Automation
Automation

Scripting How-To: Automation of peer AD’s single-homed satellite software upgrade

by Juniper Employee on ‎08-02-2016 11:32 AM - edited on ‎08-23-2017 10:50 AM by Administrator Administrator
08.02.16   |   11:32 AM

 The Junos Fusion system allows you to configure a satellite as:

 

  • single homed e.g. satellite having cascading link(s) to only one of the aggregation devices in a dual aggregated device setup or
  • dual homed e.g. satellite having cascading link(s) to both the aggregation devices in a dual aggregated device setup.

 

tmp2.png

 

Figure: Dual aggregated Junos Fusion system

Satellite Device 01 and Satellite Device 04 – Single Homed

Satellite Device 02 and Satellite Device 03 – Dual Homed

 

To upgrade the system software for satellite device(s) that are dual homed, user can execute

“request system software add </path/to/image> satellite <fpc-slot>” or

“request system software add </path/to/image> upgrade-group <group-name>”

to initiate the installation from one of the aggregation devices on which the SNOS package is present.

 

However, for single homed satellite device(s), the user is required to login to the respective aggregation device, copy the SNOS package to this aggregation device, and then initiate the software upgrade of the satellite device(s).

 

To simplify the installation process, i.e. have a single point of operation (one of the aggregation devices), and reduce the manual intervention needed for software upgrade on remote single homed satellite device(s), this SLAX script could be used to copy the satellite software image from one of the aggregation devices to the other, and allows user to upgrade the remote aggregation device’s single homed satellite(s). The user would need to copy this operational script onto the aggregation device where the satellite software image is present and execute the operational cli command to initiate the installation process.

 

To enable the op script, see: https://www.juniper.net/techpubs/en_US/junos15.1/topics/usage-guidelines/automation-enabling-an-op-s...

 

SLAX Solution:

 

With SLAX automation, the given script does the following:

  • Copies satellite software package to the peer-ad and
  • Starts the software upgrade on the peer AD’s single homed satellite device or upgrade group with a single op command 

Usage:

 

Syntax:

op remote-satellite-upgrade

  Possible completions:

     filename       <path and package-name>

     host           <remote host name or IP address>

     force          <true to ignore warnings>

     satellite      <remote satellite fpc number>

     upgrade-group  <remote satellite upgrade group>

 

 

Description:

Install a satellite software package or bundle on a single homed satellite device or upgrade-group of peer aggregation device in Junos Fusion dual AD setup.

 

Options:

filename       required argument

               Value: Path to the image file

 

host           required argument

               Value: Host name or IP address in case of Junos Fusion peer ICCP address

               This value will be used to copy image and install on remote side

 

force          optional argument

               Value: true | false

               To force image installation to ignore warning, default value is true

 

satellite      optional argument only if ‘upgrade-group’ is used

               Value: fpc number

               To install satellite software package on requested satellite with fpc number

 

upgrade-group  optional argument only if ‘satellite’ is used

               Value: software upgrade group name

               To install satellite software package on requested software upgrade group

 

Sample output:

root@JUNOS-FUSION-01> op remote-satellite-upgrade filename /var/tmp/satellite-15.1-20160522_s3_linux_v44.0-signed.tgz upgrade-group EX4300-SDs host 10.1.1.2 force false

 

!! Generating the ssh public key !!!

!!! Copying the ssh public key on the remote machine to the list of known hosts !!!

!!! Copying the SNOS package on the remote aggregation device !!!

!!! Installing the SNOS package on the remote aggregation device's single homed satellite(s) !!!

 

hup

 

Validating image /var/tmp/satellite-15.1-20160522_s3_linux_v44.0-signed.tgz

 

Metatags extracted

Version '15.1-20160522_s3_linux_v44.0' already exist

Replacing with incoming package

Satellite package version is '15.1-20160522_s3_linux_v44.0'

Unpacking package

 

Provisioning group <EX4300-SDs> with satellite package version '15.1-20160522_s3_linux_v44.0'

Request processed successfully

 

Pushing satellite image version '15.1-20160522_s3_linux_v44.0' to re1

re1:

hup

Extracting image /var/tmp/satellite-15.1-20160522_s3_linux_v44.0-signed.tgz

Metatags extracted

Satellite package version is '15.1-20160522_s3_linux_v44.0'

Unpacking package

Updating satellite-groups from master

 

 

SLAX script details:

 

Arguments:

$filename      - **REQUIRED** Path to the image to be installed.

$host          - **REQUIRED** Host Name/IP address or ICCP IP

$force         - *OPTIONAL* force addition of package (ignore warnings)

               - true/false [true]

$satellite     - *OPTIONAL* FPC slot of satellite system

$upgrade-group - *OPTIONAL* Satellite upgrade group name

 

Templates:

generate-sshkey       generate ssh public key on local box

copy-sshkey           copy ssh public key to remote server for authentication

copy-file             copy junos image to remote box

install-image         install junos image on the box

build-command-string  build the cli to install junos image on given re        

 

Implementation details:

 

  • The script takes two necessary arguments – filename and host.
    • filename should point to the SNOS software image that is to be installed on the remote AD’s single homed SD and is expected to be downloaded on the local device by the user before beginning the script execution.
    • host is the IP address / name of the remote aggregation device to which single homed satellite device is connected. In the case of Junos Fusion, the ICCP address can be used as host IP.
  • For installing the software image there is one optional argument – force
    • force would ignore the warnings at the time of installation. Default force is false.
  • There are two mutually exclusive arguments to specify the target for SNOS image installation – upgrade-group and satellite.
    • satellite option allows to pass the fpc-slot of the satellite device to be upgraded.
    • upgrade-group option can be used to specify a group of satellite devices to be upgraded. The upgrade group must be configured on the remote aggregation device.

You can use either of the options to upgrade the satellite device(s).

  • The script generates an ssh key on the local aggregation device using generate-sshkey
  • The id_rsa.pub key generated is then copied to the list of known users on the peer aggregation device using copy-sshkey The copy-sshkey template uses file-put rpc to copy the content of the key on the remote server. This step is required to facilitate image copy without using a password.
  • The image present at path passed as filename is then copied to the /var/tmp of the remote device using copy-file template which uses file-copy rpc.
  • After copying the image, based on the options passed as argument (satellite or upgrade-group) the install-image template would generate a string and execute the cli to initiate the SNOS software image installation on the satellite device(s).

 

/**************************************************************************
Script 			- 	update-sd.slax
Author 			- 	Dharmik Thakkar  (dharmikt@juniper.net)
		 		Anil Kumar A 	 (anilak@juniper.net)
		 		Rushi Trivedi	 (rtrivedi@juniper.net)
Functionality 	        -	This slax script installs SNOS software on specified
				satellite devices/upgrade groups in junos fusion.
***************************************************************************/

version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

import "../import/junos.xsl";

/**************************************************************************
List of arguments for the script - 
$filename 		- **REQUIRED** Path to the image to be installed.
$host 			- **REQUIRED** Host Name/IP address or ICCP IP
$force 			- *OPTIONAL* force addition of package (ignore warnings) - true/false [true]
$satellite		- *OPTIONAL* FPC slot of satellite system
$upgrade-group 	        - *OPTIONAL* Satellite upgrade group name
***************************************************************************/

var $arguments = {
     <argument> {	
          <name> "filename";
          <description> "**REQUIRED** Path to the image to be installed."; 
     }
     <argument> {	
          <name> "host";
          <description> "**REQUIRED** Host Name/IP address or ICCP IP"; 	
     }
     <argument>{
     	  <name> "force";
     	  <description> "*OPTIONAL* force addition of package (ignore warnings) - true/false [true]";
     }
     <argument>{
     	  <name> "satellite";
     	  <description> "*OPTIONAL* FPC slot of satellite system";
     }
     <argument>{
     	  <name> "upgrade-group";
     	  <description> "*OPTIONAL* Satellite upgrade group name";
     }
}

param $host;
param $filename;
param $force = "true";
param $satellite = "none";
param $upgrade-group = "none";
var $username = "root";
var $password = "Embe1mpls";
/*
var $filename = "/var/tmp/junos-install-ex92xx-x86-64-16.1-20160622.1.tgz";
var $host="10.1.1.2";
*/


/*
template get-iccp-link($local){
		var $iccp = <get-inter-chassis-control-protocol-information>;
		var $out = jcs:execute($local,$iccp);
		var $pattern = "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}";
		var $peer_ip = jcs:regex($pattern,$out);
		expr $peer_ip;
}
*/

/**************************************************************************
template 	-	generate-sshkey
arguments 	- 	*$local* ->	"handle to local connection"
functionality	-	generate ssh public key on local box
***************************************************************************/

template generate-sshkey($local){
	
	var $remove_gen = {
    	<request-shell-execute> {
				<command> "rm -f /root/.ssh/id_rsa";
		  }
	}
	var $add_gen = {
	 	<request-shell-execute> {
			<command> 'ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ""';
		}
	}
	var $cat = {
		<request-shell-execute>{
			<command> 'cat /root/.ssh/id_rsa.pub';
		}
	}

	var $rem-key = jcs:execute($local,$remove_gen);
    var $add-key = jcs:execute($local,$add_gen);
	var $key = jcs:execute($local,$cat);
	expr $key;

}


/**************************************************************************
template 	-	copy-sshkey
arguments 	- 	*$local* 	  -> "handle to local connection"
			*$connection*     -> "handle to remote server connection"
functionality	-	copy ssh public key to remote server for authentication
***************************************************************************/

template copy-sshkey($local, $connection){
	
	var $get-key = {
		<request-shell-execute> {
			<command> "cat /root/.ssh/id_rsa.pub";
		}
	}  
	var $key = jcs:execute($local,$get-key);
	if ($key//xnm:error) {
		 copy-of ($out//xnm:error);
	}
	
	var $fileput = {
		   <file-put> {
				<filename>"/root/.ssh/authorized_keys";
				<encoding>"ascii";
				<permission>"0644";
				<delete-if-exist>;
				<file-contents> $key;
			}
	}
	var $out = jcs:execute($connection, $fileput);
	if ($out//xnm:error) {
		 copy-of ($out//xnm:error);
	}
	
	var $cat = {
	<request-shell-execute>{
		<command> 'cat /root/.ssh/authorized_keys';
		}
	}
	var $temp = jcs:execute($connection,$cat);
	if ($temp//xnm:error) {
		 copy-of ($out//xnm:error);
	}
	expr $temp;
}

/**************************************************************************
template 	-	copy-file
arguments 	- 	*$local* -> "handle to local connection"
			*$host*  -> "remote server name/ip"
functionality	-	copy junos image to remote server
***************************************************************************/

template copy-file($local, $host){
	var $dest_filename = 'root@'_ $host _ ':/var/tmp';
    	var $copy-rpc = <file-copy> {
        	<source> $filename;
        	<destination> $dest_filename;
    	};
		var $out = jcs:execute($local, $copy-rpc);
		expr $out;
}

/**************************************************************************
template 	-	install-image
arguments 	- 	*$connection* 	-> "handle to remote server connection"
			*$filename*   	-> "path to junos image to be installed"
			*$force*	-> "force addition of package"
			*$satellite*  	-> "FPC slot of satellite system"
			*$upgrade-group -> "Satellite upgrade group name"
functionality	-	install snos image on the satellite device on remote AD
***************************************************************************/

template install-image($connection, $filename, $force, $satellite, $upgrade-group) {
    
    if( not( $filename ) ) {
        <xsl:message terminate="yes"> "You must specify the SNOS upgrade file.";
    }
    if( ($satellite == "none") && ($upgrade-group == "none")){
    	<xsl:message terminate="yes"> "You must specify either of the options - satellite / upgrade-group.";
    }
    var $sd-upgrade-string = { 
        call build-command-string( $filename, $force, $satellite, $upgrade-group ); 
    }
    var $sd-command = <command> $sd-upgrade-string;
    
    var $result = jcs:execute($connection, $sd-command );

    for-each( $result//text() ) {
        expr jcs:output( . );
    }
}

/**************************************************************************
template 	-	build-upgrade-string
arguments 	- 	*$filename*     -> "path to junos image to be installed"
			*$force*	-> "force addition of package"
			*$satellite*  	-> "FPC slot of satellite system"
			*$upgrade-group -> "Satellite upgrade group name"
functionality	-	build the cli to install snos image on given sd
***************************************************************************/

template build-command-string($filename, $force, $satellite, $upgrade-group) {
	
	if($satellite == "none"){
		if($force == "true"){
			expr "request system software add " _ $filename _ " upgrade-group " _ $upgrade-group _ " force ";
		}else{
			expr "request system software add " _ $filename _ " upgrade-group " _ $upgrade-group ;
		}
	}else{
		if($force == "true"){
			expr "request system software add " _ $filename _ " satellite " _ $satellite _ " force ";
		}else{
			expr "request system software add " _ $filename _ " satellite " _ $satellite ;
		}
	}
}

/**************************************************************************
template 	-	match
functionality	-	main template to start script execution
***************************************************************************/

match /{
	<op-script-results> {
		var $local = jcs:open();
		var $connection = jcs:open($host, $username, $password);
		if ($connection) {
			expr jcs:output("!!! Generating the ssh public key !!!");
			var $cat-key := {call generate-sshkey($local);}
			expr jcs:output("!!! Copying the ssh public key on the remote machine to the list of known hosts !!!");
			var $copy := {call copy-sshkey($local,$connection);}
			expr jcs:output("!!! Copying the SNOS package on the remote aggregation device !!!");
			var $copyfile := {call copy-file($local, $host);}
			expr jcs:output("!!! Installing the SNOS package on the remote aggregation device's single homed satellite(s) !!!");
			var $other-re := {call install-image($connection, $filename, $force, $satellite, $upgrade-group);}
			expr jcs:close($connection);
		}else{
			<output> "No connection to host.";
		}
		expr jcs:close($local); 
	}
}