admin管理员组文章数量:1635842
本文重点是利用Jenkins如何登录网络设备进行网络配置,
一、原始操作流程
1、规划:我公司机房主要分为自建机房和IDC机房,之间通过一条SDH线路连接可以通过内网传输数据或者远程登录。
需求:
需要在IDC机房的路由器创建访问控制列表ACL,用来控制访问
1、开放IDC机房对自建机房特定的端口号
rule 1 permit tcp destination-port eq 2222
2、允许公司某个办公人员IP地址访问IDC机房的服务器
rule 2 permit ip source 10.11.2.77 0
3、允许IDC机房某台服务器被所有办公人员访问
rule 3 permit ip destination 192.168.3.190 0
4、 输允许办公人员IP访问联通某服务器IP
rule 4 permit ip source 10.12.1.105 0 destination 192.168.3.110 0
二、通过Jenkins自动化操作进行增删操作
1、build操作,根据需求选择需要进行的操作
2、参数化构建过程,来指定build的操作内容
参数化构建过程
3、shell构建过程
导出一份路由器的ACL表格放在Jenkins服务器上用来冲突判断
vim /App/jenkins-netdata/route_rule
rule 1 permit tcp destination-port eq 2222
rule 2 permit ip source 10.11.2.77 0
rule 3 permit ip destination 192.168.3.190 0
rule 4 permit ip source 10.12.1.105 0 destination 192.168.3.110 0
下面是具体的shell内容
#!/bin/bash
########这里筛选出rule序列,暂定50个,rule 50 deny
number_add=1
while [ $number_add -le 50 ]
do
cat /App/jenkins-netdata/route_rule | cut -d " " -f 2 | grep $number_add > /dev/null
if [ $? -eq 0 ]
then
number_add=$(($number_add+1))
else
echo $number_add
break
fi
done
############这里创建上面的4个需求,和一个删除记录的函数方便下面根据build直接引用
#路由器增加TCP端口
tcpport-add(){
expect <<EOF
spawn telnet 192.168.3.111
expect "Username:"
send "admin\r"
expect "Password:"
send "adminadmin\r"
send "sys\r"
send "acl number 3000\r"
send "rule $number_add permit tcp destination-port eq $tcpport\r"
send "save\r"
expect "Are you sure to continue?\[Y///N\]"
send "y\r"
send "quit\r"
send "quit\r"
send "quit\r"
expect eof
EOF
}
#路由器增加办公source电脑IP
sourceip-add(){
expect <<EOF
spawn telnet 192.168.6.111
expect "Username:"
send "admin\r"
expect "Password:"
send "adminadmin\r"
send "sys\r"
send "acl number 3000\r"
send "rule $number_add permit ip source $sourceip 0\r"
send "save\r"
expect "Are you sure to continue?\[Y///N\]"
send "y\r"
send "quit\r"
send "quit\r"
send "quit\r"
expect eof
EOF
}
#路由器增加联通dest服务器IP
destip-add(){
expect <<EOF
spawn telnet 192.168.6.111
expect "Username:"
send "admin\r"
expect "Password:"
send "adminadmin\r"
send "sys\r"
send "acl number 3000\r"
send "rule $number_add permit ip destination $destip 0\r"
send "save\r"
expect "Are you sure to continue?\[Y///N\]"
send "y\r"
send "quit\r"
send "quit\r"
send "quit\r"
expect eof
EOF
}
#路由器增加办公点对点联通服务器IP
sourceip-to-destip-add(){
expect <<EOF
spawn telnet 192.168.6.111
expect "Username:"
send "admin\r"
expect "Password:"
send "adminadmin\r"
send "sys\r"
send "acl number 3000\r"
send "rule $number_add permit ip source $sourceip 0 destination $destip 0\r"
send "save\r"
expect "Are you sure to continue?\[Y///N\]"
send "y\r"
send "quit\r"
send "quit\r"
send "quit\r"
expect eof
EOF
}
#路由器删除rule
rule_del(){
expect <<EOF
spawn telnet 192.168.6.111
expect "Username:"
send "admin\r"
expect "Password:"
send "adminadmin\r"
send "sys\r"
send "acl number 3000\r"
send "undo rule $number_del\r"
send "save\r"
expect "Are you sure to continue?\[Y///N\]"
send "y\r"
send "quit\r"
send "quit\r"
send "quit\r"
expect eof
EOF
}
##########这里引用build传入的参数进行函数引用
case ${route} in #########${route}为上面参数化的选项参数
route_tcpport-add)
#判断记录是否存在
cat /App/jenkins-netdata/route_rule | grep tcp | grep $tcpport
if [ $? -eq 0 ]
then
echo "\033[32m记录重复,无需再添加!\033[0m"
else
echo -e "\033[32m记录不存在,执行添加操作\033[0m"
echo "rule $number_add permit tcp destination-port eq $tcpport" >> /App/jenkins-netdata/route_rule
tcpport-add
echo -e "\033[32m添加成功\033[0m"
fi
;;
route_sourceip-add)
#判断记录是否存在
cat /App/jenkins-netdata/route_rule | grep $sourceip
if [ $? -eq 0 ]
then
echo "\033[32m记录重复,无需再添加!\033[0m"
else
echo -e "\033[32m记录不存在,执行添加操作\033[0m"
echo "rule $number_add permit ip source $sourceip 0" >> /App/jenkins-netdata/route_rule
sourceip-add
echo -e "\033[32m添加成功\033[0m"
fi
;;
route_destip-add)
#判断记录是否存在
cat /App/jenkins-netdata/route_rule | grep $destip
if [ $? -eq 0 ]
then
echo "\033[32m记录重复,无需再添加!\033[0m"
else
echo -e "\033[32m记录不存在,执行添加操作\033[0m"
echo "rule $number_add permit ip destination $destip 0" >> /App/jenkins-netdata/route_rule
destip-add
echo -e "\033[32m添加成功\033[0m"
fi
;;
route_sourceip-to-destip-add)
#判断记录是否存在
cat /App/jenkins-netdata/route_rule | grep $sourceip
if [ $? -eq 0 ]
then
echo "\033[32m记录重复,无需再添加!\033[0m"
else
echo -e "\033[32m记录不存在,执行添加操作\033[0m"
echo "rule $number_add permit ip source $sourceip 0 destination $destip 0" >> /App/jenkins-netdata/route_rule
sourceip-to-destip-add
echo -e "\033[32m添加成功\033[0m"
fi
;;
route_tcpport-del)
#判断记录是否存在
cat /App/jenkins-netdata/route_rule | grep tcp | grep $tcpport
if [ $? -eq 0 ]
then
echo "\033[32m记录存在,执行删除!\033[0m"
number_del=`cat /App/jenkins-netdata/route_rule | grep tcp | grep $tcpport | cut -d " " -f 2`
route_rule_del=`cat /App/jenkins-netdata/route_rule | grep tcp | grep $tcpport`
sed -i "/${route_rule_del}/d" /App/jenkins-netdata/route_rule
rule_del
echo -e "\033[32m删除成功\033[0m"
else
echo -e "\033[32m记录不存在,无需删除\033[0m"
fi
;;
route_sourceip-del)
#判断记录是否存在
cat /App/jenkins-netdata/route_rule | grep $sourceip
if [ $? -eq 0 ]
then
echo "\033[32m记录存在,执行删除!\033[0m"
number_del=`cat /App/jenkins-netdata/route_rule | grep $sourceip | cut -d " " -f 2`
route_rule_del=`cat /App/jenkins-netdata/route_rule | grep $sourceip`
sed -i "/${route_rule_del}/d" /App/jenkins-netdata/route_rule
rule_del
echo -e "\033[32m删除成功\033[0m"
else
echo -e "\033[32m记录不存在,执行添加操作\033[0m"
fi
;;
route_destip-del)
#判断记录是否存在
cat/App/jenkins-netdata/route_rule | grep $destip
if [ $? -eq 0 ]
then
echo "\033[32m记录存在,执行删除!\033[0m"
number_del=`cat /App/jenkins-netdata/route_rule | grep $destip | cut -d " " -f 2`
route_rule_del=`cat /App/jenkins-netdata/route_rule | grep $destip`
sed -i "/${route_rule_del}/d" /App/jenkins-netdata/route_rule
rule_del
echo -e "\033[32m删除成功\033[0m"
else
echo -e "\033[32m记录不存在,执行添加操作\033[0m"
fi
;;
route_sourceip-to-destip-del)
#判断记录是否存在
cat /App/jenkins-netdata/route_rule | grep $destip
if [ $? -eq 0 ]
then
echo "\033[32m记录存在,执行删除!\033[0m"
number_del=`cat /App/jenkins-netdata/route_rule | grep $destip | cut -d " " -f 2`
route_rule_del=`cat /App/jenkins-netdata/route_rule | grep $destip`
sed -i "/${route_rule_del}/d" /App/jenkins-netdata/route_rule
rule_del
echo -e "\033[32m删除成功\033[0m"
else
echo -e "\033[32m记录不存在,执行添加操作\033[0m"
fi
;;
esac
版权声明:本文标题:利用Jenkins登录防火墙(或交换机)进行自动化配置(二) 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dianzi/1729217567a1190599.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论