Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Store and Enable Junos Automation Scripts

To use a Junos automation script, you must copy the script to the Junos device and enable it in the configuration. , as described in the following steps. By default, scripts are stored in and executed from the /var/db/scripts directory on the device's hard disk under the subdirectory appropriate to the script type. You can also store scripts in flash memory in the /config/scripts directory under the subdirectory appropriate to the script type.

  1. Create the script.
  2. Copy the script to the appropriate directory on the device for that script type. Only users who belong to the Junos OS super-user login class can access and edit files in the script directories on a device running Junos OS.
    Table 1: Script Locations
    Script Type Hard Disk Location Flash Memory Location

    Commit script

    		 /var/db/scripts/commit /config/scripts/commit

    Event script

    		 /var/db/scripts/event /config/scripts/event

    Op script

    		 /var/db/scripts/op /config/scripts/op

    Snmp script

    		 /var/db/scripts/snmp /config/scripts/snmp
    Note:

    If the device has dual Routing Engines and you want to enable the script to execute on both Routing Engines, you can copy the script to the appropriate directory on both Routing Engines, or you can issue the commit synchronize scripts command to synchronize the configuration and copy the scripts to the other Routing Engine as part of the commit operation.

    Note:

    Junos OS supports using symbolic links for files in the script directories. However, the device will execute the script at the target location only if it is signed.

  3. For unsigned Python scripts, ensure that the scripts meet the following requirements:

    • File owner is either root or a user in the Junos OS super-user login class.

    • Only the file owner has write permission for the file.

    • The language python or language python3 statement is configured at the [edit system scripts] hierarchy level.

    Note:

    Starting in Junos OS Release 16.1R3, unsigned Python scripts must be owned by either root or a user in the Junos OS super-user login class, and only the file owner can have write permission for the file. Prior to Junos OS Release 16.1R3, unsigned Python scripts must only be owned by the root user.
    Note:

    To enable a user who does not belong to the file’s user or group class to execute an unsigned Python automation script, the script’s file permissions must include read permission for others.
  4. Enable the script by including the file filename statement at the appropriate hierarchy level for that script type.
  5. If you store scripts in and load them from flash memory, include the load-scripts-from-flash statement at the [edit system scripts] hierarchy level. For detailed information about storing scripts in flash memory, see Storing Scripts in Flash Memory.
  6. For Python event and SNMP scripts, configure the user under whose access privileges the script executes.

    • For event scripts:

    • For SNMP scripts:

    Note:

    If you do not configure the python-script-user statement, then by default, Junos OS executes Python event and SNMP scripts under the access privileges of the generic, unprivileged user and group nobody. Interactive Python scripts, such as commit and op scripts, run with the access privileges of the user who executes the command or operation that invokes the script.

    Note:

    Starting in Junos OS Release 16.1R3, you can execute unsigned Python commit, event, op, and SNMP scripts using the access privileges of authorized users. In Junos OS Release 16.1R2 and earlier releases, all unsigned Python automation scripts are executed using the access privileges of the user and group nobody.

  7. Commit the configuration.

Newly enabled commit scripts execute during the current commit operation. After the commit operation completes, enabled event scripts are loaded into memory and can be executed by an event policy that is triggered in response to system log events. For more information, see Executing Event Scripts in an Event Policy. After the commit operation completes, op scripts can be executed on the device. For more information, see Executing an Op Script on the Local Device.

Related Documentation

Release History Table
Release
Description
16.1R3
Starting in Junos OS Release 16.1R3, unsigned Python scripts must be owned by either root or a user in the Junos OS super-user login class, and only the file owner can have write permission for the file.
16.1R3
Starting in Junos OS Release 16.1R3, you can execute unsigned Python commit, event, op, and SNMP scripts using the access privileges of authorized users.