First things first, the code lives here:
I wanted to put together a mini-series of posts on how to programatically enable netconf across many ALU/Nokia – SROS devices.
The theoretical problem we are trying to solve:
- Company Avifi has recently decided to enable NETCONF across their entire 7750 platform. They would like to do this all in one maintenance night.
- All of Avifi’s network is currently documented and stored in Netbox. We must extract a list of 7750’s and their IP addresses using the API requests.
- Programatically SSH into all the necessary devices:
- Enable NETCONF
- Create a NETCONF USER/PASSWORD
- Enable Model-Driven CLI.
As a network engineer that’s constantly having to re-use scripts, templates, etc – I’d see this as an opportunity to create two things:
- A tool I can easily use in my lab environment before I take this to production.
- A production ready tool that my team can use.
We’ll start with a command line driven tool to easily target a single node, ssh into it and programmatically enable NETCONF as well as change from the standard CLI to the new Model-Driven CLI that Nokia offers on their 7750’s routers.
As I’m getting more into the Dev/NET/OPS side of the house, I’m starting to think about CI/CD, unit tests, version control and the extensive amount of testing and variables that may change when implementing network wide changes via automation.
Let’s discuss some of the packages i’ll be using with Python 3.
Everyone should be familiar with Netmiko by now. We’ll use this to connect via SSH to our devices and manipulate our configurations. As the starting point to this will be to build from a command line driven utility which targets a single node and expand into extracting a list of devices via Netbox, we will use argparse to send arguments from the CLI to our python script. NCCLIENT will be used to establish NETCONF connections. In order to not store passwords on our script, we will use getpass to prompt our users for passwords. On our future updated post, we’ll call the pyNetbox package / API client to interact with Netbox and extract the correct device IP addresses and run the script against it. xmltodict to convert the xml extracted file and parse to a dictionary.
The tool will accept the arguements above, but the SSH username is defaulted to ‘admin’.
Once ran, the script will request for the SSH Password to the device, it will connect and send a list of commands to enable the NETCONF service and also switch from the Classic CLI to the new Model Driven CLI. Once this is complete, the SSH connection will be dropped and a new connection on port 830, the default NETCONF port will be established utilizing the new credentials. The tool will proceed to extract the running configuration, it will save a temp file and re-open it to parse it into a dictionary. We’ll extract the system name and use it as a var to create a folder directory of configurations and save the XML configuration by system name.
**Before running, open the script and edit the new usser credentials that you wish to pass for NETCONF connections. **
At this point, i’m able to run this against a multitude of devices individually to test functionality and make any adjustments before I implement the API connection into our Netbox server.
Below is the entire code, at beta. This command line driven utility will utilize NETMIKO to establish the initial connection to the device. On the next post, we will take this code and change quite a bit to dynamically pass in a list of hosts from the Netbox API.