-
Notifications
You must be signed in to change notification settings - Fork 1
/
init.sh.tpl
executable file
·140 lines (118 loc) · 3.25 KB
/
init.sh.tpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/bin/bash
cat <<EOF >> csr.pem
${ssh_key}
EOF
chmod 600 csr.pem
rm csr1_status_file
until cat csr1_status_file | grep 'RUNNING'; do
echo 'Attempting to enable guestshell in CSRV1. Please wait, could take several minutes'
ssh -o ServerAliveInterval=3 -o StrictHostKeyChecking=no -i csr.pem ec2-user@${node1_public_ip} 'guestshell enable' > csr1_status_file
done
rm csr1_status_file
ssh -i csr.pem -o StrictHostKeyChecking=no ec2-user@${node1_public_ip} << EOF
configure terminal
interface GigabitEthernet2
no shutdown
ip address ${node1_eth1_private} 255.255.255.0
end
EOF
ssh -i csr.pem -o StrictHostKeyChecking=no ec2-user@${node1_public_ip} << EOF
configure terminal
crypto isakmp policy 1
encr aes 256
authentication pre-share
crypto isakmp key cisco address 0.0.0.0
echo
end
configure terminal
crypto ipsec transform-set uni-perf esp-aes 256 esp-sha-hmac
mode tunnel
end
configure terminal
crypto ipsec profile vti-1
set security-association lifetime kilobytes disable
set security-association lifetime seconds 86400
set transform-set uni-perf
set pfs group2
end
configure terminal
interface Tunnel1
ip address ${node1_tunnel1_ip_and_mask}
load-interval 30
tunnel source GigabitEthernet1
tunnel mode ipsec ipv4
tunnel destination ${node2_public_ip}
tunnel protection ipsec profile vti-1
bfd interval 100 min_rx 100 multiplier 3
end
configure terminal
router eigrp 1
network ${tunnel1_subnet_ip_and_mask}
bfd all-interfaces
end
EOF
rm csr2_status_file
until cat csr2_status_file | grep 'RUNNING'; do
echo 'Attempting to enable guestshell in CSRV2. Please wait, could take several minutes'
ssh -o ServerAliveInterval=3 -o StrictHostKeyChecking=no -i csr.pem ec2-user@${node2_public_ip} 'guestshell enable' > csr2_status_file
done
rm csr2_status_file
ssh -i csr.pem -o StrictHostKeyChecking=no ec2-user@${node2_public_ip} << EOF
configure terminal
interface GigabitEthernet2
no shutdown
ip address ${node2_eth1_private} 255.255.255.0
end
EOF
ssh -i csr.pem -o StrictHostKeyChecking=no ec2-user@${node2_public_ip} << EOF
configure terminal
interface GigabitEthernet2
no shutdown
ip address ${node2_eth1_private} 255.255.255.0
end
configure terminal
crypto isakmp policy 1
encr aes 256
authentication pre-share
crypto isakmp key cisco address 0.0.0.0
end
configure terminal
crypto ipsec transform-set uni-perf esp-aes 256 esp-sha-hmac
mode tunnel
end
configure terminal
crypto ipsec profile vti-1
set security-association lifetime kilobytes disable
set security-association lifetime seconds 86400
set transform-set uni-perf
set pfs group2
end
configure terminal
interface Tunnel1
ip address ${node2_tunnel1_ip_and_mask}
load-interval 30
tunnel source GigabitEthernet1
tunnel mode ipsec ipv4
tunnel destination ${node1_public_ip}
tunnel protection ipsec profile vti-1
bfd interval 100 min_rx 100 multiplier 3
end
configure terminal
router eigrp 1
network ${tunnel1_subnet_ip_and_mask}
bfd all-interfaces
end
EOF
### BFD Configure on Router 1 after Router2 goes throgh initial
ssh -i csr.pem -o StrictHostKeyChecking=no ec2-user@${node1_public_ip} << EOF
configure terminal
redundancy
cloud-ha bfd peer ${node2_eth1_private}
end
EOF
ssh -i csr.pem -o StrictHostKeyChecking=no ec2-user@${node2_public_ip} << EOF
configure terminal
redundancy
cloud-ha bfd peer ${node1_eth1_private}
end
EOF