[j-nsp] Regular maintenance advice

Phil Shafer phil at juniper.net
Tue Apr 3 12:06:06 EDT 2012 

Skeeve Stevens writes:
>I am designing a document for low level technicians to regularly
>(depending on sensitivity of the device) login to the Juniper
>router/or switch to look around and make sure that things are 'ok'.

How much of this is generic (or can be made generic) enough to cook
into an op script?  Checks like "indicate system uptime of less
than one week" and "indicate if /, /config, or /tmp is more than
90% full" are trivial, and interface flapping is simple enough, but
"show suspicious log messages" are more human detectable than
scriptable.

I'd be happy enough to do the script work if we can come up with
a reasonable set of "system health" diagnostic checks.

Okay, I worked up a bit of a template for it.  See attached.

Thanks,
 Phil

-------------- next part --------------
version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs extension = "http://xml.juniper.net/junos/commit-scripts/1.0";
ns dyn extension = "http://exslt.org/dynamic";

import "../import/junos.xsl";

param $uptime = 60 * 60 * 24 * 7;
param $filesystem-threshold = 80;

var $fsnames := {
    <fs> "/";
    <fs> "/tmp";
    <fs> "/config";
}

var $checks := {
    <check> {
	<name> "System Uptime";
	<rpc> {
	    <get-system-uptime-information>;
	}
	<test> "uptime-information/up-time/@junos:seconds < $uptime";
    }
    <check> {
	<name> "Filesystem Space";
    	<rpc> {
	    <get-system-storage>;
	}
	for-each ($fsnames/fs) {
	    <test message=. _ " is full">
	        "filesystem[mounted-on = '" _ .
	             _ "'][number(used-percent) > $filesystem-threshold]";
	}
    }
}

match / {
    <op-script-results> {
	var $conn = jcs:open();

	for-each ($checks/check) {
	    expr jcs:output("Checking ", name);
	    var $check = .;
	    expr jcs:output("    [rpc ", local-name(rpc/node()), "]");
	    var $res = jcs:execute($conn, rpc);
	    if ($res/..//xnm:error) {
		expr jcs:output("    error from rpc: ", $res/..//xnm:error);
	    } else {
		for-each (test) {
		    var $test = .;
		    for-each ($res) {
			var $p = dyn:evaluate($test);
			if (boolean($p)) {
			    var $msg = jcs:first-of($test/@message,
						    "failed condition");
			    expr jcs:output("    error from test: ", $msg);
			} else {
			    expr jcs:output("    [passed]");
			}
		    }
		}
	    }
	}

	expr jcs:close($conn);
    }
}

More information about the juniper-nsp mailing list