SF/Juniper Meetup on Junos Automation with PyEZ and ZTP

1. JUNOS
AUTOMATION
INTRO
DAVID MCKAY
@DAVIDMCKAYV

2. OFFICE OF THE
NETWORK ENGINEER
• I am not a "Programmer"
• I think about the network & complex networking planning
• I spend a lot of my time fire-fighting the network
• I need automation tools to help me do my job
• I know I need to "level-up" with automation but I need something that helps me get started
• I’d like to use Python since it is shaping up as the standard

3. THINKING LIKE A
PROGRAMMER
• You do *not* have to be a programmer to be successful in automation.
• In the most simple of terms, programming is the manipulation of data.
• You already know the core concepts of data types and how to manipulate
them, the missing link is the language.

4. THIS LOOKS FAMILIAR,
BUT WHAT THE HELL IS
GOING ON
IT'S SHOWTIME
BECAUSE I'M GOING TO SAY PLEASE a
TALK TO THE HAND "a is true"
BULLSHIT
TALK TO THE HAND "a is not true"
YOU HAVE NO RESPECT FOR LOGIC
YOU HAVE BEEN TERMINATED
ArnoldC
https://github.com/lha
rtikk/ArnoldC

5. PYEZ – A LAYERED
APPROACH
Python Shell Python script
IT
Frameworks
Custom
Applications
ncclient
junos-pyez
• Junos specific
• Abstraction Layer
• micro-framework
• NETCONF transport only
• Vendor Agnostic
• No abstractions
• Native Python data types (hash/list)
• Junos specific not required
• XML not required
open-source, Juniper
open-source, Community
interactive simple → complex

6. INTRO
JunOS has a number of automation options available
• Ansible, www.ansible.com
• Chef, www.chef.io/chef/
• Puppet, www.puppetlabs.com
• Salt, www.saltstack.com
Today we will focus on pyez, www.github.com/Juniper/py-
junos-eznc
• A python library to directly interact with a device’s API via
netconf over SSH
• The JunOS API is primarily XML driven, pyez simplifies
that

7. INSTALL PYTHON
FRAMEWORK
Install pip
• Type ‘easy_install pip’
• easy_install assumes your system has python on it
• If not, please install python first
• www.python.org
Install the JunOS python framework
• Type ‘pip install junos-eznc’
Optionally install ipython
• Type ‘pip install ipython’
• ipython provides a better python shell than standard python
• This shell is what will be used in this deck

8. SETUP YOUR DEVICE
JunOS’s API is accessed via SSH and netconf
• Login to your Juniper device
• Type ‘set system services netconf ssh’
• Type ‘commit’
• This will open TCP port 830
• This will need to be done on all devices that want to
participate in automation via netconf

9. SETUP DEVICE
CONNECTION
We need to open a connection to our device, all scripts or
interactions via the shell will need to use the Device object and
call open() before we do anything
• Type ‘python’ or ‘ipython’ to enter the interactive shell
• Type ‘from jnpr.junos import Device’
• We need to import a class Device, to access to code for
connecting
• Type ‘myDev = Device('192.168.212.129', user='dave',
password='juniper123’)’
• myDev is now our connection variable
• Type ‘myDev.open()’
• If you get a connection error, check your username and
password
• Also check that TCP port 830 is open on your device

10. MORE SECURE WAY
TO CONNECT
Typing out a plain text password isn’t ideal for a shell or a script,
so we can set it as a local environment variable and call it that
way
• Before starting the python shell (or script) type ‘export
MYSSHPW=“yourSSHPass”’
• This assumes you are using Bash for your shell
• Now we setup the connection like we previously did
• Type ‘python’ or ‘ipython’ to enter the interactive shell
• Type ‘from jnpr.junos import Device’
• Type ‘import os’
• Type ‘sshpass = os.environ['MYSSHPW']’
• This assigns the variable “sshpass” to your ssh password
• Type ‘myDev = Device('192.168.212.129', user='dave',
password=sshpass)’
• Type ‘myDev.open()’

11. SETUP CONNECTION
VIA SSH KEY
If you want to use an SSH key to login to the device, that is
also possible
• Before starting the python shell (or script) type ‘export
MYSSHPW=“yourSSHPass”’
• This assumes you are using Bash for your shell
• Now we setup the connection like we previously did
• Type ‘python’ or ‘ipython’ to enter the interactive shell
• Type ‘from jnpr.junos import Device’
• Type ‘sshpass = os.environ['MYSSHPW']’
• This assigns the variable “pass” to your ssh password
• Type ‘myDev = Device('192.168.212.129', user='dave',
password=sshpass),
ssh_private_key_file='/home/dave/.ssh/id_rsa'’
• Type ‘myDev.open()’

12. CHECK SOME FACTS
Now that we have a good connection open let’s see some
device attributes
• Type ‘from pprint import pprint’
• We want a “pretty print” option for printing out our
attributes
• Type ‘pprint( myDev.facts )’
• This should output a python dictionary of device attributes
• But maybe we want to get a specific fact, like a serial
• In this case we use key -> value to grab it
• Type ‘pprint ( myDev.facts['serialnumber'] )’
• This is using our myDev.facts dictionary and calling
the key “serialnumber” to get the serial number’s
value

13. REFRESH AND CHECK
Some attributes may change like system uptime
• We can refresh the device facts by asking for an update
• Type ‘myDev.facts_refresh()’
• Now we can see if anything has changed
• For instance, the uptime should have incremented
• Type ‘pprint ( myDev.facts['RE0']['up_time'] )’
• Note here that we are accessing a dictionary within a
dictionary
• We are asking for the RE0 key inside our
myDev.facts dict and the up_time key inside of
the RE0 dict

14. LOOK AT THE
INTERFACES
Perhaps we want to check into our ethernet interfaces
• Type the following block of code:
• This should give you a dictionary of all of your interfaces
and associated attributes
from jnpr.junos.op.ethport import EthPortTable
eths = EthPortTable(myDev)
eths.get()
x = 0
while x < len(eths):
print "Interface: " + eths.keys()[x] + " Information"
print eths[x].items()
x += 1

15. A BETTER INTERFACE
LIST
This will give a printout of all ethernet interfaces on a device,
whether or not they are up, the corresponding mac address
and duplex setting
from jnpr.junos.op.ethport import EthPortTable
eths = EthPortTable(myDev)
eths.get()
x = 0
while x < len(eths):
print "Interface {} is {}, MAC: {}, Link Mode: {}".format(eths.keys()[x],
eths[x].oper, eths[x].macaddr, eths[x].link_mode )
x += 1

16. LOOKING AT THE
ROUTE TABLE
Check out the routing table, but do note, this could be very
memory intensive for tables with huge numbers of routes
from jnpr.junos.op.routes import RouteTable
routes = RouteTable(myDev)
routes.get()
r = 0
while r < len(routes):
print "Route: {}, via interface: {}, protocol: {}".format(routes.keys()[r],
routes[r].via, routes[r].protocol)
r += 1

17. UPDATING A CONFIG
TUTORIAL
• https://pynet.twb-tech.com/blog/juniper/juniper-pyez.html
• https://pynet.twb-tech.com/blog/juniper/juniper-pyez-
commit.html

18. ADVANCED
TECHNIQUES
• Jinja2
• Smart templating system
• SLAX
• On board scripts
• http://www.juniper.net/techpubs/en_US/junos-
pyez1.0/topics/task/program/junos-pyez-program-
configuration-data-loading.html
• JunOS 14.2
• REST API

19. BONUS - ZTP
• ZTP or Zero-Touch Provisioning allows you to setup a
device without every logging in.
• ZTP utilizes DHCP and (T)FTP/HTTP. With these it can
upgrade code and/or add a configuration to a device.
• ZTP is enabled by default on JUNOS from the factory or
via ‘request system zeroize’.
• ZTP requires DHCP option 43 to be set and serves a
number of suboptions.
• http://www.juniper.net/techpubs/en_US/junos13.3/topics/ta
sk/configuration/software-image-and-configuration-
automatic-provisioning-confguring.html

20. SUBOPTIONS
• 00 - name of the software image file to install
• 01 - name of the configuration file to install
• 03 - transfer mode (ftp, tftp, http)

21. NEXT STEPS
• Learn Python
• http://www.codecademy.com/tracks/python
• Juniper Python framework
• https://github.com/Juniper/py-junos-eznc
• Multi-vendor network API abstraction framework
• https://github.com/spotify/napalm
• Zero-Touch Provisioning
• http://www.juniper.net/techpubs/en_US/junos13.2/topics/to
pic-map/ztp-overview-els.html