Automation

Hello,

 

I'd like to find or get some guidance on a script to do the following:

 

Read IP address of switch from a text file

Log into many switches (over 100) using those IP's (with proper credentials of course)

Make a config change

Log out

 

I'm sure a lot of admin's out there have faced this task, and it seems like someone would have found a way to make this happen.

 

The config change seems irrelevant to the guts of the script, and I don't know what the change is yet.  I just know this requirement is coming soon.

 

Anyone know of an existing script that can help with such a task, and where to find it?

 

If no such script exists, I'll do my best to write one and post it here.  The learning curve will be pretty steep for me though. 

 

[edits were for spelling, not content]

 

Thanks,

 

Ted

This is more of a task for something like expect. expect is a scripting language that enables the mechanisation of interactive sessions such as telnet, ssh or ftp. It can take input from a file (your ip address/hostname list) and process a loop once for each entry in the file, executing the JUNOS configuration commands you want to use within each loop. I've used it extensively on UNIX hosts for exactly this purpose. There used to be a dos/windows version but I haven't check to see if it is still current. See here http://en.wikipedia.org/wiki/Expect for examples.

Great, thanks ffc!

Hi Ted,

 

One approach here is you can create a Junos op script on one device and have it perform the configuration on another box.  You use jcs:open( $target, $username, $password) and the remainder of the script will work as if you were configuring the local device. 

 

So if you have a text file with a list of ip-addresses, you can read that file and iterate over each line item using jcs:break-lines(), create a connection to the device via jcs:open(), perform the configuration change, and then close the connection with jcs:close().

 

Cheers,

-- Jeremy

Hi,
Another possibility is to use the junoscript perl client; you can install it on a server which will load and commit the configuration on a number of routers...I am currently working on it, I'll provide you some examples next days! Of course you can refer to the junoscript api guide and to the examples scripts included within the junoscript software package.
Regards,
Mattia

Thanks for the suggestions folks!

 

I'm looking into Expect and will post if I come up with something.  Please let me know if you try one of the other methods and it works.  I'll post my script once I get it running and tested.

 

Ted

As promised, here's a simple expect script to login to a Juniper device, make a change, and terminate.  I named it jun-ssh, and it was run on an Ubuntu Linux system.  Before it will run, you have to do a chmod +x jun-ssh to make it executable.  After that, just type expect jun-ssh.

 

#!/usr/local/bin/expect --
spawn ssh 192.168.1.1
expect "password:"
send "SooperSecr3tPassword\r"
expect "firewall>"
send "configure\r"
expect "firewall#"
send "set system domain-name home2.com\r"
expect "firewall#"
send "commit confirmed 10\r"
expect "^commit complete$"
send "commit\r"
expect "^commit complete$"
send "exit\r"
expect "firewall>"
send "exit\r"

 This script just changes the domain-name from whatever it was prior to running the script to home2.com, but you could substitute any commands you want.  I have to enahnce it to read from a list of IP's to make the connections, and to write out errors to a file, but the basic idea works.

Hi,

 

I have a simple shell script send_conf_to_juniper.sh for that. The prerequisite is ssh access with key authentication. Otherwise you need to enter your router password for every router. There are some special features it has:

 

• you can list all your router names in file and let it read it instead of listing router names in command line
• it asks before sending configuration to every router (use "yes | send_conf_to_juniper.sh" to bypass it)
• you can put %LOCAL_ROUTER_NAME% to config file and it will be replaced with router name without domain (for banner setup for instance)
• you can load config to router but not commit it automatically by -l NOCOMMIT

 

#!/bin/sh

function usage()
{
	[ "$1" ] && echo "ERROR: $1" >&2
	echo "usage: $0 [-l commitlog] <configfile(s)..> [router(s)..]" >&2
	exit 1
}

if [ "$1" = "-l" ]; then
	shift
	LOG="${1:-NOCOMMIT}"
	shift
fi

while [ "$1" ]
do
	if [ -f "$1" ]; then
		CNFLIST+=" $1"
		LOGLIST+=" ${1#*/}"
	else
		RTRLIST+=" $1"
	fi
	shift
done

[ "$CNFLIST" ] || usage
[ "$LOG" ] || LOG="! update:$LOGLIST"

routers=${RTRLIST:-$(cat /your/list/of/all/juniper-routers.txt)}
for router in $routers
do
	LOCAL_ROUTER_NAME=$router
	(echo $LOCAL_ROUTER_NAME | egrep -v -s -q '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$') && LOCAL_ROUTER_NAME=${router%%.*}

	echo -n "Upload config to ${LOCAL_ROUTER_NAME} ? [Y/n] "
	read a
	echo -n "$a" | egrep -q '^(n|N|no|No|NO)$' && continue


	(cat <<EOT
<?xml version="1.0"?>
<junoscript version="1.0">
EOT
	[ "$LOG" != "NOCOMMIT" ] && cat <<EOT
  <rpc>
    <lock-configuration/>
  </rpc>
EOT
	cat <<EOT
  <rpc> 
    <load-configuration format="text" action="replace">
      <configuration-text>
EOT
	cat $CNFLIST \
	| sed "s/%LOCAL_ROUTER_NAME%/${LOCAL_ROUTER_NAME}/g" \
	| sed 's/&/\&amp;/g' \
	| sed 's/</\&lt;/g' \
	| sed 's/>/\&gt;/g'
	cat <<EOT
      </configuration-text>
    </load-configuration>
  </rpc>
EOT
[ "$LOG" != "NOCOMMIT" ] && cat <<EOT
  <rpc>
    <commit-configuration>
      <log>$LOG</log>
    </commit-configuration>
  </rpc>
  <rpc>
    <unlock-configuration/>
  </rpc>
EOT
	cat <<EOT
</junoscript>
EOT
	) | ssh $router xml-mode
done

 

Just throwing this out.. But IMHO a script to run on a JUNOS box to config other boxes is a hack..

 

Why not use a config management system? We use HP's Opsware Automation tool for our network devices. Very awesome.

Hi BuckWheat,

 

Thanks for your input.  The script will run on a separate system, most likely Linux, not on a JUNOS box. 

 

I agree that a more systematic/organized approach is desireable, but it's not going to happen right away.  I'm finding that there are some pretty sophisticated solutions that are based on Expect out there too.

 

Ted

Very cool scripting Cougar,

 

Thanks!