Extreme Networks

Tomasz · ‎04-07-2021

Hello,

I was encouraged today to make a script that would help with EXOS switches when admin password is lost (especially those with Python support but without one-time password login option, few versions in G1 release train). It was fun indeed and I’m looking for more.

There might be a problem when the admin password is forgotten and there is no failsafe account; moreover, in some older firmware versions (that yet support Python) there is no option for one-time password generated by GTAC. Rebooting the switch and loading factory defaults from bootrom is ok but it gives not only few minutes of downtime, we have to apply the config again. So I’ve made some silly play to even start with Python here and created a script which is responsible for creating default.xsf from the running configuration - all but the custom admin password.

cmdout_lines = exsh.clicmd("show conf",True).splitlines()

exsh.clicmd("rm default.xsf")
target = open("/usr/local/cfg/default.xsf", "w+")


for line in cmdout_lines:
        if not "configure account admin encrypted" in line:
                target.write(line+"\n")

target.close()

The result is, when a switch is unconfigured, everything is back there immediately but the admin password is blank again. Outage duration is minimized to a reboot time and no manual intervention is needed after.

My next step will be turning this into a process that could redo default.xsf with some intervals.

I’m issuing ‘rm default.xsf’ each time to just omit checking if the file exists.

If this could help anyone, I’m glad it did. If you have any comments how this could be improved (from functional perspective or from programming perspective - I’m not a software dev at all), I’d really appreciate them.

Perhaps it would be more elegant to create some API-based trigger to default the admin password remotely or set it to some another default-like string, but I don’t know if that is possible.

Kind regards,

Tomasz

GeorgeZ_ · ‎05-04-2021

Please ignore my last post, I have found the answer 🙂

Even I’m using 31.1, I think show conf through Python SDK is still the same case.

eeb94e1a96dc46b3a81955c9d27a506c_69ebf2b9-8ae7-45a2-9e7e-53041ad67d75.png

Thanks,

George

GeorgeZ_ · ‎05-03-2021

Hi Tomasz,

I have tried this python process, api.exec_cli does not return anything, no matter what command I use, It always returns empty string or list if splitlines() is used.

For testing, I have create following script.

from exos import api
import time

while(True):
        cmdout_lines = api.exec_cli(["show conf"]).splitlines()
        print(cmdout_lines)
        time.sleep(60)

And only empty list is showing up in serial console. Do you have any idea why this is not working?

Thanks,

George

Tomasz · ‎04-07-2021

Made it a bit different now. The code:

from exos import api
import time

api.exec_cli(["create log message \"Starting smartbak\""])

while(True):
        api.exec_cli(["create log message \"Running smartbak loop iteration\""])
        cmdout_lines = api.exec_cli(["show conf"]).splitlines()
        api.exec_cli(["rm default.xsf"])
        target = open("/usr/local/cfg/default.xsf", "w+")
        for line in cmdout_lines:
                if not "configure account admin encrypted" in line:
                        target.write(line+"\n")
        target.close()
        time.sleep(3600)

Such .py can be executed with ‘create process -name- python-module -filename.py- start auto’.

It saves the running config to default.xsf without admin password every hour. Gotta make it more ‘pro’ with logging and introduce interval as an argument appended to the command above.

Cheers,

Tomasz

Stefan_K_ · ‎04-07-2021

Aah, now that makes sense! hehe 😄

Yeah, that was also my thinking. I thought that you maybe know this. I would assume that it is “unconfigure switch all”…

Thank you!

Stefan

Extreme Networks

My first approach to .py in EXOS - restore config without admin password

My first approach to .py in EXOS - restore config without admin password