Beispiel #1
0
  show_help()

try:  
  book_name = sys.argv[1]
  find_addr = sys.argv[2]
except:
 die("You must specify the ip-addr to locate")


jdev = Junos(user='******', host='vsrx_x46', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind( ab=SharedAddrBook )

book = jdev.ab[book_name]
if not book.exists:
  die("Book %s does not exist on this device!" % book_name )

def do_find_addr( find_addr ):
  print "Searching for address: " + find_addr
  f = AddrBookFinder(book)
  r = f.find(find_addr)

  print "\nAll items:"
  pp(r.items)

  print "\nJust matching address items:"
  pp(r.addrs)
import pdb
from pprint import pprint as pp
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.resources.srx import ZoneAddrBook
from jnpr.eznc.utils import Config

jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind(cu=Config)
jdev.bind(ab=ZoneAddrBook)

cu = jdev.cu
ab = jdev.ab

z_name = "OUTSIDE-DC-ST1"
zone = ab[z_name]


def test_addr():
    # grab the first address book entry, and change it's
    # ip_prefix to "1.1.1.1/32"

    first_addr = zone['$addrs'][0]
    addr = zone.addr[first_addr]
# for debugging ...
import pdb
from pprint import pprint as pp
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.resources.srx import Zone
from jnpr.eznc.utils import Config

jdev = Netconf(user='******', host='vsrx_cyan', password="******")
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind(cu=Config)
jdev.bind(zone=Zone)

cu = jdev.cu

z_name = jdev.zone.list[0]
zone = jdev.zone[z_name]

first_ifs = zone.ifs.list[0]
ifs = zone.ifs[first_ifs]
Beispiel #4
0
import pdb
from pprint import pprint as pp 
from lxml import etree
from lxml.builder import E 

# for the example ...
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.utils import Config

# create a junos device and open a connection

login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()

jdev.bind( cu=Config )

def show_diff_and_rollback():
  # dump the diff:
  print jdev.cu.diff()
  # [edit system]
  # -  host-name jnpr-dc-fw;
  # +  host-name jeremy;
  # +  domain-name jeremy.com;

  print "Rolling back...."
  jdev.cu.rollback()

set_commands = """
set system host-name jeremy
set system domain-name jeremy.com
Beispiel #5
0
  show_help()

try:  
  zone_name = sys.argv[1]
  find_addr = sys.argv[2]
except:
 die("You must specify the ip-addr to locate")


jdev = Junos(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind( zone=Zone )

zone = jdev.zone[zone_name]
if not zone.exists:
  die("Zone %s does not exist on this device!" % zone_name)

print "Reading zone %s address book ..." % zone_name
zone.ab.read()

def do_find_addr( find_addr ):
  print "Searching for address: " + find_addr
  f = AddrBookFinder(zone.ab)
  r = f.find(find_addr)

  print "\nAll items:"
  pp(r.items)
Beispiel #6
0
    print "-" * 50
    exit(1)


try:
    find_addr = sys.argv[1]
except:
    die("You must specify the ip-addr to locate")

jdev = Junos(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind(zone=Zone)

zone_mgr = jdev.zone

z_name = zone_mgr.list[0]
zone = zone_mgr[z_name]

print "Reading zone %s address book ..." % z_name
zone.ab.read()


def do_find_addr(find_addr):
    print "Searching for address: " + find_addr
    f = ZoneAddrFinder(zone)
    r = f.find(find_addr)
Beispiel #7
0
import pdb
from pprint import pprint as pp 
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf 
from jnpr.eznc.resources.srx import ZoneAddrBook
from jnpr.eznc.utils import Config

jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind( cu=Config )     
jdev.bind( ab=ZoneAddrBook )

cu = jdev.cu
ab = jdev.ab

z_name = "OUTSIDE-DC-ST1"
zone = ab[z_name]

def test_addr():
  # grab the first address book entry, and change it's
  # ip_prefix to "1.1.1.1/32"

  first_addr = zone['$addrs'][0]
  addr = zone.addr[first_addr]
  addr(ip_prefix="1.1.1.1")
Beispiel #8
0
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx.nat import NatSrcPool, NatSrcRuleSet
from jnpr.eznc.utils import Config

# create a junos device and open a connection

login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()

# now metabind some resource managers

jdev.bind( cu=Config )
jdev.bind( np=NatSrcPool )
jdev.bind( nr=NatSrcRuleSet )

# create a NAT source pool called 'POOL-A' with
# an address range from 198.18.0.1/32 to 198.18.0.10/32
# here showing the technique to change property values
# by making a "call" into the resource

r = jdev.np["POOL-A"]
r(addr_from="198.18.0.1", addr_to="198.18.0.10")
r.write()

# create a NAT source ruleset called "OUTBOUND_NAT"
# for a given zone-context matching on all traffic
# using HTTP (port-80), let's assume this is a compelely
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx.nat import NatSrcPool, NatSrcRuleSet
from jnpr.eznc.utils import Config

# create a junos device and open a connection

login = dict(user='******', host='vsrx_cyan', password='******')
jdev = Junos(**login)
jdev.open()

# now metabind some resource managers

jdev.bind(cu=Config)
jdev.bind(np=NatSrcPool)
jdev.bind(nr=NatSrcRuleSet)

# create a NAT source pool called 'POOL-A' with
# an address range from 198.18.0.1/32 to 198.18.0.10/32
# here showing the technique to change property values
# by making a "call" into the resource

r = jdev.np["POOL-A"]
r(addr_from="198.18.0.1", addr_to="198.18.0.10")
r.write()

# create a NAT source ruleset called "OUTBOUND_NAT"
# for a given zone-context matching on all traffic
# using HTTP (port-80), let's assume this is a compelely
Beispiel #10
0
import paramiko
import os, sys

from jnpr.eznc import Netconf

# local import
from uac import UAC

if len(sys.argv) < 2:
  print "you must provide a Junos target hostname"
  sys.exit(1)

# going to use paramiko SSHConfig to retrieve the port parameters for a given
# host.  Doing this because I tend to use jumphosts to get to devices behind
# firewalls/etc.  This is a pretty useful technique to illustrate:

junos_hostname = sys.argv[1]
config_file = os.path.join(os.getenv('HOME'),'.ssh/config')
ssh_config = paramiko.SSHConfig()
ssh_config.parse(open(config_file,'r'))
got_lkup = ssh_config.lookup( junos_hostname )

dev = Netconf(user='******',host=got_lkup['hostname'],port=got_lkup['port'])
dev.open()

dev.bind(uac=UAC)
dev.uac.get_users()

print "UAC users:"
print dev.uac.usernames
Beispiel #11
0
import pdb
from pprint import pprint as pp
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.utils import Config
from jnpr.eznc.resources.srx import PolicyContext

jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind(cu=Config)

# now add the PolicyContext, this will auto-load the associated
# rules resource class PolicyRule

jdev.bind(pc=PolicyContext)

# now access a policy PolicyContext.  The policy context is
# tuple (from-zone-name, to-zone-name)

r = jdev.pc[("OUTSIDE-DC-ST1", "PII-SOX-DC-ST1")]

# dump the contents:
pp(r)
# NAME: PolicyContext: ('OUTSIDE-DC-ST1', 'PII-SOX-DC-ST1')
# HAS: {'_active': True,
  nh_ifs = nh_via.text
  nh_proto = nh_via.xpath('ancestor::rt-entry/protocol-name')[0].text
  dest = nh_via.xpath('ancestor::rt/rt-destination')[0].text
  rsp = jdev.rpc.get_interface_information(interface_name=nh_ifs)
  zone = rsp.find('.//logical-interface-zone-name')
  if zone is None:
    return {'found': False}

  got = { 'found': True,
    'destination': dest,
    'interface': nh_ifs,
    'protocol': nh_proto,
    'zone': zone.text.strip()
  }

  return got

jdev.bind(show_sroute)

print "now call jdev.show_sroute(...) with the route you want to find"

# >>> jdev.show_sroute("23.171.140.0/24")
# {'interface': 'ge-0/0/1.371', 'found': True, 
#  'destination': '23.171.140.0/22', 'protocol': 'Direct', 'zone': 'DEFAULT-PROTECT-DC-ST1'}
#
# --or--
#
# >>> jdev.show_sroute(route="23.171.140.0/24")
# {'interface': 'ge-0/0/1.371', 'found': True, 
#  'destination': '23.171.140.0/22', 'protocol': 'Direct', 'zone': 'DEFAULT-PROTECT-DC-ST1'}
Beispiel #13
0
from pprint import pprint as pp 
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx.nat import NatStaticRuleSet
from jnpr.eznc.utils import Config

# create a junos device and open a connection

jdev = Junos(user='******', password='******', host='vsrx_cyan')
jdev.open()

# now metabind some resource managers

jdev.bind( cu=Config )
jdev.bind( nat=NatStaticRuleSet )

# create a static NAT ruleset called 'outside' and map it on the from-zone "OUTSIDE-DC-STD1"

nat = jdev.nat["outside"]
nat(zone_from="OUTSIDE-DC-ST1")
nat.write()

# now create a rule within that ruleset called "foo" to static NAT 198.18.11.5 to 10.0.0.4
# for port 80.  Also enable proxy-arp on interface reth0.213"

r = nat.rule["foo"]
r(match_dst_addr="198.18.11.5", match_dst_port="80", nat_addr="10.0.0.4", nat_port="80")
r(proxy_interface="reth0.213")
r.write()
Beispiel #14
0
import pdb
from pprint import pprint as pp 
from lxml import etree

# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.utils import Config
from jnpr.eznc.resources.srx import PolicyContext

jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()

# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>

jdev.bind( cu=Config )   

# now add the PolicyContext, this will auto-load the associated
# rules resource class PolicyRule

jdev.bind( pc=PolicyContext )

# now access a policy PolicyContext.  The policy context is
# tuple (from-zone-name, to-zone-name)

r = jdev.pc[("OUTSIDE-DC-ST1","PII-SOX-DC-ST1")]

# dump the contents:
pp(r)
# NAME: PolicyContext: ('OUTSIDE-DC-ST1', 'PII-SOX-DC-ST1')
# HAS: {'_active': True,
Beispiel #15
0
import pdb
from pprint import pprint as pp

from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx import ApplicationSet
from jnpr.eznc.utils import Config
from jnpr.eznc.exception import *

from lxml.builder import E
from lxml import etree

login = dict(user="******", host="vsrx_cyan", password="******")
jdev = Junos(**login)
jdev.open()

jdev.bind(cu=Config)
jdev.bind(apps=ApplicationSet)

r = jdev.apps["WWSS-A2A-WEB-INTRA"]

# print the contents of the object
pp(r)

# >>> pp(r)
# NAME: ApplicationSet: WWSS-A2A-WEB-INTRA
# HAS: {'_active': True,
#  '_exists': True,
#  'app_list': ['TCP-9152',
#               'TCP-9153',
#               'TCP-9154',
#               'TCP-9155',