rset(1) : Formulas

PicOS Switches

Pica8 develops software that is able to take advantage of the packet forwarding capabilities of ASICS from a variety of vendors. Updates are provided for five years, and there is a series of pre-loaded switches available from fs.com.

Configure SSH

After changing the default password for admin and saving the configuration the switch is in XorPlus mode.

Switch to the built-in shell start shell sh and write a startup script that will allow administators to login to a Linux shell using public SSH key

fn="/cftmp/auto/post-xorplus"

cat > $fn <<'EOF'
echo 'xorp_defaultcli=false' > /etc/nos-start-mode
install -d -m 700 /home/admin/.ssh
echo 'ssh-ed25519 AAAA... eradman@local' > /home/admin/.ssh/authorized_keys
chown -R admin:xorp /home/admin/.ssh
chmod 600 /home/admin/.ssh/authorized_keys
EOF

chmod +x $fn

Now that we have SSH access to the userland we can add a route entry

# routes.pln
192.168.0.11: fs/
   s3410c.pln

Change the default connecting user to admin

# ssh_config
Host 192.168.0.11
  ConnectTimeout=10
  User admin

Configure Mode

The PicOS cli tool accepts the brace-style configuration loaded from configuration from a file. Unlike JunOS, commit on PicOS applies configuration but does not make the configuration persistent.

# s3410c.pln
execute_with=sudo

interfaces:
   set -e
   cli -c "configure" < $SD/fs/s3410c | fs/quiet.awk
   cli -c "show running-config | compare rollback 1" | fs/quiet.awk
   save_config

Always end the configuration with commit.

Filtering Configuration Status

The PicOS cli does not have a quiet flag, but messages can be filtered to emit only errors and changes

#!/usr/bin/awk -f

# remove prompt
{ gsub("root@.+# ", ""); }

# remember last four lines
{
  for (i=3; i>0; i--)
    lines[i] = lines[i-1]
  lines[0] = $0
}

# skip informational messages
/Welcome|Entering configuration/ { next }
/Execute command|no other users/ { next }
/already exists|same value/ { next }

# remember last configuration
/\[.+\]/ { level = $0 }

# print diff header
/----/ { print level }

# print diff
/^[-+]{1}[ a-z0-9\}]+/ { print }

# print error with context
/ERROR:|Error:|syntax error|unknown command|Commit failed/ {
  for (i=3; i>=0; i--)
    print lines[i]
  exit 1
}