Current frustration...

Started by deanwebb, September 08, 2015, 10:09:38 AM

Previous topic - Next topic

deanwebb

Quote from: wintermute000 on March 08, 2017, 01:47:38 PM
Yes you can.... LOL
:wha?:

Every time we've tried to script it, we failed. Heck, even ASDM can't do it on an ASA, had to go to the CLI to get the job done.

What is your secret, man? WE MUST KNOW!!!
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

SofaKing

Performance reviews - I hate writing these up.  Usually multiple objectives are the same as the previous but you have to write a small book for each objective so it becomes very redundant.
Networking -  You can talk about us but you can't talk without us!

wintermute000

python using raw commands. Definitely python as you can manually invoke pause. Of course you'd need at least telnet

dlots

If you are trying to do telnet you might look at  telnetlib

I did a super crapy program to telnet into devices and try and find some info.


                        user = each[0]
password = each[1]
print (user)
tn = telnetlib.Telnet(ip)
#wait for Username: prompt
tn.read_until(b"Username:")
#send username
tn.write(user.encode('ascii') + b"\n")
if password:
print (password)
#wait for password prompt
tn.read_until(b"Password: ")
#send password
tn.write(password.encode('ascii') + b"\n")

wintermute000

#109
Quote from: deanwebb on March 08, 2017, 02:29:22 PM
Quote from: wintermute000 on March 08, 2017, 01:47:38 PM
Yes you can.... LOL
:wha?:

Every time we've tried to script it, we failed. Heck, even ASDM can't do it on an ASA, had to go to the CLI to get the job done.

What is your secret, man? WE MUST KNOW!!!

cheat mode ON as using netmiko module, but if I had time I could work it out with a manual library as I've done plenty of expect style pain before netmiko was a thing

from netmiko import ConnectHandler

WAN1 = {
    'device_type': 'cisco_ios_telnet',
    'ip':   '172.17.1.151',
    'username': 'cisco',
    'password': 'cisco',
    'secret': 'cisco',     # optional, defaults to ''
    'verbose': True,       # optional, defaults to False
}

WAN2 = {
    'device_type': 'cisco_ios_telnet',
    'ip':   '172.17.1.152',
    'username': 'cisco',
    'password': 'cisco',
    'secret': 'cisco',     # optional, defaults to ''
    'verbose': True,       # optional, defaults to False
}


router_list = [WAN1,WAN2]

config_commands = ['crypto key generate rsa modulus 2048']

for router in router_list:
    net_connect = ConnectHandler(**router)
    net_connect.enable()
    output = net_connect.send_config_set(config_commands)
    print(output)
    net_connect.exit_enable_mode()






ssh://ansible@192.168.145.129:22/usr/bin/python -u /home/ansible/generate-ssh-key/generate-ssh-key.py
config term
Enter configuration commands, one per line.  End with CNTL/Z.
WAN1(config)#crypto key generate rsa modulus 2048
% You already have RSA keys defined named WAN1.cisco.com.
% They will be replaced.


% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...end
WAN1#
config term
Enter configuration commands, one per line.  End with CNTL/Z.
WAN2(config)#crypto key generate rsa modulus 2048
% You already have RSA keys defined named WAN2.cisco.com.
% They will be replaced.


% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 2 seconds)


WAN2(config)#end
WAN2#

If this was serious you could easily whip up something to convert a CSV into a list of dictionary for the variables e.g. 1 per row

icecream-guy

Quote from: SofaKing on March 08, 2017, 02:32:37 PM
Performance reviews - I hate writing these up.  Usually multiple objectives are the same as the previous but you have to write a small book for each objective so it becomes very redundant.


LOL I haven't had a performance review in like 5 years.
no perfomance review = no planned career growth..no meager raises. no self recommendations on how I can improve myself, no jabs at my performance, etc.
is it worth it?    :steamtroll:
:professorcat:

My Moral Fibers have been cut.

deanwebb

I have to enter my objectives for 2017 today. That means copying and pasting the objectives our upper management said we should have. I'm not a manager, yet I have "Retain employees and reduce turnover" as a goal. I guess if I stay here through the next review cycle, I'll be 100% in that area.

:facepalm3:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

#112
To add to Wintermute's suggestions you can also create SSH keys using SNMP. On Cisco it is OID - 1.3.6.1.4.1.9.9.339.1.1.2.1 so as long as you have a SNMP user setup you can script this without relying on SSH working before generating the key.

Cisco SNMP Object Navigator for that OID:
http://snmp.cloudapps.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9.9.339.1.1.2.1#oidContent

-Otanx


wintermute000

My script didn't need ssh working. It uses telnet
The ssh in the output is me running the python remotely LOL

wintermute000

#114
version 2. put your devices in a csv with the following headers. and yes, it uses telnet (observe device_type: cisco_ios_telnet)



host,device_type,ip,username,password,secret
WAN1,cisco_ios_telnet,172.17.1.151,cisco,cisco,cisco
WAN2,cisco_ios_telnet,172.17.1.152,cisco,cisco,cisco





from netmiko import ConnectHandler
import csv


config_commands = ['crypto key generate rsa modulus 2048']

with open('devices.csv','rb') as csvfile:
    devices = csv.DictReader(csvfile)
    for router in devices:
        print("***Executing script on device:")
        print(router)
        print("***Script Output:")
        net_connect = ConnectHandler(**router)
        net_connect.enable()
        output = net_connect.send_config_set(config_commands)
        print(output)
        print("***device end***")
        net_connect.exit_enable_mode()







***Executing script on device:
{'username': 'cisco', 'ip': '172.17.1.151', 'secret': 'cisco', 'host': 'WAN1', 'device_type': 'cisco_ios_telnet', 'password': 'cisco'}
***Script Output:
config term
Enter configuration commands, one per line.  End with CNTL/Z.
WAN1(config)#crypto key generate rsa modulus 2048
% You already have RSA keys defined named WAN1.cisco.com.
% They will be replaced.


% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)


WAN1(config)#end
WAN1#
***device end***
***Executing script on device:
{'username': 'cisco', 'ip': '172.17.1.152', 'secret': 'cisco', 'host': 'WAN2', 'device_type': 'cisco_ios_telnet', 'password': 'cisco'}
***Script Output:
config term
Enter configuration commands, one per line.  End with CNTL/Z.
WAN2(config)#crypto key generate rsa modulus 2048
% You already have RSA keys defined named WAN2.cisco.com.
% They will be replaced.


% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 2 seconds)


WAN2(config)#end
WAN2#
***device end***

icecream-guy

think were getting off track here, the netmiko/telnet thing should probably be broken out into a different thread, as it's turning into more of a discussion than a frustration.

:professorcat:

My Moral Fibers have been cut.

dlots

I was asked to write a program to take an export from one server, and make it so we could import it into another server... but both servers were ACS, so at least it was quite easy.

deanwebb

Waiting for the TAC callback on a case I had to reopen...

... and if they tell me the same resolution, this will be me:

:phone:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

SimonV

Too much projects at once, and they all want priority 

:frustration:

deanwebb

Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.