Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Enable an Op Script and Define a Script Alias

Operation (op) scripts are stored on a device’s hard disk in the /var/db/scripts/op directory or on the flash drive in the /config/scripts/op directory. Only users in the super-user login class can access and edit files in these directories. For information about setting the storage location for scripts, see Store and Enable Junos Automation Scripts and Store Scripts in Flash Memory.

To prevent the execution of unauthorized Python code on Junos devices, unsigned Python scripts must meet certain requirements before you can execute the scripts on a device. Unsigned Python scripts must be owned by either root or a user in the super-user login class, and only the file owner can have write permission for the file. For detailed information about the requirements for executing Python automation scripts, see Requirements for Executing Python Automation Scripts on Junos Devices.

Note:

If the device has dual Routing Engines and you want to enable an op script to execute on both Routing Engines, you can copy the script to the /var/db/scripts/op or /config/scripts/op directory on both Routing Engines, or you can issue the commit synchronize scripts command to synchronize the configuration and copy the scripts to the other Routing Engine as part of the commit operation.

You must enable an op script before you can execute it. To enable an op script, include the file filename statement at the [edit system scripts op] hierarchy level, and specify the filename of the op script. Only users in the super-user login class can enable op scripts.

SLAX and Python scripts must include the .slax or .py filename extension, respectively, in both the actual script name and the filename in the configuration. XSLT scripts do not require a filename extension, but we strongly recommend that you append the .xsl extension. In either case, the configured filename must exactly match the filename of the script in the directory. For example, if the XSLT script filename is script1.xsl, then you must include script1.xsl in the configuration. Likewise, if the XSLT script filename is script1, then you must include script1 in the configuration.

Optionally, you can define an alias for an op script. To define the alias, include the command statement at the [edit system scripts op file filename] hierarchy level.

By default, you cannot execute unsigned Python scripts on Junos devices. To enable the execution of unsigned Python automation scripts that meet the requirements outlined in Requirements for Executing Python Automation Scripts on Junos Devices, you must configure the language python or language python3 statement at the [edit system scripts] hierarchy level.

To determine which op scripts are currently enabled on the device, display the files configured at the [edit system scripts op] hierarchy level.

To ensure that the enabled files are on the device, list the contents of the /var/run/scripts/op/ directory.

To execute the script, you can specify either the op script filename or the alias.

Example: Enabling an Op Script

To enable an op script:

  1. Ensure that the script is located in the correct directory:

    • /var/db/scripts/op directory on the hard disk

    • /config/scripts/op directory on the flash drive

  2. If you store scripts on the flash drive, configure the load-scripts-from-flash statement.

  3. For unsigned Python scripts, ensure that the following requirements are met:

    • File owner is either root or a user in the super-user login class.

    • Only the file owner has write permission for the file.

    • The language python or language python3 statement is configured at the [edit system scripts] hierarchy level.

  4. Enable the script.

    For example:

  5. (Optional) Configure an alias for the op script.

  6. Commit the configuration.

Related Documentation

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
16.1R3
Starting in Junos OS Release 16.1R3, unsigned Python scripts must be owned by either root or a user in the Junos OS super-user login class, and only the file owner can have write permission for the file.