Michael McNamara

Response: Scripting Does Not Scale For Network Automation

Michael McNamara — Mon, 21 Jul 2014 21:06:32 +0000

About three weeks ago Greg Ferro from Etherealmind posted an article entitled “Scripting Does Not Scale For Network Automation“. It’s quite clear from reading the article that Greg really is “bitter and jaded“. While I agree that there are challenges in scripting they also come with some large rewards for those that are able to master the skill.

In a subsequent comment Greg really hits on his point.. “We need APIs for device consistency, frameworks for validation and common actions. But above that we need platforms that solve big problems – scripting can only solve little problems. ”

I agree but for now we need to work with what we have available, and that’s no reason to stop scripting today. That said scripting is not a tool that’s going to solve every problem in IT. It might helpful for initial deployments, provisioning, backups, monitoring, testing, etc. but it’s rare that scripting will solve every problem. I personally employ a combination of commercial management solutions with scripting to achieve my goals. I’ve worked with the following methods and technologies: EXPECT/TCL, SNMP, PHP, PERL, XML, NETCONF. These all have their individual challenges but each can be used in their own fashion to help automate a task or process depending on the task or the vendor in question. If you need to-do something once or twice there’s no need for a script or automation, but if you are going to-do something daily or weekly across dozens or hundreds of assets then a script can be extremely helpful.

The point of writing a script is really two fold in my opinion, first to automate the task but more importantly to remove the human error element. I do a lot of my work in the wee morning hours when the eyes are bloodshot and the mind isn’t always as rested as it should be. It’s easy to make simple stupid mistakes repeating monotonous commands on dozens even hundreds of switches or routers. A script helps to actually do the work and it makes sure that I won’t accidentally blow something up, I’m really there just to monitor for problems or issues.

It should be no surprise that there’s effort required to maintain a script, it’s just like a commercial vendor maintaining a product. Here’s the changelog for a Perl script I maintained between 2003 and 2014 that utilized SNMP and TFTP against Avaya/Nortel, Cisco, Motorola/Symbol and HP gear. You can see some of the challenges that Greg referred to in his article;

# Changes:
#
#     May 04, 2011 (M.McNamara) added support for HP C-Class GbE2c and legacy P-Class GbE2
#                               thanks to Karol Perkowski for his code addition
#     Dec 28, 2010 (M.McNamara) added additional code to support ERS4500 being slow TFTP transfer
#     Dec 27, 2010 (M.McNamara) updated CISCO-PRODUCTS-MIB to cover ciscoCBS3120 blade
#     Dec 20, 2010 (M.McNamara) updated ASCII routine with OID s5AgSysAsciiConfigManualUpload
#     Aug 31, 2010 (M.McNamara) added routines to handle binary and ASCII data for Avaya ERS switches
#				also added code to keep 4 archive copies per device
#     Dec 02, 2009 (M.McNamara) cleaned up code added additional debug routines
#     Oct 23, 2008 (M.McNamara) added support for Motorola RFS7000 Wireless LAN Switch
#     Oct 22, 2008 (M.McNamara) added support for ASCII configuration files for Avaya ERS switches
#     Oct 10, 2008 (M.McNamara) added support for Cisco switches
#     Jan 22, 2008 (M.McNamara) added support for HP GbE2c (C-Class) switch
#     Apr 24, 2007 (M.McNamara) added support for WS5100 3.x software
#     Oct 24, 2006 (M.McNamara) added support for ERS1600 v2.1 release
#     Sep 29, 2006 (M.McNamara) added support for BayStack 470 PwR 48T
#     Oct 20, 2005 (M.McNamara) added support for Baystack 5510 24 port also added 
#				Ethernet Routing Switch (formerly Passport) 8600 code
#     Mar 01, 2005 (M.McNamara) incorporated a sub to check for the presence of the
#				proper filename on the TFTP server (/tftpboot) thereby 
#				eliminating the first script "readytftpbackup.pl"
#     Feb 25, 2005 (M.McNamara) added the ability to retry a failed backup
#     Jan 13, 2004 (M.McNamara) some minor bugs throughout code base
#     Jan 06, 2004 (M.McNamara) implemented a workaround for the Passport RAPID-CITY MIB 
#				> 3.2 problem, copied OIDs for Passport 1600 into 
#				 existing MIB along with required MIBS and added sub 
#				to handle 1600s
#     Jan 05, 2004 (M.McNamara) issues with SNMP MIB for Passport 8600 v3.3.4 is presenting
#				problems with the Net-SNMP perl modules and the old MIB 
#				cannot identify the newly added Passport 1600 switches.
#     Dec 11, 2003 (M.McNamara) resolved issue with Passport 8600 not backing up properly
#     Sep 17, 2003 (M.McNamara) added code to incorporate all BayStack switches into backup
#     Oct  1, 2003 (M.McNamara) added code to email status report to notify@acme.org
#				also added Perl script to weekly crontab

Will the scripts I write today be useless in two years, possibly but that’s pretty much the case with anything these days including your phone, your laptop, etc. While we wait for something else to come along the the scripts I write and maintain will be very helpful in making my job easier and making me more efficient.

Cheers!

PS: I’ve finally cleaned up the Scripting section of my blog, fixing all the broken links and updating all the code.

Expect Automation Examples

Michael McNamara — Wed, 26 Mar 2014 00:49:02 +0000

I’ve been working for my new employer for just under 90 days now, carefully studying the network topology slowly pealing back the layers mindful not to break anything. There have been some exciting moments not including the Cisco Catalyst 6509 VSS member that decided to go into recovery mode one evening – revealing a cabling problem with a pair of Cisco ASA 5585-X running in an HA configuration.

A few weeks back I had the opportunity to show off some of my scripting skills by automating the configuration change of some 450+ Motorola RFS4000 and Symbol WS2000 Wireless LAN Switches. We were migrating from Microsoft’s Internet Authentication Service (IAS) to Microsoft’s Network Policy Service (NPS).

The first problem, nobody had an inventory of the wireless LAN switches that we needed to reconfigure. No problem – a quick dump of the logs on the IAS servers provided a nice lengthy list of IP addresses which had authenticated with IAS over the past 6 months. I wrote a quick Perl script to interrogate each IP address, first via ICMP, then via SNMP, and lastly via WGET/CURL. The result was a list of each model switch we had to contend with along with the software versions; WS2000 v1.x, RFS4000 v4.x and RFS4000 v5.x . There weren’t too many RFS4000 v5.x switches so we decided to handled those changes manually, although on retrospect it would have been far easier to also code that solution as opposed to manually logging into all those WiNG 5.x devices at 4AM in the morning.

I did have a challenge with the passwords. There were multiple administrator passwords in use across all the different models so I had to add some logic to deal with the three different possible passwords. It was good that there were only three passwords because a fourth failed password attempt would cause the wireless LAN switch to disconnect the session and would have made the task a lot harder .

I ended up writing two scripts, one for the WS2000 v1.x and one for the RFS4000 v4.x due to the time constraints. I could have combined the two scripts and detected the version of software but there were some anxious managers waiting eagerly on this change. I added a bash shell script to kick off the Expect script for each switch model and then loop through all the IP addresses or FQDNs.

This wasn’t a sexy solution by any means, it required a bit of testing to determine the commands that were needed for each model and software release but it was a much better solution than manually making the changes on some 450+ devices. We did have to-do a bit of error checking to make sure that the configurations went down to all 450+ devices. We had one or two instances where the WAN connection to that specific office just happen to go offline while the script was running. Thankfully we were able to use the logfile size (logs generated by the Expect script) as a quick determination if there had been a problem or discrepancy that required additional investigation.

If you have a similar challenge hopefully you’ll find the code below helpful.

Symbol WS2000 v1.x

run-ws2000.sh

#!/bin/bash
#
# Language: Bash Shell Script
#
# Filename: /usr/local/etc/run-ws2000.sh
#
# Purpose:  This script will kickoff the Expect scripts that will re-configure 
#           the RADIUS configuration on the Motorola (formerly Symbol) WS-2000
#           Wireless LAN Switches.
#
# Author:   Michael McNamara
# Date:     February 21, 2014
# Version:  1.0
#
# Changes:
#

# Variables
PATH_TO=/usr/local/etc/
EXPECT=/usr/local/etc/symbolws2000radius.exp
SWITCHES='10.1.1.1 10.1.1.2 10.1.1.3 10.1.1.4'

##########################################################################
# M  A I N   S C R I P T  B O D Y
##########################################################################

for SWITCH in $SWITCHES
do
	$EXPECT $SWITCH
done

exit

symbolws2000radius.exp

#!/usr/bin/expect -f
#
# Language: Expect
#
# Filename: /usr/local/etc/symbolws2000radius.exp
#
# Purpose:  This is an Expect script that will login to a Motorola (formerly
#           Symbol) WS2000 Wireless LAN Switch v1.x and modify the RADIUS servers
#           used for 802.1x EAP authentication of the corporate ESSID/WLAN.
#
# Author:   Michael McNamara
#
# Date:     February 21, 2014
#
# Version:  1.0
#
# Changes:
#           February 24, 2014 (M.McNamara) v1.1 - issue with enable prompt changing,
#               abstract prompt in a varaible to account for all possibilities.
#
# License:
#           Copyright (C) 2010 Michael McNamara (mfm@michaelfmcnamara.com)
#
#           This program is free software: you can redistribute it and/or modify
#           it under the terms of the GNU General Public License as published by
#           the Free Software Foundation, either version 2 of the License, or
#           (at your option) any later version.
#
#           This program is distributed in the hope that it will be useful,
#           but WITHOUT ANY WARRANTY; without even the implied warranty of
#           MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#           GNU General Public License for more details.
#
#           You should have received a copy of the GNU General Public License
#           along with this program.  If not, see .

# Variables

set PATH "/usr/local/etc"
set TELNET "/usr/bin/telnet"

set SWITCH [lindex $argv 0]
set USERNAME admin
set PASSWORDS {password1 password2 password3}
set PINDEX 0

# Which Wireless LAN are we going to change?
set WLAN_IDX 2

# RADIUS/NPS Servers
set RADIUS1 10.1.1.1
set RADIUS2 10.1.1.2

set PROMPTS "(%|#|cli\>|admin\>|\$|\-\-\-\>)"

set TODAY [timestamp -format %y%m%d ]
set WEEKDAY [timestamp -format %a ]
set DATE [timestamp -format %c ]

stty -echo

log_file $PATH/logs/$SWITCH.radius.log
log_user 0	# Disable logging to STDOUT
#log_user 1	# Enable logging to STDOUT

# Useful information out to logfile
send_log "*********************************************************************\r\n"
send_log "Starting logfile for $SWITCH on $DATE\r\n"
send_log "*********************************************************************\r\n"

set timeout 30
spawn $TELNET $SWITCH

expect {
	"Connected to" {

		expect "login:"
		send -- "$USERNAME\r"
		expect -exact "assword:"
		send -- "[lindex $PASSWORDS $PINDEX]\r"

		expect {
			"Login incorrect" {
				send_user "\nDEBUG: Login failed with $USERNAME [lindex $PASSWORDS $PINDEX] on $SWITCH\n"
				send_log "\nDEBUG: Login failed with $USERNAME [lindex $PASSWORDS $PINDEX] on $SWITCH\n"

				incr PINDEX
				if {$PINDEX == [llength $PASSWORDS]} {
					send_user "ERROR: PASSWORD ISSUE WITH $SWITCH - UNABLE TO LOGIN!\n" 
					send_log "*********************************************************************\r\n"
					send_log "End of logfile for $SWITCH on $DATE \r\n"
					send_log "*********************************************************************\r\n"
					exit	
				}

				expect "login:"
				send -- "$USERNAME\r"
				expect -exact "assword:"
				send -- "[lindex $PASSWORDS $PINDEX]\r"

				exp_continue
			}
			"admin>" {
				send -- "network\r"
				expect -re $PROMPTS
				send -- "wlan\r"
				expect -re $PROMPTS
				send -- "show eap $WLAN_IDX\r"
				expect -re $PROMPTS

				####################################################################
				# REMOVE THE FOLLOWING # FROM THE FILE TO ACTUALLY MAKE THE CHANGES
				####################################################################
				# REMOVE THE FOLLOWING # FROM THE FILE TO ACTUALLY MAKE THE CHANGES
				####################################################################

				send -- "set eap server $WLAN_IDX 1 $RADIUS1\r"
				expect -re $PROMPTS
				send -- "set eap server $WLAN_IDX 2 $RADIUS2\r"
				expect -re $PROMPTS
				send -- "show eap $WLAN_IDX\r"
				expect -re $PROMPTS
				send -- "save\r"
				expect -re $PROMPTS

				####################################################################

				send -- "quit\r"
				expect eof
			}
		}

	}

	"No route to host" {
		send_log "ERROR: Unable to connect to $SWITCH via telnet!\n"
		send_user "ERORR: Unable to connect to $SWITCH via telnet!\n"
	}

}

send_log "*********************************************************************\r\n"
send_log "End of logfile for $SWITCH on $DATE \r\n"
send_log "*********************************************************************\r\n"

exit 0

Motorola RFS4000 v4.x

run-rfs4000.sh

#!/bin/bash
#
# Language: Bash Shell Script
#
# Filename: /usr/local/etc/run-rfs4000.sh
#
# Purpose:  This script will kickoff the Expect scripts that will re-configure 
#           the RADIUS configuration on the Motorola RFS 4000 v4.x
#           Wireless LAN Switches.
#
# Author:   Michael McNamara
# Date:     February 21, 2014
# Version:  1.0
#
# Changes:
#
#

# Variables
PATH_TO=/usr/local/etc
EXPECT=/usr/local/etc/motorolarfs4000radius.exp
SWITCHES='10.1.1.1 10.1.1.2 10.1.1.3 10.1.1.4'

##########################################################################
# M  A I N   S C R I P T  B O D Y
##########################################################################

for SWITCH in $SWITCHES
do
	$EXPECT $SWITCH
done

exit

motorolarfs4000radius.exp

#!/usr/bin/expect -f
#
# Language: Expect
#
# Filename: /usr/local/etc/motorolarfs4000radius.exp
#
# Purpose:  This is an Expect script that will login to a Motorola (formerly
#           Symbol) RFS4000 Wireless LAN Switch v4.x and modify the RADIUS servers
#           used for 802.1x EAP authentication of the corporate ESSID/WLAN.
#
# Author:   Michael McNamara (mfm@michaelfmcnamara.com)
#
# Date:     February 21, 2014
#
# Version:  1.1
#
# Changes:
#	    February 25, 2014 (M.McNamara) v1.1 - disable StrictHostKeyChecking so the
#		the initial SSH connection doesn't generate a yes/no dialog which
#		could hang up the Expect script.
#
#           February 24, 2014 (M.McNamara) v1.0 - issue with enable prompt changing, 
#		abstract prompt in a varaible to account for all possibilities.
#
# License:
#           Copyright (C) 2014 Michael McNamara (mfm@michaelfmcnamara.com)
#
#           This program is free software: you can redistribute it and/or modify
#           it under the terms of the GNU General Public License as published by
#           the Free Software Foundation, either version 2 of the License, or
#           (at your option) any later version.
#
#           This program is distributed in the hope that it will be useful,
#           but WITHOUT ANY WARRANTY; without even the implied warranty of
#           MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#           GNU General Public License for more details.
#
#           You should have received a copy of the GNU General Public License
#           along with this program.  If not, see .

# Variables

set PATH "/usr/local/etc"
set TELNET "/usr/bin/telnet"
set SSH "/usr/bin/ssh"

set SSH_OPTIONS "-o StrictHostKeyChecking=no"

set SWITCH [lindex $argv 0]
set USERNAME admin
set PASSWORDS {password1 password2 password3}
set PINDEX 0

# Which Wireless LAN are we going to change?
set WLAN_IDX 2

# RADIUS/NPS Servers
set RADIUS1 10.1.1.1
set RADIUS2 10.1.1.2

set PROMPTS "(%|#|cli\>|admin\>|\$|\-\-\-\>)"

set TODAY [timestamp -format %y%m%d ]
set WEEKDAY [timestamp -format %a ]
set DATE [timestamp -format %c ]

stty -echo

# Setup the logging
log_file $PATH/logs/$SWITCH.radius.log
log_user 0	# Disable logging to STDOUT
#log_user 1	# Enable logging to STDOUT

# Useful information out to logfile
send_log "*********************************************************************\r\n"
send_log "Starting logfile for $SWITCH on $DATE\r\n"
send_log "*********************************************************************\r\n"

# Set the timeout to 30 seconds for the following commands
set timeout 30

# Spawn an SSH connection to the switch
spawn $SSH $SSH_OPTIONS $USERNAME@$SWITCH

expect {
	"yes/no" {
		send "yes\r" }

	"User Access Verification" {

		expect "*?sername:"
		send -- "$USERNAME\r"
		expect -exact "assword:"
		send -- "[lindex $PASSWORDS $PINDEX]\r"

		expect {
			"Incorrect Login" {
				send_user "\nDEBUG: Login failed with $USERNAME [lindex $PASSWORDS $PINDEX] on $SWITCH\n"
				send_log "\nDEBUG: Login failed with $USERNAME [lindex $PASSWORDS $PINDEX] on $SWITCH\n"

				incr PINDEX
				if {$PINDEX == [llength $PASSWORDS]} {
					send_user "ERROR: PASSWORD ISSUE WITH $SWITCH - UNABLE TO LOGIN!\n" 
					send_log "*********************************************************************\r\n"
					send_log "End of logfile for $SWITCH on $DATE \r\n"
					send_log "*********************************************************************\r\n"
					exit	
				}

				expect "*?sername:"
				send -- "$USERNAME\r"
				expect -exact "assword:"
				send -- "[lindex $PASSWORDS $PINDEX]\r"

				exp_continue
			}
			">" {
				send -- "terminal length 0\r"
				expect -re $PROMPTS
				send -- "enable\r"
				expect -re $PROMPTS
				send -- "show wireless mobile-unit\r"
				expect -re $PROMPTS
				send -- "show wireless wlan config $WLAN_IDX\r"
				expect -re $PROMPTS

				#####################################################################
				# REMOVE THE FOLLOWING # FROM THE FILE TO ACTUALLY MAKE THE CHANGES
				#####################################################################
				# REMOVE THE FOLLOWING # FROM THE FILE TO ACTUALLY MAKE THE CHANGES
				#####################################################################

				send -- "config t\r"
				expect -re $PROMPTS
				send -- "wireless\r"
				expect -re $PROMPTS
				send -- "wlan $WLAN_IDX radius server primary $RADIUS1\r"
				expect -re $PROMPTS
				send -- "wlan $WLAN_IDX radius server secondary $RADIUS2\r"
				expect -re $PROMPTS
				send -- "exit\r"
				expect -re $PROMPTS
				send -- "show wireless wlan config $WLAN_IDX\r"
				expect -re $PROMPTS
				send -- "write mem\r"
				expect -re $PROMPTS

				#####################################################################

				send -- "quit\r"
				expect eof
			}
		}

	}

	"No route to host" {
		send_log "ERROR: Unable to connect to $SWITCH via telnet!\n"
		send_user "ERORR: Unable to connect to $SWITCH via telnet!\n"
	}

}

send_log "*********************************************************************\r\n"
send_log "End of logfile for $SWITCH on $DATE \r\n"
send_log "*********************************************************************\r\n"

exit 0

Cheers!

Expect Scripts for ERS8600 Troubleshooting

Michael McNamara — Sat, 06 Sep 2008 13:00:54 +0000

Whenever you contact Nortel, Cisco or Juniper support these days your going to need to spend some time and effort collecting a fair amount of information for the engineer assigned to your case.

I’ve written a very simple Expect script that will telnet into a Nortel Ethernet Routing Switch 8600 and issue a series of commands saving all the output so you can forward it to Nortel (or examine it yourself offline).

#!/usr/bin/expect -f
#
# Filename: /usr/local/etc/8600dump.exp
#
# Purpose:  Dump technical information from Nortel Ethernet Routing Switch
#           via telneting to the device and issuing various "show" cmds.
#           The output will then be saved to the working directory using
#           a filename based on the switch name used to call the script.
#
# Language: Expect
#
# Author:   Michael McNamara
#
# Date:     May 6, 2003
#
# Changes:
#
#   Sept 29, 2006: cleaned up script/updated documentation
#    Dec 30, 2005: added command line arguments for portability
#    Mar 18, 2005: added file logging for troubleshooting and monitoring
#    May 20, 2003: fine tuned script removing a great many "expect" commands.
#    May  6, 2003: original Expect script generated from auto_expect
#
# Notes:
#        Command Line Reference;
#          ./8600dump.exp <switch> <username> <password>
#
# This Expect script was generated by autoexpect on Thu Aug 18 10:57:50 2005
# Expect and autoexpect were both written by Don Libes, NIST.
#
# 

set force_conservative 0  ;# set to 1 to force conservative mode even if
              ;# script wasn't run conservatively originally
if {$force_conservative} {
    set send_slow {1 .1}
    proc send {ignore arg} {
        sleep .1
        exp_send -s -- $arg
    }
}

#
# Declare Global Variables
#
set PATH "/usr/local/etc/"
set TELNET "/usr/bin/telnet"

#
# Assign Command Line Variablbes
#
set SWITCH [lindex $argv 0]
set USERNAME [lindex $argv 1]
set PASSWD [lindex $argv 2]

#
# Time Date Stamp
#
set TODAY [timestamp -format %y%m%d ]
set WEEKDAY [timestamp -format %a ]
set DATE [timestamp -format %c ]

set send_human {.1 .3 1 .05 2}

######################################################################
# proc usage
#
# Purpose: display the usage information to the enduser.
######################################################################
proc usage {} {
    send_user "\n"
    send_user "ERROR: command line paramaters incorrect\n"
    send_user "\n"
    send_user "usage: 8600dump.exp <switch> <username> <password>\n"
    send_user "\n"
    send_user "    switch        the DNS or IP address of switch    \n"
    send_user "    username        the username for login to the switch    \n"
    send_user "    password        the password for username\n"
    send_user "\n"
    send_user "\n"
    exit
}
#######################################################################

#######################################################################
# M A I N    P R O G R A M
#######################################################################

if {[llength $argv]!=3} usage

log_file $PATH/$SWITCH.dump.log
log_user 0      # Disable logging to STDOUT
#log_user 1     # Enable logging to STDOUT

# Useful information out to logfile
send_log "******************************************************************\r\n"
send_log "* STARTING LOGFILE FOR $SWITCH ON $DATE         \r\n"
send_log "******************************************************************\r\n"

set timeout -1
spawn $TELNET $SWITCH
match_max 100000
expect "Connected to"
expect "Login: "
send -- "$USERNAME\r"
expect "Password: "
send -- "$PASSWD\r"
expect -re "\:.\#|> "

# DATE
send -- "date\r"
expect -re "\:.\#|> "

####################################################
# YOU CAN ADD AND REMOVE COMMANDS AS YOU SEE FIT
####################################################

# CONFIG CLI MORE FALSE
send -- "config cli more false\r"
expect -re "\:.\#|> "

# SHOW TECH
send -- "show tech\r"
expect -re "\:.\#|> "

# SHOW CONFIG
send -- "show config\r"
expect -re "\:.\#|> "

# SHOW SYS TOPO
send -- "show sys topo\r"
expect -re "\:.\#|> "

# SHOW
send -- "show ports error show-all\r"
expect -re "\:.\#|> "

# SHOW PORT ERROR MAIN
#send -- "show port error main\r"
#expect -re "\:.\#|> "

# SHOW PORT ERROR EXT
#send -- "show port error ext\r"
#expect -re "\:.\#|> "

# SHOW IP ROUTE INFO ALTERNATIVE
#send -- "show ip route info alternative\r"
#expect -re "\:.\#|> "

# SHOW IP BGP SHOW-ALL
#send -- "show ip bgp show-all\r"
#expect -re "\:.\#|> "

# DATE
send -- "date\r"
expect -re "\:.\#|> "

send -- "logout\r"
expect eof

#######################################################################
# E N D    P R O G R A M
#######################################################################

You can also download the complete Expect script from my website here.

Occasionally you might have multiple switches that you’ll need to interrogate and for that I’ve written a quick and dirty little Bash shell script to loop through the FQDN of the switches calling the Expect script above.

#!/bin/sh
#
# Filename: /usr/local/etc/8600dump.sh
#
# Purpose:  Dump technical information from Nortel Ethernet Routing Switch
#           via telneting to the device and issuing various "show" cmds.
#           The output will then be saving to the working directory using
#           a filename based on the switch name used to call the script.
#
# Language: Bash Script
#
# Author:   Michael McNamara
#
# Date:     May 6, 2003
#
# Changes:
#
#   Sept 29, 2006: cleaned up script/updated documentation
#    Dec 30, 2005: added command line arguments for portability
#    Mar 18, 2005: added file logging for troubleshooting and monitoring
#    May 20, 2003: fine tuned script removing a great many "expect" commands.
#    May  6, 2003: original Expect script generated from auto_expect
#
# Notes:
#        Command Line Reference;
#          ./8600dump.sh
#
# There are system and network specific variables below. Obviously the "PATH"
# to the location of the Bash script and supporting Expect script. The location
# of MUTT if email is used and most importantly the username and password to the
# Nortel Ethernet Routing Switch 8600. I would highly suggest using the ro (ReadOnly)
# account for all scripting purposes that are "read-only" in nature. The last most
# obvious piece is the list of switches that you'd like the script run against.
#

# Global Variables
PATH_TO=/usr/local/etc/mlh
DUMP=8600dump.exp
MAIL_LIST=''
PAGER_LIST=''
ERROR_FLAG=0
MAILEXE='/usr/bin/mutt'
MAILTXT='/tmp/mutt.txt'
LOCKFILE=/tmp/trace.lck
USERNAME=ro
PASSWORD=

SWITCHES='switch1.domain switch2.domain'

#############################################################################
#  B E G I N   M A I N
#############################################################################

for SWITCH in $SWITCHES
do
    $PATH_TO/$DUMP $SWITCH $USERNAME $PASSWORD
    $MAILEXE -s "ALERT: Dump Report for $SWITCH" $MAIL_LIST -a $PATH_TO/$SWITCH.trace.log < $MAILTXT
done

exit
#############################################################################
#  E N D   M A I N
#############################################################################

You can also download the complete shell script here.

The use of Expect really helps save me a lot of time and it speeds up the troubleshooting process with the vendor.

Cheers!

Expect Script – Daylight Saving Time

Michael McNamara — Sun, 13 Jul 2008 21:00:09 +0000

[ad name=”ad-articlebodysq”]In one of my previous posts entitled, Network Time Protocol (NTP), I discussed how to setup a network time protocol sever and how to configure the Nortel Ethernet Switch and Ethernet Routing Switches for NTP including Daylight Saving Time (DST) support.

I recently received a message from someone looking for someway to automated the re-configuration of over 100 switches with the correct Daylight Saving Time configuration. I explained to the person that the best long term solution would probably be to use the SNMP MIB but a quick and dirty solution might be to use Expect and call it from a Bash script looping over all the switches that needed to be re-configured. In short Expect is a scripting language that mimics user input at a TTY. The Except script is written to issue a set of commands, as if a human were typing them, and expects various responses.

The script I wrote below only support a limited number of switches. If you have a particular switch you’re welcome to modify the script to support that particular switch. The script will attempt to determine if the switch is running the software that has the features we’re looking to implement. I didn’t have a whole lot of time to test so buyer beware!

Here’s the expect script that I authored;

#!/usr/bin/expect -f
#
##############################################################################
#
# Filename: /usr/local/etc/set-nortel-timezone.exp
#
# Purpose:  Expect script designed to telnet into Nortel Ethernet Switches
#           and execute the CLI commands to confgure the appropriate timezone
#           information, including Day Light Saving time.
#
# Switches: Ethernet Switch 460 v3.7.x
#           Ethernet Switch 470 v3.7.x
#           Ethernet Switch 4500 v5.2.x
#           Ethernet Switch 5500 v5.1.x
#
# Author:   Michael McNamara
#
# Date:     June 1, 2008
#
# Version:  1.1
#
# Changes:
#
#           June 8, 2008 (M.McNamara)
#           - added documentation and ARGV command line checks
#           June 14, 2008 (M.McNamara)
#           - added check for switch version and exit if v3.6 switch software
#           - added check for Username introduced in v3.7 switch software
#
#
##############################################################################
#
# This Expect script was generated by autoexpect on Wed Jul 27 17:25:28 2005
# Expect and autoexpect were both written by Don Libes, NIST.
#
set force_conservative 1  ;# set to 1 to force conservative mode even if
                          ;# script wasn't run conservatively originally
if {$force_conservative} {
        set send_slow {1 .1}
        proc send {ignore arg} {
                sleep .1
                exp_send -s -- $arg
        }
}

if {[llength $argv] != 2} {

   puts "usage: set-nortel-timezone.exp < SWITCH > < PASSWORD >>"

exit 1

}

#
set PATH "/usr/local/etc/"
set TELNET "/usr/bin/telnet"

set SWITCH [lindex $argv 0]
set PASSWORD [lindex $argv 1]

set TODAY [timestamp -format %y%m%d ]
set WEEKDAY [timestamp -format %a ]
set DATE [timestamp -format %c ]

set send_human {.1 .3 1 .05 2}

#log_file $PATH/$SWITCH.expect.log
log_file /usr/local/etc/password.expect.log
log_user 0      # Disable logging to STDOUT
#log_user 1     # Enable logging to STDOUT

set timeout 10
spawn $TELNET $SWITCH
match_max 100000

expect "Trying"
expect {
   "Connected"  {

      expect "SW:v3.6" {
         send_log "\n\nThis version of software doesn't support the CLI commands!\n"
         send_user "\n\nThis version of software doesn't support the CLI commands!\n"
         exit 1
      }
      sleep 1
      send -- ""
                }
   Timeout      {
      send_log "We're unable to connect to the switch $SWITCH"
      send_user "We're unable to connect to the switch $SWITCH"
      exit 1;
                }
}

expect {
   "Username"   {
      send -- "RW\r"
   }
}

expect "Enter Password"
send -- "$PASSWORD\r"

expect {
   "Main Menu"  {
                }
   "Incorrect Password" {
      send_log "$SWITCH : Incorrect Password"
      exit 1
   }
   "Incorrect Credentials" {
      send_log "$SWITCH: Incorrect Credentials"
      exit 1
   }
}
sleep 1

# Let's get into the CLI interface from the menu prompts
send -- "C"

# Depending on the version of software we sometimes need a CR/LF
send -- "\r"
sleep 1

# Let's wait for the CLI prompt which includes the #
expect "#"
send -- "config term\r"
send -- "clock time-zone EST -5\r"
send -- "clock summer-time EDT date 9 Mar 2008 2:00 2 Nov 2008 2:00 +60\r"
send -- "exit\r"
send -- "logout\r"
expect eof

You can download the entire Expect script from this URL; set-nortel-timezone.exp.

The command line arguments are fairly straight forward;

usage: set-nortel-timezone.exp

Where the SWITCH is the fully qualified domain name (FQDN) or the IP address of the switch in question and the PASSWORD is the Read-Write password for the switch.

If you had hundreds of switches to reconfigure you could wrap this Except script in a Bash shell script similar to the following;

#!/bin/bash
#
#####################################################################
#
# Language: Bash Shell Script
#
# Filename: /usr/local/etc/set-nortel-timezone.sh
#
# Purpose:  This script will kickoff the Expect script that will
#           configure the Daylight Saving Time features for each switch
#
# Author:   Michael McNamara
#
# Date:     June 1, 2008
#
# Version:  1.0
#
# Changes:
#
#           June 10, 2006 (M.McNamara)
#           -  added remote sites into shell script processing
#
#####################################################################
#

# Variables
PATH_TO=/usr/local/etc
UPGRADE=set-nortel-timezone.exp
MAIL_LIST=''
PAGER_LIST=''
ERROR_FLAG=0
MAILEXE='/usr/bin/mutt'
LOCKFILE=/tmp/trace.lck

# Check paramaters
if [ "$#" != 2 ]
then
  echo "Usage: `basename $0` <password>"
  exit 1
fi

PASSWORD=$1

#####################################################################
#####################################################################
# YOU SHOULD EDIT THE "SWITCHES" VARIABLE BELOW TO INCLUDE ALL THE
# SWITCHES THAT YOU WISH TO HAVE THE EXPECT SCRIPT RUN AGAINST
#####################################################################
#####################################################################

SWITCHES='sw1-5520.acme.org sw2-5520.acme.org sw3-5520.acme.org'

for SWITCH in $SWITCHES
do
        $PATH_TO/$UPGRADE $SWITCH $PASSWORD
done

exit

You can download the Bash shell script from this URL; set-nortel-timezone.sh.

I’ve only tested this on CentOS v5.2 but it should work on any Linux host with Expect installed although you may need to modify the path locations.

Cheers!