Script to deploy router configs & verify - how would you approach this?

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of stephenmbell stephenmbell 1 month ago.

  • Author
    Posts
  • #73586
    Profile photo of stephenmbell
    stephenmbell
    Participant

    Hello all —

    I have a project that is going to involve creating and loading router configurations on 350 juniper routers. I have some individual snippets / functions for this process already written for other tasks but I am stuck with one part of the process. Here is some pseudo code that is going to outline the process I am thinking of and highlight where I am stuck

    Ideally I would like this to thread somehow — I have had some success in the past with doing a workflow. I still want to look at Posh RS Jobs – but before I get there I need to understand the best way to do the verification process.

    foreach($r in $router)
    {
    # generate the config for this router –> written and working
    $config = New-RouterConfig $r

    # scp the config to the router –> written and working
    # using the winscp.dll .net wrapper
    Send-SCPItem $r $config

    # load the configuration on the router and "commit confirm" the config for X minutes
    # NOTE: This will save the config for X minutes OR until "commit" command is sent.
    # if no second "commit" command is sent within X minutes, the configuration will roll back to previous state
    # written and working
    # using the POSH-Junos module
    Invoke-JunosCommand $command

    # TODO:
    # once the command runs to apply and commit confirm the config file start a process
    # that waits Y minutes (where Y is less than X), tests network connectivity to the router
    # that was just loaded — if we can ping, login and run commit, if we can't it will auto rollback

    How-Would-You-Do-This?

    }

    
    Thanks
    sb
  • #73739
    Profile photo of Don Jones
    Don Jones
    Keymaster

    I'm not entirely sure what you mean by verification. However, I'd probably request a full configuration dump from the router and just diff it against the desired configuration. If there are no differences, you win. And I'd probably write all of that as one big function, which could then be spun up in discrete jobs to get some parallelization. Or, just use Warren's Invoke-Parallel command.

  • #73748
    Profile photo of stephenmbell
    stephenmbell
    Participant

    Thanks Don.

    Reading my OP I realized that I left out a potentially detail. These routers connect to HQ via VPN. So I suppose the verification would be — can I ping it? Did the VPN come back up? If I were doing this manually, this is how I would verify.

    The idea of diff-ing the running config with the desired config is a different approach that I hadn't thought of. I will put some thought into this method and see if it will fit.

    Thanks again
    Steve

You must be logged in to reply to this topic.