Table of Contents

Python sys argv or system arguments are used to get the arguments from the command line in Python scripts.

We use system arguments in network automation to get the password of network devices from the command line to avoid storing clear text passwords in Nornir inventory files.

Python sys argv Fundamental

methods to avoid clear text password in Nonrir inventory Files

In the previous section, we used the “getpass” Python library to interactively get the password of network devices during running the script. 

methods to avoid storing clear text passwords in nornir inventory files
methods to avoid storing clear text passwords in nornir inventory files

In this section we send the password of network devices through the commands line using sys argv or system arguments.

Using GPG to encrypt the password of network devices and using public key authentication to connect to network devices are discussed in the next sections.

Python sys argv method

When we run a script through command line, the name of the script is the first argument or “sys.argv[0]”. We will give the credentials of network devices from the second argument starting from sys.argv[1].

pass network devices credential through sys argv
pass network devices credential through sys argv

In our example, we suppose all devices have the same credential. Therefore we give the username and password to connect to network devices through sys.argv[1) and sys.argv[2].

remove clear text password from nornir inventory files

Before running script we make sure that clear text password is not stored in nornir inventory files.

majid@majid-ubuntu:~/devnet/pyhton_nornir/2023/6.avoid_clear_text_passwords_in_nornir_inventory$ cat hosts.yaml
---

R1:
  hostname: "192.168.1.11"
#  username: "rayka"
  groups:
    - cisco
	
majid@majid-ubuntu:~/devnet/pyhton_nornir/2023/6.avoid_clear_text_passwords_in_nornir_inventory$ cat groups.yaml
---

cisco:
  platform: ios

majid@majid-ubuntu:~/devnet/pyhton_nornir/2023/6.avoid_clear_text_passwords_in_nornir_inventory$ cat defaults.yaml
---

username: "rayka"
platform: "ios"

Python sys argv Code Example

This is the script that I have already prepared to get the password through command line argument.

Python “sys” library is imported in the first line. We use python “sys” library to get the arguments from the command line and use them in python script.

import sys
from nornir import InitNornir
from nornir_scrapli.tasks import send_command
from nornir_utils.plugins.functions import print_result

nr = InitNornir(config_file="config.yaml")

nr.inventory.hosts["R1"].username=sys.argv[1]
nr.inventory.hosts["R1"].password=sys.argv[2]

def get_password_by_sysargv_example(task):
    task.run(task=send_command, command="show ip interface brief | exc unassigned")

results=nr.run(task=get_password_by_sysargv_example)
print_result(results)

Here the first argument after script name or “srs.yrgv[1]” as the “username” variable and the second argument after script name or “sys.argv[2]” as  the “password” variable are stored in in nornir hosts inventory file.

Then we use “send_command” task from “nornir_scrapli” plugin to send “show ip interface brief” command to network devices.

Now we run the script.

majid@majid-ubuntu:~/devnet/pyhton_nornir/2023/6.avoid_clear_text_passwords_in_nornir_inventory$ python3 6.3.get_password_by_sysargv.py rayka rayka-co.com
get_password_by_sysargv_example*************************************************
* R1 ** changed : False ********************************************************
vvvv get_password_by_sysargv_example ** changed : False vvvvvvvvvvvvvvvvvvvvvvvv INFO
---- send_command ** changed : False ------------------------------------------- INFO
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1       192.168.1.11    YES TFTP   up                    up
^^^^ END get_password_by_sysargv_example ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Running the command in network devices is successful, which means we correctly passed the credentials through “sys argv” to connect to network devices.

you can download python sys yrgv code example in this link.

Back to: CLI based Network Automation using Python Nornir > avoid clear text passwords in nornir inventory

Leave a Reply

Your email address will not be published. Required fields are marked *


Post comment