Published 10月 11, 2018 by with 1 comment

08 - Using SSH in Python - v3


我試著用Python在Cisco設備上做些事.
這個練習是用Python去SSH登入Cisco設備.
下面程式能做到:
1. SSH(可自選port).
2. 登入的設備清單用另外一份使用者自訂的文件導入(txt).
3. 登入的設備清單的文件位置, 使用者可自行指定.
4. 自動輸入SSH的帳密.
5. 設定指令用另外一份使用者自訂的文件導入(txt).
6. 設定指令的文件位置, 使用者可自行指定.
7. show的輸出結果用另外一份文件輸出(txt).
8. 當SSH time-out, 能跳過該設備, 讓設定繼續下去, 並產生一文件(Unreachable_IP.log)
9. 當SSH 認證失敗, 能跳過該設備, 讓設定繼續下去, 並產生一文件(Auth_Failed.log)

範例檔我是參考:
https://github.com/ktbyers/netmiko
https://pynet.twb-tech.com/blog/automation/netmiko.html

首先先建立一個switches清單(SW_List.txt),
內容是switch IP, 如下範例.
192.168.80.201
192.168.80.202
192.168.80.203
192.168.80.204

再建立一個設定指令文件(show.txt),
如下範例.
terminal length 0
show cdp neighbors
show mac address-table
show running-config

用Notepad++打下列的程式碼,
另存為PY_SSH_Cisco_v3.py. 我附上中文注釋方便好讀.
# -*- coding: UTF-8 -*-
# http://juilin77.blogspot.com/
# v20181011
# 下面程式能做到:
# 1. SSH(可自選port).
# 2. 登入的設備清單用另外一份使用者自訂的文件導入(txt).
# 3. 登入的設備清單的文件位置, 使用者可自行指定.
# 4. 自動輸入SSH的帳密.
# 5. 設定指令用另外一份使用者自訂的文件導入(txt).
# 6. 設定指令的文件位置, 使用者可自行指定.
# 7. show的輸出結果用另外一份文件輸出(txt).
# 8. 當SSH time-out, 能跳過該設備, 讓設定繼續下去, 並產生一文件(Unreachable_IP.log)
# 9. 當SSH 認證失敗, 能跳過該設備, 讓設定繼續下去, 並產生一文件(Auth_Failed.log)

import sys
import socket
from netmiko import ConnectHandler
from netmiko.ssh_exception import NetMikoTimeoutException, NetMikoAuthenticationException

sw_file = sys.argv[1]
cmds_file = sys.argv[2]

# 打開一個參數sys.argv[1]所列的IP address.
with open(sw_file) as sw_ip_file:

    # 從sw_file依次提取IP address.
    for sw_ip_line in sw_ip_file.readlines():
        sw_ip = sw_ip_line.strip()
    
        # 設定SSH登入Cisco設備的參數.
        cisco_ios = {
            "device_type": "cisco_ios",
            "ip": (sw_ip),
            "username": "cisco",
            "password": "cisco123",
            "port" : 22,            # optional, defaults to 22
            "secret": "secret",     # optional, defaults to ""
            "verbose": False,       # optional, defaults to False
        }
        # SSH登入開始, 每一IP一個個登入
        all_devices = [cisco_ios]
        for devices in all_devices:
            try:
                print("Starting SSH to Cisco_IOS: " + devices["ip"])
                net_connect = ConnectHandler(**cisco_ios)

            # 當SSH time-out, 跳過該IP, 並產生一文件"Unreachable_IP.log"記錄該IP.
            except NetMikoTimeoutException:
                print("Device is not reachable: " + devices["ip"] + "\n")
                with open("Unreachable_IP.log", "a", newline="") as unreach:
                    unreach.write(devices["ip"] + "\n")
                continue

            # 當SSH 認證失敗, 跳過該IP, 並產生一文件"Auth_Failed.log"記錄該IP.
            except NetMikoAuthenticationException:
                print("Authentication Failed: " + devices["ip"] + "\n")
                with open("Auth_Failed.log", "a", newline="") as auth_f:
                    auth_f.write(devices["ip"] + "\n")
                continue
    
            # 打開一個參數sys.argv[2]所列的指令.
            with open(cmds_file) as cmd_file:
                # 根據cmds_file的指令, 逐一執行, 並輸出執行結果
                for cmd_line in cmd_file:
                    cmds = cmd_line.strip()
                    print ("Runing Show Commands: " + cmds)
                    cmds_output = net_connect.send_command(cmds)
                    print(cmds_output)
                
                    # 產生一個檔案叫SW_BK_{IP}.txt, 有追加(a)權限.
                    # newline=""是解決Windows換行符問題使用, Linux 不用這參數.
                    with open("SW_BK_" + devices["ip"] + ".log", "a", newline="") as saveoutput:
                    # 把Switch每一行的輸出寫進SW_BK_{IP}.log
                        saveoutput.write(f"#{cmds}\n{cmds_output}\n")

然後我用Web-IOU去建一個測試環境.


以下是預先需要設定的指令:
hostname MGMT_SW01
!
enable secret cisco123
!
no ip domain lookup
!
username cisco privilege 15 password cisco123
!
interface vlan 1
 ip address 192.168.80.201 255.255.255.0
 no shutdown
!
line vty 0 4
 logging synchronous
 login local
 transport input all
!

# 我故意把其中一台SW3交換機修改IP(192.168.80.213), 把另外一台SW4交換機修改password
hostname SW(01-04)
!
enable secret cisco123
!
no ip domain lookup
!
username cisco privilege 15 password cisco123
!
interface vlan 1
 ip address 192.168.80.(201-204) 255.255.255.0
 no shutdown
!
line vty 0 4
 logging synchronous
 login local
 transport input all
!

然後用Windows的cmd, 執行python.
注意這邊就要先後帶上兩個參數.
第一個是switches清單(SW_List.txt),
後面一個設定指令文件(show.txt).
D:\Tech\Python\PY_Cisco>python "PY_SSH_Cisco_v3.py" SW_List.txt show.txt
Starting SSH to Cisco_IOS: 192.168.80.201
Runing Show Commands: terminal length 0

Runing Show Commands: show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
MGMT_SW01.peter.net
                 Eth 0/0           121              R S   Linux Uni Eth 1/0
Runing Show Commands: show mac address-table
          Mac Address Table
.
.
中略
.
.
   1    aabb.cc00.0100    DYNAMIC     Et0/0
Total Mac Addresses for this criterion: 2
Runing Show Commands: show running-config
Building configuration...

.
.
中略
.
.
end

Starting SSH to Cisco_IOS: 192.168.80.202
Device is not reachable: 192.168.80.202

Starting SSH to Cisco_IOS: 192.168.80.203
Authentication Failed: 192.168.80.203

Starting SSH to Cisco_IOS: 192.168.80.204
Runing Show Commands: terminal length 0

Runing Show Commands: show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
MGMT_SW01.peter.net
                 Eth 0/0           151              R S   Linux Uni Eth 1/3
Runing Show Commands: show mac address-table
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    0050.56c0.0008    DYNAMIC     Et0/0
   1    aabb.cc00.0100    DYNAMIC     Et0/0
Total Mac Addresses for this criterion: 2
Runing Show Commands: show running-config
Building configuration...

Current configuration : 952 bytes
!
version 15.1
.
.
中略
.
.
!
end


D:\Tech\Python\PY_Cisco>

完成

Check:


參考資料:
1. 05 - Install Paramiko and Netmiko on Windows
http://juilin77.blogspot.com/2018/10/05-install-paramiko-and-netmiko-on.html

2. 12 - Using SSH in Python - v4
https://juilin77.blogspot.com/2019/05/12-using-ssh-in-python-v4.html

3. 07 - Using SSH in Python - v2
https://juilin77.blogspot.com/2018/10/07-using-ssh-in-python-v2.html

4. 06 - Using SSH in Python - v1
https://juilin77.blogspot.com/2018/10/06-using-ssh-in-python-v1.html

最初發表 / 最後更新: 2018.10.11 / 2019.05.16

1 則留言:

  1. 彼得,我不明白为什么创建文件SW_List.txt,因为我没有在代码中使用它。 我使用命令sw_file = sys.argv [1],但我不知道它是如何获得IP地址的。

    回覆刪除