I'm new to python script and netmiko module. This is my first python script, so bear with me if it's a big mess. I'm trying to do semi-automatic upgrade for active/standby Cisco ASA pair but not sure if this is going to work smoothly. Can somebody check my script and give me some guidelines and ideas to make it better? (maybe tell me where commands might fail or something). By the way, I'm manually transferring firmware file to ASA for now
concern1: not entirely sure how relay_factor works(step#5). After running 'failover reload-standby', I want to wait like 10 seconds before I run next commnads in case standby ASA status doesn't change right away
concern2: not sure about While loop (step#6). What I want to accomplish is keep checking status until it's 'Standby Ready', only then fail over. But I want to check the status every 5~10 seconds, so that's what delay_factor in the loop for.
concern3: After failover(step#7,10), usually ssh connection disconnects. sending commands will re-establish ssh to new active asa?
concern4(optional): At step#5, i want to abort the whole script if boot command didn't update. I can't think of a way.
Thanks everyone in advance for ideas and help.
from __future__ import print_function from datetime import datetime from netmiko import ConnectHandler import re #Define ASA asa001 = { 'device_type': 'cisco_asa', 'ip': 192.168.1.1, 'username': 'user', 'password': 'pass', 'secret': 'secret', } # 1. ssh connection net_connect = ConnectHandler(***asa001) # 2. Specify new asa files new_asa_file = 'asa983-8-lfbff-k8.SPA' # 3. Check current boot commands net_connect.enable() current_boot = net_connect.send_command('show run boot system') print('Current boot command is: ' + current_boot) # 4. Remove current boot & set new boot net_connect.config_mode() net_connect.send_command('no ' + current_boot) net_connect.send_command('boot system disk0:/' + new_asa_file) new_boot = net_connect.send_command('show run boot system') print("New boot command is set as: " + new_boot) # 5. Check if boot variable has been updated, only then save config, reload standby. Delay after reload #If boot hasn't been updated, close ssh session and update manually. Fix script. if (new_boot == current_boot): print('Boot command did NOT run properly. Upgrade manually for now') net_connect.disconnect() print('SSH disconnected') else: net_connect.send_command('write mem') net_connect.exit_config_mode() net_connect.send_command('failover reload-standby') net_connect.send_command('\n', delay_factor=5) # 6. Loop: keep checking until standby status becomes ready print('Watching Secondary standby status...') while True: ready = net_connect.send_command('show failover | i Other host') w = re.search('Secondary - (.+?)',ready) print('Current standby status is ' + w) net_connect.send_command('\n', delay_factor=5) if (w == "Standby Ready"): break # 7. Failover once passive ASA is reloaded/upgraded. This cuts off current SSH session net_connect.send_command('no failover active') print('Failing over...') # 8. Check if it's failed over, then reload now passive(previous active) firewall prompt = net_connect.find_prompt() if (prompt == 'CDYVRNFIR001/sec/act#'): net_connect.send_command('failover reload-standby', deplay_factor=5) # 9. keep checking until standby status for Primary ASA becomes ready print('Watching Primary standby status...') while True: ready = net_connect.send_command('show failover | i Other host') w = re.search('Primary - (.+?)',ready) print('Current standby status is ' + w) if (w == "Standby Ready"): break # 10. Fail back after upgrade. net_connect.send_command('no failover active') image = net_connect.send_command('show version | i disk0:') file = re.search('disk0:/(.+*)"',image) if (file == new_asa_file): print('Upgrade Success!')
No comments:
Post a Comment