Junos Automation (Scripting)
Junos Automation (Scripting)

SecurityZoneTable OpTable with NameSpace problem on SRx1500 with HA

[ Edited ]
‎02-26-2019 04:36 PM

I am trying to parse the security zones on an SRX1500 in an HA cluster and i am using the default SecurityZoneTable definition part of the op Tables shipped with Pyez.

 

**The script is shown below**

 

from jnpr.junos import Device
from jnpr.junos.op.securityzone import SecurityZoneTable
from pprint import pprint

#Create Device Instance
dev = Device(host='x.x.x.x',user='xxx',passwd='xxx')
dev.open()
zones = SecurityZoneTable(dev).get()

print(zones)

 

And the output is as shown below

 

SecurityZoneTable:10.74.33.65: 0 items

 

and it failed to parse any element

 

Below is the table definition from the Yaml File

 

SecurityZoneTable:
rpc: get-zones-information
item: zones-security
key: zones-security-zonename
view: SecurityZoneView

 

The XML Output from the SRX is as shown below

 

   <multi-routing-engine-item>
        
        <re-name>node0</re-name>
        
        <zones-information xmlns="http://xml.juniper.net/junos/15.1X49/junos-zones" junos:style="detail">
            <zones-security>
                <zones-security-zonename>prod</zones-security-zonename>
                <zones-security-send-reset>Off</zones-security-send-reset>
                <zones-security-policy-configurable>Yes</zones-security-policy-configurable>
                <zones-security-interfaces-bound>1</zones-security-interfaces-bound>
                <zones-security-interfaces>
                    <zones-security-interface-name>reth0.1004</zones-security-interface-name>
                </zones-security-interfaces>
            </zones-security>
            <zones-security>
                <zones-security-zonename>nonprod</zones-security-zonename>
                <zones-security-send-reset>Off</zones-security-send-reset>
                <zones-security-policy-configurable>Yes</zones-security-policy-configurable>
                <zones-security-interfaces-bound>1</zones-security-interfaces-bound>
                <zones-security-interfaces>
                    <zones-security-interface-name>reth0.1005</zones-security-interface-name>
                </zones-security-interfaces>
            </zones-security>
            <zones-security>
                <zones-security-zonename>vpn</zones-security-zonename>
                <zones-security-send-reset>Off</zones-security-send-reset>
                <zones-security-policy-configurable>Yes</zones-security-policy-configurable>
                <zones-security-interfaces-bound>3</zones-security-interfaces-bound>
                <zones-security-interfaces>
                    <zones-security-interface-name>st0.1</zones-security-interface-name>
                    <zones-security-interface-name>st0.10</zones-security-interface-name>
                    <zones-security-interface-name>st0.100</zones-security-interface-name>
                </zones-security-interfaces>
            </zones-security>
            <zones-security>
                <zones-security-zonename>junos-host</zones-security-zonename>
                <zones-security-send-reset>Off</zones-security-send-reset>
                <zones-security-policy-configurable>Yes</zones-security-policy-configurable>
                <zones-security-interfaces-bound>0</zones-security-interfaces-bound>
                <zones-security-interfaces></zones-security-interfaces>
            </zones-security>
        </zones-information>
    </multi-routing-engine-item>
    
</multi-routing-engine-results>
<cli>
    <banner>{primary:node0}</banner>
</cli>

I think that the problem is in the extra NameSpace in the "zones-information" element however i am unable to find a way to remove or handlee this namespace.

 

Is there any way to solve this problem.

1 REPLY 1
Highlighted
Junos Automation (Scripting)

Re: SecurityZoneTable OpTable with NameSpace problem on SRx1500 with HA

[ Edited ]
‎03-25-2019 10:07 AM

Hi Karim.

 

Please take a look at the PyEZ issue  https://github.com/Juniper/py-junos-eznc/issues/912 . There is mentioned the issue is with <multi-routing-engine-item> tags.

 

Once you update the YAML definition file (securityzone.yml) per suggestion it works. Please try to change "item: zones-security" to "item: .//zones-security".

 

 

from:
SecurityZoneTable:
  rpc: get-zones-information
  item: zones-security
  key: zones-security-zonename
  view: SecurityZoneView

to:
SecurityZoneTable:
  rpc: get-zones-information
  item: .//zones-security
  key: zones-security-zonename
  view: SecurityZoneView

 

Output from my cluster:

SecurityZoneTable:10.9.3.45: 3 items

 

 

Answer was found on Google groups thread https://groups.google.com/forum/#!topic/junos-python-ez/N-NS_n9zR-I (started by You as it seems).

 

 

Hope this helps.

Regards
Luděk Matoušek
JNCIS-ENT, JNCIS-SP, JNCIP-SEC, JNCIA-DevOps