Transcription

Network Automation. Scripting.Vadim Pavlov, System Engineer, Russia & CIS15.10.20131 2013 Infoblox Inc. All Rights Reserved.

Agenda NetMRI scripting overview Scripting basics (Perl only)̶ Libraries;̶ Common block and well-known variables;̶ Brokers and functions; Examples of scripting tasks̶ IPAM Sync;̶ Execute command on device;̶ BMP;̶ etc.2 2013 Infoblox Inc. All Rights Reserved.

Overview3 2013 Infoblox Inc. All Rights Reserved.

Where? What? Why?ü ACM license (SPM also support API)ü Internal: CCS and Perl scriptingü External: Perl and RESTü Perl: in VM environments don’t forget about Sandbox4 2013 Infoblox Inc. All Rights Reserved.

DocumentationNetwork Automation: Infoblox Network Automation Administrator Guide̶ Part 4: Automation Change Manager Scripting and JobManagement (Job Scripting) CCS Scripting GuideInfoblox NetMRI API Guide;API: https://NetMRIDevice/api/docsDDI: Infoblox API Documentation WAPI Documentation5 2013 Infoblox Inc. All Rights Reserved.

Sample script# BEGIN-SCRIPT-BLOCK## Script-Filter: true## END-SCRIPT-BLOCKuse NetMRI::API;my client new NetMRI::API({ api version 2.8, url main::api url,username main::http username, password main::http password });foreach my dev ( client- get broker('Device')- index({ select ['DeviceID', 'DeviceName'] })){print join("\t", dev- DeviceID, dev- DeviceName), "\n";}6 2013 Infoblox Inc. All Rights Reserved.

How to run script7 2013 Infoblox Inc. All Rights Reserved.

Script executing log/results8 2013 Infoblox Inc. All Rights Reserved.

Sample script - Externaluse NetMRI::API;my client new NetMRI::API({ api version 2.8, url 'http://192.168.3.200',username 'admin', password ’1qazxsw2'});foreach my dev ( client- get broker('Device')- index({ select ['DeviceID', 'DeviceName'] })){print join("\t", dev- DeviceID, dev- DeviceName), "\n";}One thing that you cannot do from an external Perl script is execute a CLIcommand on a device.Optionally for authentication you can create a .netmri.yml (requires installationthe YAML module is installed) or .netmri.json in your home directory.9 2013 Infoblox Inc. All Rights Reserved.

REST username USERNAME&password ct[] DeviceID&select[] DeviceIPDotted&select[] ex.json?select[] DeviceID&select[] DeviceIPDotted&select[] DeviceName10 2013 Infoblox Inc. All Rights Reserved.

Scripting basics11 2013 Infoblox Inc. All Rights Reserved.

Scripts Internal Perl librariesScript-block (inside NetMRI)Script variables (inside NetMRI)Well-known variables (inside NetMRI)BrokersGeneral brokers functions12 2013 Infoblox Inc. All Rights Reserved.

Libraries NetMRI::API̶ General Perl API;̶ Infoblox Job.pm – common functions; NetMRI Easy (only inside NetMRI)̶ NetMRI Easy provides an easy interface to the NetMRI;̶ NetMRI Easy offers all of the features of Infoblox Jobs.pm, withsome safeguards and object-oriented interfaces that are unavailablewhen infoblox jobs.pm is used;̶ Open connections as needed close when easy goes out of scope- DIS, CLI, NIOS̶ Common functionality implemented as methods directly off of easyMore sophisticated functionality available via easy- broker- Same broker/remote object classes as NetMRI::API̶ Be careful with easy- log message (it opens CLI connection)13 2013 Infoblox Inc. All Rights Reserved.13

Sample script – NetMRI Easy# BEGIN-SCRIPT-BLOCK## Script-Filter: true# Script-Login: false## END-SCRIPT-BLOCKuse NetMRI Easy;my easy new NetMRI Easy;foreach my dev ( easy- get broker('Device')- index({ select ['DeviceID', 'DeviceName'] })){print join("\t", dev- DeviceID, dev- DeviceName), "\n";}14 2013 Infoblox Inc. All Rights Reserved.

use NetMRI Easy – NIOS connection# BEGIN-SCRIPT-BLOCK## Script-Filter:# true## END-SCRIPT-BLOCK# NetMRI Easy nios session exampleuse strict;use warnings;use NetMRI Easy;my easy new NetMRI Easy({ nios api 1 });# returns an instance of Infoblox::SessionMy nios session easy- nios session;15 2013 Infoblox Inc. All Rights Reserved.15

SCRIPT-BLOCK (Inside NetMRI)# BEGIN-SCRIPT-BLOCK#Script-Filter: trueSpecifies the devices types processed by the script. Type: String Required: Yes#Script-Timeout: 60Specifies the per-command timeout for the entire script in seconds. Type: Integer Required: No Default if not specified: 60#Script-Login: falseSpecifies whether the job engine should automatically establish a connection with the target device. Type: Boolean Required: No Default if not specified: true#Script-Variables:# command word "show version”Specifies inputs needed by the script. Type: Tuple (ordered list of elements) Required: No Default if not specified: None# END-SCRIPT-BLOCK16 2013 Infoblox Inc. All Rights Reserved.

Script variables (inside NetMRI)Script-variables are provided as global variables, they must be declared as aglobal using our.# BEGIN-SCRIPT-BLOCK## Script-Filter: true# Script-Variables:# command word "show version”## END-SCRIPT-BLOCKuse NetMRI::API;our command;17 2013 Infoblox Inc. All Rights Reserved.

Well-known variables (inside NetMRI)All well-known variables are listed in admin guide on p.242 api url "http://4.10.72.15"; device id "21"; NetMRI ipaddress "4.10.72.15"; ipaddress "220.10.110.5"; type "Router";18 2013 Infoblox Inc. All Rights Reserved.

NetMRI Easy/Infoblox Job functions set variableget list valueget template send commandgenerate issuelog message easy- nios session easy- device session open session – session with DIS (Device Interaction Server)close sessionopen connection – connection with target device via DISclose connection easy- broker- broker name client- get broker('broker name’)* functions in italic exists in both libraries19 2013 Infoblox Inc. All Rights Reserved.

BrokersAll brokers described /NetMRI API Index.htmlFor example: Device;̶ broker- device- running config text eList, IssueListDevice, IssueDetail;Job, JobDetail;20 2013 Infoblox Inc. All Rights Reserved.

General broker functions index – lists objects search – search objects (more flexible then index) find – search objects (most flexible but not efficient) show – shows details about object update – update object (where present)Other functions are specific for each broker21 2013 Infoblox Inc. All Rights Reserved.

Examples of scripting tasks22 2013 Infoblox Inc. All Rights Reserved.

Examples of scripting tasks Custom IssuesExecute commands on devicesNetworks/Routes/Hosts import into IPAM (EA sync)Networks/Hosts export from IPAM to NetMRIInterface configuration checkCheck IF on VLAN CorrectnessIP address helperCheck MTUBMP* scripts are not optimized – just use it as ideas how to do it :)23 2013 Infoblox Inc. All Rights Reserved.

Custom issues Create custom issue with unique ID; Generate issue in script:- NetMRI Easy: easy- generate issue( issue type id, severity,%parameters );- Infoblox Job.pm: generate issue( issue type id, severity,%parameters );- NetMRI::API: client- get broker('IssueAdhoc’)Example:my issue id easy- generate issue("IOSUpgradeCorruptImage", "warning",{“imagename" ’sample Image’, "BadMD5" ’MD5’, "Name" ’Image’,"Host" ’unknown’,});24 2013 Infoblox Inc. All Rights Reserved.

Execute command on device# BEGIN-SCRIPT-BLOCK# Script-Filter: true# Script-Variables:# command word "show version”# END-SCRIPT-BLOCKuse NetMRI Easy;our command;my easy new NetMRI Easy;my result easy- send command( command);print result;25 2013 Infoblox Inc. All Rights Reserved.25

Networks/Routes/HostsimportintoIPAMSlide 1# BEGIN-SCRIPT-BLOCK# Script-Filter: true# Script-Login: false# END-SCRIPT-BLOCKuse NetMRI Easy;my easy new NetMRI Easy({nios api 1, nios ipaddress "10.0.167.51”, nios username "admin”, nios password "infoblox”});my ddi session easy- nios session; #Connect to NIOS#Select info from NetMRImy @interfaces easy- broker- interface- index({ DeviceID main::device id , select ['DeviceID', 'RouteCIDR', 'RouteNextHopIPDotted', 'InterfaceID'], });my @routes easy- broker- device route- index({ DeviceID main::device id , select ['InterfaceID', 'ifName', 'ifDescrRaw', 'ifIndex',], });my @ifs; my @ifIndexs;foreach my if (@interfaces) { ifs [ if- InterfaceID] if- ifName; ifIndexs [ if- InterfaceID] if- ifIndex;}26 2013 Infoblox Inc. All Rights Reserved.26

Networks/Routes/HostsimportintoIPAMSlide 2foreach my device (@routes){my network obj;if ( ifs[ device- InterfaceID]) { network obj Infoblox::DHCP::Network- new(network device- RouteCIDR,extensible attributes { 'Interface' ifs[ device- InterfaceID], 'NextHop' device RouteNextHopIPDotted, 'InterfaceURL' main::api ewer.tdf?DeviceID ". main::device id."&ifIndex ". ifIndexs[ device InterfaceID]."&Timestamp &TimePeriod &Metric &Measure &selectedAccordion Interface&selectedMenu Neighbors”});}else{ network obj Infoblox::DHCP::Network- new(network device- RouteCIDR,extensible attributes {'NextHop' device- RouteNextHopIPDotted});};my response ddi session- add( network obj);}27 2013 Infoblox Inc. All Rights Reserved.27

ResultsLinks to NetMRI28 2013 Infoblox Inc. All Rights Reserved.

Networks/Hosts import IPAM NetMRI# BEGIN-SCRIPT-BLOCK# Script-Filter: true# Script-Login: false# END-SCRIPT-BLOCKuse NetMRI Easy;my easy new NetMRI Easy({nios api 1, nios ipaddress "10.0.167.51”, nios username "admin”, nios password "infoblox”});my ddi session easy- nios session; #Connect to NIOSmy @networks ddi session- get(object "Infoblox::DHCP::Network”, network view "default”);foreach my network (@networks){ easy- broker- discovery setting- create({range value network- network, range type ’CIDR’,discovery status ’INCLUDE’});};29 2013 Infoblox Inc. All Rights Reserved.29

Results30 2013 Infoblox Inc. All Rights Reserved.

Interface configuration check# BEGIN-SCRIPT-BLOCK# Script-Filter: true# Script-Login: false# END-SCRIPT-BLOCKuse NetMRI Easy;my easy new NetMRI Easy;my Configs easy- broker- device- running config text(DeviceID main::device id) {running config text};my @IFs easy- broker- interface- index(DeviceID main::device id);foreach my IF (@IFs){my IFName IF- ifDescrRaw;if ( Configs /interface IFName[ \!] ip helper-address[ \!] /) {print "\n". IF- ifDescrRaw." config is cool\n\n";}else{print IF- ifDescrRaw." config is bad\n";};};31 2013 Infoblox Inc. All Rights Reserved.31

Results32 2013 Infoblox Inc. All Rights Reserved.

Check IF on VLAN correctness# BEGIN-SCRIPT-BLOCK# Script-Filter: true# Script-Login: false# END-SCRIPT-BLOCKuse NetMRI Easy;my easy new NetMRI Easy;my @IFs easy- broker- interface- index(DeviceID main::device id);my @VLANs easy- broker- vlan- index;foreach my VLAN (@VLANs){ VLN{ VLAN- VlanIndex}{Index} VLAN- VlanIndex; VLN{ VLAN- VlanIndex}{Name} VLAN- VlanName;};foreach my IF (@IFs){my @IFVlans easy- broker- if vlan- index(DeviceID main::device id,IntefaceID IF- InterfaceID);foreach my VlanId (@IFVlans){if ( VLN{ VlanId- VlanID}{Index} and VlanId- InterfaceID IF- InterfaceID) {print "Interface: ", IF- ifDescrRaw," VLAN:", VLN{ VlanId- VlanID}{Index}," ", VLN{ VlanId- VlanID}{Name}, "\n";};};* You need to connect to external sources (CMDB, Inventory etc) and/or implement logic for VLAN checking33 2013 Infoblox Inc. All Rights Reserved.33

IPaddresshelper.NIOStoDeviceSlide 1# BEGIN-SCRIPT-BLOCK# Script-Filter: true# Script-Login: false# END-SCRIPT-BLOCKuse NetMRI Easy;use Data::Dumper;my easy new NetMRI Easy({nios api 1, nios ipaddress "10.0.167.51", nios username "admin", nios password "infoblox"});my ddi session easy- nios session; #Connect to NIOSmy @networks ddi session- get(object "Infoblox::DHCP::Network", network view "default");foreach my sub(@networks){my @memb sub- members;my ipdhcp '';if (exists memb[0][0]{'address'}) { ipdhcp memb[0][0]- address;}elsif (exists memb[0][0]{'name'}) {#my dhcpname memb[0][0]- name;my @m ddi session- get( object "Infoblox::Grid::Member", name memb[0][0]- name); ipdhcp m[0]{'ipv4addr'};};print "Subnet: ". sub- network." dhcp server: ". ipdhcp."\n”;34 2013 Infoblox Inc. All Rights Reserved.34

IPaddresshelper.NIOStoDeviceSlide 2if ( ipdhcp ne ''){my @subnets easy- broker- subnet- index(SubnetCIDR sub- network);if (defined subnets[0]) {my @SMs easy- broker- subnet member- index(SubnetID subnets[0]- SubnetID);foreach my SM(@SMs){if ( SM- IfAddrID ne ""){my @IFs easy- get broker('IfAddr')- show(IfAddrID SM- IfAddrID);my @IFNames easy- broker- interface- show(InterfaceID IFs[0]- InterfaceID);#print Dumper @IFNames;my ifAlias IFNames[0]- ifDescrRaw;my Configs easy- broker- device- running config text(DeviceID SM- DeviceID)- {running config text};if ( Configs /interface ifAlias[ \!] ip helper-address ipdhcp[ \!]*/) {print "helper is installed\n”;}else{print "Configuration change:\nconf term\n interface ifAlias\nip helper-address ipdhcp\n exit\n exit\nwrite mem\n”;print "executing on ". SM- DeviceID." commands:\n”;my easy2 easy- device session( SM- DeviceID);print easy2- send command("show ver i uptime image processor"); easy2- send command("conf term"); easy2- send command("interface ifAlias"); easy2- send command("ip helper-address ipdhcp"); easy2- send command("end");# command out easy2- send command("write mem");print "Config changed\n”;};};};};};};35 2013 Infoblox Inc. All Rights Reserved.35

Results36 2013 Infoblox Inc. All Rights Reserved.

Check MTU (old style, using CLI)# BEGIN-SCRIPT-BLOCK# Script-Filter:# Vendor eq "Cisco" or Vendor eq "Juniper”# Script-Variables:# END-SCRIPT-BLOCKuse NetMRI::API::Client;our client new NetMRI::API::Client(UserName " http username”,PasswordURL " http password”, " api url”);our dis client- get broker("DisSession"); our cli client get broker("CliConnection");our issue client- get broker("IssueAdhoc"); our session id 0;my dev1 device id;my cli command s "show version"; my cli command d "showversion"; my cli-match;my d if; my s if; my d ifName; my s ifName; my d device; my s mtu; my d mtu;open session();open connection( device id); d if d- {ifName}; d ifName d- {ifDescr}; d device d- {DeviceID};}if ( dev1- {DeviceVendor} eq "Cisco") { cli command s "showinterface s if include MTU”; cli match "MTU ([0-9] ) bytes.*";}else { cli command s "show interface s if match MTU"; cli match "Protocol inet, MTU: ([0-9] ).*";}print "command to push is cli command s\n"; output1 send command( device id, cli command s);print "\tSource Device/interface dev1- {DeviceName}/ s ifoutput: output1\n"; s mtu,"MTU""Remote Device" nd- {DeviceName},"Remote Interface" d ifName,"Remote MTU" d mtu});} else {print "\tMTUs match s mtu - d mtu\n";}}}sub open session {our dis response dis- open(job id job id); session id dis response- {dis session}- {SessionID}; d mtu 0; s mtu 0;END {close session();}}if ( output1 m/ cli match/){ s mtu 1;};print "\nOK, now finding far end device for d device\n”;my destdev broker- find by id( d device);sub close session {our dis response dis- close(id session id,);}sub open connection {my devID shift;print "\tGot Device destdev- {DeviceName}\n”;print " Opening session to device devID\n";print "\tNetwork device Indication is destdevour cli response cli- open(id session id, device id {NetworkDeviceInd}\n\tManaged is destdev- {DeviceManagedInd}\n\tCCS Collection is destdev- {DeviceCCSCollection}\n\tConfig Polling is devID); destdev- {DeviceConfigPolling}\n”;print "DEBUG: cli reponse: cli response\n";my broker client - get broker("Device");if (( destdev- {DeviceCCSCollection} eq "on") and ( destdev- END {close connection( devID);}}my bint client- get broker("Interface"); {DeviceManagedInd} eq "true") and ( destdev- {DeviceCCSCollection} eqsub close connection {"on") and ( destdev- {NetworkDeviceInd} eq "true") ) { dev1 broker- find( dev1);my devID shift;my output1 ;if ( destdev- {DeviceVendor} eq "Cisco")our cli response cli- close(id session id, device id { cli command d "show interface d if include MTU”;print "\n\nCurrent neighbors of dev1- {DeviceName} dev1 devID);} cli match "MTU ([0-9] ) bytes.*";} {DeviceIPDotted} ( dev1- {DeviceID}):\n”;sub send command {my @ns sort { a- {ifIndex} b- {ifIndex} a- {NeighborDeviceID}else { cli command d "show interface d if my devID shift; b- {NeighborDeviceID} a- {NeighborIfIndex} bmatch MTU"; cli match "Protocol inet, MTU: ([0-9] ).*";}my ( command, debug) @ ; {NeighborIfIndex} } dev1- get neighbors();print "\tcommand to push is cli command d\n”;if( debug eq "") { debug 0;}foreach my n (@ns) {open connection( d device);print "DEBUG: Device ID is: devID\n";my nd; output1 send command( d device, cli command d); cli response cli- send command(id session id, device ideval { nd broker- find by id( n- {NeighborDeviceID});};print "\tDest Device/interface nd- {DeviceName}/ devID,command command, debug debug);if ( @ / H404/) { print "Could not find device n d if output: output1\n”;return( cli response- {command response});} {NeighborDeviceID}\n";next;};close connection( d device);sub generate issue {printf "\nOn %7s %6d %15s %16s \%s\n", ( n- {ifIndex} ? ("if" .if ( output1 m/ cli match/) { d mtu 1;}my ( issue type id, severity, params) @ ; n- {ifIndex}) : "unknown"), nd- {DeviceID}, nd- {DeviceName}, ndif ( d mtu ! s mtu) { {DeviceIPDotted}, ( n- {NeighborIfIndex} ? ("if" . n- {NeighborIfIndex}) :my %baseParams (DeviceID device id, BatchID print "\tMTUs do not match\n”;"unknown"); batch id, IssueTypeID issue type id, Severity severity);my issue id generate issue(my @sif bint- find by id( n- {InterfaceID});my %allParams (%baseParams, %{ params});"MTUmismatch”,die "\nsource Interface not found.\n\n" if [email protected];our issue response issue"Warning",{foreach my s (@sif) {printf "Source IF - %10s %s\n", s generate issue(%allParams);return( issue response- {IssueID});}"IP Address" {ifName}, s- {ifDescr}; dev1- {DeviceIPDotted}, s if s- {ifName}; s ifName s- {ifDescr};}"Host"my @dif bint- find by id( n- {NeighborInterfaceID}); dev1- {DeviceName},die "\nsource Interface not found.\n\n" if [email protected];"Interface"foreach my d (@dif) {printf "Dest IF - %10s %s\n", d s ifName, {ifName}, d- {ifDescr};37 2013 Infoblox Inc. All Rights Reserved.37

Check MTU (using NetMRI data)# BEGIN-SCRIPT-BLOCK# Script-Filter: true# Script-Login: false# END-SCRIPT-BLOCKuse NetMRI Easy;my easy new NetMRI Easy;my @IFs easy- broker- interface- index(DeviceID main::device id);foreach my IF (@IFs){my @NBs easy- broker- neighbor- index(InterfaceID IF- InterfaceID);foreach my NB (@NBs){if (defined NB- NeighborInterfaceID) {my NIF easy- broker- interface- show(InterfaceID NB- NeighborInterfaceID)- {interface};if ( IF- ifMtu NIF- ifMtu){print "Interface ". IF- ifDescrRaw." has same MTU on neighbor\n";}else{print "Interface ". IF- ifDescrRaw." (MTU:". IF- ifMtu.") "." has different MTU (". NIF- ifMtu.") onneighbor\n";my NDevice easy- broker- device- show(DeviceID NIF- DeviceID)- {device};print "Neighbor Device:". NDevice- DeviceName." Interface:". NIF- ifDescrRaw."\n\n";};};};};38