Automation

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  anyone can help me understand this statement ?

    Posted 02-01-2021 23:50
    Ensure that Python commit scripts are allowed to be stored off-box. Other commit scripts should only be allowed to be stored on-box.

    What does the statement mean exactly ?

    thanks !!


  • 2.  RE: anyone can help me understand this statement ?

    Posted 03-12-2021 15:48
    Hi gongyayu,

    Can you link where this statement comes from? This will help with context for the responders. 

    Thanks,

    --Ben

    ------------------------------
    Benjamin Griffin
    ------------------------------



  • 3.  RE: anyone can help me understand this statement ?

    Posted 03-12-2021 15:54
    This comes from Juniper training materials.

    thanks !!


  • 4.  RE: anyone can help me understand this statement ?

    Posted 03-12-2021 15:59
    I will send this over to the Education Team:​

    @Lawrence_R can your team take a look at the original question?

    Thanks,



    ------------------------------
    Benjamin Griffin
    ------------------------------



  • 5.  RE: anyone can help me understand this statement ?

    Posted 03-12-2021 20:31
    I'm not sure which training materials you pulled that from, but I did check with our Education team. We cover commit scripts in our Junos Platform Automation and DevOps (JAUT) course (www.juniper.net/course/jaut). That would be your best option to fully learn about commit scripts as they related to Junos devices.

    Thanks,
    Lawrence

    ------------------------------
    Lawrence Rust
    ------------------------------



  • 6.  RE: anyone can help me understand this statement ?

    Posted 03-13-2021 08:41
    Hi,

    I took the IJAUT, JAUT and AJAUT lately.
    I guess you are referring to a Slide/page, that mentions this:


    [edit system scripts]
    user@host# set language (python | python3)

    What that allows you is to run "unsigned" python scripts (on-box and off-box).
    Usually, you should store your commit/op scripts on the box itself but there is also an option to run it from let's say a file share.
    If you let me know, what "page" / slide that was (number is everything I need) I can look into the materials and see exactly what you are referring to :)

    BR
    Christian



    ------------------------------
    Christian Scholz
    Juniper Networks Ambassador | JNCIE-SEC #374
    Mail: chs@ip4.de
    Blog: jncie.eu | Twitter: @chsjuniper | YT-Channel: netchron
    ------------------------------



  • 7.  RE: anyone can help me understand this statement ?

     
    Posted 03-23-2021 09:15
    I've used this approach in the past when extending the ZTP process.  Using ZTP to get a basic configuration applied to the device which included an off-box event script to leverage a Python script stored in Git.  

    That script could then make an API call to Ansible Tower or AWX using the template callback feature to then generate and apply the full blown production configuration and apply it as and when necessary.

    The base ZTP configuration would include the usual stuff, authentication etc, and then it would include the following which would permit off-box python script execution via a URL, and the event that would be triggered every 60 seconds.  Once the trigger was able to successfully execute the script then the final configuration would be applied to the device by Ansible Tower/AWX etc.
    system {
        scripts {
            op {
                allow-url-for-python;
            }
            language python;
        }
    }
    event-options {
        generate-event {
            ztp-autoi time-interval 60;
        }
        policy ztp-autoi {
            events ztp-autoi;
            then {
                execute-commands {
                    commands {
                        "op url http://192.168.56.1/scripts/foo.py -server https://192.168.56.10:443 -api v2 blah blah blah";
                    }
                }
            }
        }
    }​


    To prevent the Python script from being executed multiple times if it was already executed, then the off-box script would leverage the jcs.dampen() function that could be used prevent the script from executing too often. e.g. 

    import jcs
    from sys import exit
    
    .
    .
    .
    # prevent operation from being repeatedly called
    # exit if exceeds 1 call in 10 minutes
    if not (jcs.dampen('callback-provisioning', 1, 10)):
        print('Callback provisioning: dampen exit OK.')
        jcs.syslog("external.notice", "Callback provisioning: dampen exit OK.")
        exit()
    .
    .
    .


    Once the production configuration has been generated and committed to the device by Ansible then the event trigger would be overwritten/removed and the device would be ready for validation tests and so forth.

    Regards,
    Andy



    ------------------------------
    Andy Sharp
    ------------------------------



  • 8.  RE: anyone can help me understand this statement ?

    Posted 03-23-2021 16:12
    thanks a lot !!