Arista switches are really Linux servers optimized and programmed to be network switches. By this point in the book, that should not be a surprise, but what might be surprising is the depth to which you, the administrator, can gain access to the system.
If you really don’t like the idea of junior engineers having access to Bash, you can limit their access to it by using AAA.
To access Bash, type the command bash
from the enable prompt:
Arista-7280#bash Arista Networks EOS shell [admin@Arista-7280 ~]$
At this point, I am within a Bash shell on the switch. The prompt, by default, will be [username@hostname directory]$
. In the previous example, I logged in to the switch with the default username (admin). I have not created a username in Unix; the switch took care of that for me.
At this point, I have just about all the control that I would have as a user in Linux. I am not a superuser, and my home directory is empty:
[admin@Arista-7280 ~]$ ls [admin@Arista-7280 ~]$
I can navigate around the filesystem, just like I can on a Linux server:
[admin@Arista-7280 ~]$ cd / [admin@Arista-7280 /]$ cd /usr/ [admin@Arista-7280 usr]$ ls bin etc games include lib libexec local sbin share src tmp [admin@Arista-7280 usr]$
If you’re at all familiar with Linux, you’ll be right at home in this Bash shell:
[admin@Arista-7280 usr]$ ls -alh total 0 drwxr-xr-x 16 root root 120 Oct 29 21:28 . drwxr-xr-x 29 root root 320 Nov 14 19:33 .. dr-xr-xr-x 2 root root 880 Nov 14 19:34 bin drwxr-xr-x 2 root root 3 Jul 19 2012 etc drwxr-xr-x 2 root root 3 Jul 19 2012 games drwxr-xr-x 5 root root 101 Oct 29 21:28 include dr-xr-xr-x 77 root root 5.1K Nov 14 19:33 lib drwxr-xr-x 10 root root 551 Oct 29 21:30 libexec drwxr-xr-x 11 root root 127 Oct 29 21:28 local dr-xr-xr-x 2 root root 60 Nov 14 19:33 sbin drwxr-xr-x 85 root root 220 Oct 29 21:30 share drwxr-xr-x 4 root root 43 Oct 29 21:28 src lrwxrwxrwx 1 root root 10 Nov 2 07:10 tmp -> ../var/tmp [admin@Arista-7280 usr]$
To prove the point that an Arista switch is a Linux server with specialized interface hardware, I’ll show the network interfaces from Bash:
[admin@Arista-7280 ~]$ ifconfig -a | more cpu: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9216 ether 00:1c:73:90:93:cf txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 cpudebug: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9216 ether 00:1c:73:90:93:cf txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 et1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9214 ether 00:1c:73:90:93:cf txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 504 bytes 64328 (62.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [-- output truncated --]
[admin@Arista-7280 ~]$ vmstat 1 5 procs -----------memory--------- -swap- ---io-- -system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 0 119916 225664 1820532 0 0 232 25 420 385 14 3 83 1 0 0 0 119908 225664 1820532 0 0 0 0 1294 605 1 0 99 0 0 0 0 119908 225664 1820532 0 0 0 0 1940 2115 4 1 95 0 0 0 0 119908 225664 1820532 0 0 0 0 1617 1316 2 0 98 0 0 0 0 119908 225664 1820532 0 0 0 0 1435 884 2 0 98 0
I feel it is important to reiterate that all of these Linux commands work because the Arista switch is a Linux machine. This is not a bash emulation; this is bash. It is more accurate to think that the command-line interface (CLI) on the Arista switch is a switch OS emulation; although to be painfully accurate, that is not right, either.
The CLI environment on an Arista switch is a process in Linux. We can see this from Bash by executing the command Cli
. Here, I spawn a CLI session, execute the CLI command show clock
, and then exit. Exiting a spawned CLI session returns me from whence I came—the Bash shell:
[admin@Arista-7280 ~]$ Cli Arista-7280>sho clock Mon Nov 14 19:58:21 2016 Timezone: UTC Clock source: local Arista-7280>exit [admin@Arista-7280 usr]$
The Cli
command has some pretty interesting options. Just like most other Linux commands, I can see them by appending --help
at the command line:
[admin@Arista-7280R ~]$ Cli --help usage: Cli [-h] [-s SYSNAME] [-k SYSDBSOCKNAME] [-l] [--pdb] [-c COMMAND] [-A] [-M] [-e] [-E] [-p PRIVILEGE] [-i PLUGINS] [-I] [-G] [--startup-config] [--disable-autocomplete] [-T STANDALONE_SHELL_TIMEOUT] [--completions COMPLETIONS] [config-filename] [--output truncated--]
One of the more interesting options is the -c
command
or --command=command
choice. Using these options, I can execute CLI commands from within Bash. For example, while in Bash, executing Cli –c “sho ver”
spawns a CLI process, executes the CLI command show version
, and then exits, reporting the output to stdout:
[admin@Arista-7280R ~]$ Cli -c "sho ver" Arista DCS-7280SR-48C6-M-F Hardware version: 21.05 Serial number: SSJ17290598 System MAC address: 2899.3abe.9f92 Software image version: 4.21.1F Architecture: i386 Internal build version: 4.21.1F-9887494.4211F Internal build ID: 1497e24b-a79b-48e7-a876-43061e109b92 Uptime: 0 weeks, 0 days, 4 hours and 32 minutes Total memory: 32458980 kB Free memory: 30390680 kB
Because this is Linux, I can pipe other commands, too. Here, I use grep
to show only the line containing the word image:
[admin@Arista-7280R ~]$ Cli -c "sho ver" | grep image Software image version: 4.21.1F
For my next trick, I redirect the output to a file:
[admin@Arista-7280R ~]$ Cli -c "show ver" | grep image > GAD.txt [admin@Arista-7280R ~]$
I should now have a file in my home directory named GAD.txt that contains the output from my command. Let’s take a look:
[admin@Arista-7280R ~]$ ls GAD.txt
Sure enough, there it is. Using cat
should work, and it does:
[admin@Arista-7280R ~]$ cat GAD.txt Software image version: 4.21.1F
Be careful here, though! Writing files to my home directory is great, but I learned the hard way that anything written to the filesystem does not survive a reboot.
That’s worth a more prominent warning. Anything you write to the filesystem will not survive a reboot. There are only a few directory structures that remains untouched by a reboot: /mnt/flash, /mnt/ usb1 (if installed), and the solid-state drive (SSD) drive (/mnt/drive), if your switch has one. There is also a /persist/ directory in the root of the Bash filesystem, which is a link to the /mnt/flash/persist/ directory. If you want the output of your scripts or commands to be saved after a reboot, you must store them in one of these locations. You have been warned!
Just as I could run a CLI command through the Cli
command in Linux, I can run Bash commands from the bash
command in CLI. Sure, that might sound like circular logic, but let me show you what I mean.
Remember how I got into Bash from CLI? I typed the command bash
:
Arista-7280R#bash Arista Networks EOS shell [admin@Arista-7280R ~]$
That’s pretty cool, but what if I just need the output of a single command and don’t want to go through the hassle of dropping into Bash, executing the command, and exiting again? Good news! I can execute Bash commands from the CLI, without actually dropping to the Bash command line. All I need to do is append the Linux command that I want to run.
Suppose that I want to get the output of the Linux command uname –a
. To do this from the CLI, all I need to do is issue the command bash uname –a
. This returns the output from the Unix command to me without ever leaving the CLI:
Arista-7280R#bash uname -a Linux Arista-7280R 3.18.28.Ar-9854397.4211F #1 SMP PREEMPT Sun Sep 16 08:35:31 PDT 2018 x86_64 x86_64 x86_64 GNU/Linux
Note that any commands that you execute will be relative to your home directory. Thus, logged in as admin, if I ask for my current directory with the Unix pwd
command, I will get the following results:
Arista-7280R#bash pwd /home/admin
This book is loaded with examples in which I use Bash commands through the CLI, or use the Bash shell. After you get the hang of how this works, you’ll begin to appreciate the power inherent in the design of Arista switches. When you feel the power, you’ll cringe every time you need to use another vendor’s switch. I know I do.
The flash drive is located in /mnt/flash:
Arista(config)#dir Directory of flash:/ -rwx 700978970 Nov 12 2018 EOS-4.21.1F.swi -rwx 27 Feb 3 20:17 boot-config drwx 4096 Feb 3 20:27 debug drwx 4096 Feb 3 20:27 persist drwx 4096 Feb 3 20:29 schedule -rwx 1542 Feb 3 20:23 startup-config -rwx 19 Feb 3 20:23 zerotouch-config 3440762880 bytes total (2034659328 bytes free) Arista(config)#bash ls -l /mnt/flash total 684576 -rwxrwx--- 1 root eosadmin 700978970 Nov 12 19:51 EOS-4.21.1F.swi -rwxrwx--- 1 root eosadmin 27 Feb 3 20:17 boot-config drwxrwx--- 3 root eosadmin 4096 Feb 3 20:27 debug drwxrwx--- 2 root eosadmin 4096 Feb 3 20:27 persist drwxrwx--- 3 root eosadmin 4096 Feb 3 20:29 schedule -rwxrwx--- 1 root eosadmin 1542 Feb 3 20:23 startup-config -rwxrwx--- 1 root eosadmin 19 Feb 3 20:23 zerotouch-config
If you have an SSD drive installed, it’s called drive: in EOS and is located in /mnt/drive in Bash:
Arista(config)#dir drive: Directory of drive:/ -rw- 7168 Feb 3 20:25 aquota.user drwx 4096 Feb 3 20:27 archive drwx 16384 Dec 2 2016 lost+found drwx 4096 Dec 17 2018 var_archive.2018-12-17-23:15:02.dir drwx 4096 Dec 18 2018 var_archive.2018-12-18-18:01:01.dir drwx 4096 Dec 18 2018 var_archive.2018-12-18-18:11:04.dir drwx 4096 Dec 18 2018 var_archive.2018-12-18-18:15:02.dir drwx 4096 Dec 18 2018 var_archive.2019-01-01-00:01:02.dir drwx 4096 Jan 11 14:05 var_archive.2019-01-11-14:06:03.dir drwx 4096 Jan 11 14:08 var_archive.2019-01-11-14:15:02.dir drwx 4096 Jan 13 09:48 var_archive.2019-01-13-09:49:02.dir drwx 4096 Jan 13 09:51 var_archive.2019-01-19-10:01:02.dir drwx 4096 Jan 20 15:47 var_archive.2019-01-20-15:48:02.dir drwx 4096 Jan 20 15:51 var_archive.2019-02-01-00:01:02.dir drwx 4096 Feb 3 20:22 var_archive.2019-02-03-20:23:02.dir 125891358720 bytes total (125092859904 bytes free) Arista(config)#bash ls -l /mnt/drive total 76 -rw------- 1 root root 7168 Feb 3 20:25 aquota.user drwxr-xr-x 4 archive archive 4096 Feb 3 20:27 archive drwx------ 2 root root 16384 Dec 2 2016 lost+found drwxr-xr-x 4 archive archive 4096 Dec 17 23:06 v[...]ive.2018-12-17-23:15:02.dir drwxr-xr-x 4 archive archive 4096 Dec 18 17:59 v[...]ive.2018-12-18-18:01:01.dir drwxr-xr-x 4 archive archive 4096 Dec 18 18:10 v[...]ive.2018-12-18-18:11:04.dir drwxr-xr-x 4 archive archive 4096 Dec 18 18:13 v[...]ive.2018-12-18-18:15:02.dir drwxr-xr-x 4 archive archive 4096 Dec 18 18:25 v[...]ive.2019-01-01-00:01:02.dir drwxr-xr-x 4 archive archive 4096 Jan 11 14:05 v[...]ive.2019-01-11-14:06:03.dir drwxr-xr-x 4 archive archive 4096 Jan 11 14:08 v[...]ive.2019-01-11-14:15:02.dir drwxr-xr-x 4 archive archive 4096 Jan 13 09:48 v[...]ive.2019-01-13-09:49:02.dir drwxr-xr-x 4 archive archive 4096 Jan 13 09:51 v[...]ive.2019-01-19-10:01:02.dir drwxr-xr-x 4 archive archive 4096 Jan 20 15:47 v[...]ive.2019-01-20-15:48:02.dir drwxr-xr-x 4 archive archive 4096 Jan 20 15:51 v[...]ive.2019-02-01-00:01:02.dir drwxr-xr-x 4 archive archive 4096 Feb 3 20:22 v[...]ive.2019-02-03-20:23:02.dir
To see the version of EOS installed from Bash (useful in scripts) look in the /etc/Eos-release file:
[admin@Arista ~]$ more /etc/Eos-release Arista Networks EOS 4.21.1F
To see a cool display of what processes called what other processes, use pstree
:
[admin@Arista ~]$ pstree systemd-+-EosOomAdjust |-ProcMgr-master---ProcMgr-worker-+-Aaa---3*[{Aaa}] | |-ConfigAgent-+-bash---pstree | | `-4*[{ConfigAgent}] | |-Fru | |-IgmpSnooping | |-Launcher | |-PhyEthtool | |-Rib | |-Sand | |-SlabMonitor | |-StageMgr | |-SuperServer---2*[{SuperServer}] | |-Sysdb | |-XcvrAgent | `-54*[netns] |-agetty |-conlogd---sh-+-sed | `-tail [--output removed--]
To see the interface names as they appear to the kernel in Bash, use the ifconfig –s
command:
[admin@Arista mnt]$ ifconfig -s Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg cpu 10209 0 0 0 0 0 0 0 0 BMRU cpudebug 10209 0 0 0 0 0 0 0 0 BMRU et1 10178 0 0 0 0 90860 0 0 0 BMRU et2 10178 0 0 0 0 0 0 0 0 BMU et3 10178 0 0 0 0 0 0 0 0 BMU et4 10178 0 0 0 0 0 0 0 0 BMU et5 10178 0 0 0 0 0 0 0 0 BMU et6 10178 0 0 0 0 0 0 0 0 BMU et7 10178 0 0 0 0 0 0 0 0 BMU [--output removed--] mirror4 10209 0 0 0 0 0 0 0 0 BMRU mirror5 10209 0 0 0 0 0 0 0 0 BMRU mirror6 10209 0 0 0 0 0 0 0 0 BMRU mirror7 10209 0 0 0 0 0 0 0 0 BMRU mirror8 10209 0 0 0 0 0 0 0 0 BMRU mirror9 10209 0 0 0 0 0 0 0 0 BMRU mirror10 10209 0 0 0 0 0 0 0 0 BMRU mirror11 10209 0 0 0 0 0 0 0 0 BMRU mirror12 10209 0 0 0 0 0 0 0 0 BMRU mirror13 10209 0 0 0 0 0 0 0 0 BMRU mirror14 10209 0 0 0 0 0 0 0 0 BMRU mirror15 10209 0 0 0 0 0 0 0 0 BMRU txfwd 10209 0 0 0 0 0 0 0 0 BMRU txraw 10209 0 0 0 0 0 0 0 0 BMRU vxlan 10209 0 0 0 0 0 0 0 0 BMRU
Why use Bash? You absolutely don’t need to in order to keep using the switch the way we all have for decades, but if you really want to be an expert in the Arista ecosystem, you will find yourself returning to Bash time and time again. In fact, I recommend learning more about Linux to everyone who wants to learn more about Arista.