Home Networking Automate your Network Configuration Backups using Python

Automate your Network Configuration Backups using Python

by Lakindu Jayasena
12.7k views 12 mins read
Automate Network Device Configuration Backups

If you are a network or systems engineer, then you would know the complexity of taking network configuration backups of a large number of network devices in your organization or company. Let’s assume suddenly one day you will see one of your router/switches died without any errors. And guess what, you have not logged in to that device from the initial setup and you do not get a chance often to look into it and are not aware of much of the configurations inside it. Now, you got stuck in this situation and wondering what to put in configurations?? So without having any configuration backups, you are left with no options.

Alright, so now we know that we have a problem but how to fix it? As a solution, there are many network monitoring tools and configuration backup tools are available on the web which is available to do all these tasks but it may cost. But what if you can come with your own solution using a few amounts of script lines? That will save money and you have a fully customized solution.

In this post, I’m going to help you to develop a full-fledged network configuration backup tool to automate Cisco devices configuration backup (Routers, Switches, Wireless Controllers, and Firewalls) with python script by using the Netmiko Python module.

Python for Network Automation

Python is one of the most popular languages for network automation, but only having python can not do automation tasks easily. Fortunately, someone did a great job by creating libraries or modules that manage a lot of the details of network automation using Python. So if you starting with automation should first gain a basic understanding of Python scripting.

Network Automation Libraries/Modules

Python network automation libraries give you simplified communication and management with a large number of network devices. There are several Python libraries/modules are available to do the network automation tasks such as Paramiko, Netmiko, and NAPALM. But in this article, I’m using the Netmiko Python library for network automation tasks.

About Netmiko Module

The Netmiko library is an enhanced version of the Paramiko library. It is a multi-vendor library that simplifies SSH connection to a network device and does a particular operation like command execution on the device.

You can find the library at https://github.com/ktbyers/netmiko and the latest released version of the software can be downloaded here.

The main objectives of this library are:

  • Easily establish an SSH connection to a large number of devices using a single script.
  • Command execution and get the output simply to the text file or terminal.
  • Simplify command execution of configuration commands including possibly commit actions.
  • Supports a large number of multi vendor network devices and platforms.

Before start, you need to arrange the following things

  1. All the network devices should have SSH enabled, you can also do this with telnet but here I’m using SSH.
  2. Check the SSH connectivity from the Linux host to all network devices.
  3. Create separate text files including device IP addresses for each category of network devices (Routers, Switches, Wireless Controllers, and Firewalls) that you need to be backed up.
  4. Create a location to store all network device backups. (In here I’m using /root/Network_Device_Backups/<device_type>/<device_hostname>)
  5. Set up a TFTP server to push configurations of some network devices (will show how to set up it in this post).

In this article I’m using Ubuntu/Debian distribution as OS and Python 3 as my scripting language.

Install & Configure Python Environment

Install Python 3.

 apt update apt upgrade apt install python3 python3-pip 

Install & verify netmiko python module.

 pip3 install "pip>=20" pip3 install netmiko #Verify the installed module pip list | grep netmiko 

Create network device configuration backup locations.

 mkdir -p /root/Network_Device_Backups/Router mkdir -p /root/Network_Device_Backups/Switch mkdir -p /root/Network_Device_Backups/WLC mkdir -p /root/Network_Device_Backups/ASA 

Task of Configuration Backup Script

This python script uses a list of device IP addresses from a JSON file. Once the script imports the JSON file, it extracts the list of IP addresses and uses a for loop to connect to each device and copies the contents of a running-configuration command “show running-config“, VLAN output command “show vlan” and writes the contents to a file on the server running the script. Finally, the script appends a date time stamp to the file and puts it in a separate directory for each device on the server the script is running on.

You can create a directory anywhere and keep these 2 files together in the same directory. In my case, I’m keeping this 2 files inside /root/Backup_Scripts.

Device List as JSON File

 #router.json { "router_list": [ { "hostname": "RTR_A", "ip": "192.168.1.100" }, { "hostname": "RTR_B", "ip": "192.168.2.100" } ] } 
 #switch.json { "switch_list": [ { "hostname": "SW-A", "ip": "172.16.0.1" }, { "hostname": "SW-B", "ip": "172.16.0.2" } ] } 

Router/Switch Configuration Backup Script

The below script is for the Cisco routers, but this will also work for Cisco switches as well. Please make sure to change “router” keyword with “switch” accordingly.

 #!/usr/bin/python3 from netmiko import ConnectHandler import os import time import datetime import json device_list = '/root/Backup_Scripts/router.json' backup_filename = 'RTR-Config-Backup-' + '{0:%Y-%m-%d-%H-%M-%S}'.format(datetime.datetime.now()) + '.cfg' vlan_filename = 'RTR-Show-VLAN-' + '{0:%Y-%m-%d-%H-%M-%S}'.format(datetime.datetime.now()) + '.txt' with open(device_list) as json_file: data = json.load(json_file) # Change data['router_list'] to data['switch_list'] if you are using switch.json for router in data['router_list']: cisco_2960 = { 'device_type': 'cisco_ios', 'host': router['ip'], 'username': 'sshusername', # Provide SSH username 'password': 'sshpassword', # Provide SSH password 'secret': 'enablesecret', # Optional, defaults to '' } try: net_connect = ConnectHandler(**cisco_2960) except: continue net_connect.enable() output_run_config = net_connect.send_command("show running-config") output_vlan = net_connect.send_command("show vlan-switch") net_connect.exit_enable_mode() net_connect.disconnect() #Create a separate directory for each device if not exists. backup_dir = '/root/Network_Device_Backups/Router/'+router['hostname'] if not os.path.exists(backup_dir): os.makedirs(backup_dir) #Write the device running-config to a file. f0 = open(backup_dir+'/'+backup_filename, 'w') f0.write(output_run_config) f0.close() #Write the device VLAN output to a file. f1 = open(backup_dir+'/'+vlan_filename, 'w') f1.write(output_vlan) f1.close() 

Setup TFTP Server for WLC Configuration Backup

Install the TFTP

 apt update apt install xinetd tftpd tftp 

Configure the TFTP

Create a file /etc/xinetd.d/tftp and put the following block inside it.

 service tftp { protocol = udp port = 69 socket_type = dgram wait = yes user = nobody server = /usr/sbin/in.tftpd server_args = /tftpboot disable = no } 

Create the TFTP Location

Create a folder “tftpboot” inside the root location and this should match whatever you gave in server_args. Mostly it will be tftpboot location where your network device configuration backups are stored. Also, grant required permissions to access the tftpboot.

 sudo mkdir /tftpboot sudo chmod -R 777 /tftpboot sudo chown -R nobody /tftpboot 

Restart the xinetd Service

 /etc/init.d/xinetd stop /etc/init.d/xinetd start 

Wireless Controller Configuration Backup Script

Once you are done with the above TFTP server setup you can proceed with the following script to backup your Cisco wireless controller. Simply what this script does is command the wireless controller to upload the configuration backup to the TFTP server and once it is uploaded, copy the configuration file to the given backup location (/root/Network_Device_Backups/WLC).

 #!/bin/python3 from netmiko import ConnectHandler import time import datetime import os import shutil tftp_server = '192.168.100.100' tftp_location = '/tftpboot' backup_filename = 'WLC-Config-Backup-' + '{0:%Y-%m-%d-%H-%M-%S}'.format(datetime.datetime.now()) + '.cfg' backup_location = '/root/Network_Device_Backups/WLC/' net_connect = ConnectHandler(device_type='cisco_wlc', host='172.16.0.1', username='sshusername', password='sshpassword') net_connect.find_prompt() config_commands = ['transfer upload mode tftp', 'transfer upload datatype config', 'transfer upload filename '+backup_filename, 'transfer upload path .', 'transfer upload serverip '+tftp_server, ] # Sending backup configuration settings to device net_connect.send_config_set(config_commands) # Initiating transfer output1 = net_connect.send_command_timing('transfer upload start') # Confirming start of transfer output2 = net_connect.send_command_timing('y') #time.sleep(5) # Disconnect from device net_connect.disconnect() file_path = tftp_location+backup_filename while not os.path.exists(file_path): time.sleep(65) if os.path.isfile(file_path): shutil.move(file_path, backup_location) 

Setup FTP Server for ASA Configuration Backup

Install the vsftpd

 apt update apt install vsftpd 

vsftpd service will automatically start after the installation process is complete. Verify it by executing the service status:

 systemctl status vsftpd 

Configure the vsftpd

The vsftpd server can be configured by modifying the vsftpd.conf file, found in the /etc directory.

 # Allow anonymous FTP? (Disabled by default). anonymous_enable=NO # Allow local users to log in. local_enable=YES # Enable any form of FTP write command. write_enable=YES # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # Restrict local users to their home directories. chroot_local_user=YES allow_writeable_chroot=YES 

Save the file and restart the vsftpd service for changes to take effect:

 systemctl restart vsftpd 

**If you are running an UFW firewall you’ll need to allow FTP traffic.

Create FTP User

 adduser asaftpuser 

Cisco ASA Firewall Configuration Backup Script

Here also the same as the previous one, you have to give the TFTP server details to send the backups to /tftpboot. Then once the backup is available in /tftpboot, move it to the required backup location.

 #!/usr/bin/python3 from netmiko import ConnectHandler import sys import os import time import datetime import shutil ftp_server = '192.168.100.100' ftp_location = '/home/asaftpuser/' backup_filename = 'FW-Config-Backup-' + '{0:%Y-%m-%d-%H-%M-%S}'.format(datetime.datetime.now()) + '.tar.gz' backup_location = '/root/Network_Device_Backups/ASA/' cisco_asa = { 'device_type': 'cisco_asa', 'host': '192.168.1.1', 'username': 'sshusername', 'password': 'sshpassword', 'secret': 'enablesecret', } try: net_connect = ConnectHandler(**cisco_asa) except: print >> sys.stderr, "Unable to connec to ASA." sys.exit(1) net_connect.enable() backup_command = "backup location ftp:" result = net_connect.send_command_timing(backup_command) ftp_url = 'ftp://asaftpuser:[email protected]/'+backup_filename if 'Press return to continue or enter a backup location' in result: result += net_connect.send_command_timing(ftp_url) net_connect.exit_enable_mode() net_connect.disconnect() file_path = ftp_location+backup_filename while not os.path.exists(file_path): time.sleep(10) if os.path.isfile(file_path): shutil.move(file_path, backup_location) 

Let’s Start the Testing

Now, we should be able to run this Python device configuration backup script, but need to make this script executable with the following command.

 cd /root/Backup_Scripts chmod u+x * 

Run the scripts manually with the following commands.

 python3 Router_Backup_Script.py python3 Switch_Backup_Script.py python3 WLC_Backup_Script.py python3 ASA_Backup_Script.py 

Verify the location given in the code (/root/Network_Device_Backups in my case ) for the backup file.

Schedule to Run the Script

Finally, It is time to add a cronjob to run this script schedule at a particular time of the day. All you need to do is to copy your script in the Daily/Weekly/Monthly folder at the following directory. Or else add it as following way which runs this script weekly at 01:00 AM.

 crontab -e 
 30 1 * * 5 /usr/bin/python3 /root/Backup_Scripts/Router_Backup_Script.py 20 1 * * 5 /usr/bin/python3 /root/Backup_Scripts/Switch_Backup_Script.py 10 1 * * 5 /usr/bin/python3 /root/Backup_Scripts/WLC_Backup_Script.py 0 1 * * 5 /usr/bin/python3 /root/Backup_Scripts/ASA_Backup_Script.py 

Conclusion

That’s all about automating the network device configuration backup of Cisco devices with Python script using netmiko python module on Linux server running Debian/Ubuntu. Hopefully, you can find more details of the Netmiko Python module here. If you have any questions or suggestions you can always leave your comments below. I will try my best to review and reply to them.

Related Articles

1 comment

Jean tatchum July 24, 2022 - 10:34 AM

Please may I have the video on how to implement the scripts?

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.