Automation

Hi hall,

I need help to run this script which should save the configuration on a bk server when I want without write all the command.

**********************************************************************

version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";

match / {
<op-script-results> {

var $rpc = <get-software-information>;
var $result = jcs:invoke($rpc);
var $filename = "/config/juniper.conf.gz";
var $con = jcs : open();
var $ftpurl = "/var/tmp/juni.gz";

var $fileput = {
<file-put> {
<filename>$filename;
<encoding>"ascii";
<permission>'777';
<delete-if-exist>;
<file-contents>$result;
}
}

var $out = jcs:execute($con, $fileput);

expr jcs:close($con);

var $local-out = jcs:invoke($fileput);
<output> "Saving file on local host\n" _ $local-out;

var $year = substring( $localtime-iso, 1, 4 );
var $month = substring( $localtime-iso, 6, 2 );
var $day = substring( $localtime-iso, 9, 2 );
var $ora = substring( $localtime-iso, 12, 2 );
var $minut = substring( $localtime-iso, 15, 2 );
var $second = substring( $localtime-iso, 18, 2 );

var $file-copy-rpc=<file-copy>{
<source>"/config/juniper.conf.gz";
<destination>"scp://user@10.0.0.1/user/BCK/" _ $user _ "_" _ $year _ $month _ $day _ "_" _ $ora _ $minut _ $second _"_juniper.conf.gz";

}
var $results=jcs:invoke($file-copy-rpc);
<output> "Saving file on remote host\n" _ $results;
}
}

*******************************************************************

When I run the result is:

root@Router> op test
Saving file on local host

/config/juniper.conf.gz
Saving file on remote host

Permission denied, please try again.

Hi Simonev,

The error is indicative of write error on the destination.  If you can make this work from the Juniper device, then the op script should work as well:

start shell
scp /config/juniper.conf.gz user@10.0.0.1/user/BCK/3122020_juniper_config1.gz

Hope this helps.

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated :).

Hi,

I tried to add a new variable $connection to open a connection. 

It still doesn't work, but I think I'm very far from the truth....

version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";

match / {
<op-script-results> {

var $rpc = <get-software-information>;
var $result = jcs:invoke($rpc);
var $filename = "/config/juniper.conf.gz";
var $con = jcs: open();
var $ftpurl = "/var/tmp/juni.gz";

var $fileput = {
<file-put> {
<filename>$filename;
<encoding>"ascii";
<permission>'777';
<delete-if-exist>;
<file-contents>$result;
}
}

var $out = jcs:execute($con, $fileput);
expr jcs:close($con);
var $local-out = jcs:invoke($fileput);
<output> "Saving file on local host\n" _ $local-out;

var $year = substring( $localtime-iso, 1, 4 );
var $mounth = substring( $localtime-iso, 6, 2 );
var $day = substring( $localtime-iso, 9, 2 );
var $ora = substring( $localtime-iso, 12, 2 );
var $minut = substring( $localtime-iso, 15, 2 );
var $second = substring( $localtime-iso, 18, 2 );

var $dcguser = {
<username> "dcguser";
<port> "22";
}

var $connection = jcs: open("10.0.0.1", $dcguser);

var $file-copy-rpc=<file-copy>{
<source>"/config/juniper.conf.gz";
<destination>"scp://dcguser@10.0.0.1/dcguser/BCK/" _ $user _ "_" _ $year _ $mounth _ $day _ "_" _ $ora _ $minut _ $second _"_juniper.conf.gz";
}

var $results=jcs:invoke($file-copy-rpc);
<output> "Saving file on remote host\n" _ $results;
expr jcs:close($con);
}
}
************************************************************************************

Now the result is:

root@Router> op test
dcguser@10.0.0.1's password:
error: error opening connection (reading credentials)
error: Error in creating the session with "10.0.0.1" server
error: Session for server "" does not exist
Saving file on local host

/config/juniper.conf.gz
Saving file on remote host

Permission denied, please try again.

If I try to connect directly with same credential from router (OS or SHELL) via ssh or tftp to server all it's ok.

Is having all this in an automatism that I can't make it work.

Hi

Please try the following

version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";

match / {
<op-script-results> {

var $rpc = <get-software-information>;
var $result = jcs:invoke($rpc);
var $filename = "/config/juniper.conf.gz";
var $con = jcs:open();
var $ftpurl = "/var/tmp/juni.gz";

var $fileput = {
<file-put> {
<filename>$filename;
<encoding>"ascii";
<permission>'777';
<delete-if-exist>;
<file-contents>$result;
}
}

var $out = jcs:execute($con, $fileput);

expr jcs:close($con);

var $local-out = jcs:invoke($fileput);
<output> "Saving file on local host\n" _ $local-out;

var $year = substring( $localtime-iso, 1, 4 );
var $month = substring( $localtime-iso, 6, 2 );
var $day = substring( $localtime-iso, 9, 2 );
var $ora = substring( $localtime-iso, 12, 2 );
var $minut = substring( $localtime-iso, 15, 2 );
var $second = substring( $localtime-iso, 18, 2 );

var $file-copy-rpc=<file-copy>{
<source>"/config/juniper.conf.gz";
<destination>"ftp://dcguser:password@10.0.0.1/" _ $user _ "_" _ $year _ $month _ $day _ "_" _ $ora _ $minut _ $second _"_juniper.conf.gz";

}
var $results=jcs:invoke($file-copy-rpc);
<output> "Saving file on remote host\n" _ $results;
}
}

Also please check your permission on the backup server.

Thanks raviky,

but I would like to know if it is possible to use scp or sftp and how. 
I can't use ftp because there is a firewall.

Do you have any suggestions to give me?

Simone

Hi Simone

Could you use sftp instead of ftp in the script and check if you are able to get it work ?

Hi Raviky,

this is the result:

ssh: Could not resolve hostname sftp: hostname nor servname provided, or not known.

probably so there is a syntax problem, but i think then i will have the same ssh problem. 

I think that as in linux for ssh sessions in automatic scripts you have to use public keys.

although using the "set archive" command I have seen that the juniper already has a key saved for this server. I don't understand why it doesn't use that for the script ...

Hi

Did the op script work with simple ftp for you ? Did we try the one i pasted earlier ? That script is working with ftp so it should not have any syntax error. Once that is done then try using sftp with archive option enabled. If there is no syntax error then with ftp the script should work and with sftp you should see key verification error i guess.

Thanks

I can't use or test ftp because there is a firewall in front of me...

sftp and scp use a different way of opening the session from ftp. first they give you the prompt and then they ask you for the password.

you can't insert sftp://user:password@ip or scp://user:password@ip because junos appears to be unable to read the format for these protocols. Indeed the system output is:

ssh: Could not resolve hostname sftp: hostname nor servname provided, or not known.

can anyone post a slax or python script that opens an ssh session and does something on another router / server?

or is this impossible because the system is limited?

Hello Simonev,

This python script works from a server to login to a Junos device and copy out a config file.  If you run this script periodically, believe that achieves your purpose.

import datetime  # To record a time stamp of downloaded files
import paramiko  # https://github.com/paramiko/paramiko for SCP and any commands that don't require parsing the output.
from scp import SCPClient  # To SCP files off the box
 
def scp_config(ip,hostname, username,password):
    """ Purpose:
            Download the device config.

        Parameters:
            ip - IP address for device
            hostname - User selected device
            username - User provided username for SCP session
            password - User provided password for SCP session
    """
    scp_source = '/config/juniper.conf.gz'
    scp_dest = './%s_%s.conf.gz' % (hostname, datetime.date.today())
    try:
        ssh = paramiko.SSHClient()
        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        ssh.connect(ip, port=22,username=username,password=password)
        scp = SCPClient(ssh.get_transport())
        scp.get(scp_source, scp_dest)
        print('Received %s from %s at %s' % (scp_source, hostname,ip))

    except paramiko.AuthenticationException:
        print('Bad username or password for %s at %s\n' % (hostname, ip))
        return

    except:
        print('%s Undefined error received. Check username, password and permissions.' % hostname)
        return

    return


scp_config('10.1.1.1','QFX','labroot','lab123')

There are more ways to login and do things with Python, especially using "getpass" to hide your password if need be.  Check here: https://www.juniper.net/documentation/en_US/junos-pyez/topics/task/program/junos-pyez-connection-methods.html

Hope this helps.

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated :).

Hi 

Below python scriptthat works to transfer file from the local device to a remote server.

It will prompt for the server ip, username and password and transfer the juniper.conf.gz to the destination server. Please edit the destination directory as per the requirement.

import paramiko
import sys #Used for the stdout,stdin,stderr
import socket
import re #This is for regular expression although not used in this program
from paramiko import SSHClient 
from scp import SCPClient
import paramiko
import getpass
from pprint import pprint 
import time
import subprocess, platform

def ping_test(sHost): #This function is to test the ping to the server and return True only when the respective node is reachable.
try:
output = subprocess.check_output("ping -{} 1 {}".format('n' if platform.system().lower()=="windows" else 'c', sHost), shell=True)

except Exception, e:
return False

return True

def credentials(): #This function is to get the linux credentials to provide to -server.
global _server #defining the global variable.
global user
global passwd
_server = raw_input("Please enter the -server ip or hostname: ")
_server = _server.strip()

if ping_test(_server) is True:
print'_server is Accessible'
else:
print'Unable to connect to the _server'
sys.exit()
user = raw_input("Please enter the username: ")
user = user.strip()
passwd = getpass.getpass("Password: ")

def scp():
credentials()
print ('Accessing _server %s' % (_server))
try:
client = paramiko.SSHClient() #Using the paramiko package SSHClient to access the -server.
client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) #This is required to bypass the requirement of host keys.
client.connect(_server, username=user, password=passwd, timeout = 10)
except:
print ('Unable to connect _server %s' % (_server))

print ('Connected to %s' % (_server))
sftp = client.open_sftp()
sftp.put('/config/juniper.conf.gz','/var/tmp/juniper.conf.gz')
sftp.close()
client.close()

scp()

Hope this helps

Hy Raviky,

your script did not work on my junos (I don't know why), but it gave me the right idea to finally write a script that does what I needed .... 🙂

This is my script:

#######################################################

#these imports are for ssh, date time and juniper info.

from junos import Junos_Context
import paramiko
from datetime import datetime
import jcs

user = Junos_Context['user-context']['login-name']
hostname = Junos_Context['hostname']
now = datetime.now()
day = now.strftime('%Y%m%d')
hour = now.strftime('%H%M%S')

#these are used to enter remote server ip, login and password

host = '10.0.0.1'
login = 'mylogin'
passw = 'mypassword'

#Sets up the ssh session and logs in as login "mylogin" with password "mypassword"
#to host '10.0.0.1'
#Also added "look_for_keys=False" and "allow_agent=False".
#Hopefully this is clear, if we can't establish a connection, we'll set "chan" to false.
#otherwise the configuration file is saved in the defined folder of the server
#with all the data of who saved the file and when.
#"All it's ok" message when done.

try:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host, username=login, password=passw, look_for_keys=False, allow_agent=False)
chan = ssh.invoke_shell()
except:
print "Login to %s failed" % (host,)
chan = False

if chan:
sftp = ssh.open_sftp()
sftp.put('/config/juniper.conf.gz','/backups/config/%s_%s_%s_%s_juniper.conf.gz' % (user,hostname,day,hour))
sftp.close()

ssh.close()

print "All it's OK %s ! " % (user,)

else:
print "Sorry, there is no connection to the host %s" % (host,)

##########################################end##############################

thanks to all!

Hi 

The python script might not have worked may be due to old junos code. I ran this script on 18.1. But this should server the purpose.

Glad to help.