Automation

last person joined: 3 days ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.

  • 1.  Getting IKE/IPSEC security-associations from PyEZ moduies

    Posted 07-30-2014 16:14
    I'm getting started with PyEZ and I've read through Jeremy's blogs (and then some). I can't figure out how to get a list of phase 1 or phase 2 security-associations from a device object without using the cli method. Ultimately I could do cli, but I'm trying to see if there is another way. Is this possible? Grepping through the site-packages .py files didn't produce anything obvious.
    #pyezipsec


  • 2.  RE: Getting IKE/IPSEC security-associations from PyEZ moduies
    Best Answer

    Posted 07-31-2014 08:25
    Have you tried using the RPC command methods?

    https://techwiki.juniper.net/Automation_Scripting/010_Getting_Started_and_Reference/Junos_PyEZ/RPC_On_Demand

    So "get-ike-security-associations-information" would be "get_ike_security_associations_information" for what you are looking for.


  • 3.  RE: Getting IKE/IPSEC security-associations from PyEZ moduies

    Posted 07-31-2014 10:06

    You can also find a bit more information about this in a similar post in our Google Group:

     

    https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topic/junos-python-ez/sflcoX4slpw

     

    Thanks!

    -Rick



  • 4.  RE: Getting IKE/IPSEC security-associations from PyEZ moduies

    Posted 07-31-2014 11:31

    Pardon - I've just realized that the formatting on this post was all screwed up. Edited for added detail and readability. 

     

    Rick and Scott, thanks for your replies - they helped get me on the right track. I do have an issue though. I'm trying to follow along with the RPC lxml query examples and apply them to my IKE SAs usecase. My findtext queries are returning nothing (None result) and I believe I'm searching my XML correctly. Given the example lxml object dump below, what would my devobject.findtext XPath query be if I wanted to get the ike-sa-remote-address(es) node values? Tried many permutations to no avail. Using etree.dump to confirm that I am getting something back for my rpc call.

     

    In[92]: etree.dump(ikepeers)

<multi-routing-engine-results>

<multi-routing-engine-item>

<re-name>node0</re-name>

<ike-security-associations-information style="brief">
<ike-security-associations>
<ike-sa-remote-address>1.1.1.1</ike-sa-remote-address>
<ike-sa-index>XXXXX</ike-sa-index>
<ike-sa-state>UP</ike-sa-state>
<ike-sa-initiator-cookie>XXXXX</ike-sa-initiator-cookie>
<ike-sa-responder-cookie>XXXXX</ike-sa-responder-cookie>
<ike-sa-exchange-type>main</ike-sa-exchange-type>
</ike-security-associations>
<ike-security-associations>
<ike-sa-remote-address>2.2.2.2</ike-sa-remote-address>
<ike-sa-index>XXXXX</ike-sa-index>
<ike-sa-state>UP</ike-sa-state>
<ike-sa-initiator-cookie>XXXXX</ike-sa-initiator-cookie>
<ike-sa-responder-cookie>XXXXX</ike-sa-responder-cookie>
<ike-sa-exchange-type>main</ike-sa-exchange-type>
</ike-security-associations>