Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Storing and Enabling Scripts

 

To use a Junos OS automation script on a switch, router, or security device, you must copy the script to the device and enable it in the configuration, as described in the following steps:

  1. Create the script.
  2. Copy the script to the appropriate directory on the device for that script type. Only users who belong to the Junos OS super-user login class can access and edit files in the script directories on a device running Junos OS.

    By default, scripts are stored in and executed from the /var/db/scripts directory on the device's hard disk under the subdirectory appropriate to the script type. You can also store scripts in flash memory in the /config/scripts directory under the subdirectory appropriate to the script type.

    • commit script—Copy the script to the /var/db/scripts/commit directory on the hard disk or the /config/scripts/commit directory in flash memory.

    • op script—Copy the script to the /var/db/scripts/op directory on the hard disk or the /config/scripts/op directory in flash memory.

    • event script—Copy the script to the /var/db/scripts/event directory on the hard disk or the /config/scripts/event directory in flash memory.

    • snmp script—Copy the script to the /var/db/scripts/snmp directory on the hard disk or the /config/scripts/snmp directory in flash memory.

    Note

    If the device has dual Routing Engines and you want to enable the script to execute on both Routing Engines, you must copy it to the appropriate directory on both Routing Engines. The commit synchronize command does not automatically copy scripts between Routing Engines.

    Note

    Junos OS supports using symbolic links for files in the script directories, but the device will only execute the script at the target location if it is signed.

  3. For unsigned Python scripts, ensure that the following requirements are met:

    • File owner is either root or a user in the Junos OS super-user login class.

    • Only the file owner has write permission for the file.

    • The language python statement is configured at the [edit system scripts] hierarchy level.

    Note

    Starting in Junos OS Release 16.1R3, unsigned Python scripts must be owned by either root or a user in the Junos OS super-user login class, and only the file owner can have write permission for the file. Prior to Junos OS Release 16.1R3, unsigned Python scripts must only be owned by the root user.

    Note

    To enable a user who does not belong to the file’s user or group class to execute an unsigned Python automation script, the script’s file permissions must include read permission for others.

  4. Enable the script by including the file filename statement at the appropriate hierarchy level for that script type.

  5. If you store scripts in and load them from flash memory, include the load-scripts-from-flash statement at the [edit system scripts] hierarchy level. For detailed information about storing scripts in flash memory, see Storing Scripts in Flash Memory.

  6. For Python event and SNMP scripts, configure the user under whose access privileges the script executes.
    • For event scripts:

    • For SNMP scripts:

    Note

    If you do not configure the python-script-user statement, then by default, Junos OS executes Python event and SNMP scripts under the access privileges of the generic, unprivileged user and group nobody. Interactive Python scripts, such as commit and op scripts, run with the access privileges of the user who executes the command or operation that invokes the script.

    Note

    Starting in Junos OS Release 16.1R3, you can execute unsigned Python commit, event, op, and SNMP scripts using the access privileges of authorized users. In Junos OS Release 16.1R2 and earlier releases, all unsigned Python automation scripts are executed using the access privileges of the user and group nobody.

  7. Issue the commit command.

Newly enabled commit scripts execute during the current commit operation. After the commit operation completes, enabled event scripts are loaded into memory and can be executed by an event policy that is triggered in response to system log events. For more information, see Executing Event Scripts in an Event Policy. After the commit operation completes, op scripts can be executed on the device. For more information, see Executing an Op Script.

Release History Table
Release
Description
Starting in Junos OS Release 16.1R3, unsigned Python scripts must be owned by either root or a user in the Junos OS super-user login class, and only the file owner can have write permission for the file.
Starting in Junos OS Release 16.1R3, you can execute unsigned Python commit, event, op, and SNMP scripts using the access privileges of authorized users.