network automation....

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2013 Infoblox Inc. All Rights Reserved.

Network Automation. Scripting. Vadim Pavlov, System Engineer, Russia & CIS 15.10.2013


Agenda •  NetMRI scripting overview •  Scripting basics (Perl only)

  Libraries;   Common block and well-known variables;   Brokers and functions;

•  Examples of scripting tasks   IPAM Sync;   Execute command on device;   BMP;   etc.


Overview


ü  ACM license (SPM also support API)

ü  Internal: CCS and Perl scripting ü  External: Perl and REST

ü  Perl: in VM environments don’t forget about Sandbox

Where? What? Why?


Network Automation: •  Infoblox Network Automation Administrator Guide   Part 4: Automation Change Manager Scripting and Job

Management (Job Scripting) •  CCS Scripting Guide •  Infoblox NetMRI API Guide; •  API: https://NetMRIDevice/api/docs

DDI: •  Infoblox API Documentation •  WAPI Documentation

Documentation


# BEGIN-SCRIPT-BLOCK # # Script-Filter: true #

# END-SCRIPT-BLOCK use NetMRI::API;

my $client = new NetMRI::API({ api_version => 2.8, url=>$main::api_url, username => $main::http_username, password => $main::http_password }); foreach my $dev ($client->get_broker('Device')->index({ select => ['DeviceID', 'DeviceName'] }))

{ print join("\t", $dev->DeviceID, $dev->DeviceName), "\n"; }

Sample script


How to run script


Script executing log/results


use NetMRI::API; my $client = new NetMRI::API({ api_version => 2.8, url=>'http://192.168.3.200', username=>'admin', password=>’1qazxsw2'});

foreach my $dev ($client->get_broker('Device')->index({ select => ['DeviceID', 'DeviceName'] })) { print join("\t", $dev->DeviceID, $dev->DeviceName), "\n";

}

Sample script - External

One thing that you cannot do from an external Perl script is execute a CLI command on a device. Optionally for authentication you can create a .netmri.yml (requires installation the YAML module is installed) or .netmri.json in your home directory.


https://NetMRIDevice/api/authenticate.json?username=USERNAME&password=PWD https://NetMRIDevice/api/2.8/devices/index?select[]=DeviceID&select[]=DeviceIPDotted&select[]=DeviceName https://NetMRIDevice/api/2.8/devices/index.json?select[]=DeviceID&select[]=DeviceIPDotted&select[]=DeviceName

REST Example


Scripting basics


•  Perl libraries •  Script-block (inside NetMRI) •  Script variables (inside NetMRI) •  Well-known variables (inside NetMRI) •  Brokers •  General brokers functions

Scripts Internal


Libraries •  NetMRI::API

  General Perl API;   Infoblox_Job.pm – common functions;

•  NetMRI_Easy (only inside NetMRI)   NetMRI_Easy provides an easy interface to the NetMRI;   NetMRI_Easy offers all of the features of Infoblox_Jobs.pm, with

some safeguards and object-oriented interfaces that are unavailable when infoblox_jobs.pm is used;   Open connections as needed close when $easy goes out of scope - DIS, CLI, NIOS   Common functionality implemented as methods directly off of $easy

More sophisticated functionality available via $easy->broker - Same broker/remote object classes as NetMRI::API   Be careful with $easy->log_message (it opens CLI connection)

13


# BEGIN-SCRIPT-BLOCK # # Script-Filter: true # Script-Login: false # # END-SCRIPT-BLOCK use NetMRI_Easy; my $easy = new NetMRI_Easy; foreach my $dev ($easy->get_broker('Device')->index({ select => ['DeviceID', 'DeviceName'] })) { print join("\t", $dev->DeviceID, $dev->DeviceName), "\n";

}

Sample script – NetMRI_Easy


use NetMRI_Easy – NIOS connection # BEGIN-SCRIPT-BLOCK # # Script-Filter: # true # # END-SCRIPT-BLOCK # NetMRI_Easy nios session example use strict; use warnings; use NetMRI_Easy; my $easy = new NetMRI_Easy({ nios_api => 1 }); # returns an instance of Infoblox::Session My $nios_session = $easy->nios_session;

15


SCRIPT-BLOCK (Inside NetMRI) # BEGIN-SCRIPT-BLOCK #Script-Filter: true Specifies the devices types processed by the script. • Type: String • Required: Yes #Script-Timeout: 60 Specifies the per-command timeout for the entire script in seconds. • Type: Integer • Required: No • Default if not specified: 60 #Script-Login: false Specifies whether the job engine should automatically establish a connection with the target device. • Type: Boolean • Required: No • Default if not specified: true #Script-Variables: # $command word "show version” Specifies inputs needed by the script. • Type: Tuple (ordered list of elements) • Required: No • Default if not specified: None # END-SCRIPT-BLOCK


Script variables (inside NetMRI) Script-variables are provided as global variables, they must be declared as a global using our. # BEGIN-SCRIPT-BLOCK # # Script-Filter: true # Script-Variables: # $command word "show version” # # END-SCRIPT-BLOCK use NetMRI::API; our $command;


Well-known variables (inside NetMRI) All well-known variables are listed in admin guide on p.242 •  $api_url = "http://4.10.72.15";

•  $device_id = "21"; •  $NetMRI_ipaddress = "4.10.72.15";

•  $ipaddress = "220.10.110.5";

•  $type = "Router";


•  set_variable •  get_list_value •  get_template

•  send_command •  generate_issue •  log_message •  $easy->nios_session •  $easy->device_session

•  open_session – session with DIS (Device Interaction Server) •  close_session •  open_connection – connection with target device via DIS •  close_connection

•  $easy->broker->broker_name •  $client->get_broker('broker_name’)

* functions in italic exists in both libraries

NetMRI_Easy/Infoblox_Job functions


All brokers described here: https://NetMRIDevice/netmri/share/api/perldoc/NetMRI__API__Index.html

For example: •  Device;

  $broker->device->running_config_text

•  DeviceRoute; •  Interface; •  Neighbor; •  ConfigRevision; •  IssueList, IssueListDevice, IssueDetail; •  Job, JobDetail;

Brokers


•  index – lists objects

•  search – search objects (more flexible then index)

•  find – search objects (most flexible but not efficient)

•  show – shows details about object

•  update – update object (where present)

Other functions are specific for each broker

General broker functions


Examples of scripting tasks


•  Custom Issues •  Execute commands on devices •  Networks/Routes/Hosts import into IPAM (EA sync) •  Networks/Hosts export from IPAM to NetMRI •  Interface configuration check •  Check IF on VLAN Correctness •  IP address helper •  Check MTU •  BMP

* scripts are not optimized – just use it as ideas how to do it :)

Examples of scripting tasks


Custom issues •  Create custom issue with unique ID;

•  Generate issue in script:

-  NetMRI_Easy: $easy->generate_issue( $issue_type_id, $severity, %parameters );

-  Infoblox_Job.pm: generate_issue( $issue_type_id, $severity, %parameters );

-  NetMRI::API: $client->get_broker('IssueAdhoc’)

Example: my $issue_id = $easy->generate_issue("IOSUpgradeCorruptImage", "warning", {“imagename" => ’sample Image’, "BadMD5"=> ’MD5’, "Name"=>’Image’, "Host"=>’unknown’,});


Execute command on device # BEGIN-SCRIPT-BLOCK # Script-Filter: true # Script-Variables: # $command word "show version” # END-SCRIPT-BLOCK use NetMRI_Easy; our $command; my $easy = new NetMRI_Easy; my $result = $easy->send_command($command); print $result;

25


Networks/Routes/Hosts import into IPAM # BEGIN-SCRIPT-BLOCK # Script-Filter: true # Script-Login: false # END-SCRIPT-BLOCK use NetMRI_Easy; my $easy = new NetMRI_Easy({nios_api => 1, nios_ipaddress => "10.0.167.51”, nios_username => "admin”, nios_password => "infoblox”}); my $ddi_session = $easy->nios_session; #Connect to NIOS #Select info from NetMRI my @interfaces=$easy->broker->interface->index({ DeviceID=>$main::device_id , select =>['DeviceID', 'RouteCIDR', 'RouteNextHopIPDotted', 'InterfaceID'], }); my @routes= $easy->broker->device_route->index({ DeviceID=>$main::device_id , select =>['InterfaceID', 'ifName', 'ifDescrRaw', 'ifIndex',], }); my @ifs; my @ifIndexs; foreach my $if (@interfaces) { $ifs [$if->InterfaceID] = $if->ifName; $ifIndexs [$if->InterfaceID] = $if->ifIndex; }

26

Slide 1


Networks/Routes/Hosts import into IPAM foreach my $device (@routes) { my $network_obj; if ($ifs[$device->InterfaceID]) { $network_obj = Infoblox::DHCP::Network->new(network => $device->RouteCIDR,

extensible_attributes => { 'Interface' => $ifs[$device->InterfaceID], 'NextHop'=>$device->RouteNextHopIPDotted, 'InterfaceURL'=>$main::api_url."/netmri/results/interfaces/InterfaceViewer/Viewer.tdf?DeviceID=".$main::device_id."&ifIndex=".$ifIndexs[$device->InterfaceID]."&Timestamp=&TimePeriod=&Metric=&Measure=&selectedAccordion=Interface&selectedMenu=Neighbors”}); }else{ $network_obj = Infoblox::DHCP::Network->new( network => $device->RouteCIDR, extensible_attributes => {'NextHop'=>$device->RouteNextHopIPDotted}); }; my $response = $ddi_session->add($network_obj); }

27

Slide 2


Results

Links to NetMRI


Networks/Hosts import IPAM => NetMRI # BEGIN-SCRIPT-BLOCK # Script-Filter: true # Script-Login: false # END-SCRIPT-BLOCK use NetMRI_Easy; my $easy = new NetMRI_Easy({nios_api => 1, nios_ipaddress => "10.0.167.51”, nios_username => "admin”, nios_password => "infoblox”}); my $ddi_session = $easy->nios_session; #Connect to NIOS my @networks = $ddi_session->get(object => "Infoblox::DHCP::Network”, network_view => "default”); foreach my $network (@networks) { $easy->broker->discovery_setting->create({range_value=>$network->network, range_type=>’CIDR’, discovery_status=>’INCLUDE’});};

29


Results


Interface configuration check # BEGIN-SCRIPT-BLOCK # Script-Filter: true # Script-Login: false # END-SCRIPT-BLOCK use NetMRI_Easy; my $easy = new NetMRI_Easy; my $Configs=$easy->broker->device->running_config_text(DeviceID=>$main::device_id)->{running_config_text}; my @IFs=$easy->broker->interface->index(DeviceID=>$main::device_id); foreach my $IF (@IFs){ my $IFName=$IF->ifDescrRaw; if ($Configs=~/interface $IFName[^\!]+ip helper-address[^\!]+/) { print "\n".$IF->ifDescrRaw." config is cool\n\n"; }else{ print $IF->ifDescrRaw." config is bad\n"; }; };

31


Results


Check IF on VLAN correctness # BEGIN-SCRIPT-BLOCK # Script-Filter: true # Script-Login: false # END-SCRIPT-BLOCK use NetMRI_Easy; my $easy = new NetMRI_Easy; my @IFs=$easy->broker->interface->index(DeviceID=>$main::device_id); my @VLANs=$easy->broker->vlan->index; foreach my $VLAN (@VLANs){ $VLN{$VLAN->VlanIndex}{Index}=$VLAN->VlanIndex; $VLN{$VLAN->VlanIndex}{Name}=$VLAN->VlanName; }; foreach my $IF (@IFs){ my @IFVlans=$easy->broker->if_vlan->index(DeviceID=>$main::device_id,

IntefaceID=>$IF->InterfaceID); foreach my $VlanId (@IFVlans){ if ($VLN{$VlanId->VlanID}{Index} and $VlanId->InterfaceID==$IF->InterfaceID) {print "Interface: ",$IF->ifDescrRaw," VLAN:",$VLN{$VlanId->VlanID}{Index}," ",$VLN{$VlanId->VlanID}{Name}, "\n";}; }; * You need to connect to external sources (CMDB, Inventory etc) and/or implement logic for VLAN checking

33


IP address helper. NIOS to Device # BEGIN-SCRIPT-BLOCK # Script-Filter: true # Script-Login: false # END-SCRIPT-BLOCK use NetMRI_Easy; use Data::Dumper; my $easy = new NetMRI_Easy({nios_api => 1, nios_ipaddress => "10.0.167.51", nios_username => "admin", nios_password => "infoblox"}); my $ddi_session = $easy->nios_session; #Connect to NIOS my @networks = $ddi_session->get(object => "Infoblox::DHCP::Network", network_view => "default"); foreach my $sub(@networks) { my @memb=$sub->members; my $ipdhcp=''; if (exists $memb[0][0]{'address'}) {$ipdhcp=$memb[0][0]->address;} elsif (exists $memb[0][0]{'name'}) {#my $dhcpname=$memb[0][0]->name; my @m = $ddi_session->get( object => "Infoblox::Grid::Member", name => $memb[0][0]->name); $ipdhcp=$m[0]{'ipv4addr'}; }; print "Subnet: ".$sub->network." dhcp server: ".$ipdhcp."\n”;

34

Slide 1


IP address helper. NIOS to Device if ($ipdhcp ne ''){ my @subnets=$easy->broker->subnet->index(SubnetCIDR=>$sub->network); if (defined $subnets[0]) { my @SMs=$easy->broker->subnet_member->index(SubnetID=>$subnets[0]->SubnetID); foreach my $SM(@SMs){ if ($SM->IfAddrID ne ""){ my @IFs=$easy->get_broker('IfAddr')->show(IfAddrID=>$SM->IfAddrID); my @IFNames=$easy->broker->interface->show(InterfaceID=>$IFs[0]->InterfaceID); #print Dumper @IFNames; my $ifAlias=$IFNames[0]->ifDescrRaw; my $Configs=$easy->broker->device->running_config_text(DeviceID=>$SM->DeviceID)->{running_config_text}; if ($Configs=~/interface $ifAlias[^\!]+ip helper-address $ipdhcp[^\!]*/) { print "helper is installed\n”; }else{ print "Configuration change:\nconf term\n interface $ifAlias\nip helper-address $ipdhcp\n exit\n exit\nwrite mem\n”; print "executing on ".$SM->DeviceID." commands:\n”; my $easy2 = $easy->device_session($SM->DeviceID); print $easy2->send_command("show ver | i uptime|image|processor"); $easy2->send_command("conf term"); $easy2->send_command("interface $ifAlias"); $easy2->send_command("ip helper-address $ipdhcp"); $easy2->send_command("end"); #$command_out = $easy2->send_command("write mem"); print "Config changed\n”; };};};};};};

35

Slide 2


Results


Check MTU (old style, using CLI) # BEGIN-SCRIPT-BLOCK # Script-Filter: # $Vendor eq "Cisco" or $Vendor eq "Juniper” # Script-Variables: # END-SCRIPT-BLOCK use NetMRI::API::Client; our $_client = new NetMRI::API::Client( UserName => "$http_username”, Password => "$http_password”, URL => "$api_url” ); our $_dis = $_client->get_broker("DisSession"); our $_cli = $_client->get_broker("CliConnection"); our $_issue = $_client->get_broker("IssueAdhoc"); our $_session_id = 0; my $dev1 = $device_id; my $cli_command_s = "show version"; my $cli_command_d = "show version"; my $cli-match; my $d_if; my $s_if; my $d_ifName; my $s_ifName; my $d_device; my $s_mtu; my $d_mtu; open_session(); open_connection($device_id); my $broker = $_client ->get_broker("Device"); my $bint = $_client->get_broker("Interface"); $dev1 = $broker->find($dev1); my $output1 ; print "\n\nCurrent neighbors of $dev1->{DeviceName} $dev1->{DeviceIPDotted} ($dev1->{DeviceID}):\n”; my @ns = sort { $a->{ifIndex} <=> $b->{ifIndex} || $a->{NeighborDeviceID} <=> $b->{NeighborDeviceID} || $a->{NeighborIfIndex} <=> $b->{NeighborIfIndex} } $dev1->get_neighbors(); foreach my $n (@ns) {

my $nd; eval {$nd = $broker->find_by_id($n->{NeighborDeviceID});}; if ($@ =~ /^H404/) { print "Could not find device $n-

>{NeighborDeviceID}\n";next;}; printf "\nOn %7s %6d %15s %16s \%s\n", ($n->{ifIndex} ? ("if" .

$n->{ifIndex}) : "unknown"), $nd->{DeviceID}, $nd->{DeviceName}, $nd->{DeviceIPDotted}, ($n->{NeighborIfIndex} ? ("if" . $n->{NeighborIfIndex}) : "unknown");

my @sif = $bint->find_by_id($n->{InterfaceID}); die "\nsource Interface not found.\n\n" if !@sif; foreach my $s (@sif) {printf "Source IF - %10s %s\n",$s-

>{ifName}, $s->{ifDescr}; $s_if = $s->{ifName};$s_ifName = $s->{ifDescr};} my @dif = $bint->find_by_id($n->{NeighborInterfaceID}); die "\nsource Interface not found.\n\n" if !@dif; foreach my $d (@dif) {printf "Dest IF - %10s %s\n",$d-

>{ifName}, $d->{ifDescr};

$d_if = $d->{ifName};$d_ifName = $d->{ifDescr};

$d_device = $d->{DeviceID};} if ($dev1->{DeviceVendor} eq "Cisco") {$cli_command_s = "show

interface $s_if | include MTU”; $cli_match = "MTU ([0-9]+) bytes.*";} else {$cli_command_s = "show interface $s_if | match MTU";

$cli_match = "Protocol inet, MTU: ([0-9]+).*";} print "command to push is $cli_command_s\n"; $output1 = send_command($device_id, $cli_command_s); print "\tSource Device/interface $dev1->{DeviceName}/$s_if

output: $output1\n";

$d_mtu = 0;$s_mtu = 0; if ($output1 =~ m/$cli_match/){$s_mtu = $1;}; print "\nOK, now finding far end device for $d_device\n”; my $destdev = $broker->find_by_id($d_device); print "\tGot Device $destdev->{DeviceName}\n”; print "\tNetwork device Indication is $destdev-

>{NetworkDeviceInd}\n\tManaged is $destdev->{DeviceManagedInd}\n\tCCS Collection is $destdev->{DeviceCCSCollection}\n\tConfig Polling is $destdev->{DeviceConfigPolling}\n”;

if (($destdev->{DeviceCCSCollection} eq "on") and ($destdev->{DeviceManagedInd} eq "true") and ($destdev->{DeviceCCSCollection} eq "on") and ($destdev->{NetworkDeviceInd} eq "true") ) {

if ($destdev->{DeviceVendor} eq "Cisco") {$cli_command_d = "show interface $d_if | include MTU”;

$cli_match = "MTU ([0-9]+) bytes.*";} else {$cli_command_d = "show interface $d_if |

match MTU";$cli_match = "Protocol inet, MTU: ([0-9]+).*";} print "\tcommand to push is $cli_command_d\n”; open_connection($d_device); $output1 = send_command($d_device, $cli_command_d); print "\tDest Device/interface $nd->{DeviceName}/

$d_if output: $output1\n”; close_connection($d_device); if ($output1 =~ m/$cli_match/) {$d_mtu = $1;} if ($d_mtu != $s_mtu) { print "\tMTUs do not match\n”; my $issue_id = generate_issue( "MTUmismatch”, "Warning", { "IP Address" => $dev1->{DeviceIPDotted}, "Host" => $dev1->{DeviceName}, "Interface" => $s_ifName,

"MTU" => $s_mtu, "Remote Device" => $nd->{DeviceName}, "Remote Interface" => $d_ifName, "Remote MTU" => $d_mtu }); } else {print "\tMTUs match $s_mtu - $d_mtu\n";}}}

sub open_session {our $_dis_response = $_dis->open(job_id=> $job_id); $_session_id = $_dis_response->{dis_session}->{SessionID}; END {close_session();}} sub close_session {our $_dis_response = $_dis->close(id=> $_session_id,);} sub open_connection { my $devID = shift; print "++++ Opening session to device $devID\n"; our $_cli_response = $_cli->open(id => $_session_id, device_id => $devID); print "DEBUG: _cli_reponse: $_cli_response\n"; END {close_connection($devID);}} sub close_connection { my $devID = shift; our $_cli_response = $_cli->close(id => $_session_id, device_id => $devID);} sub send_command { my $devID = shift; my ($command, $debug) = @_; if($debug eq "") {$debug = 0;} print "DEBUG: Device ID is: $devID\n"; $_cli_response = $_cli->send_command(id => $_session_id, device_id => $devID,command => $command, debug => $debug); return($_cli_response->{command_response});} sub generate_issue {

my ($issue_type_id, $severity, $params) = @_; my %baseParams = (DeviceID => $device_id, BatchID =>

$batch_id, IssueTypeID => $issue_type_id, Severity => $severity); my %allParams = (%baseParams, %{$params}); our $_issue_response = $_issue-

>generate_issue(%allParams);return($_issue_response->{IssueID});} 37


Check MTU (using NetMRI data) # BEGIN-SCRIPT-BLOCK # Script-Filter: true # Script-Login: false # END-SCRIPT-BLOCK use NetMRI_Easy; my $easy = new NetMRI_Easy; my @IFs=$easy->broker->interface->index(DeviceID=>$main::device_id); foreach my $IF (@IFs){ my @NBs=$easy->broker->neighbor->index(InterfaceID=>$IF->InterfaceID); foreach my $NB (@NBs){ if (defined $NB->NeighborInterfaceID) { my $NIF=$easy->broker->interface->show(InterfaceID=>$NB->NeighborInterfaceID)->{interface}; if ($IF->ifMtu==$NIF->ifMtu){

print "Interface ".$IF->ifDescrRaw." has same MTU on neighbor\n"; }else{

print "Interface ".$IF->ifDescrRaw." (MTU:".$IF->ifMtu.") "." has different MTU (".$NIF->ifMtu.") on neighbor\n"; my $NDevice=$easy->broker->device->show(DeviceID=>$NIF->DeviceID)->{device}; print "Neighbor Device:".$NDevice->DeviceName." Interface:".$NIF->ifDescrRaw."\n\n"; };};}; };

38


Results


BMP Sequence of events Slide 1


•  Check license, scripts etc. •  Customize lists:

  Interfaces;   Site settings;   Device settings;

•  Configure NA and NIOS interaction:   NA. Configuration/Advanced Settings/NIOS Administration (NIOS

User and PWD);   DDI. Configure log to external syslog server (NA);

•  NA - TFTP Config files edit/create; •  DDI - Setup bootd options (For Cisco systems you choose option 66 and enter the FQDN,

or IP address of the TFTP server (netMRI system). For Juniper a custom option 68 must be added to the system. ); •  DHCP forwarding (IP address helper).

BMP Provisioning Steps (ready for SW) Slide 2


Q&A


Thank you

network automation....

Documents