Copy&Waste

Pexpect, Python, and Managing Devices -- Tratto

A few months ago I decided to write a web application that would essentially run like RANCID, I named it "tratto." Since then I decided that it would be better to nail down a basic python framework first, then integrate it into say.. a django application. In all of my years as an engineer I had never leveraged expect to accomplish simple and repetitive tasks. I am a recent python "convert" and wanted to write a simple app that could be used as a framework for managing and monitoring network connected devices and hosts. Tratto uses pexpectto connect and parse ssh and telnet sessions. This framework provides an easy way to connect to remote devices and issue commands and store the output. I also wanted an easy way to "extend" this framework and be able to add ways to connect to any operating system (or at least use default shell behavior as a baseline). I manage a wide variety of devices and I wanted to support at least the default implementations of Cisco IOS, OpenBSD, Mac OS X, and Aruba OS. Here is how you would add an operating system's parameters to Tratto (Systems.py):

class ArubaOS(OperatingSystem):
	'''aruba configs'''
	PROMPTLINE	='#'
	PAGINATES 	=True
	DISABLE_PAGINATION = 'terminal length 0'
	GET_CONFIG	="show run"

There are 3 files included in Tratto right now:

1. Connectivity.py -- This is a class which manages sessions using pexpect
2. Systems.py -- This is the class which manages all the operating parameters
3. driver.py -- This is an example file of how to use Tratto to fetch whatever info you want

Here is an example of how to use the framework to connect to devices and issue commands:

#!/usr/bin/env python

import Connectivity
import Systems

#telnet to a cisco switch
m = Systems.OperatingSystems['IOS']
s = Connectivity.Session("192.168.6.1",23,telnet,m)
s.login("akonkol", "mypass")
s.sendcommand("show ver")
s.sendcommand("show clock")
s.sendcommand("show run")
s.logout()

#ssh to a apple machine
m = Systems.OperatingSystems['OSX']
s = Connectivity.Session("127.0.0.1",22,"ssh",m)
s.login("akonkol", "mypass")
#sendcommand will echo response by default, you can store that
#response in a variable if you wish
result = s.sendcommand("df -h")
print result
s.getversion()
s.logout()

#ssh to openbsd box
m = Systems.OperatingSystems['OBSD']
s = Connectivity.Session("192.168.5.1",22,"ssh",m)
s.login("akonkol", "mypass")
print s.sendcommand("cat /etc/passwd")
print s.sendcommand("arp -a")
s.logout()

The Future

With Tratto you can technically pull information from any networked device and use that data for whatever you please. Current ideas are integrating Tratto into

• a config repository application with a web frontend (like RANCID)
• a network mapping application using cdp neighbors
• monitoring platform which performs different commands based on certain scenarios ("show interfaces" when IP SLA shows latency)

This is my first attempt at releasing python software, so if you think something could be better let me know. Download Tratto

Tratto London (Revision): Escalate Privileges

Two years ago I wrote a script that you could use to send commands to telnet/ssh enabled devices called tratto.  Since then I have changed jobs and with new jobs comes new enviornments.  I can no longer send commands like "show run" without sending the enable command (enable is like the 'su' of unix).  I re-visited my code... which is always an entertaining.  Anyway, I added an "escalateprivileges" command and added a string to the Systems object so you can store what the escalation command is for different operating systems.

You can download it here or via github

Connectivity.py

        def escalateprivileges(self, escalated_password=None):
                escalated_password = escalated_password
                if self.connected:
                        self.connection.sendline(self.operatingsystem.ESCALATE_COMMAND)
                        i = self.connection.expect(r"(?i)password[\s:]+")
                        if i==0:
                                self.connection.sendline(escalated_password)
                                i = self.connection.expect(self.operatingsystem.PROMPTLINE)
                                if i==0:
                                        if("denied" in self.connection.before):
                                           print "***Escalation FAILED***"
                                           print self.connection.before
                                        else:
                                           print "***Escalation Successful***"
                else:
                        raise SessionError("***Not Connected***")

Systems.py

class OperatingSystem(object):
        ESCALATE_COMMAND=''
        PAGINATES       =False
        VERSION         =''
        PROMPTLINE      =''

..

class CiscoIOS(OperatingSystem):
        '''cisco ios'''
        PROMPTLINE      = r'[-\w]+[>#]'
        GET_CONFIG      ='show running-config'
        PAGINATES       =True
        VERSION         ='show version'
        DISABLE_PAGINATION = 'terminal length 0'
        ESCALATE_COMMAND='enable'
...

Example usage:

#!/usr/bin/env python

import Connectivity
import Systems

#telnet to a cisco switch

m = Systems.OperatingSystems['IOS']
s = Connectivity.Session("10.10.1.1",23,"telnet",m)
s.login("akonkol", "mypassword")
s.escalateprivileges('myenablepassword')
#s.sendcommand("show ver")
s.sendcommand("show clock")
s.sendcommand("show run")
s.sendcommand("show start")
s.logout()

Spur - Network Configuration Manager

I've been developing a web front-end for tratto.  This front end is called spur and allows you to run commands on any ssh/telnet available device and store the outputs.

• Web configured cron jobs
• Any command set
• Define your own operating systems
• Run diff's on command outputs
• Since you can run any command you can do things like backup configurations from cisco routers and switches
• Get alerts on outputs, diffs, and failures
• Synatx highlighting

I'm looking to release this for free via github in the near future.  Meanwhile here are some screenshots: