
CentOS Linux release 7.5.1804 (Core)Running CLI command from Guest Shell
- Type CLI command from within the guest shell use dohost binary:
[guestshell@guestshell ~]$ dohost "sho ip int brief"
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 10.0.0.1 YES NVRAM up up
GigabitEthernet2 10.255.255.1 YES NVRAM down down
GigabitEthernet3 192.168.0.169 YES NVRAM down down
Loopback1 88.88.88.88 YES NVRAM up up
VirtualPortGroup0 172.16.1.1 YES NVRAM up up
[guestshell@guestshell ~]$Installing git and nano on Guest Shell
- Type following CLI command in guest shell:
[guestshell@guestshell ~]$ sudo yum install -y git nanoCloning RSTForum git repository
- Type following CLI command in guest shell:
[guestshell@guestshell ~]$ git clone https://github.com/RSTForum/knowledgebase Build env: NETCONF / RESTCONF/ ANSIBLE
- Type following CLI command in guest shell:
[guestshell@guestshell ~]$ cd knowledgebase/netconf/
[guestshell@guestshell netconf]$ sudo pip install -r requirements.txtSetup SSH with Host Machine
- Run following CLI command in guest shell:
[guestshell@guestshell netconf]$ ssh [email protected]
The authenticity of host '10.0.0.1 (10.0.0.1)' can't be established.
RSA key fingerprint is SHA256:nJ+pjK9MKzpHnHhZgBOEBS+XxXr5r85ZYJDfYDuLeX0.
RSA key fingerprint is MD5:21:bf:73:78:a2:ef:77:c3:40:10:a8:4c:5c:92:88:4b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.1' (RSA) to the list of known hosts.
[email protected]'s password:Check Python NETCONF Script
- Type following CLI command in guest shell:
[guestshell@guestshell netconf]$ python get-int-details.py
----------------------
<?xml version="1.0" ?>
<rpc-reply message-id="urn:uuid:21ab2152-b9c9-4a02-b3d1-41247747c000" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<interface>
<GigabitEthernet>
<name xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">2</name>
<description>RSTForum NETCONF Script</description>
<ip>
<address>
<primary>
<address>10.255.255.1</address>
<mask>255.255.255.0</mask>
</primary>
</address>
</ip>
<mop>
<enabled>false</enabled>
<sysid>false</sysid>
</mop>
<negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<auto>true</auto>
</negotiation>
</GigabitEthernet>
</interface>
</native>
</data>
</rpc-reply>
----------------------Test cURL RESTCONF Script
- Type following CLI command in guest shell:
[guestshell@guestshell netconf]$ curl -i -k -X "GET" "https://10.0.0.1:443/restconf/data/Cisco-IOS-XE-native:native/interface?fields=GigabitEthernet/ip/address/primary;name" -H 'Accept: application/yang-data+json' -u 'cisco:cisco'
----------------------
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 12 Jun 2020 15:26:51 GMT
Content-Type: application/yang-data+json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
{
"Cisco-IOS-XE-native:ip": {
"address": {
"primary": {
"address": "10.255.255.1",
"mask": "255.255.255.0"
}
}
}
}
[guestshell@guestshell restconf]$