The Guest Shell is a virtualized Linux-based environment, designed to run custom Linux applications, including Python for
automated control and management of Cisco devices. Using the Guest Shell, the user can also install, update, and operate third-party
Linux applications and access the IOS CLI.
The Guest Shell environment is intended for tools, Linux utilities, and manageability rather than networking.
Guest Shell shares the kernel with the host (router) system. Users can access the Linux shell of Guest Shell and update scripts
and software packages in the container rootfs. However, users within the Guest Shell cannot modify the host file system and
processes.
The Guest Shell container is managed using IOx. IOx is Cisco's Application Hosting Infrastructure for Cisco IOS XE devices.
IOx enables hosting of applications and services developed by Cisco, partners, and third-party developers in network edge
devices, seamlessly across diverse and disparate hardware platforms.
The Guest Shell is typically bundled with the system image and can be installed using the guestshell
enable Cisco IOS command. However, this approach leads to an increase of roughly 75MB in the size of the image. This is a problem
for some users who have limited bandwidth, or download images through LTE.
With these users in mind, guestshell will be made available as a single tar file which can then be downloaded and installed
on the system like any other IOX application. As a result, there won't be any increase in the size of the universal release
image.
Note
|
Day 0 guestshell provisioning will not work with this approach.
|
By default, Guest Shell allows applications to access the management network via the management interface. For platforms like
the IR1101, which don't have a dedicated management port, a VirtualPortGroup can be associated with Guest Shell in the IOS
configuration.
Sample guestshell configuration can be found here.
To install guestshell on the device, copy the tar file to the router and run the following command:
app-hosting install appid guestshell package <path to tar file>
Use the following command to check the status:
show app-hosting list
Once guestshell has been deployed successfully, standard guestshell commands such as guestshell enable , guestshell run bash , and guestshell run python3 should work.
The following resource talks about running python scripts using guestshell:
CLI Python Module
Note
|
Only python3 is supported in 17.5.1.
|
Important - Before You Install
Before attempting to install Guest shell on your device, please verify that the device has IOx container keys programmed on
it by running the following command:
Router#show software authenticity keys | i Name
Product Name : SFP-VADSL2-I
Product Name : SFP-VADSL2-I
Product Name : IR1101
Product Name : IR1101
Product Name : Cisco Services Containers
Product Name : Cisco Services Containers
The output should contain one or more lines with the Product Name “Cisco Services Containers”. If the device doesn’t have
container keys programmed on it, then you won’t be able to install guest shell.
You will see an error like the following:
*Aug 26 15:47:21.484: %IOSXE-3-PLATFORM: R0/0: IOx: App signature verification failed with non-zero exit code
*Aug 26 15:47:21.588: %IM-6-INSTALL_MSG: R0/0: ioxman: app-hosting: Install failed: App package signature (package.sign)
verification failed for package manifest file package.mf. Re-sign the application and then deploy again.
There is no software based mechanism to install container keys on the device. The keys have to be programmed at the manufacturing
facility. IR1100 devices shipped after January 1, 2020, should have the container keys programmed.
The guest shell tar file is published along with the IOS-XE image for a given release. More information can be found here:https://developer.cisco.com/docs/iox/#!iox-resource-downloads/downloads