automation intro
TRANSCRIPT
JUNOS AUTOMATIONINTRODAVID MCKAY@DAVIDMCKAYV
OFFICE OF THE NETWORK ENGINEER
• I am not a "Programmer"
• I think about the network & complex networking planning
• I spend a lot of my time fire-fighting the network
• I need automation tools to help me do my job
• I know I need to "level-up" with automation but I need something that helps me get started
• I’d like to use Python since it is shaping up as the standard
THINKING LIKE A PROGRAMMER
• You do *not* have to be a programmer to be successful in automation.
• In the most simple of terms, programming is the manipulation of data.
• You already know the core concepts of data types and how to manipulate them, the missing link is the language.
THIS LOOKS FAMILIAR,BUT WHAT THE HELL IS GOING ON
IT'S SHOWTIMEBECAUSE I'M GOING TO SAY PLEASE aTALK TO THE HAND "a is true"BULLSHITTALK TO THE HAND "a is not true"YOU HAVE NO RESPECT FOR LOGICYOU HAVE BEEN TERMINATED
ArnoldC https://github.com/lhartikk/ArnoldC
PYEZ – A LAYERED APPROACH
Python Shell Python script ITFrameworks
CustomApplications
ncclient
junos-pyez• Junos specific • Abstraction Layer• micro-framework
• NETCONF transport only• Vendor Agnostic• No abstractions
• Native Python data types (hash/list)• Junos specific not required• XML not required
open-source, Juniper
open-source, Community
interactive simple → complex
INTROJunOS has a number of automation options available
• Ansible, www.ansible.com• Chef, www.chef.io/chef/• Puppet, www.puppetlabs.com• Salt, www.saltstack.com
Today we will focus on pyez, www.github.com/Juniper/py-junos-eznc
• A python library to directly interact with a device’s API via netconf over SSH
• The JunOS API is primarily XML driven, pyez simplifies that
INSTALL PYTHON FRAMEWORKInstall pip
• Type ‘easy_install pip’• easy_install assumes your system has python on it
• If not, please install python first• www.python.org
Install the JunOS python framework• Type ‘pip install junos-eznc’
Optionally install ipython• Type ‘pip install ipython’
• ipython provides a better python shell than standard python• This shell is what will be used in this deck
SETUP YOUR DEVICEJunOS’s API is accessed via SSH and netconf
• Login to your Juniper device• Type ‘set system services netconf ssh’• Type ‘commit’
• This will open TCP port 830• This will need to be done on all devices that want to
participate in automation via netconf
SETUP DEVICE CONNECTIONWe need to open a connection to our device, all scripts or interactions via the shell will need to use the Device object and call open() before we do anything
• Type ‘python’ or ‘ipython’ to enter the interactive shell• Type ‘from jnpr.junos import Device’
• We need to import a class Device, to access to code for connecting
• Type ‘myDev = Device('192.168.212.129', user='dave', password='juniper123’)’
• myDev is now our connection variable• Type ‘myDev.open()’
• If you get a connection error, check your username and password
• Also check that TCP port 830 is open on your device
MORE SECURE WAY TO CONNECTTyping out a plain text password isn’t ideal for a shell or a script, so we can set it as a local environment variable and call it that way
• Before starting the python shell (or script) type ‘export MYSSHPW=“yourSSHPass”’
• This assumes you are using Bash for your shell• Now we setup the connection like we previously did
• Type ‘python’ or ‘ipython’ to enter the interactive shell• Type ‘from jnpr.junos import Device’• Type ‘import os’• Type ‘sshpass = os.environ['MYSSHPW']’
• This assigns the variable “sshpass” to your ssh password• Type ‘myDev = Device('192.168.212.129', user='dave',
password=sshpass)’• Type ‘myDev.open()’
SETUP CONNECTION VIA SSH KEYIf you want to use an SSH key to login to the device, that is also possible
• Before starting the python shell (or script) type ‘export MYSSHPW=“yourSSHPass”’
• This assumes you are using Bash for your shell• Now we setup the connection like we previously did
• Type ‘python’ or ‘ipython’ to enter the interactive shell• Type ‘from jnpr.junos import Device’• Type ‘sshpass = os.environ['MYSSHPW']’
• This assigns the variable “pass” to your ssh password• Type ‘myDev = Device('192.168.212.129', user='dave',
password=sshpass), ssh_private_key_file='/home/dave/.ssh/id_rsa'’
• Type ‘myDev.open()’
CHECK SOME FACTSNow that we have a good connection open let’s see some device attributes
• Type ‘from pprint import pprint’• We want a “pretty print” option for printing out our
attributes• Type ‘pprint( myDev.facts )’
• This should output a python dictionary of device attributes• But maybe we want to get a specific fact, like a serial
• In this case we use key -> value to grab it• Type ‘pprint ( myDev.facts['serialnumber'] )’
• This is using our myDev.facts dictionary and calling the key “serialnumber” to get the serial number’s value
REFRESH AND CHECKSome attributes may change like system uptime
• We can refresh the device facts by asking for an update• Type ‘myDev.facts_refresh()’• Now we can see if anything has changed
• For instance, the uptime should have incremented• Type ‘pprint ( myDev.facts['RE0']['up_time'] )’
• Note here that we are accessing a dictionary within a dictionary• We are asking for the RE0 key inside our
myDev.facts dict and the up_time key inside of the RE0 dict
LOOK AT THE INTERFACESPerhaps we want to check into our ethernet interfaces
• Type the following block of code:
• This should give you a dictionary of all of your interfaces and associated attributes
from jnpr.junos.op.ethport import EthPortTable eths = EthPortTable(myDev)eths.get()
x = 0while x < len(eths): print "Interface: " + eths.keys()[x] + " Information" print eths[x].items() x += 1
A BETTER INTERFACE LISTThis will give a printout of all ethernet interfaces on a device, whether or not they are up, the corresponding mac address and duplex settingfrom jnpr.junos.op.ethport import EthPortTable eths = EthPortTable(myDev)eths.get()
x = 0while x < len(eths):
print "Interface {} is {}, MAC: {}, Link Mode: {}".format(eths.keys()[x], \
eths[x].oper, eths[x].macaddr, eths[x].link_mode )x += 1
LOOKING AT THE ROUTE TABLECheck out the routing table, but do note, this could be very memory intensive for tables with huge numbers of routes
from jnpr.junos.op.routes import RouteTableroutes = RouteTable(myDev)routes.get()
r = 0while r < len(routes):
print "Route: {}, via interface: {}, protocol: {}".format(routes.keys()[r], \
routes[r].via, routes[r].protocol)r += 1
UPDATING A CONFIG TUTORIAL• https://pynet.twb-tech.com/blog/juniper/juniper-pyez.html• https://pynet.twb-tech.com/blog/juniper/juniper-pyez-
commit.html
ADVANCED TECHNIQUES• Jinja2
• Smart templating system• SLAX
• On board scripts• http://www.juniper.net/techpubs/en_US/junos-pyez1.0/topi
cs/task/program/junos-pyez-program-configuration-data-loading.html
• JunOS 14.2• REST API
BONUS - ZTP• ZTP or Zero-Touch Provisioning allows you to setup a
device without every logging in.• ZTP utilizes DHCP and (T)FTP/HTTP. With these it can
upgrade code and/or add a configuration to a device.• ZTP is enabled by default on JUNOS from the factory or
via ‘request system zeroize’.• ZTP requires DHCP option 43 to be set and serves a
number of suboptions.• http://www.juniper.net/techpubs/en_US/junos13.3/topics/ta
sk/configuration/software-image-and-configuration-automatic-provisioning-confguring.html
SUBOPTIONS• 00 - name of the software image file to install• 01 - name of the configuration file to install• 03 - transfer mode (ftp, tftp, http)
NEXT STEPS• Learn Python
• http://www.codecademy.com/tracks/python• Juniper Python framework
• https://github.com/Juniper/py-junos-eznc• Multi-vendor network API abstraction framework
• https://github.com/spotify/napalm• Zero-Touch Provisioning
• http://www.juniper.net/techpubs/en_US/junos13.2/topics/topic-map/ztp-overview-els.html