Convert Between Zone-Defined and Global Address Books
For SLAX version 1.0 and higher, you can run the upgrade script to convert address books from a zone-defined address book (Junos OS Release 11.1 and earlier) to a global address book, and vice versa.
You can also run the downgrade script to convert address books from global address books to zone-defined address books.
Source Code and GitHub Links
The source code below is also available from the following GitHub locations:
SLAX Script Contents (Upgrade Version)
001 /*
002 *
003 * NAME: addr-book-upgrade.slax
004 * PURPOSE: This op script is used to convert address book from zone-defined
005 * address books (used by Junos 11.1 and earlier version) to global
006 * address book. User can run it after upgrade to Junos to 11.2 or
007 * later version.
008 *
009 *
010 * CREATED: 08/23/11
011 * BY: Jingbo Ni
012 * VERSION: 1.01
013 * Change Notes:
014 * (1) Removed dead code and cleaned indentation messed up by Eclipse
015 * (2) Removed root sys check:
016 * (a). The CLI command used for vsys check is no longer supported since 11.4
017 * (b). Originally did vsys check to make sure the script won't be executed by non-root vsys.
018 * But it's unnecessary as the scripts is not visible in non-vsys
019 *
020 * Platform supported: all SRXs (branch and high-end)
021 *
022 * MODIFICATION HISTORY:
023 * V1.00 = Initial release
024 *
025 */
026
027 version 1.0;
028 ns junos = "http://xml.juniper.net/junos/*/junos";
029 ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
030
031 ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
032 import "../import/junos.xsl";
033
034 match / {
035
036
037 /* Check version. If >= 11.1, do address book conversion */
038 var $version = { call get-junos-version(); }
039 if ($version > 11.1) {
040 var $conn = jcs:open();
041
042 <op-script-results> {
043
044 <output> "Converting old address books in the committed configuration database to " _ $version _ " address books ...";
045 var $rpc = <get-configuration database="committed"> {
046 <configuration> {
047 <security> {
048 <zones>;
049 }
050 }
051 }
052
053
054
055 var $lsys-rpc = <get-configuration database="committed"> {
056 <configuration> {
057 <logical-systems>;
058 }
059 }
060
061 var $root-sys-zones := jcs:execute($conn, $rpc);
062
063
064 var $lsys := jcs:execute($conn, $lsys-rpc);
065
066
067 /* Loop through all zones to convert their address books */
068 var $cfg := <configuration> {
069 if ( $root-sys-zones//address-book ) {
070 <security> {
071 call gen-upgrade-cfg ( $zones = $root-sys-zones );
072 }
073 }
074 if ($lsys//security/zones//address-book) {
075 for-each ( $lsys//security ) {
076 <logical-systems> {
077
078 <name> ../name;
079 <security> {
080 call gen-upgrade-cfg ( $zones = . );
081 }
082 }
083 }
084 }
085 }
086
087
088 copy-of $cfg;
089
090
091 /* Loop through all old style address books configured in logical-systems
092 * Normally it should not be a upgrade concern because older versions simply don't have
093 * logical system concept. But we take care of it anyway to cover the case in which
094 * a user may run the upgrade script after configuring old style address books in logical systems.
095 */
096
097 if ( $cfg//security/address-book ) {
098 var $result := { call jcs:load-configuration($connection = $conn, $configuration = $cfg); }
099
100 if( $result//xnm:error ) {
101 <output> "ERRORS OCCURRED:\n\t";
102 for-each( $result//xnm:error ) {
103 <output> message;
104 }
105 <output> "Unable to perform upgrade. Nothing committed.\nPlease commit or clean up your modifications and try again.";
106 } else {
107 <output> "Address books conversion completed and committed.";
108 }
109 } else {
110 <output> "No address book converted.";
111 }
112
113 }
114 var $close = jcs:close($conn);
115 }
116
117 }
118 /* End of match */
119
120 /*
121 * Template the get the running JUNOS version
122 */
123 template get-junos-version() {
124
125 var $osrelease = jcs:sysctl("kern.osrelease", "s");
126
127 var $version = jcs:split("[IRBSX-]", $osrelease, 2);
128
129 expr $version[1];
130 }
131
132 template gen-upgrade-cfg ( $zones )
133 {
134 for-each( $zones//security-zone ) {
135 if ( .//address-book/address ) {
136 /* If there're old address books */
137 var $zone = ./name;
138 var $bookname = $zone _ "-address-book";
139
140 /* Delete old style address book from zone */
141 <zones> {
142 <security-zone> {
143 <name> $zone;
144 <address-book delete="delete">;
145 }
146 }
147
148 /* Add new address books */
149 <address-book> {
150 <name> $bookname;
151 /* Ideally we should use "copy-of .". But it consumes too much memory! */
152 for-each( ./address-book/address ) {
153 <address> {
154 <name> ./name;
155 if ( ./ip-prefix ) {
156 <ip-prefix> ./ip-prefix;
157 } else if ( ./dns-name ) {
158 <dns-name> {
159 <name> ./dns-name/name;
160 if ( ./dns-name/ipv6-only ) {
161 <ipv6-only>;
162 } else if (./dns-name/ipv4-only) {
163 <ipv4-only>;
164 }
165
166 }
167
168 } else if ( ./wildcard-address ) {
169 <wildcard-address> {
170 <name> ./wildcard-address/name;
171 }
172 }
173 }
174 }
175
176
177
178 for-each( ./address-book/address-set ) {
179 <address-set> {
180 <name> ./name;
181 for-each (./address) {
182 <address> {
183 <name> ./name;
184 }
185 }
186 for-each (./address-set) {
187 <address-set> {
188 <name> ./name;
189 }
190 }
191 }
192 }
193
194 /* Attach the address to the zone where it is found */
195 <attach> {
196 <zone> {
197 <name> $zone;
198 }
199 }
200 }
201 }
202 }
203 }
SLAX Script Contents (Downgrade Version)
01 <?xml version="1.0"?>
02 <script>
03 <title>addr-book-upgrade.slax</title>
04 <alternate>addr-book-downgrade.slax</alternate>
05 <author>jni</author>
06 <synopsis>
07 These op-scripts are used to convert address book from zone-defined address books to global address book, and vice versa.
08 </synopsis>
09 <coe>op</coe>
10 <type>installation</type>
11
12 <description>
13 Run the upgrade script to convert address book from zone-defined address books
14 (applicable in Junos 11.1 and earlier) to global address book (applicable in
15 11.2 and later). Run the downgrade script to convert address book from global
16 address book to zone-defined address books.
17 </description>
18
19 <keyword>installation</keyword>
20
21 <xhtml:script xmlns:xhtml="http://www.w3.org/1999/xhtml"
22 src="../../../../../web/leaf.js"
23 type="text/javascript"/>
24 </script>