Automation

Scripting How-To: Create a customized commit script with commit script builder

By Elevate posted 08-07-2015 23:53

  

Create a Customized Commit Script with Commit Script Builder

 
 

For SLAX version 1.0 and higher, you can use Commit Script Builder to create your own customized commit scripts without requiring any scripting knowledge. A large percentage of Junos OS users may never learn how to write their own scripts. Providing script building tools enables them to take advantage of Junos OS automation without requiring that they master scripting.

 

Commit Script Builder is an op script that allows the user to select among various predefined configuration violations. They select which violations they want to monitor, and then select what action to perform if the violation occurs.
 
After assembling the desired logic, Commit Script Builder generates a commit script that is customized according to the user's settings. The user can then enable it on their local Junos OS device. 

 

Commit Script Builder Example

 

The following outputs provide an example of how you can use Commit Script Builder to create a customized commit script. You can run the script in two ways:

 

  • Executed remotely through an op URL
  • Loaded and enabled as an op script

Using the op URL is advantageous because you can install your customized commit script without loading or enabling a single script on your device.

 

Main Menu

 

01
	jnpr@esLab-j4350-siteA> op url commit-script-builder.slaxWelcome to Commit Script Builder 1.0!
02
	---------------------------------
03
	This script gives you easy control over the commit process of your Junos
04
	device.  Select what configuration violations should be checked, and what
05
	actions should be performed if they occur.  Then allow the Commit Script
06
	Builder op script to generate the customized commit script, save it within
07
	the local commit script directory, and enable it automatically.
08
	 
09
	Checking for existing commit script: custom-commit-script.slax...
10
	Existing commit script was not found
11
	 
12
	[Commit Script Builder - Main Menu]
13
	-----------------------------------
14
	1. Edit Configuration Violations
15
	2. View Automation Instructions
16
	3. View Customized Commit Script
17
	4. Build and Apply Commit Script
18
	5. Clear All Instructions
19
	...
20
	Q. Quit and Discard Changes
21
	-----------------------------------
22
	(0 selected violations)
23
	Enter Selection:> 1

 

The main menu provides a number of different options. For the example, review the Edit Configuration Violations to select which violations you want to monitor.

 

01
	[Configuration Violation Categories]
02
	------------------------------------
03
	1. Access            11. RADIUS
04
	2. Authentication    12. RSVP
05
	3. BGP               13. Routing
06
	4. Firewalls         14. Scripts
07
	5. Hierarchies       15. Security
08
	6. IS-IS             16. System
09
	7. Interfaces        17. TACACS+
10
	8. LDP               18. fxp0.0
11
	9. MPLS              19. lo0.0
12
	10. OSPF
13
	20. <All Categories>
14
	21. <Current Selections>
15
	...
16
	0. Return to Main Menu
17
	------------------------------------
18
	(0 selected violations)
19
	Select Category:> 6

 

Next, select from the different violation categories that have been created. Categories are similar to tags in that each violation falls within more than one. For this example, select IS-IS and continue.

 

 

01
	[IS-IS - Configuration Violations]
02
	----------------------------------
03
	1. Interface enabled for IS-IS protocol lacks family iso
04
	2. lo0.0 interface doesn't have an ISO address
05
	3. lo0.0 interface is not included in IS-IS
06
	...
07
	0. Return to Category Menu
08
	----------------------------------
09
	[#] = Action is selected
10
	Select Violation to Edit:> 1
11
	 
12
	As you can see, there are currently three IS-IS violations that can be selected.  We'll choose #1.
13
	 
14
	[Edit Configuration Violation Response]
15
	+----------------------------------------------------------------------------+
16
	|Synopsis: Interface enabled for IS-IS protocol lacks family iso             |
17
	|............................................................................|
18
	|The interface has been specifically configured under [edit protocols isis]  |
19
	|but it lacks family iso in its interface configuration.  (Interfaces that   |
20
	|are enabled through 'interface all' are not considered, also fxp0.0 and     |
21
	|lo0.0 are ignored).  If Auto-Correct is selected then family iso is added   |
22
	|automatically to the interface.                                             |
23
	+----------------------------------------------------------------------------+
24
	1. Error - Fail commit with an error message
25
	2. Warning - Display warning message on console
26
	3. Syslog - Write warning message to syslog
27
	4. Warning & Syslog - Report warning to both console and syslog
28
	5. Auto-Correct - Add family iso to interface
29
	[6] Do nothing - Do not monitor this violation
30
	...
31
	V. View violation script code
32
	0. Return to Violations Menu
33
	-----------------------
34
	[#] = Current Selection
35
	Select Response:> 5

 

This next menu provides more details on the violation and provides a number of options. The selected option is shown by enclosing it within brackets [ ]. In this example, we are currently ignoring this configuration violation. Select option 5 so that the commit script will automatically add family iso to the interface. 
 
After making this selection, return to the violation menu. Skip that output and press 0 until you return to the main menu.

 

 

01
	[Commit Script Builder - Main Menu]
02
	-----------------------------------
03
	1. Edit Configuration Violations
04
	2. View Automation Instructions
05
	3. View Customized Commit Script
06
	4. Build and Apply Commit Script
07
	5. Clear All Instructions
08
	...
09
	Q. Quit and Discard Changes
10
	-----------------------------------
11
	(1 selected violations)
12
	Enter Selection:> 2
13
	 
14
	Configuration Violation Responses:
15
	----
16
	If: Interface enabled for IS-IS protocol lacks family iso
17
	Then: Auto-Correct - Resolve violation through configuration change
18
	----
19
	 
20
	--Press Enter to Continue--
 

This time, select option 2, which shows the if/then logic of the commit script. The final step is to build and apply the commit script by selecting option 4.  Here are the results:

01
	[Commit Script Builder - Main Menu]
02
	-----------------------------------
03
	1. Edit Configuration Violations
04
	2. View Automation Instructions
05
	3. View Customized Commit Script
06
	4. Build and Apply Commit Script
07
	5. Clear All Instructions
08
	...
09
	Q. Quit and Discard Changes
10
	-----------------------------------
11
	(1 selected violations)
12
	Enter Selection:> 4
13
	 
14
	***********************************************
15
	* Step 1 of 4: Building commit script...      *
16
	***********************************************
17
	[Success]
18
	 
19
	***********************************************
20
	* Step 2 of 4: Locking the configuration...   *
21
	***********************************************
22
	[Success]
23
	 
24
	***********************************************
25
	* Step 3 of 4: Writing commit script...       *
26
	***********************************************
27
	[Success]
28
	 
29
	***********************************************
30
	* Step 4 of 4: Enabling script and committing *
31
	***********************************************
32
	[Success]
33
	 
34
	custom-commit-script.slax was applied successfully.
35
	Exiting to Junos prompt.
36
	 
37
	jnpr@esLab-j4350-siteA> show configuration system scripts commit
38
	file custom-commit-script.slax;

 

 

The process was successful, and the J4350 is now the proud owner of a customized commit script. Should you decide to modify the current selections, you can rerun the Commit Script Builder op script and it will automatically read your previous selections from the custom-commit-script.slax file:

 

 

01
	jnpr@esLab-j4350-siteA> op url commit-script-builder.slaxWelcome to Commit Script Builder 1.0!
02
	---------------------------------
03
	This script gives you easy control over the commit process of your Junos
04
	device.  Select what configuration violations should be checked, and what
05
	actions should be performed if they occur.  Then allow the Commit Script
06
	Builder op script to generate the customized commit script, save it within
07
	the local commit script directory, and enable it automatically.
08
	 
09
	Checking for existing commit script: custom-commit-script.slax...
10
	Found custom-commit-script.slax - retrieving current settings...
11
	---Retrieved 1 configuration violation response selection(s)
12
	 
13
	[Commit Script Builder - Main Menu]
14
	-----------------------------------
15
	1. Edit Configuration Violations
16
	2. View Automation Instructions
17
	3. View Customized Commit Script
18
	4. Build and Apply Commit Script
19
	5. Clear All Instructions
20
	...
21
	Q. Quit and Discard Changes
22
	-----------------------------------
23
	(1 selected violations)
24
	Enter Selection:> 2
25
	 
26
	 
27
	Configuration Violation Responses:
28
	----
29
	If: Interface enabled for IS-IS protocol lacks family iso
30
	Then: Auto-Correct - Resolve violation through configuration change
31
	----
32
	 
33
	 
34
	--Press Enter to Continue--
 

 

Current Configuration Violations

 

The following lists the current violations that Commit Script Builder can customize. These are just a sampling because many more could be created.

 

  1. AS number does not match specific value
  2. BGP VPN path-selection mode is being turned on or off
  3. BGP peer lacks authentication
  4. Configuration includes hidden configuration statements
  5. Event script is not enabled
  6. FTP is enabled
  7. Filter term matches ICMP field without matching the protocol
  8. Filter term matches UDP/TCP port without matching the protocol
  9. Firewall filter does not end with a final 'accept' term
  10. Hostname is not set within re0 or re1 configuration group
  11. IPv4 firewall filter is not defined within family inet hierarchy
  12. Interface enabled for IS-IS protocol lacks family iso
  13. Interface enabled for LDP protocol lacks family mpls
  14. Interface enabled for MPLS protocol lacks family mpls
  15. Interface enabled for RSVP protocol lacks family mpls
  16. Interface is enabled for MPLS protocol but not RSVP protocol
  17. Interface is enabled for RSVP protocol but not MPLS protocol
  18. Interfaces configuration hierarchy is missing
  19. LCD maintenance menu is not disabled
  20. Login announcement does not match specific value
  21. Login message does not match specific value
  22. Missing fxp0.0 IPv4 input firewall filter
  23. Missing lo0.0 IPv4 input firewall filter
  24. No syslog destinations are configured
  25. No user accounts have been configured
  26. Protocols configuration hierarchy is missing
  27. RADIUS authentication is enabled but no servers exist
  28. RADIUS server configured but RADIUS authentication not enabled
  29. Redundant trunk group primary is configured
  30. Router ID is not configured
  31. SSH is not enabled
  32. SSH version 2 is not enabled or required
  33. TACACS+ authentication is enabled but no servers exist
  34. TACACS+ server is configured but TACACS+ authentication is not enabled
  35. Telnet is enabled
  36. Undefined routing-instance used as firewall filter action
  37. Virtual Chassis master and backup are not configured
  38. vlan-id 0 assigned via vlan-id-list to different unit than native-vlan-id
  39. fxp0 address is not set within re0 or re1 configuration group
  40. fxp0.0 interface is included in OSPF
  41. xp0.0 interface is included in OSPFv3
  42. lo0.0 interface doesn't have an IPv4 address
  43. lo0.0 interface doesn't have an IPv6 address
  44. lo0.0 interface doesn't have an ISO address
  45. lo0.0 interface is not configured
  46. lo0.0 interface is not included in IS-IS
  47. lo0.0 interface is not included in OSPF
  48. lo0.0 interface is not included in OSPFv3
  49. vme interface is not configured
 

 

GitHub Links

 

The source code is available from the following GitHub locations:

 

 


#How-To
0 comments
0 views

Permalink