To use a Junos automation script, you must copy the script to the Junos device and enable it in
the configuration. , as described in the following steps. By default, scripts are
stored in and executed from the /var/db/scripts directory on
the device's hard disk under the subdirectory appropriate to the script type. You
can also store scripts in flash memory in the /config/scripts
directory under the subdirectory appropriate to the script type.
- Create the script.
- Copy the script to the appropriate directory on the device
for that script type. Only users who belong to the Junos OS
super-user
login class can access and edit files in the script directories
on a device running Junos OS.
Table 1: Script LocationsScript Type |
Hard Disk Location |
Flash Memory Location |
Commit script
|
/var/db/scripts/commit |
/config/scripts/commit |
Event script
|
/var/db/scripts/event |
/config/scripts/event |
Op script
|
/var/db/scripts/op |
/config/scripts/op |
Snmp script
|
/var/db/scripts/snmp |
/config/scripts/snmp |
Note: If the device has dual Routing Engines and you want to
enable the script to execute on both Routing Engines, you can copy
the script to the appropriate directory on both Routing Engines, or
you can issue the commit synchronize scripts
command to
synchronize the configuration and copy the scripts to the other Routing
Engine as part of the commit operation.
Note:
Junos OS supports using symbolic links for files in the script
directories. However, the device will execute the script at the target
location only if it is signed.
- For unsigned Python scripts, ensure that the scripts meet the following
requirements:
-
File owner is either root or a user in the Junos OS
super-user
login class.
-
Only the file owner has write permission for the file.
-
The language python
or language
python3
statement is configured at the [edit
system scripts]
hierarchy level.
[edit system scripts]
user@host# set language (python | python3)
Note:
Starting in Junos OS Release 16.1R3, unsigned Python scripts must be
owned by either root or a user in the Junos OS
super-user
login class, and only the file owner can
have write permission for the file. Prior to Junos OS Release 16.1R3,
unsigned Python scripts must only be owned by the root user.
Note:
To enable a user who does not belong to the file’s user or group class to
execute an unsigned Python automation script, the script’s file
permissions must include read permission for others.
- Enable the script by including the
file filename
statement at the appropriate hierarchy
level for that script type.
- If you store scripts in and load them from flash memory,
include the
load-scripts-from-flash
statement at the [edit system scripts]
hierarchy level. For detailed information
about storing scripts in flash memory, see Storing Scripts in Flash Memory.[edit]
user@host# set system scripts load-scripts-from-flash
- For Python event and SNMP scripts, configure the user under
whose access privileges the script executes.
For event scripts:
[edit event-options event-script]
user@host# set file filename python-script-user username
For SNMP scripts:
[edit system scripts snmp]
user@host# set file filename python-script-user username
Note: If you do not configure the python-script-user
statement, then by default, Junos OS executes Python event and SNMP
scripts under the access privileges of the generic, unprivileged user
and group nobody
. Interactive Python scripts, such as commit
and op scripts, run with the access privileges of the user who executes
the command or operation that invokes the script.
Note: Starting in Junos
OS Release 16.1R3, you can execute unsigned Python commit, event,
op, and SNMP scripts using the access privileges of authorized users. In Junos OS Release 16.1R2 and earlier releases, all unsigned Python
automation scripts are executed using the access privileges of the
user and group nobody
.
- Commit the configuration.
Newly enabled commit scripts execute during the current commit
operation. After the commit operation completes, enabled event scripts
are loaded into memory and can be executed by an event policy that
is triggered in response to system log events. For more information,
see Executing Event Scripts in an Event
Policy. After the commit operation completes, op scripts
can be executed on the device. For more information, see Executing an Op Script on the Local Device.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
16.1R3
Starting in Junos
OS Release 16.1R3, unsigned Python scripts must be owned by either
root or a user in the Junos OS super-user
login class,
and only the file owner can have write permission for the file.
16.1R3
Starting in Junos
OS Release 16.1R3, you can execute unsigned Python commit, event,
op, and SNMP scripts using the access privileges of authorized users.