Maruf Yunus, Lab Network Architect, Juniper Networks

Automating Junos Using BASH Scripts

Learning Bytes Operations
Maruf Yunus Headshot
A screenshot of a terminal window with code.

Juniper Learning Bytes: BASH scripts to automate Junos device changes

This short Learning Byte, hosted by Juniper’s Maruf Yunus, takes you step-by-step through the process of automating Junos administration with BASH, a powerful programming language for system administrators. 

Show more

You’ll learn

  • What BASH scripts are and the benefits of using them

  • How to create and run BASH scripts to configure Junos devices

  • The best thing about BASH, according to Maruf 

Who is this for?

Network Professionals Security Professionals

Host

Maruf Yunus Headshot
Maruf Yunus
Lab Network Architect, Juniper Networks

Resources

Transcript

0:00 [Music]

0:12 hello

0:12 uh welcome to juniper network's learning

0:14 byte uh my name is marufinus

0:17 i'm a lab architect within education

0:18 services lab team in this starting byte

0:21 i'm going to show you how to automate

0:23 journals using patch scripts okay so

0:26 what is bash scripts and and the

0:27 benefits of using this method

0:29 right so bash stands for

0:32 born again shell is actually a unique

0:35 shell and command line language

0:37 and it is installed by default on most

0:41 linux based distributions same thing

0:43 with the ssh

0:45 which is also available on almost all

0:47 linux based distributions

0:49 is familiar by most uh server

0:51 administrator

0:52 uh who are familiar with you know linux

0:54 servers you always need to use ssh and

0:56 bash is this a common thing

0:58 within the server admins and there is no

1:02 additional third-party tool is needed if

1:04 you want to automate junos with bash

1:07 in most cases you can just use bash and

1:08 ssh to do

1:10 many assistive admission administration

1:12 or configuration changes uh

1:14 that you want to do on a journal device

1:15 which i'll be showing you a little bit

1:17 and then you can expand always

1:18 you know based on your need so without

1:21 further ado i'm gonna

1:22 go to my server environment and show you

1:25 how i do

1:26 it so let me go to my server

1:29 so i have this uh linux server which is

1:32 running uh

1:33 centos right now uh so i think it's

1:36 running uh

1:37 right hand release this center seven

1:39 doesn't matter any linux description can

1:41 be used

1:41 ubuntu centos or whatever you you like

1:44 uh

1:45 you can use that uh to perform this task

1:48 i have two

1:48 vmx routers on my environment so these

1:52 are

1:52 vmx1 i call it

1:55 which is configured with passwordless

1:58 key based authentication so basically

2:02 uh you can do that by following uh we

2:05 have a separate video

2:06 to demonstrating how to do that and also

2:08 you can google it up or

2:09 even juniper known as base has some

2:11 article about that so

2:13 if you are managing a lot of uh devices

2:16 you can configure

2:17 a public key based authentication

2:18 without so that you don't have to

2:20 go through the login prompt every single

2:22 time and you know

2:24 enter the password it's very handy for

2:26 automation tasks

2:27 this device is configured with that and

2:30 you know right now uh you know it has

2:33 this uh

2:34 ssh key authentication created and i

2:37 have ssh services enabled as well so

2:39 that's important

2:40 as well for bash scripts to be able to

2:43 log into this device and perform

2:45 tasks automation tasks so i have ssh

2:48 authentication enabled with no password

2:50 authentication so this one doesn't

2:52 accept a password-based authentication

2:53 it's going to only accept key based

2:55 application

2:56 for this vmx okay and what i'm going to

2:59 be doing is add a name server entry into

3:01 this

3:02 vmx as well as the description to an

3:04 interface which i will show you pretty

3:05 soon

3:06 and the other one that i have the other

3:08 router that i have is bmx 2 it's called

3:11 bmx2

3:12 and that one request password so that i

3:13 kept it as with password

3:15 to show you that this script will be

3:17 able to handle uh you know you can use

3:19 the skip to

3:20 also uh connect to uh juno's device that

3:24 has

3:24 uh you know password-based

3:26 authentication and in that case the only

3:28 downside is you have to i have to enter

3:30 password right when it asks for that

3:32 and then the commands will be run

3:34 through bash

3:35 okay so uh just to show you both

3:37 scenarios

3:38 and i'm gonna show you my script here

3:40 and it's called update

3:42 devices ssh so i created this update

3:45 device

3:46 update uh devices shell script uh

3:49 using uh you know editor and you can use

3:51 vi or g80 whatever you want to do

3:53 so this kit basically tells in the first

3:55 time it's a bash script right

3:57 and these are my devices i have two

3:59 devices vmx1 and vmx2

4:02 and the commands that i want to run on

4:03 this uh two devices okay

4:06 is basically go to the configuration

4:07 mode uh because

4:10 i need to go to configuration module

4:12 change the configuration and then

4:13 semicolon basically send the next

4:15 command is going to be

4:17 set system name server with my name

4:19 server ip

4:20 and then semicolon the next command i'll

4:22 be running is set interfaces

4:24 you know g000 description is isp

4:27 interface so that nobody deletes that so

4:29 add a description there and then i will

4:31 just show compare

4:33 uh to see what i'm changing and then

4:35 commit okay

4:36 that's it that's what this script is

4:37 gonna do and it's gonna go to both of

4:39 these uh

4:40 routers connect to both these routers to

4:42 ssh

4:43 and then run these commands so think

4:46 about if i had 10 devices i could do the

4:48 same thing with 10 devices

4:49 right right now i'm doing a sequential

4:51 mode but you can do with the

4:53 background mode as well by putting an

4:54 ampersand but i'm going to do sequential

4:56 mode

4:56 uh you know to save uh so i can kind of

4:59 moderate

4:59 uh easily so that's exactly what the

5:02 skip is going to do is going to loop

5:03 through these devices

5:05 variable which will have these two

5:07 devices and then

5:09 for each uh device it's gonna go through

5:11 the

5:12 uh ssh and then run the command okay you

5:15 could also put a device in a

5:17 listing if in a file we could read

5:20 through bash

5:21 if you learn more about bash you can you

5:23 know go more advanced

5:24 but this is very simple uh way to do it

5:27 okay and the best thing about bash is

5:29 basically

5:29 you know you can you can run automation

5:31 just you know quick and dirty like you

5:33 know ad hoc

5:34 says you have something you need you

5:35 don't want to learn

5:37 anything else you don't know ansible or

5:38 any other tools

5:40 you just want to get it done right get

5:41 your job done you can you can do it

5:43 through this method

5:44 in many cases obviously if you have a

5:45 very large environment

5:47 we suggest you know you go for some

5:49 advanced automation tool like ansible

5:51 or anything else okay so i'm going to

5:53 close it out now actually

5:56 save it because i think i may change

5:59 save it

6:00 okay so uh let me clear my screen and

6:03 i'm going to run the script

6:04 so once i create the script i have to

6:06 make sure the script executable and you

6:08 can do that by doing shimod

6:10 755 update that makes this script

6:13 executable

6:14 and then to run it i just do like this

6:16 on the device

6:18 okay so it's gonna work on the as you

6:20 see it's just it's running

6:22 uh working on vmx1 it made the change

6:25 commit complete and then i can go

6:28 my bmx2 which is gonna ask my password

6:31 and it's gonna do the same thing

6:33 done okay so now i'm gonna go to both

6:36 devices and see that

6:38 uh verify if i if it did is task

6:42 configuration let's see if my uh

6:47 name server is there there you go name

6:49 server is there

6:50 i make sure g00 yes it added that

6:53 description

6:54 now let me go back to the other one

6:56 think about typing this

6:57 in both router manually right it will

6:59 take some time if you have 10 of those

7:02 it may take a long time right and as i

7:04 say

7:05 you can go way advanced with this

7:08 same approach if you want to be advanced

7:10 right so you can do all

7:12 kind of stuff so yeah it did it in both

7:14 the cases so it added a description

7:16 and the service added cool there you go

7:19 so i hope

7:20 this video helps and thank you for

7:22 watching

7:24 visit the juniper education services

7:26 website

7:27 to learn more about courses view our

7:30 full range of classroom

7:31 online and e-learning courses

7:35 learning paths industry segment and

7:37 technology specific

7:39 training paths juniper networks

7:42 certification program

7:43 the ultimate demonstration of your

7:45 confidence and

7:46 the training community from forums to

7:49 social media

7:50 join the discussion you

Show more

Next in the series

Watch
16:05
The still image shown is of a black background with white type from a computer programming page. It is a still from the demo showing how to configure data center EVPN-VXLAN. It shows paths and many numbers.
Configuring Data Center EVPN-VXLAN Learning Bytes Data Center
SaveRemove
Watch
13:39
The still image is from the demo and shows a black computer screen with white computer code from top to bottom of the page.
Configuring Data Center ESI LAG Learning Bytes Data Center
SaveRemove
Watch
16:23
Screenshot is from Zach Gibbs demo, showing white code on top of a black screen, as the EVPN-VXLAN verification process is taking place. Words like “input packets” and “output packets” and “VXLAN endpoint type” are shown with data. The bottom paragraph is highlighted in blue.
Seamless EVPN-VXLAN Stitching – Verification Learning Bytes Data Center
SaveRemove
Watch
8:08
Screenshot showing a command line interface connected to a Juniper VMX device. 
Passwordless Public Key-based Encrypted SSH Authentication on Junos Learning Bytes Operations
SaveRemove
Watch
14:41
Image is of a black computer screen with lines and lines of code in white.
Deploying vRR on EVE-NG Community Edition Learning Bytes Operations
SaveRemove
Watch
13:41
The still image is a screenshot of the MAC VRF verification process on a desktop computer. It’s a black computer screen with white code from top to bottom. Part of the parameters have been highlighted in blue by the presenter, Zach Gibbs, Content Developer, Juniper Networks.
Verifying MAC VRF – Isolated Tenants External Interconnect Route Leaking Learning Bytes Data Center
SaveRemove
Watch
14:34
The still image is a screenshot of the MAC VRF configuration process on a desktop computer. It’s a black computer screen with white code from top to bottom.
Configuring MAC VRF – Isolated Tenants External Interconnect Route Leaking Learning Bytes Data Center
SaveRemove
Watch
8:17
The still image is a screen from Zach Gibbs’ demo, it features a black computer screen with white computer code from top to bottom of the page.
Configuring a Data Center Overlay - IBGP Learning Bytes Data Center
SaveRemove
Watch
11:55
The image is a still from the demo in action. It’s a black computer screen with white code going down the left-hand side of the screen. Words and numbers are shown. The word neighbor is often used next to long digit numbers like 192.168.100.12. Then it says, “Master edit protocols bgp group DC_overlay” and so on like this, returning to neighbor and then back to master.
Configuring a Data Center Overlay - EBGP Learning Bytes Data Center
SaveRemove