Using Nornir for OS Upgrades (Part 1)

By Kirk Byers

Previously I wrote an article that Introduces Nornir

In this article, I want to expand on the Nornir introduction and do something more interesting. In particular, I want to use Nornir to Secure Copy files to a set of network devices. I then want to use that file transfer process and some additional code to perform an OS upgrade on two Cisco IOS routers (part 2).

Unfortunately, I am going to switch from using Nornir 1.1 to using Nornir 2.0. There are some meaningful differences between the two versions. Additionally, Nornir 2.0 is not released yet so I am going to be working out of the 2.0 branch in GitHub.

An Introduction to Nornir

By Kirk Byers

Recently David Barroso and others (including me) have created a new network automation framework named Nornir. The vast majority of the credit belongs to David, however.

Nornir is a Python framework that provides inventory management and concurrency. It belongs in the same category as Ansible and Salt.

I am excited about Nornir and the possibility of an all Python automation framework. Note, while I refer to an all 'Python framework', this is referring to the execution environment. In other words, what you write your program in and what you execute.

Netmiko SSH Proxy Support

By Kirk Byers

Netmiko supports SSH proxies.

By this I mean you can 'bounce' through an intermediate server while connecting to a remote network device.

This article will demonstrate how to use this feature.

Netmiko and what constitutes done

By Kirk Byers

Screen-scraping suffers from two fundamental problems—the first is that screen-scraping returns unstructured data (i.e. a big, block of text) and the second is that the communication channel has no good notion of being done. While people frequently bring up the former, the latter is probably a bigger issue.

Let's discuss the second issue in some more detail (and what it implies).

The communication channel has no good notion of being done.

Netmiko and TextFSM

By Kirk Byers

In Netmiko 2.0, I added support for direct integration to TextFSM particularly for ntc-templates.

What does TextFSM and ntc-templates allow you to do?

Simply stated, it allows you to take unstructured data and convert it to structured data. Or worded differently, it takes a block of text and converts it to lists and dictionaries (or some combination thereof).

Expanding Netmiko's Secure Copy Support

By Kirk Byers

I have recently been working on expanding the Secure Copy file transfer capabilities that are included in Netmiko. Ultimately this code should make OS upgrades and other file transfer operations easier to accomplish.

At this point, I have working and tested code on Cisco IOS, IOS-XE, NX-OS, IOS-XR, Juniper Junos, and Arista EOS. This is for both Secure Copy 'get' and 'put' operations and also includes associated methods that check whether the file exists, that verify disk space is available and that perform an MD5 comparison on the transferred file.

The Python Debugger (pdb)

By Kirk Byers

In order to debug effectively, you need to be able to:

1. Extract information from your system. This information can be messages printed to standard output, logging messages, stack traces, or analysis through using a debugger.

2. Make changes to your program and see how it affects the information extracted in step1.

Using Ansible to Configure and Verify DHCP Helpers

By Kirk Byers

The problem...

I need to configure a DHCP helper on a set of VLANs across a set of network devices. I also need to ensure that DHCP helpers are not configured on any other VLANs besides the ones specified.

Additional qualifications—the network devices are brownfield. In other words, I can't just load full configurations programmatically (i.e. skip the verification step because I am generating the entire configuration).

Zero-Touch ASA Upgrade using Python

By Kirk Byers

Because of Cisco's recent IKE vulnerability, I have some Cisco ASAs that need upgraded. One of these ASAs is in my lab environment and I thought it would be interesting to upgrade this ASA programmatically.

This lab ASA is currently running an old operating system (*cough*, *cough*, 8.0(4)32...yes, I know it's old). In order to get started, I created a virtualenv on one of my AWS servers and then installed Netmiko 0.4.1. This AWS server has SSH access into the ASA.

Through a process of iterative testing, I wrote the following code.

Expanding netmiko-tools

By Kirk Byers

A few months back I created a grep-like utility based on Netmiko. At the time, I wrote an article about that utility including details on specifying the device inventory. I recently expanded on these netmiko-tools by adding two new utilities: netmiko-show and netmiko-cfg. I would consider these two utilities experimental at this point.

The install process is straightforward. On a Linux system, do the following:

# Requires Netmiko >= 1.0.0
$ pip install netmiko
$ git clone https://github.com/ktbyers/netmiko_tools/
$ cd netmiko_tools/netmiko_tools/

Ansible and Network Backup

By Kirk Byers

There are obviously a lot of solutions for backing up network device configurations.

Let's look at how this could be accomplished using Ansible.

First, let's start by backing up some Cisco IOS devices (i.e. just using plain-old SSH).