Juniper SNMP Migrations
This example will show how to use the PyEZ plugin for Nornir to
- build a NETCONF connection to a remote device
- validate that SNMPv3 is not running
- configure SNMPv3 parameters
- close the connection
? Workflow
We have provided a Poetry lock file to make life simple when managing Python packages and virtual environments. Within the virtual vironment, there will be a package called Invoke that will help us run our script with a simple command.
The workflow will look like this:
- Install Poetry (one-time operation)
- Have Poetry install your Python packages in a virtual environment (one-time operation)
- Activate your new virtual environment with Poetry
- Run locally or within a container using the Invoke package
? Create and Activate your Python environment (one time operation)
- install poetry package to manage our Python virtual environment
curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python -
- install our Python dependencies
poetry install
- activate your Python virtual environment
poetry shell
Executing the script
- run your Nornir script locally
cd files/nornir
python app.py
Using Docker
- build the container image with
invoke build
- run the Nornir script within the container
invoke nornir
⚙️ How it works
Let’s take a second to do a nice John Madden play-by-play on this script:
Importing the functionality of PyEZ and Nornir into our script
from nornir_pyez.plugins.tasks import pyez_rpc
from nornir import InitNornir
from rich import print
import os
- We need to import the
pyez_rpcmethod from Nornir’s PyEZ plugin into our script InitNornirwill import the core functionality of Nornirrichwill make things pretty when we print the outputimport osis just to allow us to shortcut the path of your directory
Defining parameters
script_dir = os.path.dirname(os.path.realpath(__file__))
nr = InitNornir(config_file=f"{script_dir}/config.yaml")
firewall = nr.filter(name="juniper-srx-garage0")
extras = {
"less-than": "1"
}
- create an object called
script_dirand set it to our local directory nris created by instantiation theInitNornirclass and passing our config file into it- we filter out a single device with the
nr.filtermethod and passing a hostname - any extra parameters for our RPC call will be defined here in a key/value structure
Sending our API call
response = firewall.run(
task=pyez_rpc, func='get-security-policies-hit-count', extras=extras
)
- create a new object called
responseand setting it equal to the response of our API call - the
runfunction was imported when we created an objectfirewallbased on theInitNornirclass - within
run, we pass thetaskas apyez_rpc, our RPC API call, andextraparameters
for dev in response:
print(response[dev].result)
Loop over the response object, which is an AggregatedResult that behaves like a list. There is a response object for each device in inventory
? Screenshot
? Additional Notes
? Python
You are strongly recommended to using a Python Virtual Environment any and everywhere possible. You can really mess up your machine if you’re too lazy and say “ehh, that seems like it’s not important”. It is. If it sounds like I’m speaking from experience, I’ll never admit to it.
If you’re interested in learning more about setting up Virtual Environments, I encourage you to read a few blogs on the topic. A personal recommendation would be
? Docker
If you are unsure if Docker is installed on your computer, then it’s probably safe to suggest that it’s not. If you’re interested in learning more about the product, I encourage you to read a few blogs on the topic. A personal recommendation would be Digital Ocean
Some of the goodies placed in the docker folder are not relevant to our use case with Python. Feel free to delete them as you see fit, I simply wanted to share with you my Docker build process for all Juniper automation projects (including those based on Ansible). The world is your oyster and I won’t judge you on whatever direction you take.
? Dependencies
Refer to the file located at files/docker/requirements.txt
