Articles in this section

See more

Automated enrollment using ZTP

Matt Witmer
  • Updated
Follow

The power of Lighthouse lies in its ability to automate common workflows, such as accessing a router console at a failed remote site or deploying a fleet of console servers at a new data center, saving many hours of manual operations and reducing human error by guaranteeing repeatability.

By leveraging Opengear's ZTP (Zero Touch Provisioning) and Enrollment Bundles, you can configure and enroll Nodes into Lighthouse simply and automatically, as shown by the below example.

 

Example:

1. Create an Enrollment Bundle

  • Login to the Lighthouse Web UI as a Lighthouse Administrator
  • Click Configure Nodes -> Node Enrollment -> Enrollment Bundles
  • Click + to add a new Bundle:

Bundle name: Enter a name of your choice, for example ZTPDemoNodes
Token: Enter a password of your choice, for example my-secret-token
Auto-approve node: Check (see this article for details)

  • Click Apply

2. Configure an ISC DHCP server for ZTP

  • On an ISC DHCP server on your LAN, add this configuration snippet to configuration file, for example: /etc/dhcp/dhcpd.conf
option space opengear;
option opengear.config-url code 1 = text;
option opengear.firmware-url code 2 = text;
option opengear.enroll-url code 3 = text;
option opengear.enroll-bundle code 4 = text;
option opengear.enroll-password code 5 = text;
option opengear.api-port code 6 = text;

class "ztp-demo-nodes" {
        match if option vendor-class-identifier ~~ "Opengear/";
        vendor-option-space opengear;
        option opengear.enroll-url "address.of.lighthouse";
        option opengear.enroll-bundle "ZTPDemoNodes"; # Optional
        option opengear.enroll-password "my-secret-token";
        option opengear.api-port "8443"; # Optional
        option opengear.config-url "tftp://address.of.tftp.server/config.sh";
#       option opengear.config-url "ftp://username:password@address.of.ftp.server/config.sh";
#       option opengear.config-url "https://address.of.https.server/config.sh";
}

Note: Ensure the new Node can reach address.of.lighthouse on the required ports for API Registration and Lighthouse VPN.

Note: You may also optionally load an initial configuration script or file into the new Node by uncommenting the config-url line above.

  • Reload the DHCP server configuration using a method appropriate for your distribution, for example: /etc/init.d/isc-dhcp-server reload

3. Deploy the Node(s)

  • Connect a new or factory erased Opengear device to your LAN and apply power
  • Monitor the ISC DHCP server logs (for example /var/log/syslog) to see the DHCP transaction, for example:
May 29 15:08:53 dhcpd[4645]: DHCPDISCOVER from 00:13:c6:ff:15:01 via bond0
May 29 15:08:54 dhcpd[4645]: DHCPOFFER on 192.168.48.200 to 00:13:c6:ff:15:01 (im72xx) via bond0
May 29 15:08:54 dhcpd[4645]: DHCPREQUEST for 192.168.48.200 (192.168.48.102) from 00:13:c6:ff:15:01 (im72xx) via bond0
May 29 15:08:54 dhcpd[4645]: DHCPACK on 192.168.48.200 to 00:13:c6:ff:15:01 (im72xx) via bond0

4. Enrollment automatically completes

  • Login to Lighthouse as a Lighthouse Administrator
  • Monitor registration and enrollment as nodes progress from Configure Nodes -> Node Enrollment -> Pending Nodes to -> Enrolled Nodes
  • Enrollment is now complete and the new Node is ready for management

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk