Friday, March 29, 2013

JunOS Script Health Check

For my first technical post, I figure I'd share a bit of newly acquired know-how with regard to JunOS script. Often, upon logging into a router, it's good to know a bit of information, whether that login is for troubleshooting or normal configuration and provisioning. For me, the things that I care about knowing first are:

  • How long has the router been up
  • Who is logged in now
  • When was the last commit
  • Is anything broken
    • Chassis/System Alarms
    • Physical Interfaces down
    • LDP neighbors down
    • OSPF neighbors down
    • BGP Peers down
    • L2Circuits Down
I thought to myself, this is the perfect time for a login-script, and an easy opportunity to break into JunOS Scripting. So how do we get to the point, where, on login, the script outputs the health-check. It's actually not too difficult. First, we need to load the script onto the router. This can be accomplished by copying the script over using SCP or FTP. Next, we need to add it as an op script:

cstewart@router# set system scripts op file login-script.slax 

[edit]
cstewart@router# show system scripts 
op {
    file login-script.slax;
}

Finally, we need to add the script to the login-class for the users that we want to have see this information.
cstewart@router# set system login class network-manager login-script login-script.slax permissions all 

After these changes are committed, we can test the command by calling the op script directly. Now, I'll caveat this with a warning that I am by no means a programmer, so, for revision 1, my target output was this, when there is a lot broken.

cstewart@router# run op login-script                                   
Minor ALARM - Rescue configuration is not set
LDP Configured and down on fe-0/0/7.0
OSPF Configured and down on fe-0/0/7.0
BGP Peer Down Peer@192.168.254.1 is down
L2Circuit to 192.168.253.1 on fe-0/0/7.0(vc 123) is down due to status NC
Physical Interface fe-0/0/7 is Admin Up and Operationally Down to MPLS Network
System Uptime is 7 days, 15:05
cstewart is currently logged in from 192.168.1.4 since 10:39AM
Last commit was 2013-03-29 10:45:21 UTC by: cstewart

Now, when things are going well, you would see an output like this:
cstewart@router# run op login-script                             
System Uptime is 7 days, 15:15
cstewart is currently logged in from 192.168.1.4 since 10:39AM
Last commit was 2013-03-29 10:56:07 UTC by: cstewart

So, without any further adieu, here is the script, free as in beer, for you to use and modify. Hopefully it helps you and your team.

version 1.0;
/*
Version 1.0 of the login-script that does a quick health check
*/

ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";

import "../import/junos.xsl";


match / 
{
<op-script-results> {

var $query0 = { <command> 'show chassis alarms'; }
var $result0 = jcs:invoke($query0);              
<alarm-information> {
for-each($result0) { 
if ($result0/alarm-detail/alarm-class != '') {
<output> $result0/alarm-detail/alarm-class _' ALARM - ' _$result0/alarm-detail/alarm-description; 
}
}

var $query1 = { <command> 'show system alarms'; }
var $result1 = jcs:invoke($query1);
<alarm-information> {
for-each($result1) { 
if ($result1/alarm-detail/alarm-class != '') {
<output> $result1/alarm-detail/alarm-class _' ALARM - ' _$result1/alarm-detail/alarm-description; 
}
}
var $query2 = { <command> 'show ldp interface'; }
var $result2 = jcs:invoke($query2);              
<ldp-interface-information> {
for-each($result2/ldp-interface[ldp-neighbor-count=='0']) { 
<output> 'LDP Configured and down on ' _$result2/ldp-interface/interface-name; 
}

var $query3 = { <command> 'show ospf interface'; }
var $result3 = jcs:invoke($query3);              
<ospf-interface-information> {
for-each($result3/ospf-interface[neighbor-count=='0']) { 
<output> 'OSPF Configured and down on ' _$result3/ospf-interface/interface-name; 
}

var $query4 = { <command> 'show bgp summary'; }
var $result4 = jcs:invoke($query4);              
<bgp-information> {
for-each($result4/bgp-peer[peer-state!='Established']) { 
<output> 'BGP Peer ' _$result4/bgp-peer/description _'@' _$result4/bgp-peer/peer-address _' is down'; 
}

var $query5 = { <command> 'show l2circuit connections down'; }
var $result5 = jcs:invoke($query5);              
<l2circuit-connection-information> {
for-each($result5/l2circuit-neighbor/connection[connection-status!='Up']) { 
<output> 'L2Circuit to ' _$result5/l2circuit-neighbor/neighbor-address _' on ' _$result5/l2circuit-neighbor/connection/connection-id _' is down due to status ' _$result5/l2circuit-neighbor/connection/connection-status; 
}

var $query6 = { <command> 'show interfaces terse'; }
var $result6 = jcs:invoke($query6);  
<interface-information> {
for-each ($result6/physical-interface) { 
if ((admin-status=='up') && (oper-status=='down')) { 
<output> 'Physical Interface ' _name _' is Admin Up and Operationally Down to '_description; 
}
}
}

var $query7 = { <command> 'show system users'; }
var $result7 = jcs:invoke($query7);              
<system-users-information> { 
<output> 'System Uptime is ' _$result7/uptime-information/up-time; 
for-each($result7/uptime-information/user-table/user-entry) { <output> user _' is currently logged in from ' _from _' since ' _login-time; 
}

var $query8 = { <command> 'show system commit'; }
var $result8 = jcs:invoke($query8);
<commit-information> { 
<output> 'Last commit was ' _$result8/commit-history/date-time _' by: ' _$result8/commit-history/user; 
}
}
}




Enjoy!

-Chip

1 comment:

  1. I know this page is old but it comes up in Google search for JunOS health check script still so I'm adding a comment to help other people that might see this.
    -----------------------------------
    Thanks for the script - It's actually broken here but I fixed it and changed it around a little here:

    https://github.com/Rboldy/JunOS-Scripts/blob/master/snapshot.slax

    ReplyDelete