show_help()
try:
book_name = sys.argv[1]
find_addr = sys.argv[2]
except:
die("You must specify the ip-addr to locate")
jdev = Junos(user='******', host='vsrx_x46', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind( ab=SharedAddrBook )
book = jdev.ab[book_name]
if not book.exists:
die("Book %s does not exist on this device!" % book_name )
def do_find_addr( find_addr ):
print "Searching for address: " + find_addr
f = AddrBookFinder(book)
r = f.find(find_addr)
print "\nAll items:"
pp(r.items)
print "\nJust matching address items:"
pp(r.addrs)
import pdb
from pprint import pprint as pp
from lxml import etree
# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.resources.srx import ZoneAddrBook
from jnpr.eznc.utils import Config
jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind(cu=Config)
jdev.bind(ab=ZoneAddrBook)
cu = jdev.cu
ab = jdev.ab
z_name = "OUTSIDE-DC-ST1"
zone = ab[z_name]
def test_addr():
# grab the first address book entry, and change it's
# ip_prefix to "1.1.1.1/32"
first_addr = zone['$addrs'][0]
addr = zone.addr[first_addr]
# for debugging ... import pdb from pprint import pprint as pp from lxml import etree # for the example ... from jnpr.eznc import Netconf from jnpr.eznc.resources.srx import Zone from jnpr.eznc.utils import Config jdev = Netconf(user='******', host='vsrx_cyan', password="******") jdev.open() # meta-toolbox the config-utils package onto this object, # this gives us access to: jdev.ez.cu.<functions> jdev.bind(cu=Config) jdev.bind(zone=Zone) cu = jdev.cu z_name = jdev.zone.list[0] zone = jdev.zone[z_name] first_ifs = zone.ifs.list[0] ifs = zone.ifs[first_ifs]
import pdb from pprint import pprint as pp from lxml import etree from lxml.builder import E # for the example ... from jnpr.eznc import Netconf as Junos from jnpr.eznc.utils import Config # create a junos device and open a connection login = dict(user='******', host='vsrx_cyan', password='******') jdev = Junos(**login) jdev.open() jdev.bind( cu=Config ) def show_diff_and_rollback(): # dump the diff: print jdev.cu.diff() # [edit system] # - host-name jnpr-dc-fw; # + host-name jeremy; # + domain-name jeremy.com; print "Rolling back...." jdev.cu.rollback() set_commands = """ set system host-name jeremy set system domain-name jeremy.com
show_help()
try:
zone_name = sys.argv[1]
find_addr = sys.argv[2]
except:
die("You must specify the ip-addr to locate")
jdev = Junos(user='******', host='vsrx_cyan', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind( zone=Zone )
zone = jdev.zone[zone_name]
if not zone.exists:
die("Zone %s does not exist on this device!" % zone_name)
print "Reading zone %s address book ..." % zone_name
zone.ab.read()
def do_find_addr( find_addr ):
print "Searching for address: " + find_addr
f = AddrBookFinder(zone.ab)
r = f.find(find_addr)
print "\nAll items:"
pp(r.items)
print "-" * 50
exit(1)
try:
find_addr = sys.argv[1]
except:
die("You must specify the ip-addr to locate")
jdev = Junos(user='******', host='vsrx_cyan', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind(zone=Zone)
zone_mgr = jdev.zone
z_name = zone_mgr.list[0]
zone = zone_mgr[z_name]
print "Reading zone %s address book ..." % z_name
zone.ab.read()
def do_find_addr(find_addr):
print "Searching for address: " + find_addr
f = ZoneAddrFinder(zone)
r = f.find(find_addr)
import pdb from pprint import pprint as pp from lxml import etree # for the example ... from jnpr.eznc import Netconf from jnpr.eznc.resources.srx import ZoneAddrBook from jnpr.eznc.utils import Config jdev = Netconf(user='******', host='vsrx_cyan', password='******') jdev.open() # meta-toolbox the config-utils package onto this object, # this gives us access to: jdev.ez.cu.<functions> jdev.bind( cu=Config ) jdev.bind( ab=ZoneAddrBook ) cu = jdev.cu ab = jdev.ab z_name = "OUTSIDE-DC-ST1" zone = ab[z_name] def test_addr(): # grab the first address book entry, and change it's # ip_prefix to "1.1.1.1/32" first_addr = zone['$addrs'][0] addr = zone.addr[first_addr] addr(ip_prefix="1.1.1.1")
from lxml import etree # for the example ... from jnpr.eznc import Netconf as Junos from jnpr.eznc.resources.srx.nat import NatSrcPool, NatSrcRuleSet from jnpr.eznc.utils import Config # create a junos device and open a connection login = dict(user='******', host='vsrx_cyan', password='******') jdev = Junos(**login) jdev.open() # now metabind some resource managers jdev.bind( cu=Config ) jdev.bind( np=NatSrcPool ) jdev.bind( nr=NatSrcRuleSet ) # create a NAT source pool called 'POOL-A' with # an address range from 198.18.0.1/32 to 198.18.0.10/32 # here showing the technique to change property values # by making a "call" into the resource r = jdev.np["POOL-A"] r(addr_from="198.18.0.1", addr_to="198.18.0.10") r.write() # create a NAT source ruleset called "OUTBOUND_NAT" # for a given zone-context matching on all traffic # using HTTP (port-80), let's assume this is a compelely
from lxml import etree # for the example ... from jnpr.eznc import Netconf as Junos from jnpr.eznc.resources.srx.nat import NatSrcPool, NatSrcRuleSet from jnpr.eznc.utils import Config # create a junos device and open a connection login = dict(user='******', host='vsrx_cyan', password='******') jdev = Junos(**login) jdev.open() # now metabind some resource managers jdev.bind(cu=Config) jdev.bind(np=NatSrcPool) jdev.bind(nr=NatSrcRuleSet) # create a NAT source pool called 'POOL-A' with # an address range from 198.18.0.1/32 to 198.18.0.10/32 # here showing the technique to change property values # by making a "call" into the resource r = jdev.np["POOL-A"] r(addr_from="198.18.0.1", addr_to="198.18.0.10") r.write() # create a NAT source ruleset called "OUTBOUND_NAT" # for a given zone-context matching on all traffic # using HTTP (port-80), let's assume this is a compelely
import paramiko
import os, sys
from jnpr.eznc import Netconf
# local import
from uac import UAC
if len(sys.argv) < 2:
print "you must provide a Junos target hostname"
sys.exit(1)
# going to use paramiko SSHConfig to retrieve the port parameters for a given
# host. Doing this because I tend to use jumphosts to get to devices behind
# firewalls/etc. This is a pretty useful technique to illustrate:
junos_hostname = sys.argv[1]
config_file = os.path.join(os.getenv('HOME'),'.ssh/config')
ssh_config = paramiko.SSHConfig()
ssh_config.parse(open(config_file,'r'))
got_lkup = ssh_config.lookup( junos_hostname )
dev = Netconf(user='******',host=got_lkup['hostname'],port=got_lkup['port'])
dev.open()
dev.bind(uac=UAC)
dev.uac.get_users()
print "UAC users:"
print dev.uac.usernames
import pdb
from pprint import pprint as pp
from lxml import etree
# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.utils import Config
from jnpr.eznc.resources.srx import PolicyContext
jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind(cu=Config)
# now add the PolicyContext, this will auto-load the associated
# rules resource class PolicyRule
jdev.bind(pc=PolicyContext)
# now access a policy PolicyContext. The policy context is
# tuple (from-zone-name, to-zone-name)
r = jdev.pc[("OUTSIDE-DC-ST1", "PII-SOX-DC-ST1")]
# dump the contents:
pp(r)
# NAME: PolicyContext: ('OUTSIDE-DC-ST1', 'PII-SOX-DC-ST1')
# HAS: {'_active': True,
nh_ifs = nh_via.text
nh_proto = nh_via.xpath('ancestor::rt-entry/protocol-name')[0].text
dest = nh_via.xpath('ancestor::rt/rt-destination')[0].text
rsp = jdev.rpc.get_interface_information(interface_name=nh_ifs)
zone = rsp.find('.//logical-interface-zone-name')
if zone is None:
return {'found': False}
got = { 'found': True,
'destination': dest,
'interface': nh_ifs,
'protocol': nh_proto,
'zone': zone.text.strip()
}
return got
jdev.bind(show_sroute)
print "now call jdev.show_sroute(...) with the route you want to find"
# >>> jdev.show_sroute("23.171.140.0/24")
# {'interface': 'ge-0/0/1.371', 'found': True,
# 'destination': '23.171.140.0/22', 'protocol': 'Direct', 'zone': 'DEFAULT-PROTECT-DC-ST1'}
#
# --or--
#
# >>> jdev.show_sroute(route="23.171.140.0/24")
# {'interface': 'ge-0/0/1.371', 'found': True,
# 'destination': '23.171.140.0/22', 'protocol': 'Direct', 'zone': 'DEFAULT-PROTECT-DC-ST1'}
from pprint import pprint as pp from lxml import etree # for the example ... from jnpr.eznc import Netconf as Junos from jnpr.eznc.resources.srx.nat import NatStaticRuleSet from jnpr.eznc.utils import Config # create a junos device and open a connection jdev = Junos(user='******', password='******', host='vsrx_cyan') jdev.open() # now metabind some resource managers jdev.bind( cu=Config ) jdev.bind( nat=NatStaticRuleSet ) # create a static NAT ruleset called 'outside' and map it on the from-zone "OUTSIDE-DC-STD1" nat = jdev.nat["outside"] nat(zone_from="OUTSIDE-DC-ST1") nat.write() # now create a rule within that ruleset called "foo" to static NAT 198.18.11.5 to 10.0.0.4 # for port 80. Also enable proxy-arp on interface reth0.213" r = nat.rule["foo"] r(match_dst_addr="198.18.11.5", match_dst_port="80", nat_addr="10.0.0.4", nat_port="80") r(proxy_interface="reth0.213") r.write()
import pdb
from pprint import pprint as pp
from lxml import etree
# for the example ...
from jnpr.eznc import Netconf
from jnpr.eznc.utils import Config
from jnpr.eznc.resources.srx import PolicyContext
jdev = Netconf(user='******', host='vsrx_cyan', password='******')
jdev.open()
# meta-toolbox the config-utils package onto this object,
# this gives us access to: jdev.ez.cu.<functions>
jdev.bind( cu=Config )
# now add the PolicyContext, this will auto-load the associated
# rules resource class PolicyRule
jdev.bind( pc=PolicyContext )
# now access a policy PolicyContext. The policy context is
# tuple (from-zone-name, to-zone-name)
r = jdev.pc[("OUTSIDE-DC-ST1","PII-SOX-DC-ST1")]
# dump the contents:
pp(r)
# NAME: PolicyContext: ('OUTSIDE-DC-ST1', 'PII-SOX-DC-ST1')
# HAS: {'_active': True,
import pdb
from pprint import pprint as pp
from jnpr.eznc import Netconf as Junos
from jnpr.eznc.resources.srx import ApplicationSet
from jnpr.eznc.utils import Config
from jnpr.eznc.exception import *
from lxml.builder import E
from lxml import etree
login = dict(user="******", host="vsrx_cyan", password="******")
jdev = Junos(**login)
jdev.open()
jdev.bind(cu=Config)
jdev.bind(apps=ApplicationSet)
r = jdev.apps["WWSS-A2A-WEB-INTRA"]
# print the contents of the object
pp(r)
# >>> pp(r)
# NAME: ApplicationSet: WWSS-A2A-WEB-INTRA
# HAS: {'_active': True,
# '_exists': True,
# 'app_list': ['TCP-9152',
# 'TCP-9153',
# 'TCP-9154',
# 'TCP-9155',