Security

Hello everybody.

Actually, I'm new in Junospace, and I've recently installed Junospace 13.1, and now trying to find out how it helps me with my daily routines.

The major one is configuration modifications on couple hundreds SRXs. So the question is what is the best way to do this or so to say the best practise. 

At this stage I have two options which are configlets and commit scripts. What's the best. All modifications are thoroughly based on information  inside individual devices, such as IP addresses, hence there is no input date in scripts.

Thank you in advance.

Regards,

Vyacheslav.

Hi Vyacheslav,

I have been toying around with Device Templates, CLI configlets and commit/local scripts in Space quite often. I have found that CLI configlets just aren't there yet for doing a lot of configuration.

For what you are specifically looking at doing (configuring devices based on information already there), then there is a way that CLI configlets could help. You'd have to go about it over a couple of steps:

• Create an Xpath (or Regex) search context which would basically look for the information in each device that you are trying to make the changes around.
• You can then reference that search context by creating a parameter for the values you want once you create your CLI configlet.

I would recommend though that you take a look at using a commit or "local script," if you will, within Junos Space. I use this method for when I need to make a lot of on-the-fly changes to multiple devices (we have ~500 SRX's within our Space implementation). See for example the attached script.

I searched through the config to grab the host name and the IP address of the loopback interface (lo0.0). I tweaked the host name to my liking, and then set my loopback address to be the source for my logging.

You have to make sure that you set the /* ISLOCAL = "true" */ parameter at the top of your script, just like in mine in order to be able to run it from Junos Space. I found the best way was then to create an "Operation" which uses said script to then run against multiple devices.

There is some good documentation on Juniper's TechWiki site about this as well. I strongly advise taking a look at it 🙂

Feel free to send me a private message, email me, or hit me up on Twitter if you would like any more help!

Thank you very much, Scott.

The information is really useful, especially about local scripts. I'll do some investigation regarding this and compare it with commit script, but at this stage local scripts seem more convenient.

Appreciate your help and great explanation with examples. The resources were given are also interesting.

Regards,

Vyacheslav.

Not a problem at all! Glad I could help!

Could your help me a bit with understanding of structure of local script you sent me.

Where can I read about this part of code, and what is it.

<load-configuration action="set" format="text"> {
<configuration-set> {
...

If I understood correctly, it's XML API command, but I cannot find any information regarding this.

In addition, I'd like to use "replace" command in configuration mode in my script. Is it possible to do it? using the same method.

Thank you.

🙂 Hardly had I posted the message when I found the answer.

http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/junos-xml-management-protocol-guide/junos-xml-management-protocol-guide.pdf#search=%22xml%20api%20load-configuration%22

Actually it's really hard to find information on Juniper site. What is dissappointing sometimes.