In my last post, I had covered a function I wrote that would backup all configurations of my devices in the lab environment. In this post, I will be applying several additional functions to this script to extend my usability as well as reduce the interaction required when redeploying the lab environment from scratch.
Referencing the update script (https://github.com/OfWolfAndMan/CCIE-Lab-Automation/blob/master/Automatelab.py), you will see that several functions have been added. I will cover each of these in enough detail below.
Function: main_menu_selection()
Writing a function to create a main menu is useful, especially if you plan on giving the user a choice of a task to run. Simply put, you choose an option from the numbers. If your number is out of the range, you will get an error and start at the beginning of the while loop instantiated. If you choose a valid option, it will run a certain function (Or exit, depending on the option).
Function: reinitialize_basehardening()
This script is supposed to be the first in initializing a standard configuration to all of the devices. As of this writing, the baseline&hardening script is written for the both the IOSv CSR routers.
First, the path variable identifies the folder that the baseline configuration resides in. Next, it uses that variable by changing to that directory. This is done using the os python library. Following that, you will see that it asks you if there is already a valid IP address configured (An in-band IP that can be SSHd to directly. You may choose yes or no. If no, it will execute the telnet_initial() script (Covered next). Next, the configuration file is opened in ‘r’ mode, which means read. Obviously. Each command is appended to a list structure, and then passed into the netmiko client (An SSH client that can send configuration sets structured in lists). One thing I encountered running this piece of it, I ran into an error in the “except” clause right below the client for error handling. Even though I received the error, the whole configuration had been successfully received, so I chose to ignore that for now using the keyword “pass”.
Function: telnet_initial()
You can probably guess what this does. An initial telnet configuration. Oh my! Using telnetlib python library, the function uses a telnet over serial connection, pushes several commands to get the device functional doing the following:
-Local username and password
-IP domain name, hostname, and SSH configuration
-Management interface configuration
That’s it. Once that’s done, your primary functions like baseline_hardening() and scenario_configuration() can run their magic.
Function: scenario_configuration()
This is, unquestionably, the most complex aspect of this script. Using INE’s lab scenarios (Although it is in the works to add Narbik’s stuff), I made a separate directory for all the scenarios. Just like in the baseline script, I change directory to where the scripts are contained.
This is where it gets a lot different. First, I use the os.listdir command to list all directories in the current folder (Scenario folders) and then use enumeration to create a tuple for each entry like so: (enum, folder). Next, I print the options in a set of three columns due to the fact I have 69 scenarios, and there’s not that much room on a usual screen to display all of them simultaneously. The user selects an option and python iterates through the devices and maps them to a file in that directory based on that device’s hash value in the dictionary at the top.
In the case a premium license is needed (CSR only), you may run the install_premium_license() function and install the license.
Keep in mind, for the premium license installation to work, you must be running IOS-XE version 3.12.0 or earlier. Anything after that will require a license request from Cisco. Using 3.12.0, you can take a snapshot after installing the license, and roll it back to that snapshot when it expires (Or just reinstall the VM, but I’m sure you’d prefer the former).
Once that is done, it will run the scenario scripts for each of the devices. At that point, your primary configuration is done for your lab environment, and the only thing you did to set all your devices up is select a couple of options. How awesome!
That’s it for now, folks.
Extensible&Automated 