Beispiel #1
0
import pdb
from pprint import pprint as pp 
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx.nat import NatSrcPool, NatSrcRuleSet
from jnpr.eznc.utils import Config

# create a junos device and open a connection

login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()

# now metabind some resource managers

jdev.bind( cu=Config )
jdev.bind( np=NatSrcPool )
jdev.bind( nr=NatSrcRuleSet )

# create a NAT source pool called 'POOL-A' with
# an address range from 198.18.0.1/32 to 198.18.0.10/32
# here showing the technique to change property values
# by making a "call" into the resource

r = jdev.np["POOL-A"]
r(addr_from="198.18.0.1", addr_to="198.18.0.10")
r.write()

# create a NAT source ruleset called "OUTBOUND_NAT"
Beispiel #2
0
from pprint import pprint as pp 
from lxml import etree

# for the example ...
from exampleutils import *
from jnpr.eznc import Netconf as Junos

login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()

# you can run any cli command using the :cli: method, for example
print "showing command: 'show version'"
print jdev.cli("show version")

# showing command: 'show version'

# Hostname: jnpr-dc-fw
# Model: junosv-firefly
# JUNOS Software Release [12.1X44-D10.4]


# you can also obtain the XML RPC for the associated command by 
# doing this:

print "showing as XML RPC command:"
xml_cmd = jdev.cli("show version | display xml rpc")

# this is an actual XML element, so we can dump it for debug:
etree.dump(xml_cmd)
Beispiel #3
0
# for debugging ...
import pdb
from pprint import pprint as pp 
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.utils import Config
from jnpr.eznc.resources.srx import PolicyContext

jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind( cu=Config )   

# now add the PolicyContext, this will auto-load the associated
# rules resource class PolicyRule

jdev.bind( pc=PolicyContext )

# now access a policy PolicyContext.  The policy context is
# tuple (from-zone-name, to-zone-name)

r = jdev.pc[("OUTSIDE-DC-ST1","PII-SOX-DC-ST1")]

# dump the contents:
pp(r)
# NAME: PolicyContext: ('OUTSIDE-DC-ST1', 'PII-SOX-DC-ST1')
Beispiel #4
0
# for debugging ...
import pdb
from pprint import pprint as pp 
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf 
from jnpr.eznc.resources.srx import ZoneAddrBook
from jnpr.eznc.utils import Config

jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind( cu=Config )     
jdev.bind( ab=ZoneAddrBook )

cu = jdev.cu
ab = jdev.ab

z_name = "OUTSIDE-DC-ST1"
zone = ab[z_name]

def test_addr():
  # grab the first address book entry, and change it's
  # ip_prefix to "1.1.1.1/32"

  first_addr = zone['$addrs'][0]
  addr = zone.addr[first_addr]
Beispiel #5
0
def show_help():
  print "%s <ab_name> <ip_addr>" % sys.argv[0]
  exit(1)

if len(sys.argv) != 3:
  show_help()

try:  
  book_name = sys.argv[1]
  find_addr = sys.argv[2]
except:
 die("You must specify the ip-addr to locate")


jdev = Junos(user='******', host='vsrx_x46', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind( ab=SharedAddrBook )

book = jdev.ab[book_name]
if not book.exists:
  die("Book %s does not exist on this device!" % book_name )

def do_find_addr( find_addr ):
  print "Searching for address: " + find_addr
  f = AddrBookFinder(book)
  r = f.find(find_addr)
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.resources.srx import ZoneAddrBook
from jnpr.eznc.utils import Config

jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind(cu=Config)
jdev.bind(ab=ZoneAddrBook)

cu = jdev.cu
ab = jdev.ab

z_name = "OUTSIDE-DC-ST1"
zone = ab[z_name]


def test_addr():
    # grab the first address book entry, and change it's
    # ip_prefix to "1.1.1.1/32"

    first_addr = zone['$addrs'][0]
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree

# for the example ...
from exampleutils import *
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx.nat_src_simple import NatSourceSimple
from jnpr.eznc.utils import ConfigUtils

login = dict(user='******', host='vsrx_cyan', password='******')

jdev = Junos(**login)
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.ez(cu=ConfigUtils)

# define a resource manager for simple source-NAT use-cases

rmgr = NatSourceSimple(jdev)

defaults = dict(zone_from='OUTSIDE-DC-ST1', zone_to='PII-SOX-DC-ST1')


def load_defaults(r):
    for k, v in defaults.items():
        r[k] = v
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.resources.srx import Zone
from jnpr.eznc.utils import Config

jdev = Netconf(user='******', host='vsrx_cyan', password="******")
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind(cu=Config)
jdev.bind(zone=Zone)

cu = jdev.cu

z_name = jdev.zone.list[0]
zone = jdev.zone[z_name]

first_ifs = zone.ifs.list[0]
ifs = zone.ifs[first_ifs]
Beispiel #9
0
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.utils import Config
from jnpr.eznc.resources.srx import PolicyContext

jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind(cu=Config)

# now add the PolicyContext, this will auto-load the associated
# rules resource class PolicyRule

jdev.bind(pc=PolicyContext)

# now access a policy PolicyContext.  The policy context is
# tuple (from-zone-name, to-zone-name)

r = jdev.pc[("OUTSIDE-DC-ST1", "PII-SOX-DC-ST1")]

# dump the contents:
pp(r)
# NAME: PolicyContext: ('OUTSIDE-DC-ST1', 'PII-SOX-DC-ST1')
Beispiel #10
0
from pprint import pprint as pp
from lxml import etree

# for the example ...
from exampleutils import *
from jnpr.eznc import Netconf as Junos

login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()

# you can run any cli command using the :cli: method, for example
print "showing command: 'show version'"
print jdev.cli("show version")

# showing command: 'show version'

# Hostname: jnpr-dc-fw
# Model: junosv-firefly
# JUNOS Software Release [12.1X44-D10.4]

# you can also obtain the XML RPC for the associated command by
# doing this:

print "showing as XML RPC command:"
xml_cmd = jdev.cli("show version | display xml rpc")

# this is an actual XML element, so we can dump it for debug:
etree.dump(xml_cmd)

# showing as XML RPC command:
Beispiel #11
0
import pdb
from pprint import pprint as pp
from lxml.builder import E
from lxml import etree

# junos "ez" module
from jnpr.eznc import Netconf

dev = Netconf(host='jnpr-dc-fw',user='******')
dev.open()

## now play around with dev object ...
## when done, you should issue dev.close()

# for debugging ...
import pdb
from pprint import pprint as pp 
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf as Junos

login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()

def show_sroute(jdev, *vargs, **kvargs):
  """
  given a route destination, provide a dictionary of information 
  about that route that includes the interface and security-zone

  kvargs['route'] or vargs[0]
    the route to lookup
  """

  route = kvargs.get('route') or vargs[0]

  # do a 'show route' to determine the next-hop interface
  # if the route is unknown, then return found=False

  rsp = jdev.rpc.get_route_information(destination=route, best=True)
  nh_via = rsp.xpath('.//nh/nh-local-interface | .//nh/via')
  if not len(nh_via):
    return {'found': False}
Beispiel #13
0
import pdb
from pprint import pprint as pp 
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx.nat import NatStaticRuleSet
from jnpr.eznc.utils import Config

# create a junos device and open a connection

jdev = Junos(user='******', password='******', host='vsrx_cyan')
jdev.open()

# now metabind some resource managers

jdev.bind( cu=Config )
jdev.bind( nat=NatStaticRuleSet )

# create a static NAT ruleset called 'outside' and map it on the from-zone "OUTSIDE-DC-STD1"

nat = jdev.nat["outside"]
nat(zone_from="OUTSIDE-DC-ST1")
nat.write()

# now create a rule within that ruleset called "foo" to static NAT 198.18.11.5 to 10.0.0.4
# for port 80.  Also enable proxy-arp on interface reth0.213"

r = nat.rule["foo"]
r(match_dst_addr="198.18.11.5", match_dst_port="80", nat_addr="10.0.0.4", nat_port="80")
r(proxy_interface="reth0.213")
Beispiel #14
0
def show_help():
  print "%s <zone_name> <ip_addr>" % sys.argv[0]
  exit(1)

if len(sys.argv) != 3:
  show_help()

try:  
  zone_name = sys.argv[1]
  find_addr = sys.argv[2]
except:
 die("You must specify the ip-addr to locate")


jdev = Junos(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind( zone=Zone )

zone = jdev.zone[zone_name]
if not zone.exists:
  die("Zone %s does not exist on this device!" % zone_name)

print "Reading zone %s address book ..." % zone_name
zone.ab.read()

def do_find_addr( find_addr ):
Beispiel #15
0
from jnpr.eznc import Netconf

jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()

inv = jdev.rpc.get_chassis_inventory()
print "model: %s" % inv.find('chassis/description').text
print "serial-number: %s" % inv.find('chassis/serial-number').text

# model: JUNOSV-FIREFLY
# serial-number: cf2eaceba2b7

jdev.close()
Beispiel #16
0
from jnpr.eznc.resources.srx import Zone, ZoneAddrFinder


def die(msg):
    print "-" * 50
    print "DIE!: " + msg
    print "-" * 50
    exit(1)


try:
    find_addr = sys.argv[1]
except:
    die("You must specify the ip-addr to locate")

jdev = Junos(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind(zone=Zone)

zone_mgr = jdev.zone

z_name = zone_mgr.list[0]
zone = zone_mgr[z_name]

print "Reading zone %s address book ..." % z_name
zone.ab.read()
import pdb
from pprint import pprint as pp
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx.nat import NatSrcPool, NatSrcRuleSet
from jnpr.eznc.utils import Config

# create a junos device and open a connection

login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()

# now metabind some resource managers

jdev.bind(cu=Config)
jdev.bind(np=NatSrcPool)
jdev.bind(nr=NatSrcRuleSet)

# create a NAT source pool called 'POOL-A' with
# an address range from 198.18.0.1/32 to 198.18.0.10/32
# here showing the technique to change property values
# by making a "call" into the resource

r = jdev.np["POOL-A"]
r(addr_from="198.18.0.1", addr_to="198.18.0.10")
r.write()

# create a NAT source ruleset called "OUTBOUND_NAT"
Beispiel #18
0
import pdb
from pprint import pprint as pp 
from lxml import etree
from lxml.builder import E 

# for the example ...
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.utils import Config

# create a junos device and open a connection

login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()

jdev.bind( cu=Config )

def show_diff_and_rollback():
  # dump the diff:
  print jdev.cu.diff()
  # [edit system]
  # -  host-name jnpr-dc-fw;
  # +  host-name jeremy;
  # +  domain-name jeremy.com;

  print "Rolling back...."
  jdev.cu.rollback()

set_commands = """
set system host-name jeremy
set system domain-name jeremy.com
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.resources.srx.nat import NatProxyArp
from jnpr.eznc.utils import Config

# create a junos device and open a connection

jdev = Netconf(user="******", password="******", host="vsrx_cyan")
jdev.open()

# create a config utility object
cu = Config(jdev)

# select a proxy-arp entry, using direct resource access
entry = NatProxyArp(jdev, ("ge-0/0/1.124", "198.18.11.5"))


def doit():
    if not entry.exists:
        print "creating entry"
        entry.write(touch=True)
        print cu.diff()
        # [edit security]
        # +   nat {
        # +       proxy-arp {
        # +           interface ge-0/0/1.124 {
Beispiel #20
0
# for debugging ...
import pdb
from pprint import pprint as pp 
from lxml import etree

# for the example ...
from exampleutils import *
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx.nat_src_simple import NatSourceSimple
from jnpr.eznc.utils import ConfigUtils

login = dict(user='******', host='vsrx_cyan', password='******')

jdev = Junos(**login)
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.ez( cu=ConfigUtils )     

# define a resource manager for simple source-NAT use-cases

rmgr = NatSourceSimple( jdev )

# if you want to see the resource properties, you could do:
# >>> print NatSourceSimple.PROPERTIES
# ['zone_from', 'zone_to', 'match_src_addr', 'match_dst_addr', 'pool_from_addr', 'pool_to_addr']

# define some default properties we'll use:
Beispiel #21
0
import paramiko
import os, sys

from jnpr.eznc import Netconf

# local import
from uac import UAC

if len(sys.argv) < 2:
  print "you must provide a Junos target hostname"
  sys.exit(1)

# going to use paramiko SSHConfig to retrieve the port parameters for a given
# host.  Doing this because I tend to use jumphosts to get to devices behind
# firewalls/etc.  This is a pretty useful technique to illustrate:

junos_hostname = sys.argv[1]
config_file = os.path.join(os.getenv('HOME'),'.ssh/config')
ssh_config = paramiko.SSHConfig()
ssh_config.parse(open(config_file,'r'))
got_lkup = ssh_config.lookup( junos_hostname )

dev = Netconf(user='******',host=got_lkup['hostname'],port=got_lkup['port'])
dev.open()

dev.bind(uac=UAC)
dev.uac.get_users()

print "UAC users:"
print dev.uac.usernames
Beispiel #22
0
import pdb
from pprint import pprint as pp
from lxml.builder import E
from lxml import etree

# junos "ez" module
from jnpr.eznc import Netconf
from jnpr.eznc.exception import *

jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()

## now play around with jdev object ...
Beispiel #23
0
import pdb
from pprint import pprint as pp

from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx import ApplicationSet
from jnpr.eznc.utils import Config
from jnpr.eznc.exception import *

from lxml.builder import E
from lxml import etree

login = dict(user="******", host="vsrx_cyan", password="******")
jdev = Junos(**login)
jdev.open()

jdev.bind(cu=Config)
jdev.bind(apps=ApplicationSet)

r = jdev.apps["WWSS-A2A-WEB-INTRA"]

# print the contents of the object
pp(r)

# >>> pp(r)
# NAME: ApplicationSet: WWSS-A2A-WEB-INTRA
# HAS: {'_active': True,
#  '_exists': True,
#  'app_list': ['TCP-9152',
#               'TCP-9153',
#               'TCP-9154',
#               'TCP-9155',