Table of Contents
Python sys argv or system arguments are used to get the arguments from the command line in Python scripts.
We use system arguments in network automation to get the password of network devices from the command line to avoid storing clear text passwords in Nornir inventory files.
Python sys argv Fundamental
methods to avoid clear text password in Nonrir inventory Files
In the previous section, we used the “getpass” Python library to interactively get the password of network devices during running the script.
In this section we send the password of network devices through the commands line using sys argv or system arguments.
Using GPG to encrypt the password of network devices and using public key authentication to connect to network devices are discussed in the next sections.
Python sys argv method
When we run a script through command line, the name of the script is the first argument or “sys.argv[0]”. We will give the credentials of network devices from the second argument starting from sys.argv[1].
In our example, we suppose all devices have the same credential. Therefore we give the username and password to connect to network devices through sys.argv[1) and sys.argv[2].
remove clear text password from nornir inventory files
Before running script we make sure that clear text password is not stored in nornir inventory files.
majid@majid-ubuntu:~/devnet/pyhton_nornir/2023/6.avoid_clear_text_passwords_in_nornir_inventory$ cat hosts.yaml --- R1: hostname: "192.168.1.11" # username: "rayka" groups: - cisco majid@majid-ubuntu:~/devnet/pyhton_nornir/2023/6.avoid_clear_text_passwords_in_nornir_inventory$ cat groups.yaml --- cisco: platform: ios majid@majid-ubuntu:~/devnet/pyhton_nornir/2023/6.avoid_clear_text_passwords_in_nornir_inventory$ cat defaults.yaml --- username: "rayka" platform: "ios"
Python sys argv Code Example
This is the script that I have already prepared to get the password through command line argument.
Python “sys” library is imported in the first line. We use python “sys” library to get the arguments from the command line and use them in python script.
import sys from nornir import InitNornir from nornir_scrapli.tasks import send_command from nornir_utils.plugins.functions import print_result nr = InitNornir(config_file="config.yaml") nr.inventory.hosts["R1"].username=sys.argv[1] nr.inventory.hosts["R1"].password=sys.argv[2] def get_password_by_sysargv_example(task): task.run(task=send_command, command="show ip interface brief | exc unassigned") results=nr.run(task=get_password_by_sysargv_example) print_result(results)
Here the first argument after script name or “srs.yrgv[1]” as the “username” variable and the second argument after script name or “sys.argv[2]” as the “password” variable are stored in in nornir hosts inventory file.
Then we use “send_command” task from “nornir_scrapli” plugin to send “show ip interface brief” command to network devices.
Now we run the script.
majid@majid-ubuntu:~/devnet/pyhton_nornir/2023/6.avoid_clear_text_passwords_in_nornir_inventory$ python3 6.3.get_password_by_sysargv.py rayka rayka-co.com
get_password_by_sysargv_example*************************************************
* R1 ** changed : False ********************************************************
vvvv get_password_by_sysargv_example ** changed : False vvvvvvvvvvvvvvvvvvvvvvvv INFO
---- send_command ** changed : False ------------------------------------------- INFO
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 192.168.1.11 YES TFTP up up
^^^^ END get_password_by_sysargv_example ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^Running the command in network devices is successful, which means we correctly passed the credentials through “sys argv” to connect to network devices.
you can download python sys yrgv code example in this link.