network-automation-scripts/backup2git.py at master · netmax79/network-automation-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
#!/usr/bin/python3
import pynetbox
import requests
import urllib3
import pexpect
import sys
import json
import gitlab
from datetime import date
today = str(date.today())

###############################################################################
#
# Set global variables
#
###############################################################################
# Netbox URL and Token
netbox_url = "https://HOST_OR_IP"
netbox_token = "TOKEN"
# Gitlab URL and Token
gitlab_url = "https://HOST_OR_IP"
gitlab_token = "TOKEN"
# SCP User, Password and Host (SCP host can be same like Netbox host)
scp_user = "USERNAME"
scp_pass = "PASSWORD"
scp_host = "HOST_OR_IP"
# Set User, Password and Enable to connect with SSH to devices
backup_user = "USERNAME"
backup_pass = "PASSWORD"
backup_enable = "ENABLE_PASSWORD"
# Set Gitlab project ID
project_id = PROJECT_ID


###############################################################################
def getDevicesFromNetbox():
  urllib3.disable_warnings()
  requests.packages.urllib3.disable_warnings()
  netbox = pynetbox.api(
    url = netbox_url,
    token = netbox_token,
    threading = True
  )
  netbox.http_session.verify = False

  # init empty device array
  devices_netbox = []

  #
  # Build a list with Core-Switches
  # Note: The filtering by role depends on the roles defined in netbox
  #
  # the list needs at minimum the following information:
  # device / site / hostname / status / ipv4 address
  # device: used to determine the device and what CLI commands are required to start a backup
  # site: used to build a directory structure in gitlab project
  # hostname: the hostname of the device to build .cfg
  # status: to determine if device can be backed up or is out of it
  # ipv4: IP address to connect to the device

  core_switch = netbox.dcim.devices.filter(role='net-core-switch')
  for i in range(0, len(core_switch)):
    data = netbox.dcim.devices.get(name = core_switch[i])
    hostname = str(data).split(":")
    hostname = hostname[0]
    device_details = ["switch", str(data.site), hostname, str(data.primary_ip), str(data.status)]
    devices_netbox.append(device_details)

  access_switch = netbox.dcim.devices.filter(role='net-access-switch')
  for i in range(0, len(access_switch)):
    data = netbox.dcim.devices.get(name = access_switch[i])
    hostname = str(data).split(":")
    hostname = hostname[0]
    device_details = ["switch", str(data.site), hostname, str(data.primary_ip), str(data.status)]
    devices_netbox.append(device_details)

  wifi_controller = netbox.dcim.devices.filter(role='net-wireless-lan-controller')
  for i in range(0, len(wifi_controller)):
    data = netbox.dcim.devices.get(name = wifi_controller[i])
    hostname = str(data).split(":")
    hostname = hostname[0]
    device_details = ["wificontroller", str(data.site), hostname, str(data.primary_ip), str(data.status)]
    devices_netbox.append(device_details)

  wan_firewall = netbox.dcim.devices.filter(role='net-wan-firewall')
  for i in range(0, len(wan_firewall)):
    data = netbox.dcim.devices.get(name = wan_firewall[i])
    hostname = str(data).split(":")
    hostname = hostname[0]
    device_details = ["wanfirewall", str(data.site), hostname, str(data.primary_ip), str(data.status)]
    devices_netbox.append(device_details)

  return devices_netbox

###############################################################################
def cliCiscoSwitch():
  try:
    print ("INFO: Connecting to device: " + hostname + " with IP: " + ipv4)
    sshconn = pexpect.spawn('ssh %s@%s' % (backup_user, ipv4))
    #sshconn.logfile = sys.stdout.buffer
    sshconn.timeout = 30

    sshconn.expect('.*assword:.*')
    sshconn.sendline(backup_pass)
    sshconn.expect('#')
    sshconn.sendline('term len 0')
    sshconn.expect('#')

    print ('INFO: Set exec banner')
    sshconn.sendline('conf t')
    sshconn.expect('#')
    sshconn.sendline('file prompt quiet')
    sshconn.expect('#')
    sshconn.sendline('banner exec ^')
    sshconn.sendline(today + ' - Config saved by backup2git')
    sshconn.sendline('^')
    sshconn.expect('#')
    sshconn.sendline('exit')

    print ('INFO: Executing write memory command')
    sshconn.sendline('wr mem')
    sshconn.expect('.*OK.*')

    print ('INFO: Executing copy run scp command')
    sshconn.sendline('copy run scp://' + scp_user + ':' + scp_pass + '@' + scp_host + '//tmp/' + hostname + '.cfg')
    sshconn.expect('.*copied.*')

    print ('INFO: Log out from device: ' + hostname + " with ip: " + ipv4)
    sshconn.sendline('logout')

  except pexpect.TIMEOUT:
    print ("ERROR: No login to device: " + hostname + " with ip: " + ipv4)
    pass

###############################################################################
def cliCiscoWirelessController():
  try:
    print ("INFO: Connecting to device: " + hostname + " with IP: " + ipv4)
    sshconn = pexpect.spawn('ssh %s@%s' % (backup_user, ipv4))
    #sshconn.logfile = sys.stdout.buffer
    sshconn.timeout = 30

    sshconn.expect('.*ser:.*')
    sshconn.sendline(backup_user)
    sshconn.expect('.*assword:.*')
    sshconn.sendline(backup_pass)
    sshconn.expect('>')
    print ('INFO: Executing save config command')
    sshconn.sendline('save config')
    sshconn.expect('(y/n)')
    sshconn.sendline('y')

    print ('INFO: set transfer parameters')
    sshconn.sendline('transfer upload datatype config')
    sshconn.expect('>')
    sshconn.sendline('transfer upload mode sftp')
    sshconn.expect('>')
    sshconn.sendline('transfer upload serverip ' + scp_host)
    sshconn.expect('>')
    sshconn.sendline('transfer upload filename ' + hostname + ".cfg")
    sshconn.expect('>')
    sshconn.sendline('transfer upload path /tmp/')
    sshconn.expect('>')
    sshconn.sendline('transfer upload username ' + scp_user)
    sshconn.expect('>')
    sshconn.sendline('transfer upload password ' + scp_pass)
    sshconn.expect('>')

    print ('INFO: Executing transfer upload start command')
    sshconn.sendline('transfer upload start')
    sshconn.expect('(y/N)')
    sshconn.sendline('y')
    sshconn.expect('successfully.')

    print ('INFO: Log out from device: ' + hostname + " with ip: " + ipv4)
    sshconn.sendline('logout')

  except pexpect.TIMEOUT:
    print ("ERROR: No login to device: " + hostname + " with ip: " + ipv4)
    pass

###############################################################################
def cliCiscoAsaFirewall():
  try:
    print ("INFO: Connecting to device: " + hostname + " with IP: " + ipv4)
    sshconn = pexpect.spawn('ssh %s@%s' % (backup_user, ipv4))
    #sshconn.logfile = sys.stdout.buffer
    sshconn.timeout = 30

    sshconn.expect('.*assword:.*')
    sshconn.sendline(backup_pass)
    sshconn.expect('>')
    sshconn.sendline('enable')
    sshconn.expect('.*assword:.*')
    sshconn.sendline(backup_pass)

    print ('INFO: Executing write memory command')
    sshconn.sendline('wr mem')
    sshconn.expect('.*OK.*')

    print ('INFO: Executing copy run scp command')
    sshconn.sendline('copy run scp://' + scp_user + ':' + scp_pass + '@' + scp_host + '//tmp/' + hostname + '.cfg')
    sshconn.expect('.*ource')
    sshconn.sendline()
    sshconn.expect('.*ddress')
    sshconn.sendline()
    sshconn.expect('.*sername')
    sshconn.sendline()
    sshconn.expect('.*ilename')
    sshconn.sendline()
    sshconn.expect('continue connecting')
    sshconn.sendline('yes')
    sshconn.expect('copied')
    sshconn.sendline('logout')

    print ('INFO: Log out from device: ' + hostname + " with ip: " + ipv4)
    sshconn.sendline('logout')

  except pexpect.TIMEOUT:
    print ("ERROR: No login to device: " + hostname + " with ip: " + ipv4)
    pass


###############################################################################
# Get the devices from Netbox
devices = getDevicesFromNetbox()

  # Use a for-loop to go through the devices and check in the configuration files
  for i in range(0, len(devices)):

    # Split list
    role = str(devices[i][0])
    location = str(devices[i][1])
    hostname = str(devices[i][2])
    ipv4 = str(devices[i][3])[:len(str(devices[i][3]))-3]
    status = str(devices[i][4])

    # If device is active and has a primary IPv4 address (ssh connect action)
    if status == "Active" and ipv4 != "N":

      # role is a switch
        if role == "switch":
          cliCiscoSwitch()
        # role is a wlc
        elif role == "wificontroller":
          cliCiscoWirelessController()
        # role is a firewall
        elif role == "wanfirewall":
          cliCiscoAsaFirewall()

    # handle list from netbox if device is missing ipv4 or if
    # device status is set to something else than active
    else:
      print ("WARN: device not set to active or IP missing")

    # If device is active and has primary IPv4 address (open file action)
    if status == "Active" and ipv4 != "N":
      # open config file and read it into a string variable
      try:
        content = open('/tmp/' + hostname + '.cfg').read()
      except:
        print ("ERROR: Cannot open file: " + hostname + ".cfg")

      urllib3.disable_warnings()
      requests.packages.urllib3.disable_warnings()
      gl = gitlab.Gitlab(gitlab_url, ssl_verify=False, private_token=gitlab_token)
      # authenticate
      gl.auth()
      # get gitlab project
      project = gl.projects.get(project_id)

      # try with a commit create if file does not exist on gitlab project
      try:
        data_create = {
          'branch': 'master',
          'commit_message': 'Initial commit of config file on ' + today + ' by backup2git',
          'actions': [
            {
              'action': 'create',
               'file_path': location + '/' + hostname + '.cfg',
               'content': open('/tmp/' + hostname + '.cfg').read(),
            }
          ]
        }
      except:
        print ("Cannot build commit create JSON")
        pass
      # If file exists, use commit update to check in new version of file
      try:
        data_update = {
          'branch': 'master',
          'commit_message': 'Update of config file on ' + today + ' by backup2git',
          'actions': [
            {
              'action': 'update',
              'file_path': location + '/' + hostname + '.cfg',
              'content': open('/tmp/' + hostname + '.cfg').read(),
            }
          ]
        }
      except:
        print ("Cannot build commit update JSON")
        pass