I was encouraged today to make a script that would help with EXOS switches when admin password is lost (especially those with Python support but without one-time password login option, few versions in G1 release train). It was fun indeed and I’m looking for more.
There might be a problem when the admin password is forgotten and there is no failsafe account; moreover, in some older firmware versions (that yet support Python) there is no option for one-time password generated by GTAC. Rebooting the switch and loading factory defaults from bootrom is ok but it gives not only few minutes of downtime, we have to apply the config again. So I’ve made some silly play to even start with Python here and created a script which is responsible for creating default.xsf from the running configuration - all but the custom admin password.
cmdout_lines = exsh.clicmd("show conf",True).splitlines()
target = open("/usr/local/cfg/default.xsf", "w+")
for line in cmdout_lines:
if not "configure account admin encrypted" in line:
The result is, when a switch is unconfigured, everything is back there immediately but the admin password is blank again. Outage duration is minimized to a reboot time and no manual intervention is needed after.
My next step will be turning this into a process that could redo default.xsf with some intervals.
I’m issuing ‘rm default.xsf’ each time to just omit checking if the file exists.
If this could help anyone, I’m glad it did. If you have any comments how this could be improved (from functional perspective or from programming perspective - I’m not a software dev at all), I’d really appreciate them.
Perhaps it would be more elegant to create some API-based trigger to default the admin password remotely or set it to some another default-like string, but I don’t know if that is possible.