Arista switches are really Linux servers optimized and programmed to be network switches. By this point in the book, that should not be a surprise, but what may be surprising is the depth to which you, the administrator, may gain access to the system.
Note
If you really don’t like the idea of junior engineers having access to bash, you can limit their access to bash using AAA.
To access bash, type the command bash from the enable prompt:
Arista-1#bash
Arista Networks EOS shell
[GAD@Arista-1 ~]$At this point, I am within a bash shell on the switch. The prompt, by
default, will be [username@hostname
directory]$. In the
previous example, I logged in to the switch with my username (GAD), as
configured in the EOS CLI. I have not created a username in Unix; the switch
took care of that for me.
At this point, I have just about all the control that I would have as a user in Linux. I am not a superuser, and my home directory is empty:
[GAD@Arista-1 ~]$ ls
[GAD@Arista-1 ~]$I can navigate around the filesystem, just like I can on a Linux server:
[GAD@Arista-1 ~]$cd /[GAD@Arista-1 /]$cd /usr/[GAD@Arista-1 usr]$lsbin etc games include kerberos lib libexec local sbin share src tmp
If you’re at all familiar with Linux, then you’ll be right at home in this bash shell:
[GAD@Arista-1 usr]$ ls -alh
total 0
drwxr-xr-x 13 root root 203 Oct 11 05:56 .
drwxr-xr-x 29 root root 220 Oct 27 20:41 ..
dr-xr-xr-x 2 root root 13K Oct 11 05:57 bin
drwxr-xr-x 2 root root 3 Aug 25 2009 etc
drwxr-xr-x 2 root root 3 Aug 25 2009 games
drwxr-xr-x 3 root root 53 Oct 11 05:56 include
drwxr-xr-x 3 root root 28 Oct 11 05:56 kerberos
dr-xr-xr-x 28 root root 35K Oct 11 05:57 lib
drwxr-xr-x 5 root root 377 Oct 11 05:56 libexec
drwxr-xr-x 11 root root 127 Oct 11 05:56 local
dr-xr-xr-x 2 root root 2.4K Oct 11 05:57 sbin
drwxr-xr-x 57 root root 896 Oct 11 05:57 share
drwxr-xr-x 4 root root 43 Oct 11 05:56 src
lrwxrwxrwx 1 root root 10 Oct 11 16:49 tmp -> ../var/tmpTo prove the point that an Arista switch is a Linux server with specialized interface hardware, I’ll show the network interfaces from bash:
[GAD@Arista-1 usr]$ ifconfig -a
cpu Link encap:Ethernet HWaddr 00:1C:73:08:FA:49
UP BROADCAST RUNNING MULTICAST MTU:9216 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1080 (1.0 KiB) TX bytes:0 (0.0 b)
et1 Link encap:Ethernet HWaddr 00:1C:73:08:FA:49
UP BROADCAST RUNNING MULTICAST MTU:9212 Metric:1
RX packets:33944 errors:0 dropped:0 overruns:0 frame:0
TX packets:62802 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4209056 (4.0 MiB) TX bytes:9981736 (9.5 MiB)
et2 Link encap:Ethernet HWaddr 00:1C:73:08:FA:49
UP BROADCAST MULTICAST MTU:9212 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[-- output truncated --][GAD@Arista-1 usr]$ vmstat 5 5
procs ----------memory---------- -swap- --io- --system-- -----cpu-----
r b swpd free buff cache si so bi bo in cs us sy id wa st
0 0 0 754368 104220 752528 0 0 0 0 16 10 8 1 91 0 0
0 0 0 754376 104220 752548 0 0 0 0 1037 1266 8 1 91 0 0
1 0 0 754376 104220 752548 0 0 0 0 1025 1238 7 1 91 0 0
0 0 0 754376 104220 752548 0 0 0 0 1073 1359 8 1 91 0 0
0 0 0 754376 104220 752548 0 0 0 0 1040 1284 7 1 91 0 0I feel it is important to reiterate that all these Linux commands work because the Arista switch is a Linux machine. This is not a bash emulation; this is bash. It is more accurate to think that the CLI on the Arista switch is a switch OS emulation; although to be painfully accurate, that is not right either.
The CLI environment on an Arista switch is a process in Linux. We
can see this from bash by executing the command, Cli. Here, I’ll spawn a CLI session, execute the
CLI command, show clock, and then exit. Exiting a spawned CLI session returns me from whence I
came—the bash shell:
[GAD@Arista-1 usr]$CliArista-1> Arista-1>sho clockMon Nov 7 19:20:55 2011 timezone is UTC Arista-1>exit[GAD@Arista-1 usr]$
The Cli command has some pretty
interesting options. Just like most other Linux commands, I can see them by
appending --help at the command
line:
[GAD@Arista-1 usr]$ Cli --help
Usage: Cli [options]
Options:
-h, --help show this help message and exit
-s SYSNAME, --sysname=SYSNAME
system name (default: ar)
-k SYSDBSOCKNAME, --sysdbsockname=SYSDBSOCKNAME
Specify the unix domain socket of the
upstream Sysdb process
-l, --standalone run in standalone mode (without Sysdb).
Implies --disable-aaa
--pdb run under pdb
-c COMMAND, --command=COMMAND
run COMMAND non-interactively; separate
multiple commands with carriage returns
-A, --disable-aaa Do not communicate with the Aaa agent. This
disables authentication, authorization and
accounting of commands executed in this Cli
instance.
-M, --disable-automore
Do not apply paging filter for show commands
executed in this Cli instance.
-e, --echo echo commands when running non-interactively
-p PRIVILEGE, --privilege=PRIVILEGE
Start the session with this privilege level.
Legal values are 0-15 (default: 1)
-i PLUGINS, --plugin=PLUGINS
Load this plugin explicitly, and suppress
normal plugin search. May be specified
repeatedly.
-I, --no-plugins suppress any plugins from loading
-G, --disable-guards Do not guard any commands.One of the more interesting options is the -c command or --command=command
choices. Using these options, I can execute CLI commands from within bash.
For example, while in bash, executing Cli –c "sho
ver" will spawn a CLI process, execute the CLI command show version, then exit, reporting the output
to stdout:
[GAD@Arista-1 usr]$ Cli -c "sho ver"
Arista DCS-7124S-F
Hardware version: 07.00
Serial number: JSH10426696
System MAC address: 001c.7308.fa49
Software image version: 4.8.1
Architecture: i386
Internal build version: 4.8.1-495947.2011eric481Showstopper
Internal build ID: b15379fb-13e9-4255-819f-e55dde3c3471
Uptime: 1 week, 3 days, 22 hours and 46 minutes
Total memory: 2043424 kB
Free memory: 733244 kB
[GAD@Arista-1 usr]$Because this is Linux, I can pipe other commands too. Here, I’ll use
grep to only show the line containing the
word “image”:
[GAD@Arista-1 usr]$ Cli -c "sho ver" | grep image
Software image version: 4.8.1For my next trick, I’ll redirect the output to a file; but first, I need to be back in my home directory where I have write permissions:
[GAD@Arista-1 usr]$cd ~[GAD@Arista-1 ~]$ [GAD@Arista-1 ~]$Cli -c "sho ver" | grep image > GAD.txt
I should now have a file in my home directory named GAD.txt that contains the output from my command. Let’s take a look:
[GAD@Arista-1 ~]$ ls
GAD.txtSure enough, there it is. Using cat should work, and it does:
[GAD@Arista-1 ~]$ cat GAD.txt
Software image version: 4.8.1
[GAD@Arista-1 ~]$Be careful here though! Writing files to my home directory is great, but I learned the hard way that anything written to the filesystem does not survive a reboot.
Warning
That’s worth a more prominent warning. Anything you write to the filesystem will not survive a reboot. There are only a few directory structures that remains untouched by a reboot: /mnt/flash, /mnt/usb1 (if installed), and the SSD drive if your switch has one. If you want the output of your scripts or commands to be saved after a reboot, you must store them in one of these locations. You have been warned!
Just as I could run a CLI command through the Cli command in Linux, I can run bash commands from
the bash command in CLI. Sure, that may
sound like circular logic, but let me show you what I mean.
Remember how I got into bash from CLI? I typed the command bash:
Arista-1#bash
Arista Networks EOS shell
[GAD@Arista-1 ~]$That’s pretty cool, but what if I just need the output of a single command, and don’t want to go through the hassle of dropping into bash, executing the command and exiting again? Good news! I can execute bash commands from CLI, without actually dropping to the bash command line. All I have to do is append the Linux command I want to run.
Let’s say that I wanted to get the output of the Linux command,
uname –a. To do this from CLI, all I need
to do is issue the command bash uname –a.
This will return the output from the Unix command to me without ever leaving
CLI:
Arista-1#bash uname -a
Linux Arista-1 2.6.32.28.Ar-488566.2011fruggeri481 #1 SMP PREEMPT Thu
Sep 29 02:20:09 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
Arista-1#Note that any commands you execute will be relative to your home
directory. Thus, logged in as GAD, if I ask for my current directory with
the Unix pwd command, I will get the
following results:
Arista#bash pwd
/home/GADThis book is loaded with examples where I use bash commands through CLI, or use the bash shell. Once you get the hang of how this works, you’ll start to appreciate the power inherent in the design of Arista switches. Once you feel the power, you’ll cringe every time you have to use another vendor’s switch.