Automation
Automation

Scripting How-To: Convert between zone-defined and global address books

by Cordelia on ‎08-10-2015 06:34 PM - edited on ‎09-11-2017 03:45 PM by Administrator Administrator (1,141 Views)

Convert Between Zone-Defined and Global Address Books

 

For SLAX version 1.0 and higher, you can run the upgrade script to convert address books from a zone-defined address book (Junos OS Release 11.1 and earlier) to a global address book, and vice versa.

 

You can also run the downgrade script to convert address books from global address books to zone-defined address books.

 
Source Code and GitHub Links
 
The source code below is also available from the following GitHub locations:

 

SLAX Script Contents (Upgrade Version)

 
001	/*
002	*
003	*    NAME: addr-book-upgrade.slax
004	*    PURPOSE: This op script is used to convert address book from zone-defined
005	*             address books (used by Junos 11.1 and earlier version) to global
006	*             address book. User can run it after upgrade to Junos to 11.2 or
007	*             later version.
008	*
009	*
010	*    CREATED: 08/23/11
011	*    BY: Jingbo Ni
012	*    VERSION: 1.01
013	*    Change Notes:
014	*    (1) Removed dead code and cleaned indentation messed up by Eclipse
015	*    (2) Removed root sys check:
016	*        (a). The CLI command used for vsys check is no longer supported since 11.4
017	*        (b). Originally did vsys check to make sure the script won't be executed by non-root vsys.
018	*             But it's unnecessary as the scripts is not visible in non-vsys
019	*
020	*    Platform supported: all SRXs (branch and high-end)
021	*
022	*    MODIFICATION HISTORY:
023	*        V1.00 = Initial release
024	*
025	*/
026	 
027	version 1.0;
028	ns junos = "http://xml.juniper.net/junos/*/junos";
029	ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
030	 
031	ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
032	import "../import/junos.xsl";
033	 
034	match / {
035	 
036	 
037	        /* Check version. If >= 11.1, do address book conversion */
038	        var $version = { call get-junos-version(); }
039	        if ($version > 11.1) {
040	                var $conn = jcs:open();
041	 
042	                <op-script-results> {
043	 
044	                        <output> "Converting old address books in the committed configuration database to " _ $version _ " address books ...";
045	                        var $rpc = <get-configuration database="committed"> {
046	                                <configuration> {
047	                                        <security> {
048	                                                <zones>;
049	                                        }
050	                                }
051	                        }
052	 
053	 
054	 
055	                        var $lsys-rpc = <get-configuration database="committed"> {
056	                                <configuration> {
057	                                        <logical-systems>;
058	                                }
059	                        }
060	 
061	                        var $root-sys-zones := jcs:execute($conn, $rpc);
062	 
063	 
064	                        var $lsys := jcs:execute($conn, $lsys-rpc);
065	 
066	 
067	                         /* Loop through all zones to convert their address books */
068	                        var $cfg := <configuration> {
069	                                if ( $root-sys-zones//address-book ) {
070	                                                <security> {
071	                                                        call  gen-upgrade-cfg ( $zones = $root-sys-zones );
072	                                                }
073	                                }
074	                                if ($lsys//security/zones//address-book) {
075	                                                for-each ( $lsys//security ) {
076	                                                        <logical-systems> {
077	 
078	                                                                <name> ../name;
079	                                                                <security> {
080	                                                                        call gen-upgrade-cfg ( $zones = . );
081	                                                                }
082	                                                        }
083	                                                }
084	                                }
085	                        }
086	 
087	 
088	                        copy-of $cfg;
089	 
090	 
091	                        /* Loop through all old style address books configured in logical-systems
092	                         * Normally it should not be a upgrade concern because older versions simply don't have
093	                         * logical system concept. But we take care of it anyway to cover the case in which
094	                         * a user may run the upgrade script after configuring old style address books in logical systems.
095	                         */
096	 
097	                        if ( $cfg//security/address-book ) {
098	                                var $result := { call jcs:load-configuration($connection = $conn, $configuration = $cfg); }
099	 
100	                                if( $result//xnm:error ) {
101	                                                <output> "ERRORS OCCURRED:\n\t";
102	                                        for-each( $result//xnm:error ) {
103	                                                <output> message;
104	                                        }
105	                                        <output> "Unable to perform upgrade. Nothing committed.\nPlease commit or clean up your modifications and try again.";
106	                                } else {
107	                                        <output> "Address books conversion completed and committed.";
108	                                }
109	                        } else {
110	                                        <output> "No address book converted.";
111	                        }
112	 
113	          }
114	                var $close = jcs:close($conn);
115	        }
116	 
117	}
118	/* End of match */
119	 
120	/*
121	 * Template the get the running JUNOS version
122	 */
123	template get-junos-version() {
124	 
125	     var $osrelease = jcs:sysctl("kern.osrelease", "s");
126	 
127	     var $version = jcs:split("[IRBSX-]", $osrelease, 2);
128	 
129	     expr $version[1];
130	}
131	 
132	template gen-upgrade-cfg ( $zones )
133	{
134	        for-each( $zones//security-zone ) {
135	                if ( .//address-book/address ) {
136	                        /* If there're old address books */
137	                        var $zone = ./name;
138	                        var $bookname = $zone _ "-address-book";
139	 
140	                        /* Delete old style address book from zone */
141	                        <zones> {
142	                                <security-zone> {
143	                                        <name> $zone;
144	                                        <address-book delete="delete">;
145	                                }
146	                        }
147	 
148	                        /* Add new address books */
149	                        <address-book> {
150	                                <name> $bookname;
151	                                /* Ideally we should use "copy-of .". But it consumes too much memory! */
152	                                for-each( ./address-book/address ) {
153	                                        <address> {
154	                                                <name> ./name;
155	                                                if ( ./ip-prefix ) {
156	                                                        <ip-prefix> ./ip-prefix;
157	                                                } else if ( ./dns-name ) {
158	                                                        <dns-name> {
159	                                                                <name> ./dns-name/name;
160	                                                                if ( ./dns-name/ipv6-only ) {
161	                                                                        <ipv6-only>;
162	                                                                } else if (./dns-name/ipv4-only) {
163	                                                                        <ipv4-only>;
164	                                                                }
165	 
166	                                                         }
167	 
168	                                                 } else if ( ./wildcard-address ) {
169	                                                        <wildcard-address> {
170	                                                                <name> ./wildcard-address/name;
171	                                                        }
172	                                                 }
173	                                         }
174	                                 }
175	 
176	 
177	 
178	                                 for-each( ./address-book/address-set ) {
179	                                        <address-set> {
180	                                                <name> ./name;
181	                                                for-each (./address) {
182	                                                        <address> {
183	                                                                <name> ./name;
184	                                                        }
185	                                                }
186	                                                for-each (./address-set) {
187	                                                        <address-set> {
188	                                                                <name> ./name;
189	                                                        }
190	                                                }
191	                                         }
192	                                 }
193	 
194	                                 /* Attach the address to the zone where it is found */
195	                                 <attach> {
196	                                        <zone> {
197	                                                <name> $zone;
198	                                        }
199	                                 }
200	                        }
201	               }
202	        }
203	}

 

SLAX Script Contents (Downgrade Version)

 

01	<?xml version="1.0"?>
02	<script>
03	  <title>addr-book-upgrade.slax</title>
04	  <alternate>addr-book-downgrade.slax</alternate>
05	  <author>jni</author>
06	  <synopsis>
07	    These op-scripts are used to convert address book from zone-defined address books to global address book, and vice versa.
08	  </synopsis>
09	  <coe>op</coe>
10	  <type>installation</type>
11	 
12	  <description>
13	Run the upgrade script to convert address book from zone-defined address books
14	(applicable in Junos 11.1 and earlier) to global address book (applicable in
15	11.2 and later). Run the downgrade script to convert address book from global
16	address book to zone-defined address books.
17	  </description>
18	 
19	  <keyword>installation</keyword>
20	 
21	  <xhtml:script xmlns:xhtml="http://www.w3.org/1999/xhtml"
22	                src="../../../../../web/leaf.js"
23	            type="text/javascript"/>
24	</script>