JUNOS AUTOMATIONINTRODAVID MCKAY@DAVIDMCKAYV

OFFICE OF THE NETWORK ENGINEER

• I am not a "Programmer"

• I think about the network & complex networking planning

• I spend a lot of my time fire-fighting the network

• I need automation tools to help me do my job

• I know I need to "level-up" with automation but I need something that helps me get started

• I’d like to use Python since it is shaping up as the standard

THINKING LIKE A PROGRAMMER

• You do *not* have to be a programmer to be successful in automation.

• In the most simple of terms, programming is the manipulation of data.

• You already know the core concepts of data types and how to manipulate them, the missing link is the language.

THIS LOOKS FAMILIAR,BUT WHAT THE HELL IS GOING ON

IT'S SHOWTIMEBECAUSE I'M GOING TO SAY PLEASE aTALK TO THE HAND "a is true"BULLSHITTALK TO THE HAND "a is not true"YOU HAVE NO RESPECT FOR LOGICYOU HAVE BEEN TERMINATED

ArnoldC https://github.com/lhartikk/ArnoldC

PYEZ – A LAYERED APPROACH

Python Shell Python script ITFrameworks

CustomApplications

ncclient

junos-pyez• Junos specific • Abstraction Layer• micro-framework

• NETCONF transport only• Vendor Agnostic• No abstractions

• Native Python data types (hash/list)• Junos specific not required• XML not required

open-source, Juniper

open-source, Community

interactive simple → complex

INTROJunOS has a number of automation options available

• Ansible, www.ansible.com• Chef, www.chef.io/chef/• Puppet, www.puppetlabs.com• Salt, www.saltstack.com

Today we will focus on pyez, www.github.com/Juniper/py-junos-eznc

• A python library to directly interact with a device’s API via netconf over SSH

• The JunOS API is primarily XML driven, pyez simplifies that

INSTALL PYTHON FRAMEWORKInstall pip

• Type ‘easy_install pip’• easy_install assumes your system has python on it

• If not, please install python first• www.python.org

Install the JunOS python framework• Type ‘pip install junos-eznc’

Optionally install ipython• Type ‘pip install ipython’

• ipython provides a better python shell than standard python• This shell is what will be used in this deck

SETUP YOUR DEVICEJunOS’s API is accessed via SSH and netconf

• Login to your Juniper device• Type ‘set system services netconf ssh’• Type ‘commit’

• This will open TCP port 830• This will need to be done on all devices that want to

participate in automation via netconf

SETUP DEVICE CONNECTIONWe need to open a connection to our device, all scripts or interactions via the shell will need to use the Device object and call open() before we do anything

• Type ‘python’ or ‘ipython’ to enter the interactive shell• Type ‘from jnpr.junos import Device’

• We need to import a class Device, to access to code for connecting

• Type ‘myDev = Device('192.168.212.129', user='dave', password='juniper123’)’

• myDev is now our connection variable• Type ‘myDev.open()’

• If you get a connection error, check your username and password

• Also check that TCP port 830 is open on your device

MORE SECURE WAY TO CONNECTTyping out a plain text password isn’t ideal for a shell or a script, so we can set it as a local environment variable and call it that way

• Before starting the python shell (or script) type ‘export MYSSHPW=“yourSSHPass”’

• This assumes you are using Bash for your shell• Now we setup the connection like we previously did

• Type ‘python’ or ‘ipython’ to enter the interactive shell• Type ‘from jnpr.junos import Device’• Type ‘import os’• Type ‘sshpass = os.environ['MYSSHPW']’

• This assigns the variable “sshpass” to your ssh password• Type ‘myDev = Device('192.168.212.129', user='dave',

password=sshpass)’• Type ‘myDev.open()’

SETUP CONNECTION VIA SSH KEYIf you want to use an SSH key to login to the device, that is also possible

• Before starting the python shell (or script) type ‘export MYSSHPW=“yourSSHPass”’

• This assumes you are using Bash for your shell• Now we setup the connection like we previously did

• Type ‘python’ or ‘ipython’ to enter the interactive shell• Type ‘from jnpr.junos import Device’• Type ‘sshpass = os.environ['MYSSHPW']’

• This assigns the variable “pass” to your ssh password• Type ‘myDev = Device('192.168.212.129', user='dave',

password=sshpass), ssh_private_key_file='/home/dave/.ssh/id_rsa'’

• Type ‘myDev.open()’

CHECK SOME FACTSNow that we have a good connection open let’s see some device attributes

• Type ‘from pprint import pprint’• We want a “pretty print” option for printing out our

attributes• Type ‘pprint( myDev.facts )’

• This should output a python dictionary of device attributes• But maybe we want to get a specific fact, like a serial

• In this case we use key -> value to grab it• Type ‘pprint ( myDev.facts['serialnumber'] )’

• This is using our myDev.facts dictionary and calling the key “serialnumber” to get the serial number’s value

REFRESH AND CHECKSome attributes may change like system uptime

• We can refresh the device facts by asking for an update• Type ‘myDev.facts_refresh()’• Now we can see if anything has changed

• For instance, the uptime should have incremented• Type ‘pprint ( myDev.facts['RE0']['up_time'] )’

• Note here that we are accessing a dictionary within a dictionary• We are asking for the RE0 key inside our

myDev.facts dict and the up_time key inside of the RE0 dict

LOOK AT THE INTERFACESPerhaps we want to check into our ethernet interfaces

• Type the following block of code:

• This should give you a dictionary of all of your interfaces and associated attributes

from jnpr.junos.op.ethport import EthPortTable eths = EthPortTable(myDev)eths.get()

x = 0while x < len(eths): print "Interface: " + eths.keys()[x] + " Information" print eths[x].items() x += 1

A BETTER INTERFACE LISTThis will give a printout of all ethernet interfaces on a device, whether or not they are up, the corresponding mac address and duplex settingfrom jnpr.junos.op.ethport import EthPortTable eths = EthPortTable(myDev)eths.get()

x = 0while x < len(eths):

print "Interface {} is {}, MAC: {}, Link Mode: {}".format(eths.keys()[x], \

eths[x].oper, eths[x].macaddr, eths[x].link_mode )x += 1

LOOKING AT THE ROUTE TABLECheck out the routing table, but do note, this could be very memory intensive for tables with huge numbers of routes

from jnpr.junos.op.routes import RouteTableroutes = RouteTable(myDev)routes.get()

r = 0while r < len(routes):

print "Route: {}, via interface: {}, protocol: {}".format(routes.keys()[r], \

routes[r].via, routes[r].protocol)r += 1

UPDATING A CONFIG TUTORIAL• https://pynet.twb-tech.com/blog/juniper/juniper-pyez.html• https://pynet.twb-tech.com/blog/juniper/juniper-pyez-

commit.html

ADVANCED TECHNIQUES• Jinja2

• Smart templating system• SLAX

• On board scripts• http://www.juniper.net/techpubs/en_US/junos-pyez1.0/topi

cs/task/program/junos-pyez-program-configuration-data-loading.html

• JunOS 14.2• REST API

BONUS - ZTP• ZTP or Zero-Touch Provisioning allows you to setup a

device without every logging in.• ZTP utilizes DHCP and (T)FTP/HTTP. With these it can

upgrade code and/or add a configuration to a device.• ZTP is enabled by default on JUNOS from the factory or

via ‘request system zeroize’.• ZTP requires DHCP option 43 to be set and serves a

number of suboptions.• http://www.juniper.net/techpubs/en_US/junos13.3/topics/ta

sk/configuration/software-image-and-configuration-automatic-provisioning-confguring.html

SUBOPTIONS• 00 - name of the software image file to install• 01 - name of the configuration file to install• 03 - transfer mode (ftp, tftp, http)

NEXT STEPS• Learn Python

• http://www.codecademy.com/tracks/python• Juniper Python framework

• https://github.com/Juniper/py-junos-eznc• Multi-vendor network API abstraction framework

• https://github.com/spotify/napalm• Zero-Touch Provisioning

• http://www.juniper.net/techpubs/en_US/junos13.2/topics/topic-map/ztp-overview-els.html