Network Change & Configuration Management

Reply
Highlighted
Accepted Solution

Force rediscovery on all devices in a group with REST API ?

Guru
Posts: 61
8419     0

We have a device group with just over 1800 devices that had their CLI credential changed over the past 2 weeks. 

The new credentials have been added to the list of possible credentials, but NetMRI doesn't seem to be running a rediscovery when the old credentials fail.

 

Does anyone have a python/REST script that will grab all the device ids in a group and add them to the discover next list?

 

Re: Force rediscovery on all devices in a group with REST API ?

Authority
Posts: 32
8420     0

 

It would certainly be possible to do this using the API, but you may want to consider some possibly faster/easier options as well...

 

1 - You can force NetMRI to re-guess CLI credentials by issuing the "reset cli" command in the admin shell.  That will reset the credentials for all devices, not just the ones in a particular group -- but it would be a quick way to ensure that re-guessing takes place.

 

2 - If you know which devices had their credentials changed, there is a way to bulk-import the correct credentials for those devices. This would be the equivalent of going into Device Viewer for each device and entering the correct credentials for that device, but accomplished in one step by importing a text file. Detailed instructions and a description of the file format are in this KB Article

 

That said, it is strange that you are not seeing "re-guessing" take place after the currently configured credentials fail.  Whenever a config collection or other CLI action fails due to an authentication failure, NetMRI would normally delete the currently "guessed" credentials for the device in question, causing "re-guessing" to take place shortly thereafter.  You may want to open a case with Support to look into this in greater detail.

 

 

Re: Force rediscovery on all devices in a group with REST API ?

Guru
Posts: 61
8420     0

As of this morning, ~650 devices were rediscovered with new credentials, however, the number of devices changed so far is closer to 1200.  NetMRI is eventually picking up the new cred, but not near fast enough for my liking.

 

I have written a python REST script to add the devices to the discover next list.  It set discover next on ~120 devices before an error killed the script.

Does the API support an auth cookie?  Passing username/password in every request is not very efficient, especially when making up to 4 requests per device across 1800 devices.

 

Re: Force rediscovery on all devices in a group with REST API ?

Adviser
Posts: 424
8420     0

You might want to look at /api/3/basic_services/docs#authenticate

 

I think John mention this before, I've never used it before, but I will be testing it when I get some time.

 

Sif

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

Re: Force rediscovery on all devices in a group with REST API ?

[ Edited ]
Guru
Posts: 61
8420     0

Thanks Sif.  I'll look into that.

In the meantime, here is what i wrote, if anyone has a similar need.

 

#!/usr/bin/python
#
import requests
import json
requests.packages.urllib3.disable_warnings()

netmri="https://netmri.example.com/api/3.0"
username="MyUser"
password="MyPassword"
gname="MyGroup"

group="/device_groups/find?GroupName="+gname
r=requests.get(netmri+group, verify=False, auth=(username, password))
results = r.json()
gid=results['device_groups'][0]['GroupID']
gmember="/device_group_members/index?limit=2000&GroupID="+gid
r=requests.get(netmri+gmember, verify=False, auth=(username, password))
results = r.json()
failed=[]
for i in results['device_group_members']:
	devid=str(i['DeviceID'])
	r=requests.get(netmri+"/discovery_statuses/cli_guesses?DeviceID="+devid, verify=False, auth=(username, password))
	clicheck=r.json()
	found=0
	for i in clicheck:
		if (i['Username']=="CLI-User" and i['Status']=="OK"):
			found=1
	if found==1:
		print("Device: "+devid+" OK")	
	else:
		print("Device: "+devid+" FAILED")
		failed.append(devid)
chunks=[failed[x:x+100] for x in range(0, len(failed), 100)]
for i in chunks:
	d=requests.get(netmri+"/discovery_statuses/discover_next?DeviceIDs="+','.join(i), verify=False, auth=(username, password))
	disc=d.json()
	print(str(len(i))+" Devices scheduled for rediscovery- "+str(disc['success']))
print "Completed"

 

Edited 4/14 to correct a code error.

Re: Importing CLI credentials for devices

Expert
Posts: 263
8420     0

Suggestion: update the Credential Import Formats section in the Admin guide and embedded help to include this.

 

Marc, does this approach also work for SNMP credentials?.

 

Re: Importing CLI credentials for devices

Adviser
Posts: 424
8420     0

Marty, from looking at the code seems you can do that for SNMP Smiley Happy

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

Re: Importing CLI credentials for devices

Authority
Posts: 32
8420     0

 

Marty -- I believe that this does *not* work for SNMP credentials.

 

I wrote a NetMRI script a while that will configure specified SNMP credentials for individual devices -- so you can change them and not have to wait for NetMRI to "guess" them.  I'll try to dig that up and post it, in case it'll be helpful.

 

Re: Importing CLI credentials for devices

CZwergel
Techie
Posts: 1
8420     0

Were you ever able to upload this script?  Would seriously come in handy.

Re: Importing CLI credentials for devices

[ Edited ]
Authority
Posts: 32
8420     0

 

Sorry, forgot to post this earlier.  Here you go -- please read the comments and use with care...  :-)

 

In addition to just saving time by not waiting for NetMRI to "guess" credentials that have been changed, there are a few specifc circumstances where something like this could be useful.  I originally wrote it to help a customer who was gradually changing from SNMPv2 to SNMPv3, but needed to leave the SNMPv2 credentials intact on the devices (for polling by another management tool), and also needed to leave them configured on NetMRI (for managing devices that were not SNMPv3-capable).  So for them, "guessing" was *never* going to happen -- and even if they forced it with a "reset cli", NetMRI was likely to just re-guess the old SNMPv2 credentials since those were still valid.

 

As always with scripts, your mileage may vary...  :-)

 

#
# This script can be used to change the SNMP version/credentials that
# Network Automation uses to communicate with an already discovered
# device (i.e., the "guessed" credentials for that device).  This script
# does no validation of user input whatsoever, so be careful.
#
# NOTICE: This script is provided on an "as-is" basis, and is intended to
# serve as an example illustrating how to accomplish certain tasks
# using the NetMRI API.  This script is not part of the NetMRI product, 
# and is not supported by Infoblox Technical Support.
#
 
# BEGIN-SCRIPT-BLOCK
#
# Script-Filter:
#    true
#
# Script-Login:
#    false
#
# Script-Variables:
#    $snmp_version     integer    2
#    $snmp2_community  string     'secret'
#    $snmp3_user       string     'netmri'
#    $snmp3_auth_proto string     '[md5|sha]'
#    $snmp3_auth_pwd   string         
#    $snmp3_priv_proto string     '[aes|des|3des]'
#    $snmp3_priv_pwd   string
#
# END-SCRIPT-BLOCK
 
use NetMRI_Easy;
 
my $easy = new NetMRI_Easy;
 
if ($snmp_version eq '3') {
     print "\nConfiguring SNMPv3 credentials for this device.\n\n";
     $easy->broker->discovery_statuses->update_snmp({
           DeviceID        => $device_id,
           SNMPVersion     => $snmp_version,
           SNMPRead        => $snmp3_user,
           SNMPAuthProto   => $snmp3_auth_proto,
           SNMPAuthPW      => $snmp3_auth_pwd,
           SNMPPrivProto   => $snmp3_priv_proto,
           SNMPPrivPW      => $snmp3_priv_pwd
     });
}
 
if ($snmp_version eq '2') {
     print "\nConfiguring SNMPv2 credentials for this device.\n\n";
     $easy->broker->discovery_statuses->update_snmp({
           DeviceID        => $device_id,
           SNMPVersion     => $snmp_version,
           SNMPRead        => $snmp2_community
     });
}
 
print "\nDone.\n\n";
  

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You