meraki / automation-scripts Goto Github PK

• We are facing issues when we are running manage_network.py script. The script is getting completed without any issues but no network is migrated to the new org specified in config.yaml.
  Logs from Network script.

2023-08-24 14:48:37 -- Using configuration file "./config.yaml"
GET https://api.meraki.com/api/v1/organizations
200
2023-08-24 14:48:38 -- Source organization id 434227
2023-08-24 14:48:38 -- Destination organization id 434227
GET https://api.meraki.com/api/v1/organizations/434227/networks
200
GET https://api.meraki.com/api/v1/organizations/434227/networks
200
GET https://api.meraki.com/api/v1/organizations/434227/policyObjects
200
GET https://api.meraki.com/api/v1/organizations/434227/policyObjects/groups
200
GET https://api.meraki.com/api/v1/organizations/434227/policyObjects
200
GET https://api.meraki.com/api/v1/organizations/434227/policyObjects/groups
200
2023-08-24 14:48:39 -- Copying policy objects and groups...
2023-08-24 14:48:39 -- Copying VPN firewall rules...
GET https://api.meraki.com/api/v1/organizations/434227/appliance/vpn/vpnFirewallRules
200
PUT https://api.meraki.com/api/v1/organizations/434227/appliance/vpn/vpnFirewallRules
200
2023-08-24 14:48:41 -- Creating networks...
2023-08-24 14:48:41 -- Refreshing time zone settings...
2023-08-24 14:48:41 -- Copying MX routing mode settings...
2023-08-24 14:48:41 -- Copying MX VLANs...
2023-08-24 14:48:41 -- Copying MX static routes...
2023-08-24 14:48:41 -- Copying MX L3 firewall rules...
2023-08-24 14:48:41 -- Copying MX traffic shaping settings...
2023-08-24 14:48:41 -- Copying MR SSIDs...
2023-08-24 14:48:41 -- Copying MR Firewall rules...
2023-08-24 14:48:41 -- Copying MR traffic shaping rules...
2023-08-24 14:48:41 -- Copying alerts...
2023-08-24 14:48:41 -- Copying Site-to-site VPN configration...

Second in manage_devices.py : When we are trying to export the using manage_devices.py we are not getting any details in json

Its empty.

python manage_devices.py -k (myapikey) -o "Lab NTT Nederland BV" -m export -t test_AP : tagged the device already.

The two scripts are not working as expected and not throwing any errors.

Please fix them or update us if any changes are needed in the approach.

Is there a forum for this script? I'd love to review some tips and tricks to get it to work. It seems to kick off but I only see a connection in the change log for new networks and not for this existing one.

C:\data\OneDrive - DYOPATHCORP\Mailing List\Cisco Notes\Meraki Notes\Scripting>C:\Users"Jeff G"\AppData\Local\Programs\Python\Python310\python migrate_cat3k.py -k -o "Transport Service" -i migrate_cat3k_JTG2.txt
Reading init config file...
Fetching dashboard organization...
Reading configuration from source devices...
Parsing source configration...
Creating networks...
Claiming devices...
Configuring devices...
Committing action batch:
[{'resource': '/devices/Q2NW-784P-XXXX/switchPorts/36', 'operation': 'update', 'body': {'vlan': '19'}}, {'resource': '/devices/Q2NW-784P-XXXX/switchPorts/37', 'operation': 'update', 'body': {'vlan': '23'}}, {'resource': '/devices/Q2NW-784P-XXXX/switchPorts/38', 'operation': 'update', 'body': {'type': 'trunk', 'tags': ''}}, {'resource': '/devices/Q2NW-784P-HVQN/switchPorts/39', 'operation': 'update', 'body': {'vlan': '23'}}, {'resource': '/devices/Q2NW-784P-XXXX/switchPorts/40', 'operation': 'update', 'body': {'type': 'access', 'vlan': '19'}}]
Waiting for action batches to complete...

End of script.

When creating multiple networks from a single existing network, the script does not cater correctly for multiple entries in the input.csv file. The vlans are spread across all networks that you create.

My Customer doesn't use the field 'name' yet. This python script then throws an exception which needs to be caught by a try-except-clause, see my attachment
uplink.py.txt

Then it should work as expected.

Is it possible to update the script uplink.py to poll multiple orgs instead of just one at a time?

I am running the usagestats.py , but the upload/download data seems to be off.

-Not all networks show up for the given organization,
-the upload and download values for the networks are all 0 (even though there is traffic in them)
-reports set to last-week and last-month give the same results

Hi,

What is the way to add cellular firwall rules with the script?
Regarding this doc: https://developer.cisco.com/meraki/api-latest/#!update-network-appliance-firewall-cellular-firewall-rules it shoult be possible but I don't see witch option I should use.

Best regards

When I am running the copyswitchcfg script, I am getting "@ ERROR: Fetching organization failed". I verified the organization is correct for my api-key and that I have access to it with curl -L -H 'X-Cisco-Meraki-API-Key: my key' -H 'Content-Type: application/json' -X GET 'https://api.meraki.com/api/v0/organizations'

It listed all 3 organizations that I have access to.

I will look into seeing if I can write some sort of extension or a second version of this script, but I believe I may not be quite skilled enough yet to handle it. I'm able to read through and understand most of the code.

Passing the API Key as clear text variable in a terminal window is, in a sense, considered insecure.
I'm proposing rewriting the scripts such that they can check for a configured Environement variable where the API key is configured. In this way, they key isn't passed in clear text, and it is unneccessary to store keys in text files (or other storage spaces.

An example code could be

API_KEY = os.environ.get('MERAKI_API_KEY', None) 
if API_KEY is None:
    raise SystemExit('Please set environment variable MERAKI_API_KEY')
else:
    API_KEY = os.environ['MERAKI_API_KEY']

I am considering rewriting mxfirewallcontrol.py as its current form is overly complicated to work with, still uses API v0 and has no support for Policy objects. I would like to hear suggestions and feedback, for example about:

• Which features of the current script you use
• What you struggle with when using it
• What features you wish it had
• If you do one-off runs with it by hand, or have another process or scheduler launch it automatically

Hi there!

Instead of all of these automation scripts, have there been any attempts at creating a Terraform provider for some of this instead?

It would be great to store our network configuration as code and use Terraform to apply it.

Hi! For the backup_configs files, I noticed there's two CSV files with a Logic column and some predefined values. I was able to resolve an error I came across when running the restore script by marking one of the rows skipped. That got me curious about the other values (script, non-template, appliance, etc.). Couldn't find any documentation or info on the python scripts on what they exactly they do. Anyone able to provide any insight so I can tailor the CSV files to my desire?
backup_GET_operations.csv
restore_operations.csv

Executing the command on manageadmins.py appears to work in the command prompt, but doesn't populate in the dashboard. Here is the syntax I'm using:

python manageadmins.py -k 1234 -o ORGNAME -c add -a [email protected] -n User -p full

I've executed the command without the -p full and the -n with no issues. However, when I check the dashboard nothing updates. Additionally, I tried using the network name and the command ran, but never updated in the dashboard. Any help would be greatly appreciated.

Hello,

I try to use the script mx_firewall_control.py to update rulesets L3 but I've got a error message with the commands to add a ruleset.

PS C:\Meraki Python Scripts> python mxfirewallcontrol.py -o "XXXXX" -f "type:network, name: Template site MX67" -c append-file:update_input.txt
2023-07-20 18:43:07 -- Retrieving organization info...
GET https://api.meraki.com/api/v1/organizations
200
2023-07-20 18:43:07 -- Selecting networks and templates according to filters...
GET https://api.meraki.com/api/v1/organizations/YYYYY/networks
200
2023-07-20 18:43:08 -- SIMULATION MODE. CHANGES WILL NOT BE SAVED. USE "-m commit" TO OVERRIDE
2023-07-20 18:43:08 -- ERROR 28: Invalid input file format "update_input.txt"
2023-07-20 18:43:08 -- ERROR: Unable to load source ruleset

But I think to follow and apply correctly the format for the file as explained on the README (to be honest, it's just a test so I don't modify a lot the template txt file provided). Also the txt file is in the same folder than the .PY.

Below the file:
update_input.txt

Also I tried to use the direct command, and I've the same type of error with an invalid format.

PS C:\Meraki Python Scripts> python mxfirewallcontrol.py -o "XXXXX" -f"type:network, name:Template site MX67" -c 
insert:1:"[{""protocol"":""any"", ""srcPort"":""Any"", ""srcCidr"":""10.6.0.1"", ""destPort"":""Any"", ""destCidr"":""any"", ""policy"":""deny"", ""syslogEnabled"":false, ""comment"":""Line 3""}]" -m commit
2023-07-20 18:59:43 -- Retrieving organization info...
GET https://api.meraki.com/api/v1/organizations
200
2023-07-20 18:59:44 -- Selecting networks and templates according to filters...
GET https://api.meraki.com/api/v1/organizations/YYYYY/networks
200
2023-07-20 18:59:44 -- SIMULATION MODE. CHANGES WILL NOT BE SAVED. USE "-m commit" TO OVERRIDE
2023-07-20 18:59:44 -- ERROR: ERROR 50: Ruleset to be added must be given in JSON format

What I'm doing wrong ?

PS1: I don't have any issue for the "print" command
PS2: I use Windows10/Visual Studio Code to launch the script.

In advance, thank you very much

Needing to be able to set my Active Status to "While Next Hop Responds to Ping" compared to "Always".

Hello,

Do you have the possibility to migrate two scripts to the new APIv1?
export_mx_s2svpn.py and import_mx_s2svpn.py

I tried to do it myself.
from:
fw_rules = meraki.getmxvpnfwrules(api_key, org_id)
to
m = meraki.DashboardAPI(api_key=api_key, log_file_prefix=__file__[:-3]) fw_rules = m.appliance.getOrganizationApplianceVpnVpnFirewallRules(org_id)

but I get the error:
csv_row = [rule['policy'], rule['protocol'], rule['srcCidr'], rule['srcPort'], rule['destCidr'], rule['destPort'], rule['comment'], rule['syslogEnabled']]
TypeError: string indices must be integers

Hi Guys,

first of all- GREAT WORK!.

Is there a way to tag all ports in the organisation with the type parameter, with an own created tag?

Thanks a lot. Have a great day.

Hi,

Is there any possibilty to increase the speed of the script ?
Actually It take aproximatively 10 minutes to check 400 appliances

thanks

I've created two shell scripts that call mxfirewallcontrol.py, the first one is working fine, the second one fails (because it show no hit):

#!/bin/bash

python mxfirewallcontrol.py -k 547***45b -o /all -f "type:network"

#eof

#!/bin/bash

python mxfirewallcontrol.py -k 547***45b -o /all -f "type:network,tag:branch"

#eof

You can see the code in question is almost a 1:1 copy from https://github.com/meraki/automation-scripts/blob/master/mxfirewallcontrol_manual.pdf on page 3 right at the bottom. Still it doesn't work.

Why? What did I miss?

First issue is when appending fw rules with it adds a default rule automatically and doesn't remove it.

python mxfirewallcontrol.py -k -o -f "type:network, name:Center*" -c insert-file:15:firewall-rules-3851.txt -m commit

Second Issue: I lost connectivity to cloud due to VPN suspending with my company due to time out. When I went in and attempted to restore the backup using the insert-folder method because there were a lot of them and I knew that it would add it twice to the other devices firewall rules again. It started looping through the same ones over and over again with the next Center's firewall rules. So basically, if Line 2 and Line 3 are specific source-ip like 10.20.76.0 /24 but another center's source-ip should be 10.28.10.0 /24, this one will have the 10.20.76.0 /24 in it. Then when it goes to the next center's fw rule to restore it they will go back through 10.20.76.0/24 and add the new line 2 and line 3's source-ip to all the other centers already completed. Is there a way to keep this from happening?

Original Firewall Rule was before updating:

After starting the restore using the insert-folder command it is:

python manageadmins.py -k 12345 -o /all -c add -a [email protected] -n test1 -p read-only
File "manageadmins.py", line 44
42 import sys, getopt, requests, json, time
^
SyntaxError: invalid syntax

python --version
Python 3.8.0

pip list
Package Version

certifi 2019.11.28
chardet 3.0.4
idna 2.8
pip 19.3.1
requests 2.22.0
setuptools 41.2.0
urllib3 1.25.7

Hi
Having problem with deviceupdownstatus.py script , when gave output few days Back.
python3 deviceupdownstatus.py -k 1234 -o "XXx XXX XX"
Give output as
"@ ERROR 09: Unable to contact Meraki cloud"

Platform- Linux ubuntu 20.04.1 LTS
Python 3.8

Can you please help sorting out

TIA
Biswajit

Hi, just discovered this repo and its great work! However when running mxfirewallcontrol.py I receive an error:
python mxfirewallcontrol.py -k 123 -o "Network HQ" -c create-backup
@ INFO: Retrieving organization info
@ INFO: Selecting networks and templates according to filters
@ ERROR 04: Unable to contact Meraki cloud

When I try to curl https://XXX.meraki.com/api/v0/organizations I get data back so I believe I can access the Meraki Cloud.
Im trying to extract the firewall rules.

Thanks in advance!

This error keeps returning to me whether I setup the script to just print or to email a specific location.

Examples Used:

python merakilicensealert.py -k 1234 -u [email protected] -p Wowzer! -d [email protected] -t 30

python merakilicensealert.py -k 1234 -u [email protected] -p Wowzer! -d [email protected] -t 30 -m

python merakilicensealert.py -k 1234 -u [email protected] -p Wowzer! -d [email protected] -t 30 -m include_empty

They all return the same result:

File "merakilicensealert.py", line 333, in
main(sys.argv[1:])
File "merakilicensealert.py", line 294, in main
warninglist = checklicensewarning(arg_apikey, orglist, threshold, flag_includeempty)
File "merakilicensealert.py", line 162, in checklicensewarning
if licensestate['expirationDate'] == 'N/A':
TypeError: list indices must be integers or slices, not str

Any help would be greatly appreciated! I'm a newbie so I apologize if I didn't follow the correct process for this issue. If there is something different I should of done, please let me know.

Thanks
Rhin

I copied the script to my desktop. When running it there's an error on line 22:

$python merakidevicecounts.py -k xxxx -f orglist.txt
Traceback (most recent call last):
File "merakidevicecounts.py", line 22, in
import sys, getopt, requests, json, time
ImportError: No module named requests

No matter how I express the rule in the CLI - I received the following error: @ ERROR 50: Ruleset to be added must be given in JSON format

Can you please provide an example of adding a single new rule to the ruleset via CLI.

I've trying wrapping a single line in {} and {[]} and [].

Dashboard Organization overview has an available column that displays "% offline"
Need help finding the equivalent API calls.
Thanks

Greetings,

I've been using the maangeadmins.py successfully for years now and as recently as a few weeks ago. When attempting to run the script now, I am just presented with a number of warnings that the organization admin list can't be obtained.

@ WARNING: Unable to get admin list for organization ""
@ WARNING: Unable to get admin list for organization ""
@ WARNING: Unable to get admin list for organization ""

I've tried upgrading to the latest version of Python, changing my API key and testing from another Windows 10 machine and from an Ubuntu Linux box.

Running a POSTMAN GET

https://api.meraki.com/api/v0/organizations?X-Cisco-Meraki-API-Key=

does return the list of organizations I can see so I know my API key is valid.

Any assistance would be appreciated.

Thank you,

Jeff

When using the export_mx_l3.py script to try to export the L3 firewall rules, the following error occurs.

user@ubuntu:~/automation-scripts# python3 export_mx_l3.py -k ********************* -n L_63106689*************
2023-05-03 07:57:36 meraki: INFO > Meraki dashboard API session initialized with these parameters: {'version': '1.32.1', 'api_key': '****************************************', 'base_url': 'https://api.meraki.com/api/v1', 'single_request_timeout': 60, 'certificate_path': '', 'requests_proxy': '', 'wait_on_rate_limit': True, 'nginx_429_retry_wait_time': 60, 'action_batch_retry_wait_time': 60, 'retry_4xx_error': False, 'retry_4xx_error_wait_time': 60, 'maximum_retries': 2, 'simulate': False, 'be_geo_id': None, 'caller': None, 'use_iterator_for_get_pages': False}
Traceback (most recent call last):
File "/user/automation-scripts/export_mx_l3.py", line 84, in
main(sys.argv[1:])
File "/user/automation-scripts/export_mx_l3.py", line 72, in main
fw_rules = m.mx_l3_firewall.getNetworkL3FirewallRules(net_id)
AttributeError: 'DashboardAPI' object has no attribute 'mx_l3_firewall'

Hi getting this error when running backup.

appliance, getNetworkApplianceSingleLan - 400 Bad Request, {'errors': ['Single LAN is not available for networks in passthrough mode']}

When I run the manageadmins.py script to add an admin to every organization my API key has access too it starts to run through and then throws the following traceback error:

Traceback (most recent call last):
File "manageadmins.py", line 412, in
main(sys.argv[1:])
File "manageadmins.py", line 403, in main
cmdadd(arg_apikey, matchedorgs, arg_admin, arg_name, arg_privilege)
File "manageadmins.py", line 273, in cmdadd
adminid = findadminid(orgadmins, p_email)
File "manageadmins.py", line 193, in findadminid
if admin['email'] == p_adminemail:
KeyError: 'email'

Any idea why it would throw this?

Receive the following error below when running the report_statuses.py. I tried adding the lines in the fieldnames but it still comes back with the same error. Please advise. I need to see status of my MX applicances by Monday morning EST so I can upgrade them.

Thanks,

Paul

2022-07-15 12:27:56 meraki: INFO > organizations, getOrganizationNetworks; page 1 - 200 OK
Traceback (most recent call last):
File "C:\Users\pblais\OneDrive\OneDrive - Bowlero Corp\Desktop\Meraki-uplink\report-status\report_statuses.py", line 147, in
main()
File "C:\Users\pblais\OneDrive\OneDrive - Bowlero Corp\Desktop\Meraki-uplink\report-status\report_statuses.py", line 143, in main
csv_writer.writerow(status)
File "C:\Users\pblais\AppData\Local\Programs\Python\Python39\lib\csv.py", line 154, in writerow
return self.writer.writerow(self._dict_to_list(rowdict))
File "C:\Users\pblais\AppData\Local\Programs\Python\Python39\lib\csv.py", line 149, in _dict_to_list
raise ValueError("dict contains fields not in fieldnames: "
ValueError: dict contains fields not in fieldnames: 'components', 'productType', 'model', 'tags'