Automation

last person joined: 2 days ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.

  • 1.  update-tunnel.slax script not working

    Posted 12-16-2011 11:45

    Hey guys, I need some expert script help on thi one. I used some scripts found on the net and here on the forums, and adjusted them to meet my own requirements .I don't know the exact creator so I can't give the right honours.

     

    I have 2 vlans and 2 related vlan l3 interfaces, where the vlan.20 is the untrust interface. The ip-0/0/0 interface is the 6to4 tunnel interface.

     

    Anyway, I have 3 scripts ( 2xslt and 1 slax) to update my tunnelbroker ip, freedns dyndns and finally one to update the source ip of my ipv6 tunnel. Where the 2 first xslt scripts work perfectly the slax one fails to execute properly. When I look in the messages log I see the following logentries :

     

    [quote]

    Dec 16 21:25:27  Mordor eventd[975]: EVENTD_ESCRIPT_EXECUTION: Trying to execute the script 'update-tunnel.slax' from '/var/db/scripts/event/'
    Dec 16 21:25:31  Mordor mgd[7461]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [7461], ssh-connection '', client-mode 'junoscript'
    Dec 16 21:25:31  Mordor mgd[7461]: UI_JUNOSCRIPT_CMD: User 'root' used JUNOScript client to run command 'get-interface-information level-extra=terse interface-name=vlan.20'
    Dec 16 21:25:37  Mordor mgd[7463]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [7463], ssh-connection '', client-mode 'junoscript'
    Dec 16 21:25:37  Mordor mgd[7463]: UI_JUNOSCRIPT_CMD: User 'root' used JUNOScript client to run command 'load-configuration action="merge" format="xml"'
    Dec 16 21:25:38  Mordor mgd[7444]: UI_CMDLINE_READ_LINE: User 'root', command 'show log messages | match SCRIPT '
    Dec 16 21:25:47  Mordor mgd[7468]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [7468], ssh-connection '', client-mode 'junoscript'
    Dec 16 21:25:47  Mordor mgd[7468]: UI_JUNOSCRIPT_CMD: User 'root' used JUNOScript client to run command 'commit-configuration'
    Dec 16 21:25:47  Mordor mgd[7468]: UI_COMMIT_PROGRESS: Commit operation in progress: start loading commit script changes
    Dec 16 21:25:47  Mordor mgd[7468]: UI_COMMIT_PROGRESS: Commit operation in progress: no commit script changes
    Dec 16 21:25:47  Mordor mgd[7468]: UI_COMMIT_PROGRESS: Commit operation in progress: no transient commit scrript changes
    Dec 16 21:25:47  Mordor mgd[7468]: UI_COMMIT_PROGRESS: Commit operation in progress: finished loading commit script changes
    [/quote]

     

    It seems that it executes the script but it doesn't get the new ip of vlan.20 interface and/or doesn't update the ip-0/0/0 tunnel source.   It does seem to recognize the vlan.20 variable but more info I don't see.

     

    Here's my related junos config :

     

    [quote]

    event-options {
        policy scripts-on-wanip-change {
            events SYSTEM;
            attributes-match {
                SYSTEM.message matches "EVENT Add";
            }
            then {
                event-script tunnelbroker-net.xslt;
                event-script freedns.xslt;
                event-script update-tunnel.slax;
            }
        }
        event-script {
            traceoptions {
                file log_scripts;
                flag events;
                flag offline;
                flag output;
                flag xslt;
                flag all;
            }
            file tunnelbroker-net.xslt;
            file freedns.xslt;
            file update-tunnel.slax;
        }
    }

     

     

    [/quote]

     

    [quote]

    }
    vlans {
        LAN {
            description Internal;
            vlan-id 10;
            interface {
                fe-0/0/5.0;
                fe-0/0/4.0;
                fe-0/0/3.0;
                fe-0/0/2.0;
                ge-0/0/1.0;
                ge-0/0/0.0;
            }
            l3-interface vlan.10;
        }
        WAN {
            description External;
            vlan-id 20;
            interface {
                fe-0/0/7.0;
                fe-0/0/6.0;
            }
            l3-interface vlan.20;
        }
    }
    [/quote]

     

    [quote]

    version 1.0;
    ns junos = "http://xml.juniper.net/junos/*/junos";
    ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
    ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
    import "../import/junos.xsl";
     
    match / {
        var $ppp_iface = "vlan.20";
        var $tunnel_iface = "ip-0/0/0";

        var $rpc = {
            <get-interface-information> {
                <terse>;
                <interface-name> $ppp_iface;
            }
        }
        var $interfaces = jcs:invoke($rpc);

        /* Extract PPPoE logical interface local address */
        var $ppp_ip = $interfaces/logical-interface[name = $ppp_iface]/address-family[address-family-name = "inet"]/interface-address/ifa-local;

        /* Reconfigure tunnel source address */
        var $load_config = <load-configuration action = "merge" format = "xml"> {
            <configuration> {
                <interfaces> {
                   <interface> {
                       <name> $tunnel_iface;
                       <unit> {
                           <name> "0";
                           <tunnel> {
                               <source> $ppp_ip;
                           }
                       }
                   }
                }
            }
        }

        var $config = jcs:invoke($load_config);
        var $commit = jcs:invoke("commit-configuration");
    }
    [/quote]



  • 2.  RE: update-tunnel.slax script not working

     
    Posted 12-19-2011 14:23
    Hi, from the output it seems like the slax script is running properly, but the configuration applied from the script is not different from the active one (hence the message "no commit script changes" in the log).. Are you sure that the ip-address on vlan.20 is changing somehow? Just to make sure that the configuration loaded from the script is as you expect, you can read the event-script traceoptions file, log_scripts in your case. Just type "show log log_scripts", you should see the xml configuration loaded by the script. You may find that it is actually not different from the configuration active before the execution of the script... Let me know what you find! Mattia


  • 3.  RE: update-tunnel.slax script not working

    Posted 12-21-2011 01:07

    Thanks for your reply. Here's a snippet of the script log ...

     

    <!-- session start at 2011-12-20 20:11:14 CET -->
    <!-- No zombies were killed during the creation of this user interface -->
    <!-- user root, class super-user -->
    <rpc-reply xmlns:junos="http://xml.juniper.net/junos/11.4R1/junos" xmlns="">
    <load-configuration-results>
    <xnm:error xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">
    <token>84.195.99.151/23</token>
    <message>invalid input at '/23' in ip address '84.195.99.151/23'</message>
    </xnm:error>
    <load-error-count>1</load-error-count>
    </load-configuration-results>
    </rpc-reply>
    <!-- session end at 2011-12-20 20:11:14 CET -->

     

    I guess it doesm't like the /23 bit when applying this to the tunnel source part. Not sure how I can strip this of the variable.

     

    Thanks

     

     

     

     



  • 4.  RE: update-tunnel.slax script not working
    Best Answer

    Posted 12-21-2011 01:39

    I have been playing with the results from xml, as this is what the script will see as well :

     

    root@fw> show interfaces  | display xml | match 84.192.242.130
                            <ifa-local>84.192.242.130</ifa-local>

    root@fw> show interfaces terse | display xml | match 84.192.242.130
                            <ifa-local junos:emit="emit">84.192.242.130/19</ifa-local>

     

     

    So now, as for test, I deleted the statement <terse>; from the script, and let's see if this works.

     

    Regards



  • 5.  RE: update-tunnel.slax script not working

    Posted 12-21-2011 05:55

    it worked 🙂