Once you have completed the tasks specified in the prerequisites section, you can use the following procedure to deploy and
launch ESC instance in CSP 2100. Following are the three deployment alternatives available for CSP 2100.
ESC with Single and Dual Interface
To install ESC in CSP, you must create the user-data in the following format as the day0 configuration file:
A sample for single interface describing the day zero file as config drive and user data is as follows:
#cloud-config
users:
- name: admin # The user's login name
gecos: admin # The user name's real name
groups: esc-user # add admin to group esc-user
passwd: $6$rounds=4096$Yo11pRsFO$iT5SGMJ6z8WEnmj8TKMdInblgWeb/UChmrsQs3aspx8j.yUuuhxKk2XScOkerWWxpqD5F0sLfC5kzT5t2xGkL1
# The hash -- not the password itself -- of the password you want
# to use for this user. You can generate a safe hash via:
# mkpasswd --method=SHA-512 --rounds=4096
lock-passwd: false # Defaults to true. Lock the password to disable password login
# Set to false if you want to password login
homedir: /home/admin # Optional. Set to the local path you want to use. Defaults to /home/<username>
sudo: ALL=(ALL) ALL # Defaults to none. Set to the sudo string you want to use
ssh_pwauth: True # Defaults to False. Set to True if you want to enable password authentication for sshd.
write_files:
# System Configuration
- path: /etc/cloud/cloud.cfg.d/sys-cfg.yaml
content: |
network: # Network configuration
version: 1 # Network config version 1
config:
- type: physical # Represents a “physical” network device, typically Ethernet-based.
name: eth0 # The network device name
subnets: # Multiple subnet entries can be defined under this portion.{}
- type: static # Specify the subnet type. set to 'static' to configure this interface with a static IPv4.
address: 10.0.0.40 # ESC's Static IP Address
netmask: 255.255.255.128 # Netmask
dns_nameservers: ['10.0.0.1']
routes:
- gateway: 10.0.0.1 # Default Gateway
network: 0.0.0.0
netmask: 0.0.0.0
# ESC Configuration
- path: /opt/cisco/esc/esc-config/esc-cfg.yaml
content: |
confd:
init_aaa_users:
- name: admin
passwd: $6$rounds=4096$Yo11pRsFO$iT5SGMJ6z8WEnmj8TKMdInblgWeb/UChmrsQs3aspx8j.yUuuhxKk2XScOkerWWxpqD5F0sLfC5kzT5t2xGkL1
escmanager:
open_ports:
- '8080'
- '8443'
url:
- http://0.0.0.0:8080/ESCManager
- https://0.0.0.0:8443/ESCManager
esc_service: {}
# Networking
- path: /opt/cisco/esc/esc-config/esc-config.xml
content: |
<?xml version="1.0" ?>
<esc>
<esc-cloud>
<http_rest enabled="true"/>
<auth enabled="false"/>
<https_rest enabled="false"/>
</esc-cloud>
<esc-service>
<service-init/>
</esc-service>
</esc>
# Params
- path: /opt/cisco/esc/esc-config/esc_params.conf
content: |
default.enable_cascade_deletion=true
bootcmd:
- [ cloud-init-per, once, disable_ipv6_eth0, sh, -c, "echo net.ipv6.conf.eth0.disable_ipv6 = 1 >> /etc/sysctl.conf"]
# Update the ESC-HOST value with your own hostname
- [ cloud-init-per, once, update_host_name, sh, -c, "echo ESC-HOST >> /etc/hostname && hostnamectl set-hostname ESC-HOST"]
- [ cloud-init-per, once, update_hosts, sh, -c, "echo 127.0.0.1 ESC-HOST >> /etc/hosts"]
runcmd:
- [ cloud-init-per, once, confd_keygen_root, sh, -c, "/usr/bin/escadm confd keygen --user root"]
- [ cloud-init-per, once, confd_keygen_admin, sh, -c, "/usr/bin/escadm confd keygen --user admin"]
- [ cloud-init-per, once, esc_service_start, sh, -c, "chkconfig esc_service on && service esc_service start"] # You must include this line
A sample for dual interfaces describing the day zero file as config drive and user data is as follows:
You can configure an ethernet-based physical network device with a static IPv4 in ESC .
#cloud-config
users:
- name: admin # The user's login name
gecos: admin # The user name's real name
groups: esc-user # add admin to group esc-user
passwd: $6$rounds=4096$Yo11pRsFO$iT5SGMJ6z8WEnmj8TKMdInblgWeb/UChmrsQs3aspx8j.yUuuhxKk2XScOkerWWxpqD5F0sLfC5kzT5t2xGkL1
# The hash -- not the password itself -- of the password you want
# to use for this user. You can generate a safe hash via:
# mkpasswd --method=SHA-512 --rounds=4096
lock-passwd: false # Defaults to true. Lock the password to disable password login
# Set to false if you want to password login
homedir: /home/admin # Optional. Set to the local path you want to use. Defaults to /home/<username>
sudo: ALL=(ALL) ALL # Defaults to none. Set to the sudo string you want to use
ssh_pwauth: True # Defaults to False. Set to True if you want to enable password authentication for sshd.
write_files:
# System Configuration
- path: /etc/cloud/cloud.cfg.d/sys-cfg.yaml
content: |
network: # Network configuration
version: 1 # Network config version 1
config:
- type: physical # Represents a “physical” network device, typically Ethernet-based.
name: eth0 # The network device name
subnets: # Multiple subnet entries can be defined under this portion.{}
- type: static # Specify the subnet type. set to 'static' to configure this interface with a static IPv4.
address: 10.0.0.40 # ESC's Static IP Address
netmask: 255.255.255.128 # Netmask
dns_nameservers: ['10.0.0.1']
routes:
- gateway: 10.0.0.1 # Default Gateway
network: 0.0.0.0
netmask: 0.0.0.0
- type: physical # Represents a “physical” network device, typically Ethernet-based.
name: eth1 # The network device name
subnets: # Multiple subnet entries can be defined under this portion.{}
- type: static # Specify the subnet type. set to 'static' to configure this interface with a static IPv4.
address: 192.168.0.40 # ESC's Static IP Address
netmask: 255.255.255.128 # Netmask
dns_nameservers: []
routes:
- gateway: 192.168.0.1 # Default Gateway
network: 192.168.0.0
netmask: 255.255.255.128
# ESC Configuration
- path: /opt/cisco/esc/esc-config/esc-cfg.yaml
content: |
confd:
init_aaa_users:
- name: admin
passwd: $6$rounds=4096$Yo11pRsFO$iT5SGMJ6z8WEnmj8TKMdInblgWeb/UChmrsQs3aspx8j.yUuuhxKk2XScOkerWWxpqD5F0sLfC5kzT5t2xGkL1
escmanager:
open_ports:
- '8080'
- '8443'
url:
- http://0.0.0.0:8080/ESCManager
- https://0.0.0.0:8443/ESCManager
esc_service: {}
# Networking
- path: /opt/cisco/esc/esc-config/esc-config.xml
content: |
<?xml version="1.0" ?>
<esc>
<esc-cloud>
<network gateway="10.0.0.1" hostname="VAR_LOCAL_HOSTNAME" ipv6_autoconf="no" networking="yes" networking_ipv6="yes" nozeroconf="yes">
<interface bootproto="none" device="eth1" ipaddr="192.168.0.40" ipv4_failure_fatal="yes" ipv6init="no" name="System_eth1" netmask="255.255.255.128" nm_controlled="no" onboot="yes" type="Ethernet"/>
<resolv/>
</network>
<http_rest enabled="true"/>
<auth enabled="false"/>
<https_rest enabled="false"/>
</esc-cloud>
<esc-service>
<service-init/>
</esc-service>
</esc>
# Params
- path: /opt/cisco/esc/esc-config/esc_params.conf
content: |
default.enable_cascade_deletion=true
bootcmd:
- [ cloud-init-per, once, disable_ipv6_eth0, sh, -c, "echo net.ipv6.conf.eth0.disable_ipv6 = 1 >> /etc/sysctl.conf"]
# Update the ESC-HOST value with your own hostname
- [ cloud-init-per, once, update_host_name, sh, -c, "echo ESC-HOST >> /etc/hostname && hostnamectl set-hostname ESC-HOST"]
- [ cloud-init-per, once, update_hosts, sh, -c, "echo 127.0.0.1 ESC-HOST >> /etc/hosts"]
runcmd:
- [ cloud-init-per, once, confd_keygen_root, sh, -c, "/usr/bin/escadm confd keygen --user root"]
- [ cloud-init-per, once, confd_keygen_admin, sh, -c, "/usr/bin/escadm confd keygen --user admin"]
- [ cloud-init-per, once, esc_service_start, sh, -c, "chkconfig esc_service on && service esc_service start"] # You must include this line
Creating ESC passwords to use in Day0 Files
When using the Cloud-Init day0 file to deploy an ESC instance, the passwords must be passed in as a hash, and not a plain
text.
To create a hashed password, use the mkpasswd tool. The following example shows how to use the mkpasswd tool to create a hashed
password.
~$ mkpasswd --method=SHA-512 --rounds=4096
Password:
$6$rounds=4096$Yo11pRsFO$iT5SGMJ6z8WEnmj8TKMdInblgWeb/UChmrsQs3aspx8j.yUuuhxKk2XScOkerWWxpqD5F0sLfC5kzT5t2xGkL1