Junos Automation (Scripting)
Highlighted
Junos Automation (Scripting)

SRX rescue delete and save script

‎09-18-2015 01:49 PM

I need help finding the error in a Junos Space rescue delete and save script.  Here is the script:

 

version 2.0;

/* Namespace declarations */
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

/* Imports */
import "../import/junos.xsl";

/* Junos Space specific context, name and description */
/* @CONTEXT = "/device[system-information/os-name="junos-es"]" */
/* @NAME = "Clear and Save Autorecovery" */
/* @DESCRIPTION = "Clears and then saves rescue" */
/* @ISLOCAL = "true" */
/* @EXECUTIONTYPE = "SINGLEEXECUTION" */
/* @CONFIRMATION = "Do you want to proceed?" */

var $local = jcs:open();

match / {
<op-script-results> {
<output> {

/* clear autorecovery state */
var $clear-rpc = <request-system-configuration-rescue-delete>;
var $clear-results = jcs:execute($local,$clear-rpc);

/* save autorecovery state */
var $save-rpc = <request-system-configuration-rescue-save>;
var $save-results = jcs:execute($local,$save-rpc);

expr jcs:close($local);

}
}
}

14 REPLIES 14
Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-20-2015 04:10 PM

Hi,

 

Can you provide the error output as well?

 

Tim

Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-21-2015 06:42 AM

first line:

Change version 1.0 or version 1.1

 

That "version" string has nothing to do with your script's logic; it's what tells slax which version of libslax to use.

 

 

/doug

--
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." --HST
Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-21-2015 06:53 AM
regress@vsrx-3> request system configuration rescue delete | display xml rpc
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/12.1X47/junos">
    <rpc>
        <request-delete-rescue-configuration>
        </request-delete-rescue-configuration>
    </rpc>
    <cli>
        <banner></banner>
    </cli>
</rpc-reply>

regress@vsrx-3> request system configuration rescue save | display xml rpc
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/12.1X47/junos">
    <rpc>
        <request-save-rescue-configuration>
        </request-save-rescue-configuration>
    </rpc>
    <cli>
        <banner></banner>
    </cli>
</rpc-reply>

regress@vsrx-3>

 

It also looks like you're using the wrong RPCs

 

/doug

--
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." --HST
Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-21-2015 07:06 AM
So what should it look like then?
Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-21-2015 07:25 AM

Sorry, I should have been clearer.

If you want to see what the RPC is for a given Junos command, you can just type in the command on the Junos CLI and pipe it through "|display xml rpc".   That's what I was trying to show.   

Are you invoking this as a local script on Junos Space ? (I'm guessing yes, since you have the  /* @ */ annotations in the header.)     I also removed the jcs:close() since it'll automatically close when the script exits; and I'm pretty sure that Junos Space will also terminate the session automatically for you.

Here's a version I tested on a vsrx that seems to work.  Didn't test from Space:   

version 1.0;
/* Namespace declarations */
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
/* Imports */
import "../import/junos.xsl";
/* Junos Space specific context, name and description */
/* @CONTEXT = "/device[system-information/os-name="junos-es"]" */
/* @NAME = "Clear and Save Autorecovery" */
/* @DESCRIPTION = "Clears and then saves rescue" */
/* @ISLOCAL = "true" */
/* @EXECUTIONTYPE = "SINGLEEXECUTION" */
/* @CONFIRMATION = "Do you want to proceed?" */
var $local = jcs:open();
match / {
    <op-script-results> {
        <output> {
            /* clear autorecovery state */
            var $clear-rpc = <request-delete-rescue-configuration>;
            var $clear-results = jcs:execute($local,$clear-rpc);
            /* copy-of $clear-results; */

            /* save autorecovery state */
            var $save-rpc = <request-save-rescue-configuration>;
            var $save-results = jcs:execute($local,$save-rpc);
            /* copy-of $save-results; */
        }
    }
}
--
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." --HST
Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-21-2015 07:56 AM

Thanks for the display xml rpc tip Doug i'll dig in and see what i can come up with.

Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-21-2015 08:49 AM

Tested on Junos Space, job kicks off but never finishes.  No errors in Space or on on the SRX.

Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-21-2015 11:06 AM

I never like it when someone tells me this, but... "Works for me."  ;-/

I imported that script verbatim in a space vm and ran it against my srx and it worked. I could tail /var/log/messages on the vsrx and see it do its thing.

 

So... you'll need to provide some deets:

 

1. version of SRX.  (or copy/paste "show version")

2. version of Junos Space ?

3. What is the exact sequence of steps you used to execute the script on Space ?

4. Screen cap of Job Management Screen showing results of script execution job,

5. Can you copy the script to the srx in questions and invoke it locally (e.g. rtr> op url /home/admin/srx-rescue.slax

6. What does "tail -f /var/log/messages" show ? Do you see anything like 

Sep 21 13:57:34  vsrx-3 mgd[1370]: UI_CMDLINE_READ_LINE: User 'regress', command 'op url /cf/var/home/regress/srx-rescue.slax | display xml '
Sep 21 13:57:35  vsrx-3 file[1494]: auto-snapshot is not configured
Sep 21 13:57:35  vsrx-3 file[1494]: UI_AUTH_EVENT: Authenticated user 'regress' at permission level 'j-super-user'
Sep 21 13:57:35  vsrx-3 file[1494]: UI_LOGIN_EVENT: User 'regress' login, class 'j-super-user' [1494], ssh-connection '192.168.131.1 53107 192.168.131.103 22', client-mode 'junoscript'
Sep 21 13:57:35  vsrx-3 file[1494]: UI_JUNOSCRIPT_CMD: User 'regress' used JUNOScript client to run command 'request-delete-rescue-configuration'
Sep 21 13:57:35  vsrx-3 file[1494]: UI_CHILD_START: Starting child '/usr/libexec/ui/rescue_mgmt'
Sep 21 13:57:35  vsrx-3 file[1494]: UI_CHILD_STATUS: Cleanup child '/usr/libexec/ui/rescue_mgmt', PID 1495, status 0
Sep 21 13:57:35  vsrx-3 file[1494]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Simple Network Management Protocol process', pid 1177, signal 31, status 0 with notification errors enabled
Sep 21 13:57:35  vsrx-3 file[1494]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Alarm control process', pid 1174, signal 30, status 0 with notification errors enabled
Sep 21 13:57:35  vsrx-3 file[1494]: UI_JUNOSCRIPT_CMD: User 'regress' used JUNOScript client to run command 'request-save-rescue-configuration'
Sep 21 13:57:35  vsrx-3 file[1494]: UI_CHILD_START: Starting child '/usr/libexec/ui/rescue_mgmt'
Sep 21 13:57:35  vsrx-3 file[1494]: UI_CHILD_STATUS: Cleanup child '/usr/libexec/ui/rescue_mgmt', PID 1498, status 0
Sep 21 13:57:35  vsrx-3 file[1494]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Simple Network Management Protocol process', pid 1177, signal 31, status 0 with notification errors enabled
Sep 21 13:57:35  vsrx-3 file[1494]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Alarm control process', pid 1174, signal 30, status 0 with notification errors enabled
Sep 21 13:57:36  vsrx-3 file[1494]: UI_LOGOUT_EVENT: User 'regress' logout

We'll see if we can get to the bottom of this.

However, if this is urgent, then you may want to open a JTAC case. (Help here is "catch as catch can" unfortunately.)     You'll still have to provide all the same data I asked for, if you do...

 

/doug

 

--
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." --HST
Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-22-2015 10:50 AM

I'll run it again shortly and get back to you.  I tried to run it as well on vsrx and couldn't get it to work either but i don't know what i'm doing either lol (error was error reading stylesheet).

Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-22-2015 11:25 AM

Ran tail messages and i got sshd login failed for user but if i ssh from Space with the same user i can connect, and it is the same user i'm using to run tail.  This is on an SRX210 with 12.1x46-D35.1  Space version is 14.1 R3.  We are beginning to deploy some SRX100s to our atm network with the same username but different password.  Could Junos Space be confused by the different passwords?  I did try to delete both accounts and re-add the correct one for our branch routers.  Maybe i need to re-add the routers again?

Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-22-2015 11:34 AM

You can just change the credentials for the device in Space ("Modify Authentication")

Do NOT select "change credentials on box".

 

Capture.JPG

--
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." --HST
Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎09-24-2015 08:06 AM

I'll test this out.  Putting this on the back burner while i work on an srx issue.

Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎10-08-2015 06:15 AM
Just following up it looks like my cleanup script is working even though it says the job fails. On tail -f /var/log/messages I see the connection coming in on one of my test srx 100s and a message that says "logfile turned over due to -F request" Going to look at the autorecovery script now.
Highlighted
Junos Automation (Scripting)

Re: SRX rescue delete and save script

‎10-08-2015 07:45 AM
Second follow up, for some reason I can't run the and in the same script, it has to be one or the other. For now it will probably be fine to just periodically run the script and just over write the previous rescue configuration?
Feedback