Kaspersky SD-WAN
2.1
English

Contents

Scripts

A script is a sequence of commands and instructions used to configure CPE devices. Each script changes one or more device settings.

You can add scripts that are run automatically or manually to the CPE template. In both cases, the scripts are run by

VNFM
. Please note that before adding and running scripts on a device, you must configure a VNFM connection to the device's console.

Scripts run automatically if conditions specified in script settings are met. For example, a script can be automatically run whenever a CPE device is registered.

In this section

Configuring a VNFM connection to the console of a CPE device

Adding a script

Editing a script

Viewing the contents of a script

Deleting a script

Configuring the script run order

Manually running scripts

Delayed scripts
Page top
[Topic 244549]

Configuring a VNFM connection to the console of a CPE device

The VNFM is responsible for running scripts on the CPE device. In the CPE template, you must specify the username and password, as well as the SSH port number, to let VNFM connect to the device console and run scripts. The specified connection settings apply to all devices that use the template. The connection only has to be configured once, except for cases when you need to use a different user on the CPE device or change the SSH port number.

To configure the settings for connecting the VNFM to the CPE device console:

  1. In the menu, go to the SD-WAN → CPE templates subsection.

    A table of CPE templates is displayed.

  2. Click the CPE template.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

  3. Select the Scripts tab.

    The tab displays settings for connecting the VNFM to the CPE device console, as well as a table of scripts, if at least one script is added.

  4. In the Default login field, enter the user name for authenticating the VNFM in the console of the device. Maximum length: 255 characters.
  5. In the SSH port field, enter the port number for connecting the VNFM to the CPE device console. The default setting is 1.
  6. In the Default password field, enter the password for authenticating the VNFM in the console of the CPE device. Maximum length: 255 characters. To see the entered password, you can click the show button .
  7. In the upper part of the settings area, click Save to save the configuration of the CPE template.
Page top
[Topic 243241]

Adding a script

You only add a script to the CPE template. When you add a script, it is added to all devices that use the template. Before adding a script, you must configure a VNFM connection to the CPE device console.

---

- hosts: ${target}

gather_facts: no

tasks:

- name: setting up ssh key

raw: echo ${ssh.key.public} >> /etc/dropbear/authorized_keys

To add a script:

  1. In the menu, go to the SD-WAN → CPE templates subsection.

    A table of CPE templates is displayed.

  2. Click the CPE template.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

  3. Select the Scripts tab.

    The tab displays settings for connecting the VNFM to the CPE device console, as well as a table of scripts, if at least one script is added.

  4. Click + Script.
  5. This opens a window; in that window, in the Name field, enter the name of the script. Maximum length: 255 characters.
  6. In the Timeout (sec.) field, enter the time in seconds after which the VNFM stops attempting to run a script that could not run the first time. The default setting is 360.
  7. In the Executor drop-down list, select one of the following values:
    • Ansible (selected by default)
    • Shell
    • Expect
    • Custom to use your own interpreter in the VNFM

      Manages the lifecycle of virtual network functions using SSH, Ansible playbooks, scripts, and Cloud-init attributes.

  8. If in the Executor drop-down list, you selected Custom, in the Custom executor field, enter the path to the interpreter.
  9. In the Stage drop-down list, select the stage in the operation of the CPE device at which you want to run the script:
    • Registration (selected by default)
    • Deletion
    • Manually to run the script only manually
  10. If you want to allow running the script again, select the Repeat execution check box. This check box is cleared by default.
  11. In the Script field, enter the path to the script file or to the Ansible playbook script file.
  12. If necessary, in the File field, enter the path to additional files that the script needs to run. Supported formats of archives with files: TAR.GZ and ZIP.
  13. Click Save.

The script is added to the CPE template and displayed in the table.

Page top
[Topic 243208]

Editing a script

You can only edit a script in the CPE template. When you edit a script, it is edited on all devices that use the template.

To edit a script:

  1. In the menu, go to the SD-WAN → CPE templates subsection.

    A table of CPE templates is displayed.

  2. Click the CPE template.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

  3. Select the Scripts tab.

    The tab displays settings for connecting the VNFM to the CPE device console, as well as a table of scripts, if at least one script is added.

  4. Click Edit next to the script.
  5. This opens a window; in that window, edit the settings that you want to change. For a description of the settings, see the instructions for adding a script.
  6. Click Save.
Page top
[Topic 256356]

Viewing the contents of a script

You can view the contents of the script on an individual device or in the CPE template.

To view the contents of a script on an individual CPE device:

  1. In the menu, go to the SD-WAN section.

    By default, the CPE subsection is displayed with a table of CPE devices.

  2. Click the CPE device.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

  3. Select the Scripts tab.

    A table of scripts is displayed if at least one script has been added.

  4. Click View next to the script.

This opens a window with the contents of the script.

To view the contents of a script in a CPE template:

  1. In the menu, go to the SD-WAN → CPE templates subsection.

    A table of CPE templates is displayed.

  2. Click the CPE template.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

  3. Select the Scripts tab.

    The tab displays settings for connecting the VNFM to the CPE device console, as well as a table of scripts, if at least one script is added.

  4. Click View next to the script.

This opens a window with the contents of the script.

Page top
[Topic 256359]

Deleting a script

You can only delete a script in the CPE template. When you delete a script, it is deleted on all devices that use the template. Deleted scripts cannot be restored.

To delete a script:

  1. In the menu, go to the SD-WAN → CPE templates subsection.

    A table of CPE templates is displayed.

  2. Click the CPE template.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

  3. Select the Scripts tab.

    The tab displays settings for connecting the VNFM to the CPE device console, as well as a table of scripts, if at least one script is added.

  4. Click Delete next to the script.

    The script is deleted and is no longer displayed in the table.

  5. Click Apply.
Page top
[Topic 256358]

Configuring the script run order

The script run order comes into play when multiple scripts must run at the same time on a CPE device; the run order determines which script runs first.

For example, you can add two scripts, each of which runs automatically when the device is registered. By default, the script that was added before the others runs first.

You can customize the run order in the CPE template. The run order specified in the template applies to all devices that use the template.

To configure scripts run order:

  1. In the menu, go to the SD-WAN → CPE templates subsection.

    A table of CPE templates is displayed.

  2. Click the CPE template.

    The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

  3. Select the Scripts tab.

    The tab displays settings for connecting the VNFM to the CPE device console, as well as a table of scripts, if at least one script is added.

  4. To configure the script run order, click Up or Down next to each script. The topmost script in the settings area runs first.
  5. Click Apply.
Page top
[Topic 243216]

Manually running scripts

Expand all | Collapse all

You can run a script on an individual CPE device or on all devices that use the CPE template. To run a script manually, use the following instructions:

  • Manually running a script on a CPE device.

    To run a script on an individual CPE device:

    1. In the menu, go to the SD-WAN section.

      By default, the CPE subsection is displayed with a table of CPE devices.

    2. Click the CPE device.

      The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

    3. Select the Scripts tab.

      A table of scripts is displayed if at least one script has been added.

    4. Click Run next to the script.
    5. This opens a window; in that window, click Run.
  • Running a script on all devices that use the CPE template.

    When you run a script in a CPE template, you must choose whether you want to run the script on all devices that use the template or only on devices that have particular tags.

    To run a script on all devices that use the CPE template.

    1. In the menu, go to the SD-WAN → CPE templates subsection.

      A table of CPE templates is displayed.

    2. Click the CPE template.

      The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

    3. Select the Scripts tab.

      The tab displays settings for connecting the VNFM to the CPE device console, as well as a table of scripts, if at least one script is added.

    4. Click Run next to the script.
    5. This opens a window; in that window, select devices on which you want to run the script:
      • Run the script <script name> on all related CPEs – run the script on all devices that use the CPE template. This is the default setting.
      • Run the script <script name> on all related CPEs with specified tags — run the script on devices that use the CPE template and have specific tags.
    6. If you selected Run the script <script name> on all related CPEs with specified tags, specify the tags in the lower part of the page.
    7. Click Run.

If necessary, you can run all scripts added on an individual device or in a CPE template at the same time. To run all scripts, use the following instructions:

  • Running all scripts on an individual CPE device.

    To run all scripts on an individual CPE device:

    1. In the menu, go to the SD-WAN section.

      By default, the CPE subsection is displayed with a table of CPE devices.

    2. Click the CPE device.

      The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

    3. Select the Scripts tab.

      A table of scripts is displayed if at least one script has been added.

    4. In the upper part of the settings area, under Actions click Run scripts.
    5. This opens a window; in that window, click Run.
  • Run all scripts in the CPE template.

    When you run all scripts added to a CPE template, you must choose whether you want to run the scripts on all devices that use the template or only on devices that have particular tags.

    To run all scripts in a CPE template:

    1. In the menu, go to the SD-WAN → CPE templates subsection.

      A table of CPE templates is displayed.

    2. Click the CPE template.

      The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

    3. Select the Scripts tab.

      The tab displays settings for connecting the VNFM to the CPE device console, as well as a table of scripts, if at least one script is added.

    4. In the upper part of the settings area, under Actions click Run scripts.
    5. This opens a window; in that window, select devices on which you want to run the script:
      • Run all scripts on related CPEs to run the scripts on all devices that use the CPE template. This is the default setting.
      • Run all scripts on related CPEs with specified tagsto run the scripts on devices that use the CPE template and have certain tags.
    6. If you selected Run all scripts on related CPEs with specified tags, specify tags in the lower part of the page.
    7. Click Run.
Page top
[Topic 256452]

Delayed scripts

Expand all | Collapse all

The scheduler creates delayed tasks that allow running scripts on CPE devices at a specified time. When creating a delayed task, you must select a CPE template, scripts, and devices on which you want to run the scripts. You can run scripts on all devices that use the CPE template, or restrict the number of devices by manually selecting them or specifying certain tags.

For delayed running of scripts, use the following instructions:

  • Delayed running a script on all devices that use the CPE template.

    To create a delayed task to run scripts on all devices that use the CPE template:

    1. In the menu, go to the Scheduler section.

      The table of delayed tasks is displayed.

    2. In the upper part of the page, click + Delayed task.
    3. This opens a window; in that window, in the Type drop-down list selectScript execution.
    4. In the Name field, enter the name of the delayed task.
    5. In the CPEs to run script on drop-down list, select All CPEs with selected template.
    6. Under CPE template, select a CPE template.
    7. Under Scripts, select the scripts that you want to run.
    8. In the Completion date and time field, enter the date and time when you want to run the delayed task. By default, the date and time specified is the date and time when you started creating the delayed task.
    9. Click Create.

    A delayed task for running the script is created and displayed in the table.

  • Delayed running of scripts on devices with specific tags that use the CPE template.

    You can group the CPE devices on which you want to run the scripts by assigning them the same tag, and then proceed to create a delayed task.

    To create a delayed task to run scripts on devices that have specific tags and use the CPE template:

    1. In the menu, go to the Scheduler section.

      The table of delayed tasks is displayed.

    2. In the upper part of the page, click + Delayed task.
    3. This opens a window; in that window, in the Type drop-down list selectScript execution.
    4. In the Name field, enter the name of the delayed task.
    5. In the CPEs to run script on drop-down list, select All CPEs with selected template and specific tags.
    6. Under CPE template, select a CPE template.
    7. Under Scripts, select the scripts that you want to run.
    8. In the Tags field, specify the tags assigned to the CPE devices on which you want to run the scripts.
    9. In the Completion date and time field, enter the date and time when you want to run the delayed task. By default, the date and time specified is the date and time when you started creating the delayed task.
    10. Click Create.

    A delayed task for running the script is created and displayed in the table.

  • Delayed running a script on individual devices that use the CPE template.

    To create a delayed task to run scripts on individual devices that use the CPE template:

    1. In the menu, go to the Scheduler section.

      The table of delayed tasks is displayed.

    2. In the upper part of the page, click + Delayed task.
    3. This opens a window; in that window, in the Type drop-down list selectScript execution.
    4. In the Name field, enter the name of the delayed task.
    5. In the CPEs to run script on drop-down list, select Specific CPEs with selected template.
    6. Under CPE template, select a CPE template.
    7. Under Scripts, select the scripts that you want to run.
    8. Under CPEs, select the CPE devices on which you want to run the scripts.
    9. In the Completion date and time field, enter the date and time when you want to run the delayed task. By default, the date and time specified is the date and time when you started creating the delayed task.
    10. Click Create.

    A delayed task for running the script is created and displayed in the table.

Page top
[Topic 247854]