How to upgrade JunOS remotely via NETCONF

In this post I would like to explain how to upgrade JunOS on a router remotely. Imagine that you have dozens of routers and you would like to script it somehow. Below is a script I have written in python. I must say that it really took me some time to comprehend paramiko API but finally I wrote one which does really work. As you might have known, NETCONF is a fantastic protocol by which you can send RPC calls to remote devices. This script opens a netconf channel and sends these command inside this channel.

By using the predefined connection parameters, script opens the netconf channel and sends the command in variable SOFT_ADD which orders the device to fetch the software from JUNOS_URL and then upgrade it.

#!/usr/bin/python
# A script which upgrades JunOS remotely
import paramiko
import socket
import time
import sys

ROUTER_IP='172.16.1.1'
USERNAME='root'
PASSWORD='root123'
JUNOS_URL='http://172.16.1.3/junos-srxsme-11.1R3.5-domestic.tgz'

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(
    paramiko.AutoAddPolicy())

CLOSE = """

  
"""

SOFT_ADD = """

   
     """+JUNOS_URL+"""
     
     
     
     
   
"""

socket = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
socket.connect((ROUTER_IP,830))

trans = paramiko.Transport(socket)
trans.connect(username=USERNAME, password=PASSWORD)

#CREATE CHANNEL FOR DATA COMM
ch = trans.open_session()
name = ch.set_name('netconf')

#Invoke NETCONF
ch.invoke_subsystem('netconf')

#SEND COMMAND
ch.send(SOFT_ADD)

#Recieve data returned
data = ch.recv(2048)
while data:
   data = ch.recv(1024)
   print data,
   #if data.find('') == 0:
   if data.find('') != -1:
     #We have reached the end of reply
     ch.send(CLOSE)

ch.close()
trans.close()
socket.close()

Lets see this script in action; (because it is still a primitive one expect some errors in output but it does the job)

root@linux:~/sbin/netconf# python junos.py


  
    urn:ietf:params:xml:ns:netconf:base:1.0
    urn:ietf:params:xml:ns:netconf:capability:candidate:1.0
    urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0
    urn:ietf:params:xml:ns:netconf:capability:validate:1.0
    urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file
    http://xml.juniper.net/netconf/junos/1.0
    http://xml.juniper.net/dmi/system/1.0
  
  31018

]]>]]>






hup



/var/tmp/incoming-package.31020                       1742 kB 1742 kBps
Package contains junos-11.1R3.5.tgz ; renaming ...
Formatting alternate root (/dev/ad0s1a)...
/dev/ad0s1a: 299.7MB (613792 sectors) block size 16384, fragment size 2048
        using 4 cylinder groups of 74.94MB, 4796 blks, 9600 inodes.
super-block backups (for fsck -b #) at:
 32, 153504, 306976, 460448
Removing /var/tmp/junos-11.1R3.5.tgz
Installing package '/altroot/cf/packages/install-tmp/junos-11.1R3.5-domestic' ...
Verified junos-boot-srxsme-11.1R3.5.tgz signed by PackageProduction_11_1_0
Verified junos-srxsme-11.1R3.5-domestic signed by PackageProduction_11_1_0
Saving boot file package in /var/sw/pkg/junos-boot-srxsme-11.1R3.5.tgz
JUNOS 11.1R3.5 will become active at next reboot
WARNING: A reboot is required to load this software correctly
WARNING:     Use the 'request system reboot' command
WARNING:         when software installation is complete
Saving state for rollback ...


0


]]>]]>

Isn’t it cool? You can include multiple routers to ease upgrade operations or anything you want. If you want to do more, you can check paramiko API along with RPC call documentation to extend your scripts and do more stuff with it.

After I have written this post I have noticed that I forgot to mention to enable netconf protocol in JunOS. Here is the command;

junos# set system services netconf ssh
junos#commit