Junos Automation (Scripting)
Junos Automation (Scripting)

useful and best practice scripts

‎01-08-2015 01:22 AM

Hi all,

 

I am new in scripts and very fair to understand it, actually I can find it very difficult but best way to understand is to deploy

 

I can find two kind of scripts very usuful to my environments

 

1- commit script

when it gives error prevent user for commit on critical commands by mistake for example

# delete interfaces

# delete protocols

# delete routing-options

 

2- event scripts

when it do an action based on hardware failure problem for example

if one SPC fail in the SRX failover to the secondary node

if interface keep flapping, shutdown the interface

 

I need to get these scripts and try to deploy

Is there any drawback for deploying scripts, for example for commit script templates which is used for IDP, I faced some hanging issue before if the script still configured as commit script, SRX get hanged sometimes.

 

 

 

Regards,
Mohamed Elhariry
2* JNCIE (SEC # 159, SP # 1059),JNCIP-ENT

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
4 REPLIES 4
Highlighted
Junos Automation (Scripting)

Re: useful and best practice scripts

‎01-08-2015 02:23 AM

Here's an example script that I found that will prevent a commit if there is no 'interfaces' stanza.  It can be modified or simply duplicated for other stanzas as needed.  I did not write this script - I found it online.

 

/* Prevent delete of all interfaces, Michael Pergament  */
version 1.0;
 
 
/*
- $Id: checkinterfaces.slax,v 1.1 2007/10/17 18:37:04 mpergament Exp $
-
- Copyright (c) 2004-2009, Juniper Networks, Inc.
- All rights reserved.
-
 */
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
 
import "../import/junos.xsl";
param $user;
 
/*
- This example detects missing configuration statement and reports them.
 */
match configuration {
    call error-if-missing($must = interfaces, $statement = "You are not allowed to delete all interfaces!!!");
}
 
template error-if-missing ($must, $statement = "unknown", $message = "missing mandatory configuration statement") {
 
    if (not($must)) {
        <xnm:error> {
            <edit-path> {
                copy-of $statement;
            }
            <message> {
                copy-of $message;
            }
        }
    }
}
 
template error-if-present ($must = 1, $message = "invalid configuration statement") {
    /* give error if param missing */
 
    for-each ($must) {
        <xnm:error> {
            call jcs:edit-path();
            call jcs:statement();
            <message> {
                copy-of $message;
            }
        }
    }
}

 

Highlighted
Junos Automation (Scripting)

Re: useful and best practice scripts

‎01-08-2015 02:32 AM

Hi evt,

 

Thanks for your reply, It is very smart however I guess it will not work with SRX firewalls as there is other configuration lines contain the word "interfaces" for example

 

set security zones security-zone TEST interfaces reth1.0

set groups node0 interfaces fxp0 unit 0 family inet address 1.1.1.1/28

Regards,
Mohamed Elhariry
2* JNCIE (SEC # 159, SP # 1059),JNCIP-ENT

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
Junos Automation (Scripting)

Re: useful and best practice scripts

‎01-08-2015 02:49 AM

This script checks that the top-level interfaces stanza is configured, not sub-level configurations with the word 'interfaces' in them. 

Highlighted
Junos Automation (Scripting)

Re: useful and best practice scripts

‎01-08-2015 02:56 AM

Hi evt

 

great I will try it, can it include one than one element  (logical or)

"interfaces|protocols|security policies|routing-options"

Regards,
Mohamed Elhariry
2* JNCIE (SEC # 159, SP # 1059),JNCIP-ENT

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Feedback