Create a Customized Commit Script with Commit Script Builder
For SLAX version 1.0 and higher, you can use Commit Script Builder to create your own customized commit scripts without requiring any scripting knowledge. A large percentage of Junos OS users may never learn how to write their own scripts. Providing script building tools enables them to take advantage of Junos OS automation without requiring that they master scripting.
Commit Script Builder is an op script that allows the user to select among various predefined configuration violations. They select which violations they want to monitor, and then select what action to perform if the violation occurs.
After assembling the desired logic, Commit Script Builder generates a commit script that is customized according to the user's settings. The user can then enable it on their local Junos OS device.
Commit Script Builder Example
The following outputs provide an example of how you can use Commit Script Builder to create a customized commit script. You can run the script in two ways:
- Executed remotely through an op URL
- Loaded and enabled as an op script
Using the op URL is advantageous because you can install your customized commit script without loading or enabling a single script on your device.
Main Menu
01
jnpr@esLab-j4350-siteA> op url commit-script-builder.slaxWelcome to Commit Script Builder 1.0!
02
---------------------------------
03
This script gives you easy control over the commit process of your Junos
04
device. Select what configuration violations should be checked, and what
05
actions should be performed if they occur. Then allow the Commit Script
06
Builder op script to generate the customized commit script, save it within
07
the local commit script directory, and enable it automatically.
08
09
Checking for existing commit script: custom-commit-script.slax...
10
Existing commit script was not found
11
12
[Commit Script Builder - Main Menu]
13
-----------------------------------
14
1. Edit Configuration Violations
15
2. View Automation Instructions
16
3. View Customized Commit Script
17
4. Build and Apply Commit Script
18
5. Clear All Instructions
19
...
20
Q. Quit and Discard Changes
21
-----------------------------------
22
(0 selected violations)
23
Enter Selection:> 1
The main menu provides a number of different options. For the example, review the Edit Configuration Violations to select which violations you want to monitor.
01
[Configuration Violation Categories]
02
------------------------------------
03
1. Access 11. RADIUS
04
2. Authentication 12. RSVP
05
3. BGP 13. Routing
06
4. Firewalls 14. Scripts
07
5. Hierarchies 15. Security
08
6. IS-IS 16. System
09
7. Interfaces 17. TACACS+
10
8. LDP 18. fxp0.0
11
9. MPLS 19. lo0.0
12
10. OSPF
13
20. <All Categories>
14
21. <Current Selections>
15
...
16
0. Return to Main Menu
17
------------------------------------
18
(0 selected violations)
19
Select Category:> 6
Next, select from the different violation categories that have been created. Categories are similar to tags in that each violation falls within more than one. For this example, select IS-IS and continue.
01
[IS-IS - Configuration Violations]
02
----------------------------------
03
1. Interface enabled for IS-IS protocol lacks family iso
04
2. lo0.0 interface doesn't have an ISO address
05
3. lo0.0 interface is not included in IS-IS
06
...
07
0. Return to Category Menu
08
----------------------------------
09
[#] = Action is selected
10
Select Violation to Edit:> 1
11
12
As you can see, there are currently three IS-IS violations that can be selected. We'll choose #1.
13
14
[Edit Configuration Violation Response]
15
+----------------------------------------------------------------------------+
16
|Synopsis: Interface enabled for IS-IS protocol lacks family iso |
17
|............................................................................|
18
|The interface has been specifically configured under [edit protocols isis] |
19
|but it lacks family iso in its interface configuration. (Interfaces that |
20
|are enabled through 'interface all' are not considered, also fxp0.0 and |
21
|lo0.0 are ignored). If Auto-Correct is selected then family iso is added |
22
|automatically to the interface. |
23
+----------------------------------------------------------------------------+
24
1. Error - Fail commit with an error message
25
2. Warning - Display warning message on console
26
3. Syslog - Write warning message to syslog
27
4. Warning & Syslog - Report warning to both console and syslog
28
5. Auto-Correct - Add family iso to interface
29
[6] Do nothing - Do not monitor this violation
30
...
31
V. View violation script code
32
0. Return to Violations Menu
33
-----------------------
34
[#] = Current Selection
35
Select Response:> 5
This next menu provides more details on the violation and provides a number of options. The selected option is shown by enclosing it within brackets [ ]. In this example, we are currently ignoring this configuration violation. Select option 5 so that the commit script will automatically add family iso to the interface.
After making this selection, return to the violation menu. Skip that output and press 0 until you return to the main menu.
01
[Commit Script Builder - Main Menu]
02
-----------------------------------
03
1. Edit Configuration Violations
04
2. View Automation Instructions
05
3. View Customized Commit Script
06
4. Build and Apply Commit Script
07
5. Clear All Instructions
08
...
09
Q. Quit and Discard Changes
10
-----------------------------------
11
(1 selected violations)
12
Enter Selection:> 2
13
14
Configuration Violation Responses:
15
----
16
If: Interface enabled for IS-IS protocol lacks family iso
17
Then: Auto-Correct - Resolve violation through configuration change
18
----
19
20
--Press Enter to Continue--
This time, select option 2, which shows the if/then logic of the commit script. The final step is to build and apply the commit script by selecting option 4. Here are the results:
01
[Commit Script Builder - Main Menu]
02
-----------------------------------
03
1. Edit Configuration Violations
04
2. View Automation Instructions
05
3. View Customized Commit Script
06
4. Build and Apply Commit Script
07
5. Clear All Instructions
08
...
09
Q. Quit and Discard Changes
10
-----------------------------------
11
(1 selected violations)
12
Enter Selection:> 4
13
14
***********************************************
15
* Step 1 of 4: Building commit script... *
16
***********************************************
17
[Success]
18
19
***********************************************
20
* Step 2 of 4: Locking the configuration... *
21
***********************************************
22
[Success]
23
24
***********************************************
25
* Step 3 of 4: Writing commit script... *
26
***********************************************
27
[Success]
28
29
***********************************************
30
* Step 4 of 4: Enabling script and committing *
31
***********************************************
32
[Success]
33
34
custom-commit-script.slax was applied successfully.
35
Exiting to Junos prompt.
36
37
jnpr@esLab-j4350-siteA> show configuration system scripts commit
38
file custom-commit-script.slax;
The process was successful, and the J4350 is now the proud owner of a customized commit script. Should you decide to modify the current selections, you can rerun the Commit Script Builder op script and it will automatically read your previous selections from the custom-commit-script.slax file:
01
jnpr@esLab-j4350-siteA> op url commit-script-builder.slaxWelcome to Commit Script Builder 1.0!
02
---------------------------------
03
This script gives you easy control over the commit process of your Junos
04
device. Select what configuration violations should be checked, and what
05
actions should be performed if they occur. Then allow the Commit Script
06
Builder op script to generate the customized commit script, save it within
07
the local commit script directory, and enable it automatically.
08
09
Checking for existing commit script: custom-commit-script.slax...
10
Found custom-commit-script.slax - retrieving current settings...
11
---Retrieved 1 configuration violation response selection(s)
12
13
[Commit Script Builder - Main Menu]
14
-----------------------------------
15
1. Edit Configuration Violations
16
2. View Automation Instructions
17
3. View Customized Commit Script
18
4. Build and Apply Commit Script
19
5. Clear All Instructions
20
...
21
Q. Quit and Discard Changes
22
-----------------------------------
23
(1 selected violations)
24
Enter Selection:> 2
25
26
27
Configuration Violation Responses:
28
----
29
If: Interface enabled for IS-IS protocol lacks family iso
30
Then: Auto-Correct - Resolve violation through configuration change
31
----
32
33
34
--Press Enter to Continue--
Current Configuration Violations
The following lists the current violations that Commit Script Builder can customize. These are just a sampling because many more could be created.
- AS number does not match specific value
- BGP VPN path-selection mode is being turned on or off
- BGP peer lacks authentication
- Configuration includes hidden configuration statements
- Event script is not enabled
- FTP is enabled
- Filter term matches ICMP field without matching the protocol
- Filter term matches UDP/TCP port without matching the protocol
- Firewall filter does not end with a final 'accept' term
- Hostname is not set within re0 or re1 configuration group
- IPv4 firewall filter is not defined within family inet hierarchy
- Interface enabled for IS-IS protocol lacks family iso
- Interface enabled for LDP protocol lacks family mpls
- Interface enabled for MPLS protocol lacks family mpls
- Interface enabled for RSVP protocol lacks family mpls
- Interface is enabled for MPLS protocol but not RSVP protocol
- Interface is enabled for RSVP protocol but not MPLS protocol
- Interfaces configuration hierarchy is missing
- LCD maintenance menu is not disabled
- Login announcement does not match specific value
- Login message does not match specific value
- Missing fxp0.0 IPv4 input firewall filter
- Missing lo0.0 IPv4 input firewall filter
- No syslog destinations are configured
- No user accounts have been configured
- Protocols configuration hierarchy is missing
- RADIUS authentication is enabled but no servers exist
- RADIUS server configured but RADIUS authentication not enabled
- Redundant trunk group primary is configured
- Router ID is not configured
- SSH is not enabled
- SSH version 2 is not enabled or required
- TACACS+ authentication is enabled but no servers exist
- TACACS+ server is configured but TACACS+ authentication is not enabled
- Telnet is enabled
- Undefined routing-instance used as firewall filter action
- Virtual Chassis master and backup are not configured
- vlan-id 0 assigned via vlan-id-list to different unit than native-vlan-id
- fxp0 address is not set within re0 or re1 configuration group
- fxp0.0 interface is included in OSPF
- xp0.0 interface is included in OSPFv3
- lo0.0 interface doesn't have an IPv4 address
- lo0.0 interface doesn't have an IPv6 address
- lo0.0 interface doesn't have an ISO address
- lo0.0 interface is not configured
- lo0.0 interface is not included in IS-IS
- lo0.0 interface is not included in OSPF
- lo0.0 interface is not included in OSPFv3
- vme interface is not configured
The source code is available from the following GitHub locations: