公司网络自动化运维配置

1.项目背景

公司有三大办公区域，各区域之间使用路由器互联。技术部、财务部、市场部的路由器分别为R1、R2、R3，路由器需配置单区域OSPF动态路由，使所有计算机能够互相访问。公司因安全考虑所需，需统一修改所有网络设备管理密码，并进行每天的自动备份。项目拓扑如图1所示，具体要求如下：

（1）各路由器之间配置OSPF路由实现网络互联互通；

（2）各路由器上启用SNMP协议，实现路由器可网管，对所有设备统一修改密码并进行每天的自动备份；

（3）测试计算机和路由器的IP和接口信息如拓扑所示。

图1-1 网络拓扑图

2.项目规划设计

 三大办公区域能相互通信，路由器配置单区域OSPF动态路由，使所有计算机均能互访。所有网络设备开启ssh，技术部设有网管计算机，确保网管计算机与网络设备正常通信。

配置步骤如下：

（1）配置路由器接口

（2）部署单区域OSPF网络

（3）路由器配置ssh登录

（4）网管服务器安装模块

（5）编写python修改密码脚本

（6）编写python备份脚本

（7）配置计划任务

（8）配置各计算机的IP地址

具体规划如下表：

表1-1 IP地址规划表

设备	接口	IP地址
R1	G0/0/0	192.168.1.2/24
R1	G0/0/1	20.20.20.1/24
R1	G0/0/2	30.30.30.1/24
R2	G0/0/0	172.16.1.2/24
R2	G0/0/1	20.20.20.2/24
R2	G0/0/2	40.40.40.1/24
R3	G0/0/0	10.10.10.2/24
R3	G0/0/1	40.40.40.2/24
R3	G0/0/2	30.30.30.2/24

表1-2 接口规划表

本端设备	接口	端口IP地址	对端设备
R1	G0/0/0	192.168.1.10/24	PC1
R1	G0/0/1	20.20.20.1/24	R2
R1	G0/0/2	30.30.30.1/24	R3
R2	G0/0/0	172.16.1.10/24	PC2
R2	G0/0/1	20.20.20.10/24	R1
R2	G0/0/2	40.40.40.10/24	R3
R3	G0/0/0	10.10.10.10/24	PC3
R3	G0/0/1	40.40.40.1/24	R2
R3	G0/0/2	30.30.30.10/24	R1

3.项目实施

（1）配置路由器接口

R1的配置

[Huawei]system-view [Huawei]sysname R1 [R1]interface GigabitEthernet 0/0/0 [R1-GigabitEthernet0/0/0]ip address 192.168.1.10 255.255.255.0 [R1]interface GigabitEthernet 0/0/1 [R1-GigabitEthernet0/0/1]ip address 20.20.20.1 255.255.255.0 [R1]interface GigabitEthernet 0/0/2 [R1-GigabitEthernet0/0/2]ip address 30.30.30.1 255.255.255.0

R2的配置

[Huawei]system-view [Huawei]sysname R2 [R2]interface GigabitEthernet 0/0/0 [R2-GigabitEthernet0/0/0]ip address 172.16.1.10 255.255.255.0 [R2]interface GigabitEthernet 0/0/1 [R2-GigabitEthernet0/0/1]ip address 20.20.20.10 255.255.255.0 [R2]interface GigabitEthernet 0/0/2 [R2-GigabitEthernet0/0/2]ip address 40.40.40.10 255.255.255.0

R3的配置

[Huawei]system-view [Huawei]sysname R3 [R3]interface GigabitEthernet 0/0/0 [R3-GigabitEthernet0/0/0]ip address 10.10.10.10 255.255.255.0 [R3]interface GigabitEthernet 0/0/1 [R3-GigabitEthernet0/0/1]ip address 40.40.40.1 255.255.255.0 [R3]interface GigabitEthernet 0/0/2 [R3-GigabitEthernet0/0/2]ip address 30.30.30.10 255.255.255.0

（2）部署单区域OSPF网络

  首先创建并运行OSPF，接着创建区域并进入OPSF区域视图，指定运行OSPF协议的接口和接口所属的区域

R1的配置

[R1]ospf 1 [R1-ospf-1]area 0 [R1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255 [R1-ospf-1-area-0.0.0.0]network 20.20.20.0 0.0.0.255 [R1-ospf-1-area-0.0.0.0]network 30.30.30.0 0.0.0.255

R2的配置

[R2]ospf 1 [R2-ospf-1]area 0 [R2-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255 [R2-ospf-1-area-0.0.0.0]network 20.20.20.0 0.0.0.255 [R2-ospf-1-area-0.0.0.0]network 40.40.40.0 0.0.0.255

R3的配置

[R3]ospf 1 [R3-ospf-1]area 0 [R3-ospf-1-area-0.0.0.0]network 10.10.10.0 0.0.0.255 [R3-ospf-1-area-0.0.0.0]network 40.40.40.0 0.0.0.255 [R3-ospf-1-area-0.0.0.0]network 30.30.30.0 0.0.0.255

（3）路由器配置ssh登录

R1的配置

[R1]rsa local-key-pair create The key name will be: Host % RSA keys defined for Host already exist. Confirm to replace them? (y/n)[n]:y The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512,        It will take a few minutes. Input the bits in the modulus[default = 512]:2048 [R1]aaa [R1-aaa]local-user admin password cipher 123456 [R1-aaa]local-user admin privilege level 3 [R1-aaa]local-user admin service-type ssh [R1-aaa]stelnet server enable Info: Succeeded in starting the STELNET server. [R1]ssh user admin authentication-type password  Authentication type setted, and will be in effect next time [R1]user-interface vty 0 4 [R1-ui-vty0-4]authentication-mode aaa [R1-ui-vty0-4]protocol inbound ssh

R2的配置

[R2]rsa local-key-pair create The key name will be: Host % RSA keys defined for Host already exist. Confirm to replace them? (y/n)[n]:y The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512,        It will take a few minutes. Input the bits in the modulus[default = 512]:2048 [R2]aaa [R2-aaa]local-user admin password cipher 123456 [R2-aaa]local-user admin privilege level 3 [R2-aaa]local-user admin service-type ssh [R2-aaa]stelnet server enable Info: Succeeded in starting the STELNET server. [R2]ssh user admin authentication-type password  Authentication type setted, and will be in effect next time [R2]user-interface vty 0 4 [R2-ui-vty0-4]authentication-mode aaa [R2-ui-vty0-4]protocol inbound ssh

R3的配置

[R3]rsa local-key-pair create The key name will be: Host % RSA keys defined for Host already exist. Confirm to replace them? (y/n)[n]:y The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512,        It will take a few minutes. Input the bits in the modulus[default = 512]:2048 [R3]aaa [R3-aaa]local-user admin password cipher 123456 [R3-aaa]local-user admin privilege level 3 [R3-aaa]local-user admin service-type ssh [R3-aaa]stelnet server enable Info: Succeeded in starting the STELNET server. [R3]ssh user admin authentication-type password  Authentication type setted, and will be in effect next time [R3]user-interface vty 0 4 [R3-ui-vty0-4]authentication-mode aaa [R3-ui-vty0-4]protocol inbound ssh

（4）网管服务器安装模块

网管计算机联网状态下安装模块paramiko

[root@manage ~]# curl “https://bootstrap./get-pip.py” -o “get-pip.py” [root@manage ~]# python get-pip.py [root@manage ~]# pip install paramiko

（5）编写python修改密码脚本

编写Python脚本【changepassword.py】，实现对R1~R3的密码修改。

[root@manage ~]# vi changepassword.py ##导入paramiko、time、getpass模块 #!/usr/bin/python import paramiko import time import getpass ##通过raw_input()函数获取用户输入的SSH用户名并赋值给username username = raw_input('Username:') ##通过getpass模块中的getpass()函数获取用户输入字符串作为密码赋值给password password = getpass.getpass('Password:') for i in ['192.168.1.2','172.16.1.2','10.10.10.2']:   ip=str(i)   ssh_client=paramiko.SSHClient()   ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())   ssh_client.connect(hostname=ip,username=username,password=password)   command=ssh_client.invoke_shell() ##调度交换机命令行执行命令   command.send('system-view' +'\n')   command.send('user-interface console 0'+'\n')   command.send('set authentication password cipher 234567'+'\n') ##更改登录密码结束后，返回用户视图并保存配置   command.send('return'+'\n')   command.send('save'+'\n')   command.send('Y'+'\n')   command.send('\n') ##暂停2秒，并将命令执行过程赋值给output对象，通过print output语句回显内容   time.sleep(2)   output=command.recv(65535)   print output ##退出SSH ssh_client.close()

（6）编写python备份脚本

   在网管计算机创建备份交换机运行配置的脚本【backup.py】。

[root@manage ~]# vi backup.py ##导入paramiko、time、datetime等模块 #!/usr/bin/python import paramiko import time from datetime import datetime ##设置SSH用户名和密码 username ='admin' password ='234567' ##通过for语句遍历i的值为1/2/3/4，结合ip='192.168.100.' + str(i)语句循环SSH登录交换机设备 for i in range(1,5):   ip='192.168.100.' + str(i)   ssh_client=paramiko.SSHClient()   ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())   ssh_client.connect(hostname=ip,username=username,password=password)   command=ssh_client.invoke_shell() ##提示SSH登录成功   print 'ssh '+ ip +' successfully' ##设置回显内容不分屏显示   command.send('screen-length 0 temporary ' +'\n') ##获取交换机运行配置   output=(command.send('display current-configuration' +'\n')) ##程序暂停2秒   time.sleep(2) ##读取当前时间   now=datetime.now() ##打开备份文件   backup=open('/root/backup/'+str(now.year)+'-'+str(now.month)+'-'+str(now.day)+'-'+ip+'.txt','a+') ##提示正在备份   print 'backuping' ##将查询运行配置的回显内容赋值给recv这个对象   recv=command.recv(65535) ##将回显内容写入backup这个对象，相当于写入了备份文件中   backup.write(recv) ##关闭打开的文件   backup.close() ##结束，断开SSH连接 ssh_client.close()

（7）配置计划任务

   配置计划任务实现每天凌晨1点自动执行脚本进行备份。

[root@manage ~]# vi /etc/crontab ##在文件末尾填入下列内容后退出 00 1 * * * root python /root/backup.py [root@manage ~]# mkdir /root/backup [root@manage ~]# systemctl restart crond [root@manage ~]# systemctl enable crond

（8）配置各计算机的IP地址 

PC2 IP配置图

PC3 IP配置图

4.项目验证

（1）执行changepassword.py

  执行changepassword.py，查看回显内容。

[root@manage ~]# ./changepassword.py Username:admin Password:   -----------------------------------------------------------------------------        User last login information:        -----------------------------------------------------------------------------   Access Type: SSH         IP-Address : 192.168.1.130 ssh        Time       : 2020-02-29 10:31:35-08:00        ----------------------------------------------------------------------------- <R1>system-view Enter system view, return user view with Ctrl+Z. [R1]user-interface console 0 [R1-ui-console0]set authentication password cipher 234567 [R1-ui-console0]return <R1>save   The current configuration will be written to the device.   Are you sure to continue? (y/n)[n]:Y   It will take several minutes to save configuration file, please wait...   -----------------------------------------------------------------------------        User last login information:        -----------------------------------------------------------------------------   Access Type: SSH         IP-Address : 192.168.1.130 ssh        Time       : 2020-02-29 10:31:38-08:00        ----------------------------------------------------------------------------- <R2>system-view Enter system view, return user view with Ctrl+Z. [R2]user-interface console 0 [R2-ui-console0]set authentication password cipher 234567 [R2-ui-console0]return <R2>save   The current configuration will be written to the device.   Are you sure to continue? (y/n)[n]:Y   It will take several minutes to save configuration file, please wait...   -----------------------------------------------------------------------------        User last login information:        -----------------------------------------------------------------------------   Access Type: SSH         IP-Address : 192.168.1.130 ssh        Time       : 2020-02-29 10:31:41-08:00        ----------------------------------------------------------------------------- <R3>system-view Enter system view, return user view with Ctrl+Z. [R3]user-interface console 0 [R3-ui-console0]set authentication password cipher 234567 [R3-ui-console0]return <R3>save   The current configuration will be written to the device.   Are you sure to continue? (y/n)[n]:Y   It will take several minutes to save configuration file, please wait...

（2）计划任务执行后查看备份文件

   查看/root/backup目录下的文件。

[root@manage ~]# cd /root/backup [root@manage backup]# ls 2020-2-28-10.10.10.2.txt  2020-2-28-172.16.1.2.txt  2020-2-28-192.168.1.2.txt [root@manage backup]# ll total 12 -rw-r--r--. 1 root root 1786 Feb 28 1:00 2020-2-28-10.10.10.2.txt -rw-r--r--. 1 root root 1809 Feb 28 1:00 2020-2-28-172.16.1.2.txt -rw-r--r--. 1 root root 1762 Feb 28 1:00 2020-2-28-192.168.1.2.txt

查看详细内容

[root@manage backup]# cat 2020-2-28-10.10.10.2.txt   -----------------------------------------------------------------------------        User last login information:        -----------------------------------------------------------------------------   Access Type: SSH         IP-Address : 192.168.1.130 ssh        Time       : 2020-02-29 10:32:24-08:00        ----------------------------------------------------------------------------- <R3>screen-length 0 temporary Info: The configuration takes effect on the current user terminal interface only. <R3>display current-configuration [V200R003C00] #  sysname R3 #  snmp-agent local-engineid 800007DB03000000000000  snmp-agent #  clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip #  drop illegal-mac alarm #  wlan ac-global carrier id other ac id 0 #  set cpu-usage threshold 80 restore 75 # aaa  authentication-scheme default  authorization-scheme default  accounting-scheme default  domain default  domain default_admin  local-user admin password cipher %$%$YgN!G*Q*}0tjsqA'g~X(T{]!%$%$  local-user admin privilege level 3  local-user admin service-type ssh # firewall zone Local  priority 15 # interface GigabitEthernet0/0/0  ip address 10.10.10.2 255.255.255.0 # interface GigabitEthernet0/0/1  ip address 40.40.40.2 255.255.255.0 # interface GigabitEthernet0/0/2  ip address 30.30.30.2 255.255.255.0 # interface NULL0 # ospf 1  area 0.0.0.0   network 10.10.10.0 0.0.0.255   network 30.30.30.0 0.0.0.255   network 40.40.40.0 0.0.0.255 #  stelnet server enable # user-interface con 0  authentication-mode password  set authentication password cipher %$%$v:.{Vo~Vt;s;grBK&HD9,%S$wJDM)zzk69v.\&X&+%jX%S',%$%$ user-interface vty 0 4  authentication-mode aaa[root@manage backup]#

可以观察到，路由器整个配置信息已备份下来。