Anyway after several hours of that 'drinking', the neurons were perfectly fired up to engage in some creative boredom activity. I thought of one of the most annoying repetitive tasks my team has to undertake daily and decided to get rid of it.
Every once in a while we get customers calling our 1st line support guys just to check if their remote sites have established a pdp session successfully. On a cisco GGSN the command would be:
show gprs gtp pdp-context msisdn 2547221x1x2xx
To get the following:
In most cases the next request could be to clear the pdp context so they can re-establish it again
TID MS Addr Source SGSN Addr MSISDN APN
36xx72xxxxxxxxx 196.xx.xx.01 LOCAL 196.20x.xxx.xx 2547221x1x2xx safaricom
So in comes EXPECT:
clear gprs gtp pdp-context tid
this is an extraordinarilly great tool for writing scripts for the lazy sysadnmin to drive other programs. It recognizes prompts and sends keystrokes in response. It was written by Don Libes of NIST, and you can find papers on it in Usenix LISA (Large Systems Administration) conference proceedings, as well as on the Internet.
My drunken goal was to create a web interface where the users can check this for themselves.
The expect script itself was pretty straight forward:
#!/usr/local/bin/expect -f
set force_conservative 0 ;# set to 1 to force conservative mode even if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}
set msisdn [lindex $argv 0]
set timeout 3
spawn /usr/bin/bash
match_max 100000
send -- "telnet 196.x.x.x\r" # your GGSN/cisco routers IP address
expect -exact "telnet 196.x.x.x\r # your GGSN/cisco routers IP address
Trying 196.x.x.x...\r
Connected to 196.x.x.x.\r
Escape character is '^\]'.\r
\r
\r
User Access Verification\r
\r
Username: "
send -- "drunkenmaster\r"
expect -exact "drunkenmaster\r
Password: "
send -- "jedimaster\r"
expect -exact "\r
\r
GGSN-xx01>"
send -- "en\r"
expect -exact "en\r
Password: "
send -- "jedimaster\r"
expect -exact "\r
GGSN-xx01#"
send -- "show gprs gtp pdp-context msisdn $msisdn"
expect -exact "show gprs gtp pdp-context msisdn $msisdn"
send -- "\r"
send -- "exit\r"
send -- ""
expect eof
Next do a simple perl,php or whatever makes you happy script, put it on a web server somewhere and guys can access it with a url. The handiwork can be viewed here:
* i just modified an old script we use for users to change unix passwords still using expect and adapted it for my needs.
Please note the above url is only active as a demo - in any case it would only be applicable to our users but im sure it explains the concept
On putting in a valid msisdn the output should show up in full....as follows - or you can use the url above:
Please check from LINE 17 (seventeen) thats where your output will be
GGSN returned following information:
Array
(
[0] => spawn /bin/bash
[1] => telnet 196.x.x.x
[2] => www-data@monitor01:/var/www$ telnet 196.x.x.x
[3] => Trying 196.x.x.x...
[4] => Connected to 196.x.x.x.
[5] => Escape character is '\^]'.
[6] =>
[7] =>
[8] => User Access Verification
[9] => [10] => Username: drunkenmaster
[11] => Password:
[12] =>
[13] => GGSN-xx01>en
[14] => Password:
[15] => GGSN-xx01#show gprs gtp pdp-context msisdn
[16] => TID MS Addr Source SGSN Addr MSISDN APN
[17] => 36xx72xxxxxxxxx 196.xx.xx.01 LOCAL 196.20x.xxx.xx 2547221x1x2xx safaricom
[18] =>
[19] => GGSN-xx01#exit
[20] => Connection closed by foreign host. [
21] => www-data@gitaus-TestServer:/var/www$
please note this is a sample output and no script is actually run to get this output
Please contact the data team! To run another query, : Please click me to run another query! "
Ahh finally success, the php script just inserts the msisdn....if you're interested in it, leave a comment and I'll probably just upload it...
You can run this for virtually anything, show bgp neighbors, for users to change unix passwordsetc etc..just modify the commands as you see fit. You can for instance give your users access a router to check the status of one of their interfaces, or clear statistics or whatever makes you happy, its a bonus if you have the security guys screaming at you:-) no seriously ensure your corporate policy is followed when doing some of this things...
Also if you forget to modify the tty's on a router, users might lock you out of telnet access:-)
please note this could obviously work better, but i wasn't looking for better, i needed to kill some time and be productive at the same time. For instance we could post process the output to only show line 17 ( I also generally prefer if guys especially co-workers to at least have an idea of whats run and what the output would look like from a console)...but time's up, and I think I'll have an easier time tomorrow...maybe some day....
http://oreilly.com/catalog/expect/chapter/ch03.html
http://www.marcelgagne.com/node/582
ftp://ftp.cisco.com/pub/cisco-expect.shar
No comments:
Post a Comment