import pdb from pprint import pprint as pp from lxml import etree # for the example ... from jnpr.eznc import Netconf as Junos from jnpr.eznc.resources.srx.nat import NatSrcPool, NatSrcRuleSet from jnpr.eznc.utils import Config # create a junos device and open a connection login = dict(user='******', host='vsrx_cyan', password='******') jdev = Junos(**login) jdev.open() # now metabind some resource managers jdev.bind( cu=Config ) jdev.bind( np=NatSrcPool ) jdev.bind( nr=NatSrcRuleSet ) # create a NAT source pool called 'POOL-A' with # an address range from 198.18.0.1/32 to 198.18.0.10/32 # here showing the technique to change property values # by making a "call" into the resource r = jdev.np["POOL-A"] r(addr_from="198.18.0.1", addr_to="198.18.0.10") r.write() # create a NAT source ruleset called "OUTBOUND_NAT"
from pprint import pprint as pp
from lxml import etree
# for the example ...
from exampleutils import *
from jnpr.eznc import Netconf as Junos
login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()
# you can run any cli command using the :cli: method, for example
print "showing command: 'show version'"
print jdev.cli("show version")
# showing command: 'show version'
# Hostname: jnpr-dc-fw
# Model: junosv-firefly
# JUNOS Software Release [12.1X44-D10.4]
# you can also obtain the XML RPC for the associated command by
# doing this:
print "showing as XML RPC command:"
xml_cmd = jdev.cli("show version | display xml rpc")
# this is an actual XML element, so we can dump it for debug:
etree.dump(xml_cmd)
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree
# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.utils import Config
from jnpr.eznc.resources.srx import PolicyContext
jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind( cu=Config )
# now add the PolicyContext, this will auto-load the associated
# rules resource class PolicyRule
jdev.bind( pc=PolicyContext )
# now access a policy PolicyContext. The policy context is
# tuple (from-zone-name, to-zone-name)
r = jdev.pc[("OUTSIDE-DC-ST1","PII-SOX-DC-ST1")]
# dump the contents:
pp(r)
# NAME: PolicyContext: ('OUTSIDE-DC-ST1', 'PII-SOX-DC-ST1')
# for debugging ... import pdb from pprint import pprint as pp from lxml import etree # for the example ... from jnpr.eznc import Netconf from jnpr.eznc.resources.srx import ZoneAddrBook from jnpr.eznc.utils import Config jdev = Netconf(user='******', host='vsrx_cyan', password='******') jdev.open() # meta-toolbox the config-utils package onto this object, # this gives us access to: jdev.ez.cu.<functions> jdev.bind( cu=Config ) jdev.bind( ab=ZoneAddrBook ) cu = jdev.cu ab = jdev.ab z_name = "OUTSIDE-DC-ST1" zone = ab[z_name] def test_addr(): # grab the first address book entry, and change it's # ip_prefix to "1.1.1.1/32" first_addr = zone['$addrs'][0] addr = zone.addr[first_addr]
def show_help():
print "%s <ab_name> <ip_addr>" % sys.argv[0]
exit(1)
if len(sys.argv) != 3:
show_help()
try:
book_name = sys.argv[1]
find_addr = sys.argv[2]
except:
die("You must specify the ip-addr to locate")
jdev = Junos(user='******', host='vsrx_x46', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind( ab=SharedAddrBook )
book = jdev.ab[book_name]
if not book.exists:
die("Book %s does not exist on this device!" % book_name )
def do_find_addr( find_addr ):
print "Searching for address: " + find_addr
f = AddrBookFinder(book)
r = f.find(find_addr)
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree
# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.resources.srx import ZoneAddrBook
from jnpr.eznc.utils import Config
jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind(cu=Config)
jdev.bind(ab=ZoneAddrBook)
cu = jdev.cu
ab = jdev.ab
z_name = "OUTSIDE-DC-ST1"
zone = ab[z_name]
def test_addr():
# grab the first address book entry, and change it's
# ip_prefix to "1.1.1.1/32"
first_addr = zone['$addrs'][0]
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree
# for the example ...
from exampleutils import *
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx.nat_src_simple import NatSourceSimple
from jnpr.eznc.utils import ConfigUtils
login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.ez(cu=ConfigUtils)
# define a resource manager for simple source-NAT use-cases
rmgr = NatSourceSimple(jdev)
defaults = dict(zone_from='OUTSIDE-DC-ST1', zone_to='PII-SOX-DC-ST1')
def load_defaults(r):
for k, v in defaults.items():
r[k] = v
# for debugging ... import pdb from pprint import pprint as pp from lxml import etree # for the example ... from jnpr.eznc import Netconf from jnpr.eznc.resources.srx import Zone from jnpr.eznc.utils import Config jdev = Netconf(user='******', host='vsrx_cyan', password="******") jdev.open() # meta-toolbox the config-utils package onto this object, # this gives us access to: jdev.ez.cu.<functions> jdev.bind(cu=Config) jdev.bind(zone=Zone) cu = jdev.cu z_name = jdev.zone.list[0] zone = jdev.zone[z_name] first_ifs = zone.ifs.list[0] ifs = zone.ifs[first_ifs]
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree
# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.utils import Config
from jnpr.eznc.resources.srx import PolicyContext
jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind(cu=Config)
# now add the PolicyContext, this will auto-load the associated
# rules resource class PolicyRule
jdev.bind(pc=PolicyContext)
# now access a policy PolicyContext. The policy context is
# tuple (from-zone-name, to-zone-name)
r = jdev.pc[("OUTSIDE-DC-ST1", "PII-SOX-DC-ST1")]
# dump the contents:
pp(r)
# NAME: PolicyContext: ('OUTSIDE-DC-ST1', 'PII-SOX-DC-ST1')
from pprint import pprint as pp
from lxml import etree
# for the example ...
from exampleutils import *
from jnpr.eznc import Netconf as Junos
login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()
# you can run any cli command using the :cli: method, for example
print "showing command: 'show version'"
print jdev.cli("show version")
# showing command: 'show version'
# Hostname: jnpr-dc-fw
# Model: junosv-firefly
# JUNOS Software Release [12.1X44-D10.4]
# you can also obtain the XML RPC for the associated command by
# doing this:
print "showing as XML RPC command:"
xml_cmd = jdev.cli("show version | display xml rpc")
# this is an actual XML element, so we can dump it for debug:
etree.dump(xml_cmd)
# showing as XML RPC command:
import pdb from pprint import pprint as pp from lxml.builder import E from lxml import etree # junos "ez" module from jnpr.eznc import Netconf dev = Netconf(host='jnpr-dc-fw',user='******') dev.open() ## now play around with dev object ... ## when done, you should issue dev.close()
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree
# for the example ...
from jnpr.eznc import Netconf as Junos
login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()
def show_sroute(jdev, *vargs, **kvargs):
"""
given a route destination, provide a dictionary of information
about that route that includes the interface and security-zone
kvargs['route'] or vargs[0]
the route to lookup
"""
route = kvargs.get('route') or vargs[0]
# do a 'show route' to determine the next-hop interface
# if the route is unknown, then return found=False
rsp = jdev.rpc.get_route_information(destination=route, best=True)
nh_via = rsp.xpath('.//nh/nh-local-interface | .//nh/via')
if not len(nh_via):
return {'found': False}
import pdb from pprint import pprint as pp from lxml import etree # for the example ... from jnpr.eznc import Netconf as Junos from jnpr.eznc.resources.srx.nat import NatStaticRuleSet from jnpr.eznc.utils import Config # create a junos device and open a connection jdev = Junos(user='******', password='******', host='vsrx_cyan') jdev.open() # now metabind some resource managers jdev.bind( cu=Config ) jdev.bind( nat=NatStaticRuleSet ) # create a static NAT ruleset called 'outside' and map it on the from-zone "OUTSIDE-DC-STD1" nat = jdev.nat["outside"] nat(zone_from="OUTSIDE-DC-ST1") nat.write() # now create a rule within that ruleset called "foo" to static NAT 198.18.11.5 to 10.0.0.4 # for port 80. Also enable proxy-arp on interface reth0.213" r = nat.rule["foo"] r(match_dst_addr="198.18.11.5", match_dst_port="80", nat_addr="10.0.0.4", nat_port="80") r(proxy_interface="reth0.213")
def show_help():
print "%s <zone_name> <ip_addr>" % sys.argv[0]
exit(1)
if len(sys.argv) != 3:
show_help()
try:
zone_name = sys.argv[1]
find_addr = sys.argv[2]
except:
die("You must specify the ip-addr to locate")
jdev = Junos(user='******', host='vsrx_cyan', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind( zone=Zone )
zone = jdev.zone[zone_name]
if not zone.exists:
die("Zone %s does not exist on this device!" % zone_name)
print "Reading zone %s address book ..." % zone_name
zone.ab.read()
def do_find_addr( find_addr ):
from jnpr.eznc import Netconf
jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()
inv = jdev.rpc.get_chassis_inventory()
print "model: %s" % inv.find('chassis/description').text
print "serial-number: %s" % inv.find('chassis/serial-number').text
# model: JUNOSV-FIREFLY
# serial-number: cf2eaceba2b7
jdev.close()
from jnpr.eznc.resources.srx import Zone, ZoneAddrFinder
def die(msg):
print "-" * 50
print "DIE!: " + msg
print "-" * 50
exit(1)
try:
find_addr = sys.argv[1]
except:
die("You must specify the ip-addr to locate")
jdev = Junos(user='******', host='vsrx_cyan', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind(zone=Zone)
zone_mgr = jdev.zone
z_name = zone_mgr.list[0]
zone = zone_mgr[z_name]
print "Reading zone %s address book ..." % z_name
zone.ab.read()
import pdb from pprint import pprint as pp from lxml import etree # for the example ... from jnpr.eznc import Netconf as Junos from jnpr.eznc.resources.srx.nat import NatSrcPool, NatSrcRuleSet from jnpr.eznc.utils import Config # create a junos device and open a connection login = dict(user='******', host='vsrx_cyan', password='******') jdev = Junos(**login) jdev.open() # now metabind some resource managers jdev.bind(cu=Config) jdev.bind(np=NatSrcPool) jdev.bind(nr=NatSrcRuleSet) # create a NAT source pool called 'POOL-A' with # an address range from 198.18.0.1/32 to 198.18.0.10/32 # here showing the technique to change property values # by making a "call" into the resource r = jdev.np["POOL-A"] r(addr_from="198.18.0.1", addr_to="198.18.0.10") r.write() # create a NAT source ruleset called "OUTBOUND_NAT"
import pdb from pprint import pprint as pp from lxml import etree from lxml.builder import E # for the example ... from jnpr.eznc import Netconf as Junos from jnpr.eznc.utils import Config # create a junos device and open a connection login = dict(user='******', host='vsrx_cyan', password='******') jdev = Junos(**login) jdev.open() jdev.bind( cu=Config ) def show_diff_and_rollback(): # dump the diff: print jdev.cu.diff() # [edit system] # - host-name jnpr-dc-fw; # + host-name jeremy; # + domain-name jeremy.com; print "Rolling back...." jdev.cu.rollback() set_commands = """ set system host-name jeremy set system domain-name jeremy.com
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree
# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.resources.srx.nat import NatProxyArp
from jnpr.eznc.utils import Config
# create a junos device and open a connection
jdev = Netconf(user="******", password="******", host="vsrx_cyan")
jdev.open()
# create a config utility object
cu = Config(jdev)
# select a proxy-arp entry, using direct resource access
entry = NatProxyArp(jdev, ("ge-0/0/1.124", "198.18.11.5"))
def doit():
if not entry.exists:
print "creating entry"
entry.write(touch=True)
print cu.diff()
# [edit security]
# + nat {
# + proxy-arp {
# + interface ge-0/0/1.124 {
# for debugging ... import pdb from pprint import pprint as pp from lxml import etree # for the example ... from exampleutils import * from jnpr.eznc import Netconf as Junos from jnpr.eznc.resources.srx.nat_src_simple import NatSourceSimple from jnpr.eznc.utils import ConfigUtils login = dict(user='******', host='vsrx_cyan', password='******') jdev = Junos(**login) jdev.open() # meta-toolbox the config-utils package onto this object, # this gives us access to: jdev.ez.cu.<functions> jdev.ez( cu=ConfigUtils ) # define a resource manager for simple source-NAT use-cases rmgr = NatSourceSimple( jdev ) # if you want to see the resource properties, you could do: # >>> print NatSourceSimple.PROPERTIES # ['zone_from', 'zone_to', 'match_src_addr', 'match_dst_addr', 'pool_from_addr', 'pool_to_addr'] # define some default properties we'll use:
import paramiko
import os, sys
from jnpr.eznc import Netconf
# local import
from uac import UAC
if len(sys.argv) < 2:
print "you must provide a Junos target hostname"
sys.exit(1)
# going to use paramiko SSHConfig to retrieve the port parameters for a given
# host. Doing this because I tend to use jumphosts to get to devices behind
# firewalls/etc. This is a pretty useful technique to illustrate:
junos_hostname = sys.argv[1]
config_file = os.path.join(os.getenv('HOME'),'.ssh/config')
ssh_config = paramiko.SSHConfig()
ssh_config.parse(open(config_file,'r'))
got_lkup = ssh_config.lookup( junos_hostname )
dev = Netconf(user='******',host=got_lkup['hostname'],port=got_lkup['port'])
dev.open()
dev.bind(uac=UAC)
dev.uac.get_users()
print "UAC users:"
print dev.uac.usernames
import pdb from pprint import pprint as pp from lxml.builder import E from lxml import etree # junos "ez" module from jnpr.eznc import Netconf from jnpr.eznc.exception import * jdev = Netconf(user='******', host='vsrx_cyan', password='******') jdev.open() ## now play around with jdev object ...
import pdb
from pprint import pprint as pp
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx import ApplicationSet
from jnpr.eznc.utils import Config
from jnpr.eznc.exception import *
from lxml.builder import E
from lxml import etree
login = dict(user="******", host="vsrx_cyan", password="******")
jdev = Junos(**login)
jdev.open()
jdev.bind(cu=Config)
jdev.bind(apps=ApplicationSet)
r = jdev.apps["WWSS-A2A-WEB-INTRA"]
# print the contents of the object
pp(r)
# >>> pp(r)
# NAME: ApplicationSet: WWSS-A2A-WEB-INTRA
# HAS: {'_active': True,
# '_exists': True,
# 'app_list': ['TCP-9152',
# 'TCP-9153',
# 'TCP-9154',
# 'TCP-9155',
