Loader

Download the PDF 

Zero Touch Provisioning (ZTP)

Introduction

This application note will document using the Tellabs Zero Touch Provisioning (ZTP) feature. It provides a high level overview of the components and flow of execution. Additionally, it provides instructions on the installation, configuration and operation of the ZTP feature.

Document Number

ENG-010662

Applies To

As of writing, the Tellabs ZTP feature is only implemented on the BOLT platform.  ZTP is targeted to be implemented in a future release for OLT-Mini Plus and OLT2.

Overview

Zero Touch Provisioning (ZTP) is a feature that allows for initial configuration of OLAN components without the need for user interaction. This reduces the installation procedure to: rack, connect and power on. With ZTP, all OLAN components become plug and play.

ZTP automatically allows the OLAN components to:

  1. Get IP: Acquire an IP address using DHCP
  2. Register Hostname: Create and register a fully qualified DNS name
  3. Discover Servers: Discover the servers to use for ZTP configuration
  4. Install Certs: Download and install site-specific PKI certificates
  5. Update Software: Download and install configured software versions
  6. Download Template Backup: Download and apply a site-specific or OLT-specific custom configuration from a backup file, allows for templating most of the configuration of a file.
  7. Apply Patches: Download and apply necessary system patches

Architecture

The Tellabs ZTP solution uses one or more http/https servers to hold the files to be downloaded during ZTP.  In most use cases a single http server will be utilized.  Tellabs provides a ZTP server that can be installed on a Red Hat Linux or Centos distribution. The Tellabs OLT acts as the client and gets startup and configuration information using the following server components:

  • DHCP Server assigns IP addresses, DNS server information and the ZTP server URL
  • ZTP Server a https file server that holds the ZTP configuration file used by the OLT for startup and configuration
  • Certificate Server a https file server for automated loading of site-specific PKI certificates
  • Software Download Server a https file server(s) used by the OLT to download and switch to the required software version
  • Configuration Server a https file server for site-specific configuration backup files to be downloaded
  • Patch Server a https file server for downloading scripts and other software for site and software-specific adjustments

For most installations, all servers (except for the DHCP server), will be hosted on the same machine. However, ZTP is designed to work with distributed remote servers. Tellabs provides software that installs and configures the required server components on a single Linux host machine. Alternatively, the various ZTP servers can be distributed if desired. Any HTTP server capable of handling certificate authentication and file transfers can be used to host a ZTP feature component. To handle distributed servers, the ZTP configuration can be customized to provide addresses and credentials for each server. Customization is discussed later in this document.

The following diagram illustrates how the servers in the ZTP feature can be deployed on a single host machine or in a distributed architecture.

Flow of Execution

The ZTP feature uses file servers, scripts and other components to provide out-of-the-box functionality without the need for network engineers when components are racked and connected. Assuming all services are utilized (no ZTP service is disabled), the system will transition through each of the following stages when booted and connected to the network.

Network Discovery

During the Network Discovery stage, the OLT will learn its IP address, set its host name, and learn the location of the ZTP server. In order to achieve this, the DHCP client will need to be properly configured to report the necessary attributes and to request the needed parameters. Additionally, the DHCP server will need to be configured to return the URL of the ZTP server using Option 67. This configuration is explained later in this document.
ZTP Initialization

During the Initialization stage, the OLT will retrieve the ZTP configuration file from the ZTP server and process it in preparation for system setup. The file is downloaded using the URL provided by the DHCP server via Option 67. The ZTP configuration file is an XML file that provides server location, credentials and other information used to retrieve configuration data.
Security Setup

During the Security Setup stage, the OLT will perform the tasks needed to secure the system. This involves downloading the necessary certificates from the Certificate server and using them to establish secured communication with all network components.
Software Update

During the Software Update stage, the OLT will ensure it has the required versions of software. It compares its software versions (both active and standby) with the ZTP configuration. If necessary, it will download the correct versions from the Software Download server and apply them. This process pushes the software to all subtending components.
Configuration

During the Configuration stage, the OLT performs all configuration tasks. It downloads a template backup file from the Configuration server and uses it to stamp out all profiles, services and rules needed to operate in the current deployment.
Patching

Future releases will support hot patching.  During the Patching stage, the OLT will apply any patches needed to correct issues with the current software and/or provisioning. The files and scripts needed to perform this task will be downloaded from the Patching Server.  

After the last stage is completed, the system will be fully configured and operational. The following sequence diagram provides a high-level view of how the various components work together to accomplish this.

Pre-requisites

ZTP Server Host

The ZTP feature requires a remote machine to host some or all of the file servers and data used during operation. At a minimum, the ZTP server will be hosted by this computer. When utilizing the Tellabs ZTP server, it must meet the following criteria:

  • Can be physical or virtual
  • 4GB Memory
  • 8GB Hard Drive
  • Linux - Redhat-7.9 OS
    • ksh must be installed
    • other packages...

Any standard web server that is compatible with curl for retrieving files is suitable for hosting the files needed by the ZTP application on the OLT.

DHCP

ZTP relies on DHCP to specify the ZTP configuration file. Both DHCPv4 and DHCPv6 are supported. DHCP Option 67 is used to specify the URL of a bootfile, used to load configuration for an operating system or bootable program. The Tellabs ZTP feature uses this URL to specify the location of the ZTP configuration file. To enable this functionality, DHCP must be configured appropriately.

The DHCP discovery message, sent by the OLT client, must include the following attributes:

  • dhcp-client-identifier set to the OLT serial number
  • vendor-class-identifier – set to "Tellabs OLT <chassis-model> <serial-number>"

    Where <chassis-model> is one of "bolt", "olt-mini-plus" (future), OLT2 (future)

The DHCP Ack message, sent from the server, must include the following attributes:

  • IP Address
  • Subnet Mask(IPv4 only)
  • Domain Name Server (DNS)
  • Routers (IPv4 only)
  • Bootfile (Option 67) used to specify the URL of the ZTP configuration file

DHCP Configuration

To configure the DHCP server, edit the configuration files as shown in the examples below:

For IPv4, the option "bootfile-name" is used to specify the URL of the ZTP configuration file.

subnet 172.28.125.0 netmask 255.255.255.0 {
range 172.28.125.129 172.28.125.253;
option routers 172.28.125.1;
option bootfile-name https://bach:8090/config;
# option bootfile-name https://bach:8090/config/my-local-config.xml;
option domain-name-servers 172.28.125.1;
option domain-name "lab.tellabs.network";
}

For IPv6, the option "dhcp6.bootfile-url" is used to specify the URL of the ZTP configuration file.

subnet6 fc00:dead:dead:0125::/64 {
range6 fc00:dead:dead:0125::129 fc00:dead:dead:0125::ffff;
option dhcp6.bootfile-url https://[fc00:dead:dead:0137:0:0:0:100]:8090/config;
# option dhcp6.bootfile-url https://[fc00:dead:dead:0137:0:0:0:100]:8090/config/my-local-config.xml;
option dhcp6.name-servers fc00:dead:dead:0125::2;
option dhcp6.domain-search "lab.tellabs.network";
}

The DHCP Bootfile URL

The bootfile URL (returned by the DHCP server) is used by the OLT to locate the ZTP configuration file. The ZTP configuration file specifies the servers and files that control OLT configuration. The bootfile URL can be used as part of a comprehensive configuration strategy. The way it does this is partially driven by the way the OLT processes the URL to locate the ZTP configuration file.

Locating the ZTP Configuration File

When the OLT receives the bootfile URL from the DHCP server, it follows a specific approach to use it to locate the ZTP configuration file. The OLT processes the bootfile URL as follows:

  • If the URL is fully qualified with filename and path, the OLT will download the ZTP configuration file using the bootfile URL as specified.
  • If the URL is incomplete (includes only the path but not the file name), the OLT will expand the bootfile URL and search for the ZTP configuration file using the following approach:
    • The OLT will construct a fully qualified URL using the following format: 
      • ztp-config-<serial number>.xml".
      • It will attempt to download the ZTP configuration file using the resulting URL.  This allows 
    • If the file is not found, the OLT will concatenate the bootfile URL, the prefix "ztp-config-", the OLT type ("bolt", "olt-mini" or "olt-mini-plus"), and the file extension ".xml". It will attempt to download the configuration file using the resulting URL.

The results of converting a DHCP bootfile URL into a ZTP configuration file URL are illustrated in the example shown below:

Fully Qualified Bootfile URL ( https://bach:5060/config/global-config.xml )
  Any OLT ZTP URL: https://bach:5060/config/global-config.xml
 
Incomplete Bootfile URL ( https://bach:5060/config )
  Resulting URL w/Serial Number: https://bach:5060/config/TLBS12345678.xml
     ... If the "serial number specific" cofiguration file is not found ...
  BOLT ZTP URL: https://bach:5060/config/ztp-config-bolt.xml
  OLT-mini-plus ZTP URL: https://bach:5060/config/ztp-config-olt-mini-plus.xml

(future)

DHCP and Configuration Strategies

The results, shown in the example above, demonstrate one aspect of ZTP flexibility and how DHCP can contribute to a comprehensive configuration strategy. Depending on how DHCP is configured and the ZTP configuration files used, the following general designs can be implemented:

  • Template Configuration for All OLTs – If the DHCP server returns a "fully qualified" bootfile URL, all OLTs will use the same ZTP configuration file. This results in a consistent configuration model for all OLTs using the same DHCP server and can be modified for each subnet in the DHCP server.
  • Flexible Configuration Models – If the DHCP server returns an "incomplete" bootfile URL, the configuration model becomes more flexible. The ZTP configuration strategy is then determined by the configuration files available on the ZTP server:
    • Consistent Configuration by OLT Type – If the ZTP server contains a separate configuration file for each OLT type (e.g, https://bach:5060/config/ztp-config-bolt.xml, .../ztp-config-olt-mini-plus.xml(future) ztp-config-olt2.xml(future) ), the configuration model can be consistent for OLTs of the same type but unique between OLT types.
    • Unique Configuration per OLT  If the ZTP server contains a separate configuration file for each OLT serial number, configuration can be unique for each OLT.
    • Hybrid Configuration  By providing a configuration file for each OLT type and configuration files for specific OLT serial numbers, the configuration model can provide a combination of consistency with unique configuration for certain OLTs.

Stage OLT Software

ZTP Server Installation

Tellabs provides software that installs and configures the ZTP Server components on a Linux host machine. The following installation guidance assumes a standard installation where all servers will run on the same Linux host.

ZTP Server Installation Procedure

You must be running as root or use "sudo" to perform the installation as it requires root privileges.

Installation of the Tellabs ZTP server is designed to reduce the amount of required user input. The default installation will install and configure the ZTP feature for use in the majority of cases. Customization, if needed, is discussed later in this document.

To install the ZTP feature, use the following procedure.

  1. Copy the file "ztpInstaller.tar.gz" to the host machine. The installer can be run from any directory. 
    [admin@localhost ~]$ ls -al
total 55608
drwx------. 15 admin  admin      4096 Feb 25 09:13 .
drwxr-xr-x.  3 root    root        21 Feb 23 15:23 ..
-rw-r--r--.  1 admin   admin 56908901 Jan 26 17:08 ztpInstaller.tar.gz
[admin@localhost ~]$_
  2. Change the user permissions for the file. 
    [admin@localhost ~]$ chmod 777 ztpInstaller.tar.gz
[admin@localhost ~]$ ls -al
total 55608
drwx------. 15 admin  admin      4096 Feb 25 09:13 .
drwxr-xr-x.  3 root    root        21 Feb 23 15:23 ..
-rwxrwxrwx.  1 admin  admin  56908901 Jan 26 17:08 ztpInstaller.tar.gz
[admin@localhost ~]$_
  3. Unzip the tarball "ztpInstaller.tar.gz" in the root directory. 
    [admin@localhost ~]$ gunzip ztpInstaller.tar.gz
[admin@localhost ~]$ ls -al
total 56092
drwx------. 15 admin  admin      4096 Feb 25 09:13 .
drwxr-xr-x.  3 root    root        21 Feb 23 15:23 ..
-rwxrwxrwx.  1 admin  admin  57405440 Jan 26 17:08 ztpInstaller.tar
[admin@localhost ~]$_
  4. Extract the files from the archive. 
    [admin@localhost ~]$ tar -xvf ztpInstaller.tar
./install.sh
./ztp.tar.gz
[admin@localhost ~]$ ls -al
total 112144
drwx------. 15 admin  admin        4096 Feb 25 09:25 .
drwxr-xr-x.  3 root    root          21 Feb 23 15:23 ..
-rwxrwxr-x.  1 admin  admin       28312 Jan 26 16:59 install.sh
-rwxrwxrwx.  1 admin  admin    57405440 Jan 26 17:08 ztpInstaller.tar
-rwxrwxr-x.  1 admin  admin    57364563 Jan 26 15:43 ztp.tar.gz
[admin@localhost ~]$_
  5. Run the installation script "install.sh". 
    [admin@localhost admin]# ./install.sh

    The installation script will collect configuration data from the user during installation. See the Configuration Data section for details.

Note: On successful completion the script will output:   *** Tellabs ZTP installation completed successfully ***  . If you do not see this output please contact Tellabs TAC.

Configuration Data

Prompt Format

The ZTP installation script will prompt the user for data needed to install and configure the ZTP feature. The prompts are in the format:

    Prompt...(Options)[Default]: where:

  • Prompt – is a description of the information requested.
  • Options  is a list of possible responses, delimited by the pipe symbol "|". Options, if present, are the only valid responses to the prompt.
  • Default – is the option that will be used if no response is provided (user presses only Enter at the prompt).
Note: If the prompt does not contain a default option, the user must provide a response. If the user provides no response the prompt will repeat.

Data Collected

For a typical installation, you will be prompted for the information shown in the table below. For a default configuration, you will need to provide only a single username and password (shared by all ZTP services) and accept the default value for all other prompts. If you do not enable all ZTP services, host them on the same server (where the feature is installed), and use the same credentials, you will be prompted to configure each service in the ZTP feature. This includes the state (enabled/disabled), location (hostname:port), and authentication credentials (username and password) for each.

 Prompt Options Default Description
Where would ZTP be installed? [/opt/tellabs] : None /opt/tellabs Provide the directory where the ZTP feature should be installed.
The local IPv4 address x detected, do you want to use this IPv4 address for ZTP server? (Y|N) [Y] : Y or N Y Answer "Y" to accept this address or no to reject it.
The local IPv6 address [x] detected, do you want to use this IPv6 address for ZTP server? (Y|N) [Y] : Y or N Y Answer "Y" to accept this address or no to reject it.
ZTP port [8089] : None 8089 The port used for communication with the ZTP server.
ZTP secure port [8090] : None 8090
 		 The secure port used for communication with the server.
ZTP FIPS certificate port [3010] : None 3010
 		 The FIPS port used for transferring certificates.
Do you want to enable services on this ZTP server? (Y|N) [Y] : Y or N Y Answer: "Y" to enable all ZTP services and host them on this machine. Answer "N" if some services will be disabled or hosted by another machine. If you answer no, you will be prompted to configure each service in the ZTP feature.
Do you want to use same user account for all services on this ZTP server? (Y|N) [Y] : Y or N Y Answer: "Y" to have all ZTP services use the same credentials. Answer "N" if some services will be hosted on another machine or if server credentials will vary. If you answer no, you will be prompted to configure each service in the ZTP feature.
Username (for authentication) : None None The username used to authenticate to all servers. You will be prompted for each server if credentials vary.
Password (for authentication) : None None The password used to authenticate to all servers. You will be prompted for each server if credentials vary.
Primary SW Version [<primary-sw-version>] : None <primary-sw-version> The software version to be loaded onto the primary bank of all OLAN components. This is the desired active version of system software. The system will switch to running this version after it has been downloaded. This is the name of a valid software release provided by Tellabs.
Secondary SW Version [<secondary-sw-version>] : None <secondary-sw-version> The software version is to be loaded onto the standby bank of all OLAN components. This is the desired standby version of system software. This is the name of a valid software release provided by Tellabs.
Where is OLT SW <primary-sw-version>.tgz;? [/tmp/<primary-sw-version>.tgz] : None /tmp/<primary-sw-version>.tgz The fully qualified file name for the primary software version file. The default path name is "/tmp/".
Where is OLT SW <secondary-sw-version>.tgz;? [/tmp/<secondary-sw-version>.tgz] : None /tmp/<secondary-sw-version>.tgz The fully qualified file name for the secondary software version file. The default path name is "/tmp/".

Data Collection Example

An example of the installation script data collection is shown below. This example shows a default configuration where the only data provided is the username and password shared by all services in the ZTP feature. The default value is accepted for all other prompts. The default configuration is used in a typical deployment where all services are enabled, hosted on the ZTP server host machine, and use the same credentials.

Answering no to the prompt "Do you want to enable services on this ZTP server?" or the prompt "Do you want to use same user account for all services on this ZTP server?" will result in additional prompts to collect the configuration data for each service in the ZTP feature.

*** Welcome to Tellabs ZTP installation ***

ZTP installation configuration...
Where would ZTP be installed? [/opt/tellabs] :
The local IPv4 address 172.28.152.224 detected, do you want to use this IPv4 address for ZTP server? (Y|N)? [Y] :
The local IPv6 address [fc00:dead:dead:152::de42] detected, do you want to use this IPv6 address for ZTP server? (Y|N)? [Y] :
ZTP port: [8089] :
ZTP secure port: [8090] :
ZTP FIPS certificate port: [3010] :

ZTP Configuration data setting......
Do you want to enable services on this ZTP server? (Y|N)? [Y] :
Do you want to use same user account for all services on this ZTP server? (Y|N)? [Y] :

Username (for authentication): .......................... : ztp-admin
Password (for authentication): .......................... : Tellabs-1
Primary SW Version: ......................[SR32.1_604033] :
Secondary SW Version: ....................[SR32.1_604032] :

OLT software installation information......
Where is OLT SW SR32.1-604033.tgz? ..[/tmp/SR32.1_604033.tgz] :
Where is OLT SW SR32.1-604032.tgz? ..[/tmp/SR32.1_604032.tgz] :

Done ZTP Configuration data collection......

After data collection is complete, the installation script will provide a configuration summary and prompt you to continue.

You entered:
ZTP installation directory:                               /opt/tellabs
ZTP port:                                                 8089
ZTP secure port:                                          8090
ZTP FIPS port:                                            3010

ZTP Configuration data:
OLT certificate service host:port                       rhel224:3010
OLT certificate service uri:                            /certificates
OLT certificate service username:                       ztp-admin
OLT certificate service password:                       Tellabs-1

OLT SW download service primary host:port               rhel224:8090
OLT SW download service primary uri:                    /download
OLT SW download service primary username:               ztp-admin
OLT SW download service primary password:               Tellabs-1
OLT SW download service primary SW:                     SR32.1-604033

OLT SW download service secondary host:port             rhel224:8090
OLT SW download service secondary uri:                  /download
OLT SW download service secondary username:             ztp-admin
OLT SW download service secondary password:             Tellabs-1
OLT SW download service secondary SW:                   SR32.1-604032

OLT config restore service host:port                    rhel224:8090
OLT config restore service uri:                         /restore
OLT config restore service username:                    ztp-admin
OLT config restore service password:                    Tellabs-1

OLT patch download service host:port                    rhel224:8090
OLT patch download service uri:                         /patch
OLT patch download service username:                    ztp-admin
OLT patch download service password:                    Tellabs-1

Do you wish to continue (Y|N)? [Y] :_

Review the summary for accuracy. If you are dissatisfied with the input, answer no (N) to the prompt and the installation script will terminate. Run the installation program again to make corrections. If the summary data is acceptable, answer yes (Y) and installation will begin. You will see the following output as the installation progresses:

creating /opt/tellabs/ztp/httpfile
creating /opt/tellabs/ztp/httpfile/config
creating /opt/tellabs/ztp/httpfile/download

Setting ZTP Keystore and Certificate Storage Parameters...
Generating ZTP Security Keystore!
Loading the Tellabs Sub CA!
Creating the Tellabs Domain Cert!
Loading the Tellabs Anchor Cert!
Enabling Fips!

Generating configuration file ztp_config_olt.xml......

Done ZTP Configuration file setting.

Updating Firewall setting...

Deploying OLT Primary software......
Done OLT Primary software installation successfully.

*** Tellabs ZTP installation completed successfully ***

 

Note 1: The default ports used for ZTP are 8089 for unsecure downloading, 8090 for secured downloading and 3010 for certificate downloading.
Note 2: On successful completion, the installation script will output:  *** Tellabs ZTP installation completed successfully *** . If the user does not see this output, contact Tellabs TAC.

Starting the ZTP Server

Once ZTP is successfully installed, the server needs to be started. To start the ZTP server, run the script "runZTP.ksh". The full path of this file is relative to the location selected for ZTP during installation. The fully qualified file name is "<install_base>/ztp/runZTP.ksh". In our example, we accepted the default directory, " /opt/tellabs/", when prompted for the installation location. The startup filename, after the default installation, is "./opt/tellabs/ztp/runZTP.ksh".

When running this script, append the ampersand ( & ) character in the invocation, to start it in the background. This disassociates the script process from the current session, allowing it to continue running after you log out of the host machine.

[admin@localhost ~]$ ./opt/tellabs/ztp/runZTP.ksh &
[1] 26443
[admin@localhost ~]$_

Running system: Linux!

ZTP Server Started!

Customizing the ZTP Servers

For most deployments, all servers (except for the DHCP server) used by ZTP, will be located on the same host machine. Additionally, all servers will be enabled, allowing the use of all ZTP functionality. The ZTP configuration, produced by a default installation, will reflect this most common use case. However, ZTP was designed to accommodate multiple, distributed servers. Additionally, not all services provided by ZTP will be needed in all cases. ZTP configuration can be customized to accommodate these options. This section describes how to customize ZTP when the default configuration does not align with the deployment needs.

The Config File

ZTP configuration data is stored in a well-formed XML file on the ZTP Server host. The default file (ztp-config-olt.xml) is created during the installation process based on input provided by the user. After installation, customization of the ZTP feature is done by editing the configuration file and restarting ZTP.

Note: Changes made to the ZTP configuration will not take effect until the feature is restarted.

Config File Location

The path where the config file is stored is relative to the ZTP installation path selected during the installation process. The fully qualified file name of the ZTP configuration file is "<install_base>/ztp/httpfile/config/ztp-config-olt.xml". In our example, we selected the default directory, "/opt/tellabs/", when prompted for the installation location. The config filename, for the default installation, is "./opt/tellabs/ztp/httpfile/config/ztp-config-olt.xml".

Config File Format

The ZTP configuration is stored in a well-formed XML file. This file contains a parent XML element for each ZTP server. All configuration for a server is stored in XML elements nested within the parent.

The config file created in the example installation procedure is shown in the example below. There are four XML config elements nested inside the <ztp-config-file> parent. Each of these elements defines the configuration for one of the servers (Certificate, Software Download, Configuration, and Patch ) used by the FTP feature. The <download-config> XML element differs from the other element in that it holds the configuration for two servers. This is to allow different servers to manage the primary and secondary software versions separately.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ztp-config-file>
<certificate-config> <certificate-config-url>"https://[fc00:dead:dead:152::de42]:3010/certificates/"</certificate-config-url> <certificate-config-user>ztp-admin</certificate-config-user> <certificate-config-password>Tellabs-1</certificate-config-password> </certificate-config>
<download-config> <primary-download-config-url>"https://[fc00:dead:dead:152::de42]:8090/download/"</primary-download-config-url> <primary-download-config-user>ztp-admin</primary-download-config-user> <primary-download-config-password>Tellabs-1</primary-download-config-password> <primary-download-config-version>"SR32.1_604033"</primary-download-config-version> <secondary-download-config-url>"https://[fc00:dead:dead:152::de42]:8090/download/">/secondary-download-config-url> <secondary-download-config-user>ztp-admin</secondary-download-config-user> <secondary-download-config-password>Tellabs-1</secondary-download-config-password> <secondary-download-config-version>"SR32.1_604032"</secondary-download-config-version> </download-config>
<restore-config> <restore-config-url>"https://[fc00:dead:dead:152::de42]:8090/restore/"</restore-config-url> <restore-config-user>ztp-admin</restore-config-user> <restore-config-password>Tellabs-1</restore-config-password> </restore-config>
<patch-config> <patch-config-url>"https://[fc00:dead:dead:152::de42]:8090/patch/"</patch-config-url> <patch-config-user>ztp-admin</patch-config-user> <patch-config-password>Tellabs-1</patch-config-password> </patch-config>
</ztp-config-file>

The attributes stored in the configuration file can be edited to customize the tool for a deployment. The configuration data for each ZTP server is stored in XML elements. The configuration file contains the following XML elements:

  • <certificate-config> This element stores the configuration data downloading certificates from the Certificate Server. It contains elements that store the server's URL and the username and password used for authentication.
  • <download-config> This element stores the configuration data for the Software Download Server. It contains elements that store the URLs and authentication credentials (username and password) for two servers. Multiple servers are defined to allow different servers (if desired) to manage different software versions (primary/standby).
  • <restore-config> This element stores the configuration data for the Configuration Server. It contains elements that store the server's URL and the username and password used for authentication.
  • <patch-config> This element stores the configuration data for the Patch Server. It contains elements that store the server's URL and the username and password used for authentication.

Editing the ZTP Config File

To edit the ZTP configuration file, you must manually make changes to the XML file "ztp_config_olt.xml". You can use a native command line editor (e.g., vi, vim or emacs) to edit the file directly on the host machine. There might also be a native graphical text editor available to use. This will depend on the Linux distribution installed. Alternatively, you can copy the file to a Windows machine, make the desired changes, and copy the file back to the host.

Changing A Server's URL

The URL specifies the protocol, host, port and path used for a server. The configured URL for a specific server is stored in an XML element nested inside the config element for that server. For example, the URL for the Certificate server is stored inside the element <certificate-config-url>, which is nested inside the parent element <certificate-config>.

<certificate-config>
<certificate-config-url>"https://[fc00:dead:dead:152::de42]:3010/certificates/"</certificate-config-url>
<certificate-config-user>ztp-admin</certificate-config-user>
<certificate-config-password>Tellabs-1</certificate-config-password>
</certificate-config>

The URL is composed of three configurable attributes; host, port and path. The format of the server URL is:

  • host  Registered name (hostname) or IP address of the server host. IPv4 addresses must be in dot-decimal notation, and IPv6 addresses must be enclosed in [brackets].
  • port  Port used for client/server communication.
  • path  Location of server resources.
Note: The URL must be enclosed in quotes in the config file (e.g., "https://[fc00:dead:dead:152::de42]:3010/certificates/" )

Changing a Server's Username

The username is part of the credentials the client uses to authenticate to the server. The configured username for a specific server is stored in an XML element nested inside the config element for that server. For example, the username for the Certificate server is stored inside the element <certificate-config-user>, which is nested inside the parent element <certificate-config>.

<certificate-config>
<certificate-config-url>"https://[fc00:dead:dead:152::de42]:3010/certificates/"</certificate-config-url>
<certificate-config-user>ztp-admin</certificate-config-user>
<certificate-config-password>Tellabs-1</certificate-config-password>
</certificate-config>

Changing a Server's Password

The password is part of the credentials the client uses to authenticate to the server. The configured password for a specific server is stored in an XML element nested inside the config element for that server. For example, the username for the Certificate server is stored inside the element <certificate-config-password>, which is nested inside the parent element <certificate-config>.

<certificate-config>
<certificate-config-url>"https://[fc00:dead:dead:152::de42]:3010/certificates/"</certificate-config-url>
<certificate-config-user>ztp-admin</certificate-config-user>
<certificate-config-password>Tellabs-1</certificate-config-password>
</certificate-config>

Changing the Software Download Server Configuration

Changing the configuration for a Software Download server is slightly different than for the other servers. The parent XML element for the Software Download server (<download-config>) contains the configuration data for two servers. This is to allow different servers to manage different software versions. You can specify one server to manage the primary version and a different server to manage the secondary version.

The XML elements used to configure the server managing the primary version begin with "primary-download-config-", while the elements for the server managing the secondary version begin with "secondary-download-config-". Changing the configuration for these servers is the same as for others if you choose the correct elements to edit.

<download-config>

<primary-download-config-url>"https://[fc00:dead:dead:152::de42]:8090/download/"</primary-download-config-url> <primary-download-config-user>ztp-admin</primary-download-config-user> <primary-download-config-password>Tellabs-1</primary-download-config-password> <primary-download-config-version>"SR32.1_604033"</primary-download-config-version>

<secondary-download-config-url>"https://[fc00:dead:dead:152::de42]:8090/download/"</secondary-download-config-url> <secondary-download-config-user>ztp-admin</secondary-download-config-user> <secondary-download-config-password>Tellabs-1</secondary-download-config-password> <secondary-download-config-version>"SR32.1_604032"</secondary-download-config-version>

</download-config>

To use only a single server to manage both versions, make the XML elements that store the URL and authentication credentials identical. This is the result you get if you use the default installation.

Changing Software Versions

To change the versions of software to be downloaded, alter the <primary-download-config-version> and/or the <secondary-download-config-version> XLM elements nested in the <download-config> parent element.

<download-config>
<primary-download-config-url>"https://[fc00:dead:dead:152::de42]:8090/download/"</primary-download-config-url>
<primary-download-config-user>ztp-admin</primary-download-config-user>
<primary-download-config-password>Tellabs-1</primary-download-config-password>
<primary-download-config-version>"SR32.1_604033"</primary-download-config-version>
<secondary-download-config-url>"https://[fc00:dead:dead:152::de42]:8090/download/"</secondary-download-config-url>
<secondary-download-config-user>ztp-admin</secondary-download-config-user>
<secondary-download-config-password>Tellabs-1</secondary-download-config-password>
<secondary-download-config-version>"SR32.1_604032"</secondary-download-config-version>
</download-config>

The content of these elements requires a properly formatted software release name. This is a valid software version released by Tellabs. See below:

Note: The software version must be enclosed in double quotes in the config file (e.g.,"SR32.1_604033")

Disabling a Server

Some ZTP servers are optional. These servers provide functionality that is not required for all deployments. The default installation will configure ZTP to enable all servers. If you need to disable a server, you can configure this by commenting out the XML elements that store its configuration data.

Comments in XML are the same as HTML. An XML comment starts with "<!--" and ends with "-->". Code between these comment delimiters is not processed by a parser. Comments in XML are also multi-line. This means that you can comment out multiple lines of code with a single pair of comment delimiters. Below is an example demonstrating how to disable the ZTP Certificate server.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ztp-config-file>
<!--
<certificate-config>
<certificate-config-url>"https://[fc00:dead:dead:152::de42]:3010/certificates/"</certificate-config-url>
<certificate-config-user>ztp-admin</certificate-config-user>
<certificate-config-password>Tellabs-1</certificate-config-password>
</certificate-config>
--> 
<download-config>
<primary-download-config-url>"https://[fc00:dead:dead:152::de42]:8090/download/"</primary-download-config-url>
<primary-download-config-user>ztp-admin</primary-download-config-user>
<primary-download-config-password>Tellabs-1</primary-download-config-password>

...

Managing the OLT ZTP Client

Once the ZTP servers are configured and the ZTP server application is started, the OLT clients can begin to use the ZTP services. Managing the OLT ZTP client is supported by using the Tellabs CLI (Command Line Interface). The CLI is a text-based interface that allows the user to manage and provision the OLT through a Secure Shell v2 (SSHv2) or Telnet connection. For more details about using the CLI, see the document Craft Interface User Guides.

This section documents the ZTP CLI command.

ZTP Command

All ZTP client management, for the OLT, is supported by the ztp command. The ztp command has the following syntax:

ztp { factory | show | software | start [url=<ztp url>] | status | stop }
Actions:
factory  - reset to factory default and start default ZTP process
show     - show current ZTP related configuration
SoftWare - start a ZTP check of software only
start    - start the ZTP process
status   - show current/recent ZTP status
stop     - stop a ZTP process in progress

Command Actions

ztp start

When the "ztp start" command is issued, the OLT will set the ZTP state to enabled, enable DHCP on the management port, and cause the OLT to reboot. This forces a full ZTP configuration cycle.

The "ztp start" command accepts an optional "url" argument that sets the URL for the ZTP config file. This is convenient if you do not have control over the DHCP server or wish to over-ride its configuration.

ztp stop

When the "ztp stop" command is issued, the OLT will stop any ZTP activities in progress and disable the ZTP client.

ztp factory

When the "ztp factory" command is issued, the OLT will set the database to its factory defaults, enable DHCP on the management port, and reboot the OLT. This forces a ZTP configuration cycle with a factory fresh database.

ztp software

When the "ztp software" command is issued, the OLT will perform the ZTP software download only. All other ZTP configuration is ignored.

ztp status

When the "ztp status" command is issued, the OLT will display the current ZTP status. The status will be displayed for each ZTP process as follows:

ztp status: { running | stopped | disabled }
• certificate download status: { complete | failed | pending | processing | skipped }
• primary software download status: { complete | failed | pending | processing | skipped }
• secondary software download status: { complete | failed | pending | processing | skipped }
• database restore status: { complete | failed | pending | processing | skipped }
• tacacs configuration status: { complete | failed | pending | processing | skipped }

The following is an example of the output from a ZTP status command when the ztp server has successfully completed.
 

root@MDS1-ESUA:/usr/bob# ztp status
 
| Startup Mode : NORMAL
| Current State : Complete
| ZTP Config File : /usr/bob/db/rtstate/ztp/ztp-config-JPMAA222100003.xml
| ZTP Config URL : http://10.40.0.73:6202/config
| ZTP Status                                                    |
|===========================|=================|=================|
| Operation                  | State           | Duration        |
|===========================|=================|=================|
| DHCP                      | Complete        |                 |
| Download Software         | Complete        |                 |
| DownloadBootfile          | Complete        |                 |
| ParseBootfile             | Complete        |                 |
|===========================|=================|=================|
root@MDS1-ESUA:/usr/bob#

Videos

ZTP Feature Description

ZTP Feature Demo

FEEDBACK: Are you happy with this material?
  •   © 2025 Tellabs Access, LLC. All rights reserved - A Better Way to Build and Operate Networks.

On this page

light-box Image