JUNOS
AUTOMATION
INTRO
DAVID MCKAY
@DAVIDMCKAYV
OFFICE OF THE
NETWORK ENGINEER
• I am not a "Programmer"
• I think about the network & complex networking planning
• I spend a lot of my time fire-fighting the network
• I need automation tools to help me do my job
• I know I need to "level-up" with automation but I need something that helps me get started
• I’d like to use Python since it is shaping up as the standard
THINKING LIKE A
PROGRAMMER
• You do *not* have to be a programmer to be successful in automation.
• In the most simple of terms, programming is the manipulation of data.
• You already know the core concepts of data types and how to manipulate
them, the missing link is the language.
THIS LOOKS FAMILIAR,
BUT WHAT THE HELL IS
GOING ON
IT'S SHOWTIME
BECAUSE I'M GOING TO SAY PLEASE a
TALK TO THE HAND "a is true"
BULLSHIT
TALK TO THE HAND "a is not true"
YOU HAVE NO RESPECT FOR LOGIC
YOU HAVE BEEN TERMINATED
ArnoldC
https://github.com/lha
rtikk/ArnoldC
PYEZ – A LAYERED
APPROACH
Python Shell Python script
IT
Frameworks
Custom
Applications
ncclient
junos-pyez
• Junos specific
• Abstraction Layer
• micro-framework
• NETCONF transport only
• Vendor Agnostic
• No abstractions
• Native Python data types (hash/list)
• Junos specific not required
• XML not required
open-source, Juniper
open-source, Community
interactive simple → complex
INTRO
JunOS has a number of automation options available
• Ansible, www.ansible.com
• Chef, www.chef.io/chef/
• Puppet, www.puppetlabs.com
• Salt, www.saltstack.com
Today we will focus on pyez, www.github.com/Juniper/py-
junos-eznc
• A python library to directly interact with a device’s API via
netconf over SSH
• The JunOS API is primarily XML driven, pyez simplifies
that
INSTALL PYTHON
FRAMEWORK
Install pip
• Type ‘easy_install pip’
• easy_install assumes your system has python on it
• If not, please install python first
• www.python.org
Install the JunOS python framework
• Type ‘pip install junos-eznc’
Optionally install ipython
• Type ‘pip install ipython’
• ipython provides a better python shell than standard python
• This shell is what will be used in this deck
SETUP YOUR DEVICE
JunOS’s API is accessed via SSH and netconf
• Login to your Juniper device
• Type ‘set system services netconf ssh’
• Type ‘commit’
• This will open TCP port 830
• This will need to be done on all devices that want to
participate in automation via netconf
SETUP DEVICE
CONNECTION
We need to open a connection to our device, all scripts or
interactions via the shell will need to use the Device object and
call open() before we do anything
• Type ‘python’ or ‘ipython’ to enter the interactive shell
• Type ‘from jnpr.junos import Device’
• We need to import a class Device, to access to code for
connecting
• Type ‘myDev = Device('192.168.212.129', user='dave',
password='juniper123’)’
• myDev is now our connection variable
• Type ‘myDev.open()’
• If you get a connection error, check your username and
password
• Also check that TCP port 830 is open on your device
MORE SECURE WAY
TO CONNECT
Typing out a plain text password isn’t ideal for a shell or a script,
so we can set it as a local environment variable and call it that
way
• Before starting the python shell (or script) type ‘export
MYSSHPW=“yourSSHPass”’
• This assumes you are using Bash for your shell
• Now we setup the connection like we previously did
• Type ‘python’ or ‘ipython’ to enter the interactive shell
• Type ‘from jnpr.junos import Device’
• Type ‘import os’
• Type ‘sshpass = os.environ['MYSSHPW']’
• This assigns the variable “sshpass” to your ssh password
• Type ‘myDev = Device('192.168.212.129', user='dave',
password=sshpass)’
• Type ‘myDev.open()’
SETUP CONNECTION
VIA SSH KEY
If you want to use an SSH key to login to the device, that is
also possible
• Before starting the python shell (or script) type ‘export
MYSSHPW=“yourSSHPass”’
• This assumes you are using Bash for your shell
• Now we setup the connection like we previously did
• Type ‘python’ or ‘ipython’ to enter the interactive shell
• Type ‘from jnpr.junos import Device’
• Type ‘sshpass = os.environ['MYSSHPW']’
• This assigns the variable “pass” to your ssh password
• Type ‘myDev = Device('192.168.212.129', user='dave',
password=sshpass),
ssh_private_key_file='/home/dave/.ssh/id_rsa'’
• Type ‘myDev.open()’
CHECK SOME FACTS
Now that we have a good connection open let’s see some
device attributes
• Type ‘from pprint import pprint’
• We want a “pretty print” option for printing out our
attributes
• Type ‘pprint( myDev.facts )’
• This should output a python dictionary of device attributes
• But maybe we want to get a specific fact, like a serial
• In this case we use key -> value to grab it
• Type ‘pprint ( myDev.facts['serialnumber'] )’
• This is using our myDev.facts dictionary and calling
the key “serialnumber” to get the serial number’s
value
REFRESH AND CHECK
Some attributes may change like system uptime
• We can refresh the device facts by asking for an update
• Type ‘myDev.facts_refresh()’
• Now we can see if anything has changed
• For instance, the uptime should have incremented
• Type ‘pprint ( myDev.facts['RE0']['up_time'] )’
• Note here that we are accessing a dictionary within a
dictionary
• We are asking for the RE0 key inside our
myDev.facts dict and the up_time key inside of
the RE0 dict
LOOK AT THE
INTERFACES
Perhaps we want to check into our ethernet interfaces
• Type the following block of code:
• This should give you a dictionary of all of your interfaces
and associated attributes
from jnpr.junos.op.ethport import EthPortTable
eths = EthPortTable(myDev)
eths.get()
x = 0
while x < len(eths):
print "Interface: " + eths.keys()[x] + " Information"
print eths[x].items()
x += 1
A BETTER INTERFACE
LIST
This will give a printout of all ethernet interfaces on a device,
whether or not they are up, the corresponding mac address
and duplex setting
from jnpr.junos.op.ethport import EthPortTable
eths = EthPortTable(myDev)
eths.get()
x = 0
while x < len(eths):
print "Interface {} is {}, MAC: {}, Link Mode: {}".format(eths.keys()[x], 
eths[x].oper, eths[x].macaddr, eths[x].link_mode )
x += 1
LOOKING AT THE
ROUTE TABLE
Check out the routing table, but do note, this could be very
memory intensive for tables with huge numbers of routes
from jnpr.junos.op.routes import RouteTable
routes = RouteTable(myDev)
routes.get()
r = 0
while r < len(routes):
print "Route: {}, via interface: {}, protocol: {}".format(routes.keys()[r], 
routes[r].via, routes[r].protocol)
r += 1
UPDATING A CONFIG
TUTORIAL
• https://pynet.twb-tech.com/blog/juniper/juniper-pyez.html
• https://pynet.twb-tech.com/blog/juniper/juniper-pyez-
commit.html
ADVANCED
TECHNIQUES
• Jinja2
• Smart templating system
• SLAX
• On board scripts
• http://www.juniper.net/techpubs/en_US/junos-
pyez1.0/topics/task/program/junos-pyez-program-
configuration-data-loading.html
• JunOS 14.2
• REST API
BONUS - ZTP
• ZTP or Zero-Touch Provisioning allows you to setup a
device without every logging in.
• ZTP utilizes DHCP and (T)FTP/HTTP. With these it can
upgrade code and/or add a configuration to a device.
• ZTP is enabled by default on JUNOS from the factory or
via ‘request system zeroize’.
• ZTP requires DHCP option 43 to be set and serves a
number of suboptions.
• http://www.juniper.net/techpubs/en_US/junos13.3/topics/ta
sk/configuration/software-image-and-configuration-
automatic-provisioning-confguring.html
SUBOPTIONS
• 00 - name of the software image file to install
• 01 - name of the configuration file to install
• 03 - transfer mode (ftp, tftp, http)
NEXT STEPS
• Learn Python
• http://www.codecademy.com/tracks/python
• Juniper Python framework
• https://github.com/Juniper/py-junos-eznc
• Multi-vendor network API abstraction framework
• https://github.com/spotify/napalm
• Zero-Touch Provisioning
• http://www.juniper.net/techpubs/en_US/junos13.2/topics/to
pic-map/ztp-overview-els.html

Automation intro

  • 1.
  • 2.
    OFFICE OF THE NETWORKENGINEER • I am not a "Programmer" • I think about the network & complex networking planning • I spend a lot of my time fire-fighting the network • I need automation tools to help me do my job • I know I need to "level-up" with automation but I need something that helps me get started • I’d like to use Python since it is shaping up as the standard
  • 3.
    THINKING LIKE A PROGRAMMER •You do *not* have to be a programmer to be successful in automation. • In the most simple of terms, programming is the manipulation of data. • You already know the core concepts of data types and how to manipulate them, the missing link is the language.
  • 4.
    THIS LOOKS FAMILIAR, BUTWHAT THE HELL IS GOING ON IT'S SHOWTIME BECAUSE I'M GOING TO SAY PLEASE a TALK TO THE HAND "a is true" BULLSHIT TALK TO THE HAND "a is not true" YOU HAVE NO RESPECT FOR LOGIC YOU HAVE BEEN TERMINATED ArnoldC https://github.com/lha rtikk/ArnoldC
  • 5.
    PYEZ – ALAYERED APPROACH Python Shell Python script IT Frameworks Custom Applications ncclient junos-pyez • Junos specific • Abstraction Layer • micro-framework • NETCONF transport only • Vendor Agnostic • No abstractions • Native Python data types (hash/list) • Junos specific not required • XML not required open-source, Juniper open-source, Community interactive simple → complex
  • 6.
    INTRO JunOS has anumber of automation options available • Ansible, www.ansible.com • Chef, www.chef.io/chef/ • Puppet, www.puppetlabs.com • Salt, www.saltstack.com Today we will focus on pyez, www.github.com/Juniper/py- junos-eznc • A python library to directly interact with a device’s API via netconf over SSH • The JunOS API is primarily XML driven, pyez simplifies that
  • 7.
    INSTALL PYTHON FRAMEWORK Install pip •Type ‘easy_install pip’ • easy_install assumes your system has python on it • If not, please install python first • www.python.org Install the JunOS python framework • Type ‘pip install junos-eznc’ Optionally install ipython • Type ‘pip install ipython’ • ipython provides a better python shell than standard python • This shell is what will be used in this deck
  • 8.
    SETUP YOUR DEVICE JunOS’sAPI is accessed via SSH and netconf • Login to your Juniper device • Type ‘set system services netconf ssh’ • Type ‘commit’ • This will open TCP port 830 • This will need to be done on all devices that want to participate in automation via netconf
  • 9.
    SETUP DEVICE CONNECTION We needto open a connection to our device, all scripts or interactions via the shell will need to use the Device object and call open() before we do anything • Type ‘python’ or ‘ipython’ to enter the interactive shell • Type ‘from jnpr.junos import Device’ • We need to import a class Device, to access to code for connecting • Type ‘myDev = Device('192.168.212.129', user='dave', password='juniper123’)’ • myDev is now our connection variable • Type ‘myDev.open()’ • If you get a connection error, check your username and password • Also check that TCP port 830 is open on your device
  • 10.
    MORE SECURE WAY TOCONNECT Typing out a plain text password isn’t ideal for a shell or a script, so we can set it as a local environment variable and call it that way • Before starting the python shell (or script) type ‘export MYSSHPW=“yourSSHPass”’ • This assumes you are using Bash for your shell • Now we setup the connection like we previously did • Type ‘python’ or ‘ipython’ to enter the interactive shell • Type ‘from jnpr.junos import Device’ • Type ‘import os’ • Type ‘sshpass = os.environ['MYSSHPW']’ • This assigns the variable “sshpass” to your ssh password • Type ‘myDev = Device('192.168.212.129', user='dave', password=sshpass)’ • Type ‘myDev.open()’
  • 11.
    SETUP CONNECTION VIA SSHKEY If you want to use an SSH key to login to the device, that is also possible • Before starting the python shell (or script) type ‘export MYSSHPW=“yourSSHPass”’ • This assumes you are using Bash for your shell • Now we setup the connection like we previously did • Type ‘python’ or ‘ipython’ to enter the interactive shell • Type ‘from jnpr.junos import Device’ • Type ‘sshpass = os.environ['MYSSHPW']’ • This assigns the variable “pass” to your ssh password • Type ‘myDev = Device('192.168.212.129', user='dave', password=sshpass), ssh_private_key_file='/home/dave/.ssh/id_rsa'’ • Type ‘myDev.open()’
  • 12.
    CHECK SOME FACTS Nowthat we have a good connection open let’s see some device attributes • Type ‘from pprint import pprint’ • We want a “pretty print” option for printing out our attributes • Type ‘pprint( myDev.facts )’ • This should output a python dictionary of device attributes • But maybe we want to get a specific fact, like a serial • In this case we use key -> value to grab it • Type ‘pprint ( myDev.facts['serialnumber'] )’ • This is using our myDev.facts dictionary and calling the key “serialnumber” to get the serial number’s value
  • 13.
    REFRESH AND CHECK Someattributes may change like system uptime • We can refresh the device facts by asking for an update • Type ‘myDev.facts_refresh()’ • Now we can see if anything has changed • For instance, the uptime should have incremented • Type ‘pprint ( myDev.facts['RE0']['up_time'] )’ • Note here that we are accessing a dictionary within a dictionary • We are asking for the RE0 key inside our myDev.facts dict and the up_time key inside of the RE0 dict
  • 14.
    LOOK AT THE INTERFACES Perhapswe want to check into our ethernet interfaces • Type the following block of code: • This should give you a dictionary of all of your interfaces and associated attributes from jnpr.junos.op.ethport import EthPortTable eths = EthPortTable(myDev) eths.get() x = 0 while x < len(eths): print "Interface: " + eths.keys()[x] + " Information" print eths[x].items() x += 1
  • 15.
    A BETTER INTERFACE LIST Thiswill give a printout of all ethernet interfaces on a device, whether or not they are up, the corresponding mac address and duplex setting from jnpr.junos.op.ethport import EthPortTable eths = EthPortTable(myDev) eths.get() x = 0 while x < len(eths): print "Interface {} is {}, MAC: {}, Link Mode: {}".format(eths.keys()[x], eths[x].oper, eths[x].macaddr, eths[x].link_mode ) x += 1
  • 16.
    LOOKING AT THE ROUTETABLE Check out the routing table, but do note, this could be very memory intensive for tables with huge numbers of routes from jnpr.junos.op.routes import RouteTable routes = RouteTable(myDev) routes.get() r = 0 while r < len(routes): print "Route: {}, via interface: {}, protocol: {}".format(routes.keys()[r], routes[r].via, routes[r].protocol) r += 1
  • 17.
    UPDATING A CONFIG TUTORIAL •https://pynet.twb-tech.com/blog/juniper/juniper-pyez.html • https://pynet.twb-tech.com/blog/juniper/juniper-pyez- commit.html
  • 18.
    ADVANCED TECHNIQUES • Jinja2 • Smarttemplating system • SLAX • On board scripts • http://www.juniper.net/techpubs/en_US/junos- pyez1.0/topics/task/program/junos-pyez-program- configuration-data-loading.html • JunOS 14.2 • REST API
  • 19.
    BONUS - ZTP •ZTP or Zero-Touch Provisioning allows you to setup a device without every logging in. • ZTP utilizes DHCP and (T)FTP/HTTP. With these it can upgrade code and/or add a configuration to a device. • ZTP is enabled by default on JUNOS from the factory or via ‘request system zeroize’. • ZTP requires DHCP option 43 to be set and serves a number of suboptions. • http://www.juniper.net/techpubs/en_US/junos13.3/topics/ta sk/configuration/software-image-and-configuration- automatic-provisioning-confguring.html
  • 20.
    SUBOPTIONS • 00 -name of the software image file to install • 01 - name of the configuration file to install • 03 - transfer mode (ftp, tftp, http)
  • 21.
    NEXT STEPS • LearnPython • http://www.codecademy.com/tracks/python • Juniper Python framework • https://github.com/Juniper/py-junos-eznc • Multi-vendor network API abstraction framework • https://github.com/spotify/napalm • Zero-Touch Provisioning • http://www.juniper.net/techpubs/en_US/junos13.2/topics/to pic-map/ztp-overview-els.html

Editor's Notes

  • #18 A bit too long of a process to go through in a power point, but easily doable from this tutorial which can walk you through the process.