Junos Automation (Scripting)
Highlighted
Junos Automation (Scripting)

simple script for Junos Space

‎10-09-2014 10:59 AM

Does anyone now how i could create a simple script in Junos Space to delete the recovery on an SRX and then create a new one?

19 REPLIES 19
Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

[ Edited ]
‎10-09-2014 12:03 PM

At this time, I'm not sure of a way that you can do that from Space (running operation mode commands).

 

You might be able to create an OP script that will save your config to a file (locally), and delete an existing one, then import that into Space and run it from there.

Scott Ware
Security Engineer
Juniper Ambassador
Twitter: @scottdware
Skype: scottdware
scottdware@gmail.com

"Do. Or do not. There is no try." - Yoda
Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

[ Edited ]
‎10-14-2014 07:27 AM

Hi,

 

You could try something along the lines of the following.  This would be a SLAX script that you would only need to import into Junos Space as the script will be executed within Space against the selected device.

 

To execute the script once it has been imported, you would need to go to the Device Management view, and then right-click a device and select Device Operations | Execute Scripts 

 

The script is very basic, and would need to be modified to produce nice HTML output within the results window, but it is certainly a starting point to perform the steps via a SLAX script executed from within Junos Space.

 

As you can see in this example, the script performs a number of RPC's, which involves making a query to the autorecovery state (<get-system-autorecovery-state>), clearing the current autorecovery state (<request-system-autorecovery-state-clear>), saving the autorecovery state (<request-system-autorecovery-state-save>), and then finally repeating the process of requesting the current autorecovery state.

 

[Edit] : If you want to only make this script available for SRX devices rather than all devices, then you can change the @CONTEXT annotation to the following:

 

/* @CONTEXT = "/device[system-information/os-name="junos-es"]" */

 Which will only display the script for SRX (junos-es) devices.

 

I hope that this helps.

 

Regards,

Andy

 

version 1.0;

/* Namespace declarations */
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

/* Imports */
import "../import/junos.xsl";

/* Junos Space specific context, name and description */
/* @CONTEXT = "/device[system-information/os-name="junos-es"]" */
/* @NAME = "Clear and Save Autorecovery" */
/* @DESCRIPTION = "Clears and then saves Autorecovery" */
/* @ISLOCAL = "true" */
/* @EXECUTIONTYPE = "SINGLEEXECUTION" */
/* @CONFIRMATION = "Do you want to proceed?" */

var $local = jcs:open();

match / {
	<op-script-results> {
		<output> {
			/* get autorecovery state */
			var $before-rpc = <get-system-autorecovery-state>;
			var $before-results = jcs:execute($local,$before-rpc);
			expr "\nOriginal Autorecovery Details\n";
			copy-of $before-results;

			/* clear autorecovery state */
			var $clear-rpc = <request-system-autorecovery-state-clear>;
			var $clear-results = jcs:execute($local,$clear-rpc);

			/* save autorecovery state */
			var $save-rpc = <request-system-autorecovery-state-save>;
			var $save-results = jcs:execute($local,$save-rpc);

			/* get autorecovery state */
			expr "\n\nCurrent Autorecovery Details\n";
			var $after-rpc = <get-system-autorecovery-state>;
			var $after-results = jcs:execute($local,$after-rpc);
			copy-of $after-results;

			expr jcs:close($local);

		}
	}
}

 

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎10-16-2014 06:23 AM
Perfect, Andy!
Scott Ware
Security Engineer
Juniper Ambassador
Twitter: @scottdware
Skype: scottdware
scottdware@gmail.com

"Do. Or do not. There is no try." - Yoda
Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

[ Edited ]
‎10-22-2014 11:31 AM

Very nice!  Thanks for doing that for me!  Another one i'd like is a request system storage cleanup.

 

*edit*

looks like i can tweak your script to do a <request-system-storage-cleanup>

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎11-18-2014 12:20 PM

I haven't had much luck with this script.  It seems to fail when i run it against our 210s.  Pretty generic message:

Script execution for script CreateRecovery.slax failed on device space-005056900934 due to the following reasons:
null

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎11-18-2014 02:15 PM

Does the script work against *any* Junos devices ?

 

If you want to narrow down where the errors are, then you can added a status check for each rpc invocation. (I.e. after each jcs:execute().    Something like this:

 

 

 

var $before-results = jcs:execute($local,$before-rpc);

if ($before-results//xnm:error) {

    expr jcs:output("error getting autorecovery state: ", $before-results//xnm:error/message);

}

 

...

 

var $clear-results = jcs:execute($local,$clear-rpc);

if ($clear-results//xnm:error) {

    expr jcs:output("error clearing autorecovery state: ", $clear-results//xnm:error/message);

}

 

 

...

 

var $save-results = jcs:execute($local,$save-rpc);

if ($save-results//xnm:error) {

    expr jcs:output("error saving autorecovery state: ", $save-results//xnm:error/message);

}

 

 

...

 

var $after-results = jcs:execute($local,$after-rpc);

if ($after-results//xnm:error) {

    expr jcs:output("error getting post-cleanup state: ", $after-results//xnm:error/message);

}

 

 

hth.

 

/doug

 

 

--
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." --HST
Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎11-23-2014 03:38 PM

Which version of Junos Space are you trying to run this script from within?

 

Regards,

Andy

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎12-08-2014 12:12 PM

13.3 R1 build 9.  Sorry it took so long to get back i need to set up account to notify me when someone replies.

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎12-08-2014 12:14 PM

I should mention that this is only being run against SRX routers (240s and 210s)

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎12-09-2014 08:59 AM

I have an SRX210H to hand, so I'll take a look, I think that I orginally put the script together with a virtual SRX (firefly).

 

On a final note, which version of code are you running on the SRX's ?  Just so that I can try and match the setup as best as possible.

 

Regards,

Andy

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎12-09-2014 09:40 AM

OK, well I've just tested the script against an SRX210H running 12.1X46-D10.2, and this worked fine when executed via 13.3R1.9, so I'm confident that the script is running OK, or at least on my test environment.

 

Since the script is just returning a null for you, I think that it might be quicker to just enable the debug logs for the scripts and take a look at those to see if there is any indication as to why the script execution is failing.

 

These commands are only valid for 13.3 and 14.1, but are not suitable for 13.1 as that uses an earlier version of jboss.

 

SSH as admin onto your Junos Space VM or appliance, and then execute the following command:

 

/usr/local/jboss/bin/jboss-cli.sh --connect  --user=admin --controller=jmp-CLUSTER

This will display a prompt similar to the following:

[domain@jmp-CLUSTER:9999 /]

Next type the following 4 commands to enable the debug logging for scripts.

 

/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:add

 

/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:write-attribute(name="level", value="DEBUG")

 

/profile=full-ha/subsystem=logging/size-rotating-file-handler=SCRIPTS:add(autoflush=true,formatter="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n",file={"path"=>"scripts.log", "relative-to"=>"jboss.server.log.dir"},rotate-size="50m",max-backup-index=10,append=true)

 

/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:assign-handler(name="SCRIPTS")

 

As each command is entered, you should see some results along the lines of:

...

        "outcome" => "success",
        "result" => undefined

...

This is the expected output, and as long as the "outcome" is "success" then the command has been accepted.

 

Once all the commands have been entered, type "exit" to quit from the jboss cli tool.

You can now perform the following command to monitor the scripts.log file.

 

tail -f /var/log/jboss/servers/server1/scripts.log

 

Please note that on a multi-fabric environment, the scripts.log file will exist on all of them, however only one of the fabrics will actually execute the script when the time comes for it to be executed, and so you will only see the detailed debug information for the script on the fabric that has actually executed the script.  A bit of a pain, but basically you need to check all of them to see the data.

 

When you then execute the script inside Junos Space once more, you should see output generated similar to the following (or not as the case is currently for you), but hopefully with the output from this it might help identify why the script execution is failing to complete.

 

Take note that the password used by Space to manage the device is visibile in this debug output! 

 

2014-12-01 22:47:41,824 DEBUG [net.juniper.jmp.cems.deviceScriptManager.core.LocalScriptExecuter] (Thread-817 (HornetQ-client-global-threads-87136315))
NMA response for local script execution :: <response>
<message>
<![CDATA[
cd /var/cache/jboss/LocalScript/; /var/www/cgi-bin/runLocalScriptExpect /var/cache/jboss/LocalScript/clear-save.slax space abc123 192.168.0.210 CONTEXT '/device[name="192.168.0.210"]' deviceipmap '{}'
spawn juise --ssh-options -oUserKnownHostsFile=/dev/null /var/cache/jboss/LocalScript/clear-save.slax space@192.168.0.210 CONTEXT /device[name="192.168.0.210"] deviceipmap {}
The authenticity of host '192.168.0.210 (192.168.0.210)' can't be established.
RSA key fingerprint is 2a:c7:bf:31:43:5f:47:5c:44:24:61:bc:49:89:2a:49.
Are you sure you want to continue connecting (yes/no)?yes
Password
<?xml version="1.0" standalone="yes"?>
<op-script-results xmlns:junos="http://xml.juniper.net/junos/*/junos" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm" xmlns:jcs="http://xml.juniper.net/junos/commit-scripts/1.0">
  <output>
Original Autorecovery Details

...

 

 

Finally, to turn off the debug logging for scripts, then enter the following commands:

 

/usr/local/jboss/bin/jboss-cli.sh --connect  --user=admin --controller=jmp-CLUSTER

 

/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:remove-handler(name="SCRIPTS")

 

/profile=full-ha/subsystem=logging/size-rotating-file-handler=SCRIPTS:remove

 

/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:undefine-attribute(name="level")

 

/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:remove

 

Hopefully, there will be little bit of information in the log files that will help to explain where the issue is happening.

 

Regards,

Andy

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎12-12-2014 02:03 PM

I'll try that out next week, it's friday afternoon and i don't want to try anything new 🙂

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎12-17-2014 05:20 AM

Just thought i'd update.  I reread your comment and decided to wait until after i update our Junos Space to 14.1 which should be this weekend (12/20).

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎12-17-2014 05:24 AM

Good luck with the upgrade.

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎12-17-2014 06:50 AM

 

This morning i thought i'd at least enable the script logging.  On the last step "/profile=full-ha/subsystem=logging/logger=net.juni​per.jmp.cems.deviceScriptManager:assign-handler(na​me="SCRIPTS")" i get the following response back:

 

 "outcome" => "failed",
    "failure-description" => {"domain-failure-description" => "JBAS014807: Management resource '[
    (\"profile\" => \"full-ha\"),
    (\"subsystem\" => \"logging\"),
    (\"logger\" => \"net.juniper.jmp.cems.deviceScriptManager\")
]' not found"},
    "rolled-back" => true

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎12-17-2014 09:28 AM

That's odd, these commands have worked for me and other users without issue.

 

/usr/local/jboss/bin/jboss-cli.sh --connect --user=admin --controller=jmp-CLUSTER

ENABLE SCRIPT LOGGING

/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:add

/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:write-attribute(name="level", value="DEBUG")

/profile=full-ha/subsystem=logging/size-rotating-file-handler=SCRIPTS:add(autoflush=true,formatter="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n",file={"path"=>"scripts.log", "relative-to"=>"jboss.server.log.dir"},rotate-size="50m",max-backup-index=10,append=true)

/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:assign-handler(name="SCRIPTS")

REMOVE SCRIPT LOGGING


/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:remove-handler(name="SCRIPTS")

/profile=full-ha/subsystem=logging/size-rotating-file-handler=SCRIPTS:remove

/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:undefine-attribute(name="level")

/profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:remove

 This is the output that is generated when I run these commands, this has worked for 13.3 and 14.1 alike.

 

[root@space-000c29752f55 ~]# /usr/local/jboss/bin/jboss-cli.sh --connect --user=admin --controller=jmp-CLUSTER
[domain@jmp-CLUSTER:9999 /] /profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:add
{
    "outcome" => "success",
    "result" => undefined,
    "server-groups" => {"platform" => {"host" => {"space-000c29752f55" => {"server1" => {"response" => {
        "outcome" => "success",
        "result" => undefined
    }}}}}}
}
[domain@jmp-CLUSTER:9999 /] /profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:write-attribute(name="level", value="DEBUG")
{
    "outcome" => "success",
    "result" => undefined,
    "server-groups" => {"platform" => {"host" => {"space-000c29752f55" => {"server1" => {"response" => {
        "outcome" => "success",
        "result" => undefined
    }}}}}}
}
[domain@jmp-CLUSTER:9999 /] /profile=full-ha/subsystem=logging/size-rotating-file-handler=SCRIPTS:add(autoflush=true,formatter="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n",file={"path"=>"scripts.log", "relative-to"=>"jboss.server.log.dir"},rotate-size="50m",max-backup-index=10,append=true)
{
    "outcome" => "success",
    "result" => undefined,
    "server-groups" => {"platform" => {"host" => {"space-000c29752f55" => {"server1" => {"response" => {
        "outcome" => "success",
        "result" => undefined
    }}}}}}
}
[domain@jmp-CLUSTER:9999 /] /profile=full-ha/subsystem=logging/logger=net.juniper.jmp.cems.deviceScriptManager:assign-handler(name="SCRIPTS")
{
    "outcome" => "success",
    "result" => undefined,
    "server-groups" => {"platform" => {"host" => {"space-000c29752f55" => {"server1" => {"response" => {
        "outcome" => "success",
        "result" => undefined
    }}}}}}
}
[domain@jmp-CLUSTER:9999 /] 

 

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎12-18-2014 11:32 AM

upgraded to 14.1 yesterday afternoon, i'll try again this afternoon and see if we get better results.

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎01-08-2015 06:53 AM

Tested script this morning and it looks like it worked.  If you wish i can post the results of the script to verify.

Highlighted
Junos Automation (Scripting)

Re: simple script for Junos Space

‎01-09-2015 11:33 AM

Hi,

 

If the script is running fine I don't think that it's necessary to put up the results.

 

Regards,

Andy

Feedback