Michael McNamara

There has been a lot of discussion recently in networking circles surrounding automation especially in discussions about Software Defined Networking (SDN). While automation means different things to different people I would define it as any tool or solution that automates repetitive tasks (making the job easier) while making the output more consistent and ultimately the network more reliable. I’m a huge proponent of having the computer do the work, I guess that could be defined as automation.

The purpose of this post is to provide some simple examples of how you can start automating today. These are not glamorous solutions hence the poor man slogan but they should help provide some idea of what’s possible. There are plenty of open-source and commercial solutions out there, one that’s been receiving some extra press these past few months is Puppet.

In my current organization we deploy a lot of equipment and we usually do so on a very tight timetable where we have hours, not days or weeks to turn up a closet or a remote site. So our time is extremely precious but more so we can’t afford to be troubleshooting erroneous configuration errors that could easily be avoided with some simple automation. Like numerous organizations before us we too had Microsoft Word Templates and Excel macros and formulas but we almost always ran into problems with the human element of the equation.

I took a small 1Gbps CentOS Linux guest with a LAMP (Linux, Apache, MySQL, PHP) stack and started throwing together some Perl, PHP and JavaScript code. The outcome was a pretty powerful example of what’s possible without a big capital investment or some consulting company reaching their quarterly sales goal on your dime.

Here are three simple examples which are adoptions of each other, adding additional features as time allowed and the solutions matured.

Juniper SRX – VPN Branch Offices

While we were migrating our remote branch offices (31+ locations in all) to Juniper SRX Service Gateways we quickly realized we needed a more reliable solution than building the configuration by hand. We had a Microsoft Word template that had various fields marked {RED}, the field engineer would perform a search-n-replace to ultimately build the configuration. In our first few conversions we had a number of typos in the configuration that caused use to overrun our scheduled maintenance window. How can we make configuring the Juniper SRX easier for our field engineers? What about a web based portal that takes in the assorted variables and outputs a working configuration?

The solution was really quite easy and has been done by others before. The field engineer plugs in a few values and the Perl/PHP application spits back a complete configuration for both the branch office Juniper SRX 210H and the main office Juniper SRX 650. The initial version of the application required the field engineer to enter a random 128 character shared key, later versions of the application automatically generated a random shared key for use in the configuration. This approach completely eliminated any other configuration issues during the migration project and is now part of our standard process for a new greenfield site.

Avaya Ethernet Routing Switch 4850GTS-PWR+

On the heals of that migration we had a very large expansion project underway at our largest facility. The physical construction called for the installation of about 63+ Avaya Ethernet Routing Switch 4850GTS-PWR+ switches. In order to help streamline the configuration process and help eliminate configuration errors I built an adaption of the earlier application above to fit the requirements for this project. In this project I expanded the functionality of the original application by adding JavaScript code to perform client side data validation. If the field called for an IP address, then the JavaScript code would only submit the data to the server if the field passed validation. It was pretty straight forward and simple but we took the original solution and improved on it.

APC UPS/PDU Management Cards

In that same expansion project we also identified the need to streamline the configuration of the American Power Conversion (APC) UPS’s and PDUs that we were deploying throughout the infrastructure. If you’ve ever worked with them you know they can be somewhat difficult to quickly and easily configure. Our field engineers were spending on average 1 hour to configure each device and often there were inconsistencies in the configuration depending on which field engineer had performed the configuration. So we came up with a new streamlined process which allows the engineer to complete the task in about 15 minutes. The field engineer manually configures a DHCP reservation (manual DHCP) utilizing the MAC address of the management card within our Infoblox IP address management solution. Once the UPS or PDU is online and communicating with the network the field engineer plugs in a number of variables into the web browser and the Perl application will output the configuration. In this case we decided to take this solution one step further by having the Perl application actually program the configuration into the device. The Perl application will generate the configuration and then will make a FTP call to the actual asset and upload the configuration. The only thing left for the field engineer was to perform some simple tests once the task was complete, to verify that the asset was reporting, sending SNMP traps, to our management platform. And even that last step could have probably been easily automated.

My Thoughts

There are a number of frameworks that I could have used in writing these applications but I decided to keep it simple (this time around). The point here is to just provide an example of what’s possible. There are quite a few tools and solutions in the market place that already leverage SNMP, NET-CONF, XML, SOAP APIs, etc to help provide integration between systems as well as management and automation.

Wouldn’t it be great if the last application accepted the MAC address of the APC UPS/PDU and made an automated call to Infoblox and automatically created a DHCP reservation for that asset? Thereby streamlining the process even further? There’s nothing stopping me from doing that other than the time and energy it takes to code the solution and then test it appropriately.

I’m not ready right now to release the actual code but if enough people request I will work to creating sanitized copies and release the code under a GPL license.

Let me know what your doing around automation.

I recall a number of interesting posts a few years back where some folks had completely automated how they inventory and on-board their IP phones. They were using bar code scanners to collect the information from the outside of the box and then had an automated process for taking that information and creating the necessary configuration files for a zero-touch installation, including the actual node and TN information for the Avaya Communication Server 1000. That was a pretty neat example of automation in my opinion and obviously saved them a lot of time and effort.

Cheers!

I’m always looking for ways to help automate the environment around me. I was recently asked to investigate how we could integrate our internally developed applications into our installation of CA Service Desk. I looked at the integration offered by Maileater but I wanted the ability to record/track the ticket numbers and handles for any tickets, incidents, requests or changes we were opening within Service Desk. I discovered that I could make SOAP/XML calls directly against the application, as long as I ordered the data properly and provided the correct bits and bytes. The value in tracking the ticket number and handle comes when you want to automatically acknowledge/close previously open tickets or if you might want to re-open previously closed tickets or requests when some condition is met.

I should note that the Service Desk Users forum was a big help in my initial research and already has a number of code snippets available on their site.

Here’s a quick Perl script that demonstrates how to interface with CA Service Desk via SOAP/XML calls. This specific script will create an Incident (type = crt:182) assigned to the group Help Desk ( group = 9C4E34BDF796B04DBAD365034FC92288) with the problem category of Alarms (category = pcat:400978) and set the reporting method to Other ( zreporting_method = i:7304).

The values above are specific to my installation of CA Service Desk, you may need to adjust the values for your specific environment and installation. You will also need to substitute a valid username and password that has access to Service Desk in the variables $USERNAME and $PASSWORD. You will also need to update the $wsdl variable to reference the hostname or IP address of the CA Service Desk application server.

You’ll note that I’m using a number of Perl modules to make life easy. You’ll need to have these Perl modules installed in order for the script to run properly. You can install the modules with the following commands assuming you are running CentOS/RedHat Linux;

yum install perl-SOAP-Lite perl-XML-Simple perl-XML-Dumper

Yum will automatically add any other per-requisite packages for you.

Here’s the actual Perl script;

#!/usr/bin/perl

#use SOAP::Lite trace=>'debug';
use SOAP::Lite;
use Data::Dumper;
use XML::Simple;
use strict;
use warnings;

# Declare Constants
use constant DEBUG      => 0;           # DEBUG settings
use constant CONSOLE    => 0;           # CONSOLE DEBUG settings

################################################################
# UPDATE WITH YOUR SPECIFIC USERNAME AND PASSWORD
################################################################
my $username = 'USERNAME';
my $password = 'PASSWORD';

# Declare Variables
my $xml = new XML::Simple;
my $ticket_number;
my $ticket_handle;
my $wsdl = 'http://hostname:8080/axis/services/USD_R11_WebService?wsdl';
my $service = SOAP::Lite->service($wsdl);

my $sid = $service->login($username, $password);

my $userHandle = $service->getHandleForUserid($sid,$user);
my $method = SOAP::Data->name('createRequest');

my @params = (SOAP::Data->name("sid" => $sid),
SOAP::Data->name("userHandle" => $userHandle),
SOAP::Data->name("attrVals" =>
  \SOAP::Data->value(
   SOAP::Data->name("string" => "description"),
   SOAP::Data->name("string" => "This is a test indicent created from a Perl script using a SOAP/XML interface"),
   SOAP::Data->name("string" => "customer"),
   SOAP::Data->name("string" => $userHandle),
   SOAP::Data->name("string" => "type"),
   SOAP::Data->name("string" => "crt:182"),
   SOAP::Data->name("string" => "category"),
   SOAP::Data->name("string" => "pcat:400978"),
   SOAP::Data->name("string" => "group"),
   SOAP::Data->name("string" => "9C4E34BDF796B04DBAD365034FC92288"),
   SOAP::Data->name("string" => "zreporting_method"),
   SOAP::Data->name("string" => "i:7304"),
   SOAP::Data->name("string" => "summary"),
   SOAP::Data->name("string" => "This is a test incident created via Perl SOAP/XML.")
  )
),
SOAP::Data->name("propertyValues" =>
  \SOAP::Data->value(
   SOAP::Data->name("string" => '')
  )
),
SOAP::Data->name("template" => ''),
SOAP::Data->name("attributes" =>
  \SOAP::Data->value(
   SOAP::Data->name("string" => 'ref_num'),
   SOAP::Data->name("string" => 'persistent_id')
  )
),
SOAP::Data->name("newRequestHandle"),
SOAP::Data->name("newRequestNumber")
);

print "dumper: ".Dumper(\@params)."\n" if (DEBUG);

my $soap = $service->call($method => @params);

if ($soap->fault){
        print "Error\n";
        print "[".$soap->faultcode."] [".$soap->faultstring."] [".$soap->faultdetail."]";
} else {
        print $soap->result if (DEBUG);
}

print "SOAP dump: ".Dumper($soap->result)."\n" if (DEBUG);

$xml = XMLin($soap->result);

$ticket_number = $xml->{Attributes}->{Attribute}->[0]->{AttrValue};
$ticket_handle = $xml->{Attributes}->{Attribute}->[1]->{AttrValue};

print "Ticket Number = $ticket_number\n";
print "Ticket Handle = $ticket_handle\n";

$service->logout($sid);

exit;

Cheers!

Automation – Poor Mans Style

Juniper SRX – VPN Branch Offices

Avaya Ethernet Routing Switch 4850GTS-PWR+

APC UPS/PDU Management Cards

My Thoughts

Automation with Perl SOAP XML

Recent Posts

Categories

SUBSCRIBE BY EMAIL