Using shell for automation tasks on Juniper SRX cluster

IDP DB updates on Juniper SRX cluster were a sequences of manual commands. (version Junos 11.4 and below).
Seearticle 1 and article 2.

There are many facilities for tasks automation with using:
- shell
- perl
- python
- JUISE
- and e.t.c

Full list. Below is example of task automation with using shell.

Solution consist of one script on every of two nodes which are executed by cron:
Don't forget to set X and Y in script for every of nodes.

di.sh (editing by vi)

#!/bin/sh
#download and install DB script
#check primary node
act_node=`/usr/sbin/cli show chassis cluster status | /usr/bin/grep nodeX | /usr/bin/awk '{print $3}'`
#where X node number that start script. For node0 set X=0 for node1 set X=1
     count=0
     #check for redundancy group 0
     for x in $act_node 
     do active_node=$x
     count=`expr $count + 1`
     if [ $count -eq 1 ]
         then
          break 1
     fi
     done
     if [ "$active_node" = "primary" ]
        then
        #check new version of IDP DB 
        chk_lver=`/usr/sbin/cli show security idp security-package-version node X | /usr/bin/grep Attack | /usr/bin/awk '{print $3}' | sed -e 's/version://g'` 
        #where X node number that start script. For node0 set X=0 for node1 set X=1
        chk_sver=`/usr/sbin/cli request security idp security-package download check-server | /usr/bin/grep "Version" | /usr/bin/awk '{print $2}' | sed -e 's/info://g'`
        if [ "$ch_lver" != "$chk_sver" ]        
        then
        /usr/sbin/cli request security idp security-package download
        /bin/sleep 3600
        chk_dstatus=`/usr/sbin/cli request security idp security-package download status | /usr/bin/grep "Successfully downloaded"`
          if [  ! -z "$chk_dsatus" ]        
          then
          /usr/sbin/cli request security idp security-package install node X 
          /usr/sbin/cli request security idp security-package install policy-templates node X 
          #where X node number that starts script. For node0 set X=0 for node1 set X=1
          /bin/rm -rf nodeY:/var/db/idpd/sec-download/*
          /bin/sleep 180
          /bin/rcp -r -T /var/db/idpd/sec-download/* node1:/var/db/idpd/sec-download/
          /bin/sleep 180
          /usr/sbin/cli request security idp security-package install node Y 
          /usr/sbin/cli request security idp security-package install policy-templates node Y                       
          #where Y second node number. For node0 that starts script set Y=1 for node1 set Y=0
          fi
        fi
     fi

Script must be placed to a directory /var/tmp on every of two cluster nodes.

Start script on every of cluster nodes by cron.
Primary node is node0 for the case below :

%chmod +x /var/tmp/di.sh
%crontab -e
1 3 * * * sh /var/tmp/di.sh

Enter to the second node:

%rlogin -Jk -T node1
%chmod +x /var/tmp/di.sh
%crontab -e
1 3 * * * sh /var/tmp/di.sh

If you try to automate task of editing of configuration you have to remember:
all commands of change configuration and command commit must be executed by one command (session).

Script Example:

#!/bin/sh
echo "configure
delete routing-instances EXT_ROUTER protocols bgp group ISP1 export ASPREPAND
set routing-instances EXT_ROUTER protocols bgp group ISP1 export ISP-out-deny
commit" | /usr/sbin/cli

Profile of the author