Categorygithub.com/scottdware/go-junos
modulepackage
0.0.0-20200809143445-1805793fac10
Repository: https://github.com/scottdware/go-junos.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
13
Dependents
8
Files
2.7k SLOC

# README

go-junos

GoDoc Travis-CI Go Report Card

A Go package that interacts with Junos devices, as well as Junos Space, and allows you to do the following:

  • Run operational mode commands, such as show, request, etc..
  • Compare the active configuration to a rollback configuration (diff).
  • Rollback the configuration to a given state or a "rescue" config.
  • Configure devices by submitting commands, uploading a local file or from a remote FTP/HTTP server.
  • Commit operations: lock, unlock, commit, commit at, commit confirmed, commit full.
  • Device views - This will allow you to quickly get all the information on the device for the specified view.
  • [SRX] Convert from a zone-based address book to a global one.

Junos Space <= 15.2

  • Get information from Junos Space managed devices.
  • Add/remove devices from Junos Space.
  • List all software image packages that are in Junos Space.
  • Stage and deploy software images to devices from Junos Space.
  • Create, edit and delete address and service objects/groups.
  • Edit address and service groups by adding or removing objects to them.
  • View all policies managed by Junos Space.
  • Publish policies and update devices.
  • Add/modify polymorphic (variable) objects.

Installation

go get -u github.com/scottdware/go-junos

Note: This package makes all of it's calls over Netconf using the go-netconf package from Juniper Networks. Please make sure you allow Netconf communication to your devices:

set system services netconf ssh
set security zones security-zone <xxx> interfaces <xxx> host-inbound-traffic system-services netconf

Authentication Methods

There are two different ways you can authenticate against to device. Standard username/password combination, or use SSH keys. There is an AuthMethod struct which defines these methods that you will need to use in your code. Here is an example of connecting to a device using only a username and password.

auth := &junos.AuthMethod{
    Credentials: []string{"scott", "deathstar"},
}

jnpr, err := junos.NewSession("srx.company.com", auth)
if err != nil {
    fmt.Println(err)
}

If you are using SSH keys, here is an example of how to connect:

auth := &junos.AuthMethod{
    Username:   "scott",
    PrivateKey: "/home/scott/.ssh/id_rsa",
    Passphrase: "mysecret",
}

jnpr, err := junos.NewSession("srx.company.com", auth)
if err != nil {
    fmt.Println(err)
}

If you do not have a passphrase tied to your private key, then you can omit the Passphrase field entirely. In the above example, we are connecting from a *nix/Mac device, as shown by the private key path. No matter the OS, as long as you provide the location of the private key file, you should be fine.

If you are running Windows, and using PuTTY for all your SSH needs, then you will need to generate a public/private key pair by using Puttygen. Once you have generated it, you will need to export your private key using the OpenSSH format, and save it somewhere as shown below:

alt-text

Examples

Visit the GoDoc page for package documentation and examples.

Connect to a device, and view the current config to rollback 1.

auth := &junos.AuthMethod{
    Credentials: []string{"admin", "Juniper123!"},
}

jnpr, err := junos.NewSession("qfx-switch.company.com", auth)
if err != nil {
    fmt.Println(err)
}

defer jnpr.Close()

diff, err := jnpr.Diff(1)
if err != nil {
    fmt.Println(err)
}

fmt.Println(diff)

// Will output the following

[edit vlans]
-   zzz-Test {
-       vlan-id 999;
-   }
-   zzz-Test2 {
-       vlan-id 1000;
-   }

View the routing-instance configuration.

auth := &junos.AuthMethod{
    Username:   "admin",
    PrivateKey: "/home/scott/.ssh/id_rsa",
}

jnpr, err := junos.NewSession("srx.company.com", auth)
if err != nil {
    fmt.Println(err)
}

defer jnpr.Close()

riConfig, err := jnpr.GetConfig("text", "routing-instances")
if err != nil {
    fmt.Println(err)
}

fmt.Println(riConfig)

// Will output the following

## Last changed: 2017-03-24 12:26:58 EDT
routing-instances {
    default-ri {
        instance-type virtual-router;
        interface lo0.0;
        interface reth1.0;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 10.1.1.1;
            }
        }
    }
}

Views

Device views allow you to quickly gather information regarding a specific "view," so that you may use that information however you wish. A good example, is using the "interface" view to gather all of the interface information on the device, then iterate over that view to see statistics, interface settings, etc.

Note: Some of the views aren't available for all platforms, such as the ethernetswitch and virtualchassis on an SRX or MX.

Current out-of-the-box, built-in views are:

ViewsCLI equivilent
arpshow arp
routeshow route
bgpshow bgp summary
interfaceshow interfaces
vlanshow vlans
ethernetswitchshow ethernet-switching table
inventoryshow chassis hardware
virtualchassisshow virtual-chassis status
staticnatshow security nat static rule all
sourcenatshow security nat source rule all
storageshow system storage
firewallpolicyshow security policies (SRX only)
lldpshow lldp neighbors

NOTE: Clustered SRX's will only show the NAT rules from one of the nodes, since they are duplicated on the other.

When using the interface view, by default it will return all of the interfaces on the device. If you wish to see only a particular interface and all of it's logical interfaces, you can optionally specify the name of an interface using the option parameter, e.g.:

jnpr.View("interface", "ge-0/0/0")

Creating Custom Views

You can even create a custom view by creating a struct that models the XML output from using the GetConfig() function. Granted, this is a little more work, and requires you to know a bit more about the Go language (such as unmarshalling XML), but if there's a custom view that you want to see, it's possible to do this for anything you want.

I will be adding more views over time, but feel free to request ones you'd like to see by emailing me, or drop me a line on Twitter.

Example: View the ARP table on a device

view, err := jnpr.View("arp")
if err != nil {
    fmt.Println(err)
}

fmt.Printf("# ARP entries: %d\n\n", view.Arp.Count)
for _, a := range view.Arp.Entries {
    fmt.Printf("MAC: %s\n", a.MACAddress)
    fmt.Printf("IP: %s\n", a.IPAddress)
    fmt.Printf("Interface: %s\n\n", a.Interface)
}

// Will print out the following

# ARP entries: 4

MAC: 00:01:ab:cd:4d:73
IP: 10.1.1.28
Interface: reth0.1

MAC: 00:01:ab:cd:0a:93
IP: 10.1.1.30
Interface: reth0.1

MAC: 00:01:ab:cd:4f:8c
IP: 10.1.1.33
Interface: reth0.1

MAC: 00:01:ab:cd:f8:30
IP: 10.1.1.36
Interface: reth0.1

# Functions

NewServer sets up our connection to the Junos Space server.
NewSession establishes a new connection to a Junos device that we will use to run our commands against.
NewSessionFromNetconf uses an existing netconf.Session to run our commands against This is especially useful if you need to customize the SSH connection beyond what's supported in NewSession().
NewSessionFromNetConn uses an existing net.Conn to establish a netconf.Session This is especially useful if you need to customize the SSH connection beyond what's supported in NewSession().
NewSessionWithConfig establishes a new connection to a Junos device that we will use to run our commands against.

# Structs

An Address contains information about each individual address object.
AddressEntry contains information about each individual address-book entry.
Addresses contains a list of address objects.
No description provided by the author
AddressSet contains all of the address-sets (groups) in the address-book.
APIRequest builds our request before sending it to the server.
ArpEntry holds each individual ARP entry.
ArpTable contains the ARP table on the device.
AuthMethod defines how we want to authenticate to the device.
BGPPeer contains information about each individual BGP peer.
BGPTable contains information about every BGP peer configured on the device.
Chassis contains all of the hardware information for each chassis, such as a clustered pair of SRX's or a virtual-chassis configuration.
CommitEntry holds information about each prevous commit.
CommitHistory holds all of the commit entries.
A Device contains information about each individual device.
Devices contains a list of managed devices.
EthernetSwitchingTable contains the ethernet-switching table on the device.
FileSystem contains the information for each partition.
FirewallPolicy contains the entire firewall policy for the device.
GroupMembers contains a list of all the members within a address or service group.
HardwareInventory contains all the hardware information about the device.
Interfaces contains information about every interface on the device.
Junos contains our session state.
L2MACEntry contains information about every MAC address on each VLAN.
No description provided by the author
No description provided by the author
LogicalInterface contains information about the logical interfaces tied to a physical interface.
MACEntry contains information about each individual MAC address.
Member contains information about each individual group member.
Module contains information about each individual module.
PhysicalInterface contains information about each individual physical interface.
Policies contains a list of firewall policies.
A Policy contains information about each individual firewall policy.
Route holds information about each individual route.
RouteTable holds all the route information for each table.
RoutingEngine contains the hardware and software information for each route engine.
RoutingTable contains every routing table on the device.
Rule contains each individual element that makes up a security policy rule.
SecurityContext contains the policies for each context, such as rules from trust to untrust zones.
A SecurityDevice contains information about each individual security device.
SecurityDevices contains a list of security devices.
SecurityZones contains all of our security-zone information.
A Service contains information about each individual service object.
Services contains a list of service objects.
A SoftwarePackage contains information about each individual software package.
SoftwarePackages contains a list of software packages managed by Junos Space.
SoftwareUpgrade consists of options available to use before issuing a software upgrade.
SourceNatEntry holds each individual source NAT entry.
SourceNats contains the source NATs configured on the device.
Space contains our session state.
StaticNatEntry holds each individual static NAT entry.
StaticNats contains the static NATs configured on the device.
Storage contains information about all of the file systems on the device.
SubModule contains information about each individual sub-module.
SubSubModule contains information about each sub-sub module, such as SFP's.
SubSubSubModule contains information about each sub-sub-sub module, such as SFP's on a PIC, which is tied to a MIC on an MX.
SystemStorage stores the file system information for each node, routing-engine, etc.
A Variable contains information about each individual polymorphic (variable) object.
VariableManagement contains our session state when updating a polymorphic (variable) object.
Variables contains a list of all polymorphic (variable) objects.
VCMember contains information about each individual virtual-chassis member.
VCMemberNeighbor contains information about each virtual-chassis member neighbor.
Views contains the information for the specific views.
VirtualChassis contains information regarding the virtual-chassis setup for the device.
Vlan contains information about each individual VLAN.
Vlans contains all of the VLAN information on the device.
Zone contains information about each individual security-zone.
ZoneInterface contains a list of all interfaces that belong to the zone.