Enabling the Guest Shell
To enable the guest shell on the Cisco CSR 1000v, running on AWS, first create an IAM instance role and establish trust with an EC2 service. Then you have a choice of either assigning the IAM instance role to a preexisting Cisco CSR 1000v instance see Assign an IAM Instance Role to a Cisco CSR 1000v Instance below or assigning the IAM instance role to a new Cisco CSR 1000v instance, see Assign an IAM Instance Role to a New Cisco CSR 1000v Instance.
Then perform further configuration steps on the Cisco CSR 1000v and enter the guest shell.
Create an IAM Instance Role
-
Sign into AWS, as an administrator with permissions to create an IAM Role
-
Click EC2 to enter the EC2 console.
-
Click IAM to enter the IAM console.
-
Click Roles.
-
Click Create new Role.
-
Enter a name for your app's role.
-
Click Continue.
-
Select a Role Type.
-
For the Amazon EC2 role type, click Select.
This establishes trust with an EC2 service.
-
Under "Set Permissions", click Select Policy Template.
-
Select a template (for example "Amazon S3 Full Access") by clicking Select. You can select multiple services. Use these to specify the access in further detail. For example, you can allow an IAM instance role to read from an S3 bucket, but not write to an S3 bucket.
-
Enter the role name.
-
Click Create Role.
Assign an IAM Instance Role to a Cisco CSR 1000v Instance
Specifying an IAM instance role is not a mandatory for accessing the guest shell. However, it will later allow you to access specific entities in the AWS account using a key/password that eliminates the need to save account information on the Cisco CSR 1000v.
Procedure
Step 1 |
Click EC2 to enter the EC2 dashboard. |
Step 2 |
Select one of your listed CSR 1000v instances, right-click and select Instance Setup, then select Attach/Replace IAM Role. |
Step 3 |
From the drop-down list, select an IAM instance role that you created previously. |
Step 4 |
Enter the following CLI configuration commands on the Cisco CSR 1000v and relaunch the Cisco CSR 1000v.
|
Assign an IAM Instance Role to a New Cisco CSR 1000v Instance
Procedure
Step 1 |
Launch a new CSR 1000v as an EC2 instance, and choose an instance type. |
Step 2 |
Click Next: Configure Instance Details. |
Step 3 |
Perform one of the following two steps:
|
Step 4 |
Enter the following CLI configuration commands on the Cisco CSR 1000v and relaunch the Cisco CSR 1000v.
|
Guest Shell Examples
The following examples show how to download packages in the Guest Shell on a Cisco CSR 1000v instance, and a few other useful guest shell commands.
-
Install packages using the
yum
orpip
commands. For example, enter the[guestshell@guestshell ~] sudo pip install awscli
command to install the AWS CLI and Amazon SDK.Collecting csr_aws_guestshell /usr/lib/python2.7/site-packages/pip-8.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/util/ssl_.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning. /usr/lib/python2.7/site-packages/pip-8.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. Downloading csr_aws_guestshell-0.0.7.dev.tar.gz Collecting awscli (from csr_aws_guestshell) Downloading awscli-1.11.145-py2.py3-none-any.whl (1.2MB) 100% |################################| 1.2MB 1.1MB/s Collecting boto (from csr_aws_guestshell) Downloading boto-2.48.0-py2.py3-none-any.whl (1.4MB) 100% |################################| 1.4MB 914kB/s Collecting boto3 (from csr_aws_guestshell) Downloading boto3-1.4.7-py2.py3-none-any.whl (128kB) 100% |################################| 133kB 8.5MB/s Collecting botocore==1.7.3 (from awscli->csr_aws_guestshell) Downloading botocore-1.7.3-py2.py3-none-any.whl (3.6MB) 100% |################################| 3.6MB 337kB/s Collecting rsa<=3.5.0,>=3.1.2 (from awscli->csr_aws_guestshell) Downloading rsa-3.4.2-py2.py3-none-any.whl (46kB) 100% |################################| 51kB 11.2MB/s Collecting s3transfer<0.2.0,>=0.1.9 (from awscli->csr_aws_guestshell) Downloading s3transfer-0.1.11-py2.py3-none-any.whl (54kB) 100% |################################| 61kB 11.5MB/s Collecting docutils>=0.10 (from awscli->csr_aws_guestshell) Downloading docutils-0.14-py2-none-any.whl (543kB) 100% |################################| 552kB 2.3MB/s Collecting colorama<=0.3.7,>=0.2.5 (from awscli->csr_aws_guestshell) Downloading colorama-0.3.7-py2.py3-none-any.whl Collecting PyYAML<=3.12,>=3.10 (from awscli->csr_aws_guestshell) Downloading PyYAML-3.12.tar.gz (253kB) 100% |################################| 256kB 4.7MB/s Collecting jmespath<1.0.0,>=0.7.1 (from boto3->csr_aws_guestshell) Downloading jmespath-0.9.3-py2.py3-none-any.whl Collecting python-dateutil<3.0.0,>=2.1 (from botocore==1.7.3->awscli->csr_aws_guestshell) Downloading python_dateutil-2.6.1-py2.py3-none-any.whl (194kB) 100% |################################| 194kB 5.7MB/s Collecting pyasn1>=0.1.3 (from rsa<=3.5.0,>=3.1.2->awscli->csr_aws_guestshell) Downloading pyasn1-0.3.3-py2.py3-none-any.whl (63kB) 100% |################################| 71kB 10.7MB/s Collecting futures<4.0.0,>=2.2.0; python_version == "2.6" or python_version == "2.7" (from s3transfer<0.2.0,>=0.1.9->awscli->csr_aws_guestshell) Downloading futures-3.1.1-py2-none-any.whl Collecting six>=1.5 (from python-dateutil<3.0.0,>=2.1->botocore==1.7.3->awscli->csr_aws_guestshell) Downloading six-1.10.0-py2.py3-none-any.whl Installing collected packages: six, python-dateutil, jmespath, docutils, botocore, pyasn1, rsa, futures, s3transfer, colorama, PyYAML, awscli, boto, boto3, csr-aws-guestshell Running setup.py install for PyYAML ... done Running setup.py install for csr-aws-guestshell ... done Successfully installed PyYAML-3.12 awscli-1.11.145 boto-2.48.0 boto3-1.4.7 botocore-1.7.3 colorama-0.3.7 csr-aws-guestshell-0.0.7.dev0 docutils-0.14 futures-3.1.1 jmespath-0.9.3 pyasn1-0.3.3 python-dateutil-2.6.1 rsa-3.4.2 s3transfer-0.1.11 six-1.10.0 /usr/lib/python2.7/site-packages/pip-8.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. You are using pip version 8.1.2, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [guestshell@guestshell ~]$
-
Having installed the AWS CLI, you can enter an aws s3
command such asaws s3 ls
.[guestshell@guestshell ~]$ aws s3 ls csr1kv 2017-08-09 02:55:27 446866343 ultra_166.bin [guestshell@guestshell ~]$
-
You can download a Cisco CSR 1000v AWS package containing sample scripts, using the
sudo pip install csr_aws_guestshell
command. For further information on this package, see https://github.com/CiscoDevNet/csr_aws_guestshell. Example:
The following scripts are included in the csr_aws_guestshell package:[guestshell@guestshell ~]$ sudo pip install csr_aws_guestshell Collecting csr_aws_guestshell /usr/lib/python2.7/site-packages/pip-8.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/util/ssl_.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning. /usr/lib/python2.7/site-packages/pip-8.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. Downloading csr_aws_guestshell-0.0.7.dev.tar.gz Collecting awscli (from csr_aws_guestshell) Downloading awscli-1.11.145-py2.py3-none-any.whl (1.2MB) 100% |################################| 1.2MB 1.1MB/s Collecting boto (from csr_aws_guestshell) Downloading boto-2.48.0-py2.py3-none-any.whl (1.4MB) 100% |################################| 1.4MB 914kB/s Collecting boto3 (from csr_aws_guestshell) Downloading boto3-1.4.7-py2.py3-none-any.whl (128kB) 100% |################################| 133kB 8.5MB/s Collecting botocore==1.7.3 (from awscli->csr_aws_guestshell) Downloading botocore-1.7.3-py2.py3-none-any.whl (3.6MB) 100% |################################| 3.6MB 337kB/s Collecting rsa<=3.5.0,>=3.1.2 (from awscli->csr_aws_guestshell) Downloading rsa-3.4.2-py2.py3-none-any.whl (46kB) 100% |################################| 51kB 11.2MB/s Collecting s3transfer<0.2.0,>=0.1.9 (from awscli->csr_aws_guestshell) Downloading s3transfer-0.1.11-py2.py3-none-any.whl (54kB) 100% |################################| 61kB 11.5MB/s Collecting docutils>=0.10 (from awscli->csr_aws_guestshell) Downloading docutils-0.14-py2-none-any.whl (543kB) 100% |################################| 552kB 2.3MB/s Collecting colorama<=0.3.7,>=0.2.5 (from awscli->csr_aws_guestshell) Downloading colorama-0.3.7-py2.py3-none-any.whl Collecting PyYAML<=3.12,>=3.10 (from awscli->csr_aws_guestshell) Downloading PyYAML-3.12.tar.gz (253kB) 100% |################################| 256kB 4.7MB/s Collecting jmespath<1.0.0,>=0.7.1 (from boto3->csr_aws_guestshell) Downloading jmespath-0.9.3-py2.py3-none-any.whl Collecting python-dateutil<3.0.0,>=2.1 (from botocore==1.7.3->awscli->csr_aws_guestshell) Downloading python_dateutil-2.6.1-py2.py3-none-any.whl (194kB) 100% |################################| 194kB 5.7MB/s Collecting pyasn1>=0.1.3 (from rsa<=3.5.0,>=3.1.2->awscli->csr_aws_guestshell) Downloading pyasn1-0.3.3-py2.py3-none-any.whl (63kB) 100% |################################| 71kB 10.7MB/s Collecting futures<4.0.0,>=2.2.0; python_version == "2.6" or python_version == "2.7" (from s3transfer<0.2.0,>=0.1.9->awscli->csr_aws_guestshell) Downloading futures-3.1.1-py2-none-any.whl Collecting six>=1.5 (from python-dateutil<3.0.0,>=2.1->botocore==1.7.3->awscli->csr_aws_guestshell) Downloading six-1.10.0-py2.py3-none-any.whl Installing collected packages: six, python-dateutil, jmespath, docutils, botocore, pyasn1, rsa, futures, s3transfer, colorama, PyYAML, awscli, boto, boto3, csr-aws-guestshell Running setup.py install for PyYAML ... done Running setup.py install for csr-aws-guestshell ... done Successfully installed PyYAML-3.12 awscli-1.11.145 boto-2.48.0 boto3-1.4.7 botocore-1.7.3 colorama-0.3.7 csr-aws-guestshell-0.0.7.dev0 docutils-0.14 futures-3.1.1 jmespath-0.9.3 pyasn1-0.3.3 python-dateutil-2.6.1 rsa-3.4.2 s3transfer-0.1.11 six-1.10.0 /usr/lib/python2.7/site-packages/pip-8.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. You are using pip version 8.1.2, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. [guestshell@guestshell ~]$
get-metadata.py —retrieves and prints instance metadata from AWS
get-route-table.py —retrieves instances in VPC along with routes, route tables, and associations
save-config-to-s3.py —saves Cisco IOS XE CLI commands to an S3 bucket
save-tech-support-to-s3.py —saves tech support output to an S3 bucket
load-bin-from-s3.py —downloads a .bin file for the Cisco CSR 1000v and reloads
get-stat-drop.py —retrieves CLI statistics and pushes them to cloudwatch
capture-interface.py —sets Cisco IOS XE CLI commands to monitor and capture packets for a period of time, then upload the file to S3
-
In the following example, the load-bin-from-s3.py script loads a binary from S3 and boots a Cisco CSR 1000v image:
[guestshell@guestshell ~]$ load-bin-from-s3.py csr1kv ultra_167.bin /bootflash/ultra_167.bin 446866343 / 446866343 (100.00%) Download Complete