Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Executing an Op Script from a Remote Site

 

As an alternative to storing operation (op) scripts locally on the device, you can store op scripts at a remote site. You then execute a remote op script by specifying the URL as an argument to the op command when you execute the script on the command line. You can execute SLAX and XSLT op scripts from a remote site by default. To execute Python op scripts from a remote site, you must first configure the allow-url-for-python statement at the [edit system scripts op] hierarchy level. Because you cannot guarantee that scripts executed from remote sites are secure, we recommend that you only authorize trusted users to execute scripts using the op url command.

Note

Statements configured under the [edit system scripts op] hierarchy level are only enforced for op scripts that are local to the device. Thus, even if you configure memory allocation, script dampening, traceoptions, or other op script-specific statements within that hierarchy, Junos OS does not apply the configuration when you execute a remote script using the op url command.

To execute an op script from a remote site:

  1. Create the script.
  2. (Optional) Store the script temporarily in the /var/tmp directory on the device, and run the script through one or more hash functions to calculate hash values.

    Starting in Junos OS Release 18.2R2 and 18.3R1, Junos OS supports only the SHA-256 hash function for script checksum hashes. Earlier releases support the MD5, SHA-1, and SHA-256 hash functions.

  3. For Python scripts, configure the allow-url-for-python statement and the language python or language python3 statement.

  4. Place the script on the remote server.
  5. Provide the script URL and the optional hash values to the administrators who will execute the script.
  6. Execute the script by running the op url command and specifying the URL that points to the remote file.

    This example shows how to include the key option and the SHA-256 checksum information.

To prevent the execution of any op scripts from remote sites, configure the no-allow-url statement at the [edit system scripts op] hierarchy level.

When you configure the no-allow-url statement, issuing the op url url operational mode command generates an error. This statement takes precedence when the allow-url-for-python statement is also present in the configuration.

Release History Table
Release
Description
Starting in Junos OS Release 18.2R2 and 18.3R1, Junos OS supports only the SHA-256 hash function for script checksum hashes.