So we started off in Part 1 breaking down what a basic SSH connection and authentication looks like using Python and Expect. To add some context to this I am using the pexpect library for Python. This library falls back on system level tools like the the SSH client inside OSX or Linux. I can’t speak to how this works with Windows so just be aware of that as we move forward. In the long term I will start adding more complexity such as the ParaMiko and NetMiko libraries that use integrated SSH clients but for now I want to keep this as simple as possible so both you and I can get the most value out of these posts.
So in this post I want to get right down to it and show you the code that kicked it all off for me. Here is what we will be accomplishing in this script.
- Create SSH Session to 3560 Switch
- Authenticate SSH Session
- Authenticate enable
- Create VLAN 300
- Set VLAN 300 on Interface Gigabit 0/10
- Write changes to memory
- Exit session.
The code will be posted below. In every post I am going to narrow down the comments so we don’t end up with a giant pile for code. Also you can always find the code on my GitHub page.
# Imports Needed Libraries to run Code
import pexpect
import sys
import os
#
# Creates Variables to be referenced by code
#
switch_ip = "10.92.200.3"
switch_un = "pytest"
switch_pw = "pytest"
enable_pw = "password"
vlan = "300"
vlan_name = "TESTVLAN"
switch_port = "GigabitEthernet0/10"
#
# This section shows the setup of the SSH session and
# authentication through config T
#
child = pexpect.spawn('ssh %s@%s' % (switch_un, switch_ip))
# Create a logfile of running code and
# drop it to Standard Out/screen unbuffered.
child.logfile = os.fdopen(sys.stdout.fileno(), 'w', 0)
child.expect('Password:')
child.sendline(switch_pw)
child.expect('>')
child.sendline('terminal length 0')
child.expect('\>')
child.sendline('enable')
child.expect('Password:')
child.sendline(enable_pw)
child.expect('#')
child.sendline('conf t')
#
# This section starts the configuration of VLAN 300
#
# Shows that the next prompt we expect from SSH Session (child) is (config)#
child.expect('\(config\)#')
# We now send the IOS command VLAN 300
child.sendline('%s %s' % ('vlan', vlan))
# Shows that the next prompt we expect from SSH Session
# (child) is (config-vlan)
child.expect('\(config-vlan\)#')
# We now send the IOS command name and send the variable vlan_name
child.sendline('%s %s' % ('name', vlan_name))
# Shows that the next prompt we expect from SSH Session (child) is (config)
child.expect('\(config-vlan\)#')
# We now send the IOS command exit
child.sendline('exit')
#
# This section starts the interface configuration
#
# Shows that the next prompt we exped from SSH session (child) is (#)
child.expect('#')
# We now send the IOS command Interface and the variable switch_port
child.sendline('%s %s' % ('interface', switch_port))
# Shows that the next prompt we expect from SSH session (child) is (config-if)
child.expect('\(config-if\)#')
# We now send the IOS command Switchport Access vlan and the variable vlan
child.sendline('%s %s %s %s' % ('switchport', 'access', 'vlan', vlan))
# Shows that the next prompt we expect from SSH session (child) is (config-if)
child.expect('\(config-if\)#')
#
# This section starts the termination of the session
#
child.sendline('end')
child.expect('#')
child.sendline('wr mem')
child.expect('#')
child.sendline('quit')
So with that we have now created a VLAN and applied it to an interface. But let us be honest. This is a ot of typing to get to a single VLAN and port config. So why do all this? First off like I said in Post 1, we can convert entire template configurations to this expect model. Once you get going it does not even take to long because you are re-using so many elements. Imagine if you are struggling with device consistency in your environment and you could once a mont, or week or day run a script that brought every edge device in your network back to a constant config. Now granted that should be a corner case and if your having that type of issue then config automation is the least of your problems but it could be the start to a solution. But what if we can take this small piece of code give a list of devices instead of a single IP address and then loop it through 10, 100 or 1000 devices, then we are getting somewhere! But baby steps. In the next post we are going to add some more configuration changes as well as apply it to two devices. See ya then!
One comment