Tuesday, January 15, 2019

[Python] TextFSM : how to format your network equipment output


TextFSM is a very useful module that format automatically your equipment raw output and transform it into formatted data. It comes with predefined format from "most popular" commands, on Cisco, Juniper, Arista... ("show ip arp", "show interfaces", "show cdp neighbors"...) but you can also get into the config and build your own !

It is a little long to install, but it is worth it : you need to install ntc-templates using a 'git clone' action. The easiest way is to just install this into your home directory.

git clone https://github.com/networktocode/ntc-templates?__s=XXXXXXXX

The index file is just a mapping between platform, command, and the corresponding TextFSM template to use. This includes possible abbreviated versions of the command (for example, 'sh ip int br' and 'show ip interface brief').

Netmiko is configured to work with ~/ntc-template/templates/index for the ntc-templates index file. I had to alter the global PATH to tell Netmiko where to look for the TextFSM template directory:

NET_TEXTFSM="/root/python/ntc-templates/templates/" >> /etc/environment

All the templates already available for parsing are located in this path. If you need to define your own, that is where you will find examples and place to begin.

Now, let's see the difference.

You might know it by know, it is pretty simple to connect to a network equipment with the Netmiko library :

 #!/usr/bin/python  
 #from netmiko import Netmiko

core_src_switch = {
                   'host': 'yourswitch.domain',
                   'username': 'read_only_user',
                   'password': 'read_only_user_password',
                   'device_type': 'cisco_ios',
                  }

target_ip = 'your ip'
#opening SSH connection to device
net_conn_tr = Netmiko(**core_src_switch)
#sending show ip ARP to device
output_shiparp = net_conn.send_command("show ip arp " + target_ip)
#close SSH connection
net_conn_tr.disconnect()
print(output_shiparp)

This will have approximatively this output with a valid IP : 

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  your ip                  5   cc52.aaaa.aaaa  ARPA   Vlan4200

And now, let's modify the command so we use TextFSM : 

output_shiparp = net_conn.send_command("show ip arp " + target_ip, expect_string=r'#', use_textfsm=True)

New output : 

[{'interface': 'Vlan4200', 'age': '5', 'type': 'ARPA', 'mac': 'cc52.aaaa.aaaa', 'address': 'your ip'}]

Immediately usable via code : 

In [3]: output_shiparp[0]['address']
Out[3]: 'your ip'

This conclude this small presentation of textFSM. I strongly advise on using it when building code that will browse switches and routers.
Posted by at No comments:

Friday, January 11, 2019

[Python] SSH to a server through a jump server, with PKI


Hello,

Today's tip is regarding a topic that made me stuck for a while : how to connect to a server through another server, and all infrastructure uses public key to authenticate ?

I tried playing with ssh_agent and key forwarding, but I couldn't make it work. Then a suggestion was made to use port forwarding, which is much more straitforward and simple to handle/understand.

Here is a piece of code that should work for you :

 #!/usr/bin/python  
 #  
 # Paramiko  
 #  
 import paramiko  
 import sys  
 import subprocess  
 #  
 # we instantiate a new object referencing paramiko's SSHClient class  
 #  
 vm = paramiko.SSHClient()  
 vm.set_missing_host_key_policy(paramiko.AutoAddPolicy())  
 k = paramiko.RSAKey.from_private_key_file("/path/to/the/key",password='private_key_password')  
 vm.connect('jump_server', username='login', pkey = k)  
 #  
 vmtransport = vm.get_transport()  
 dest_addr = ('dst_server', 22)  
 local_addr = ('jump_server', 22)  
 vmchannel = vmtransport.open_channel("direct-tcpip", dest_addr, local_addr)  
 #  
 jhost = paramiko.SSHClient()  
 jhost.set_missing_host_key_policy(paramiko.AutoAddPolicy())  
 jhost.connect('dst_server', username='login', password='xxxx', sock=vmchannel)  
 #we send a simple command  
 stdin, stdout, stderr = jhost.exec_command("hostname")  
 #we read the return from the dst_server  
 print stdout.read()  
 #we don't forget to close the SSH session  
 jhost.close()  
 vm.close()  
 # End
If you are using simple password, replace pkey by password. Enjoy !
Posted by at No comments:

Learn python !

Hello,

I recently took the decision to learn Python all by myself since my company don't see any added value to do that...

I can only recommend Kirk Byers free online introduction course :

https://pynet.twb-tech.com/

The courses are started various times of the year, and you can register at that moment. once you finish the online classes you have access to the full course anyway, even if you missed some lessons.

It is very informative, it necessitates that you have a minimum programming background but I really recommend it.

M. Byers is the creator of the "Netmiko" library, which is great to connect to any kind of switch/router.





Posted by at No comments:

Thursday, January 10, 2019

Welcome to my blog

2019 is here ! New year, new resolutions. I open my blog and share some VERY useful tips that came across my career. Hope it will be helpful for some others !

I will be blogging about any technology, no preference, in the fields of Network & Security.

Some words about me, I graduated a long time ago as a "Network & Telecommunication engineer" in a school in France. I came to Canada for various reasons and I stayed there because I find it awesome !

Don't hesitate to ask questions, I fully expect this blog to be largely ignored, so I can answer any question that may pop !

You may expect funny pictures to come with serious articles.

I wish you all a happy new year 2019 ! Let's get started !



Posted by at No comments:
Subscribe to: Comments (Atom)