What I tested in the lab, just to close the loop...
I tested <request-shell-execute> in the lab with a similar op script and it worked with "rsh", instead of relogin from Andy's PyEZ example, as the command in SRX345 running 19.4R1.10.
Original Message:
Sent: 02-12-2024 12:15
From: asharp
Subject: event-options executing on SRX chassis cluster secondary node.
No. Not a shell script. A Python script leveraging "PyEZ" to perform s/w upgrades across a number of SRX clusters and v/SRX clusters.
For this particular project we were using Ansible and an off-box python scripts leveraging the PyEZ module. But we could have used on-box Python scripts as well since there wasn't anything that I recall that we were using that would have prevented that....I think...?
One of the features of PyEZ is the ability to start a shell on a given device, and then execute commands via the SHELL. Of course the requirement for that is that the user has SHELL access. Before you access the shell and execute commands, you can make RPC calls to identify the nodes and which node is primary and which is secondary, and then use that information to start the SHELL and then run the rlogin command to connect to the secondary node.
This takes you into the CLI of that node, so again, you can then start the shell once more , but this time the SHELL is that of the secondary node, and then in the case of the reboot, I just leveraged a similar approach that PyEZ uses to make NETCONF calls over a console connection which is to use the "xml-mode" command from the shell and then pipe in the RPC that I needed to perform, in this instance to reboot the secondary node.
It was about the only way I could think of upgrading and restarting the secondary node by doing everything via the primary node.
As I mentioned, I didn't try this with an on-box script, but I would like to think that the same approach is possible with either SLAX or Python on-box. Since Junos supports either SLAX/XSLT or Python scripts as event-scripts I would like to think that one or more of these approaches would work. It will of course also depend on what s/w version you have on the devices as to what the features/capabilities are.
------------------------------
Andy Sharp
Original Message:
Sent: 02-12-2024 11:37
From: JUAN RUIZ
Subject: event-options executing on SRX chassis cluster secondary node.
This looks very interesting and thank you! Is this just a standard shell script (scriptName.sh) used as an event-script?
[edit event-options event-script]
user@host# set file scriptName.sh
------------------------------
JUAN RUIZ
Original Message:
Sent: 02-09-2024 20:12
From: asharp
Subject: event-options executing on SRX chassis cluster secondary node.
An event-script can leverage the shell to execute "rlogin -T" to reach the secondary node.
Rebooting secondary node is a pain...need to rlogin, start shell and then send NETCONF RPC via the shell...
ss = StartShell(dev)ss.open()rlogincommand = "rlogin -T %s" % module.params["node"]rebootcommand = '( echo "<rpc><request-reboot><in>1</in></request-reboot></rpc>" && cat ) | xml-mode netconf need-trailer'shellcmd1 = ss.run(rlogincommand, timeout=30)[1]shellcmd2 = ss.run("start shell", timeout=30)[1]shellcmd3 = ss.run(rebootcommand, timeout=30)[1]
Not very elegant, but works when you don't have mgmt IP.
------------------------------
Andy Sharp
Original Message:
Sent: 12-13-2023 09:56
From: JUAN RUIZ
Subject: event-options executing on SRX chassis cluster secondary node.
Hi Jessica, Thank you for the example and link! But for clarification this assumes the secondary node has a dedicated mgmt IP and I would connect to it and run the RPC commands correct? If so, my challenge is the node 1 (secondary node) does not have a mgmt IP so I was hoping there was a way to send commands from node 0 to node 1 and wrap them in the request routing-engine login commands to do that or something along those lines.
------------------------------
JUAN RUIZ
Original Message:
Sent: 12-12-2023 20:44
From: Jessica Garrison
Subject: event-options executing on SRX chassis cluster secondary node.
Hi Juan,
An event script can communicate with a secondary node. Executing RPCs on a Remote Device
test@srx320> request system reboot | display xml rpc
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/22.4R0/junos">
<rpc>
<request-reboot>
</request-reboot>
</rpc>
<cli>
<banner></banner>
</cli>
</rpc-reply>
test@srx320> show system uptime | display xml rpc
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/22.4R0/junos">
<rpc>
<get-system-uptime-information>
</get-system-uptime-information>
</rpc>
<cli>
<banner></banner>
</cli>
</rpc-reply>
------------------------------
.
Original Message:
Sent: 11-27-2023 16:29
From: JUAN RUIZ
Subject: event-options executing on SRX chassis cluster secondary node.
Can someone share a basic logic on how to execute an event-policy on a secondary node to carry out a set of commands based on a syslog event?
In summary I want to carry out commands on the secondary node when a syslog message gets triggered. Everything below works but only on the primary node but I need it on the secondary node.
My current event-options are below.
policy mypolicy {
events SYSTEM;
attributes-match {
system.message matches UpgradeTime;
}
then {
execute-commands {
commands {
"op system-reboot";
"show system uptime";
}
}
}
}
------------------------------
JUAN RUIZ
------------------------------