Scripting the @Riverbed SteelHead CLI
At the time of writing, with 8.6.1 just being released, the REST API for the SteelHead appliances is still in its early days and creating scripts for automating SteelHead tasks is not a trivial task. Whilst there are high hopes for RiOS 9.0, it is still some way off from GA so automation is currently best performed using the CMC, or as it is now known, the SCC.
However, what if you do not have an SCC? Or even if you do, how could you automate individual features to be configured/reconfigured, such as in a demo environment?
As it happens, the answer is easier than you might think. If you have ever connected to the SteelHead’s CLI via anything other than a console cable you will almost certainly have used SSH. Now, the big advantage of SSH is that you can also pass it a file with a series of commands which can be executed directly rather than having the hassle of an interactive login. This is hardly scripting in the true sense – you cannot create decision structures, but it can become part of the building blocks for doing this. We will look at this in two parts, first of all, how do you pass commands from a file directly through your SSH client and then, how might you use the output from these to make decisions which you can then use as part of a larger script or program. As you might expect, this is much easier in Linux and Mac OSX than it is in Windows so we will focus on the Unix solution. Actually, the Windows solution is pretty much the same, but uses Putty utilities rather than OpenSSH. The examples in this post are all done on a Mac but should be identical in Linux.
The steps are as follows:
1. Enable passwordless login to the Riverbed CLI via SSH
2. Parse the contents of a text file, via SSH, to the SteelHead CLI.
3. Use the output to perform something useful, perhaps as part of a larger script.
For step 3 we will look at the Perl solution. For those wanting this in Python, don’t worry, I will create a later blog post on this but will probably focus on the REST API, which is much easier in Python.
1. Enable passwordless login to the Riverbed CLI
This is actually very straightforward. Firstly, you need to generate your RSA on your client machine. On a Mac/Linux, the command is:
This will create your SSH keys and certificate. What you will now need to do is copy this to your Riverbed SteelHead device. Type the following command:
$ cat .ssh/id_rsa.pub
Login to your Steelhead appliance and type the following commands
# config t
(config) # ssh client user root authorized-key key sshv2 “THE CONTENTS OF YOUR PUBLIC KEY FROM THE PREVIOUS STEP GO HERE BUT REMEMBER THE QUOTES!” <ENTER>
Test that this works by SSH’ing into the Steelhead from your client by typing the command:
$ ssh admin@IP_OF_STEELHEAD <ENTER>
You might be asked to accept the certificate but if you are logged in without a password give yourself a pat on the back – you are in!
2. Create a text file containing the commands
Now, once we are this far, passing command directly through SSH is simple. Return to the CLI on your client and create a text file containing the following lines and call it sh.txt:
Just two lines – enough for now.
3. Redirect this file to SSH
At the BASH prompt on your Mac/Linux client type the following:
$ ssh admin@IP_OF_STEELHEAD < sh.txt <ENTER>
After a pause you should see the output of the show info command.
4. Script it!
From this, you can see how you might create files to create static configs to set and reset features on demand (or even scheduled). We even use a similar technique in our own Performance Lab for some of our demos and you can think how you might tie this in with CRON etc to automate tasks more complex than your could do with the JOB command on a SteelHead and certainly more flexibly.
Despite this, it is still pretty limited on its own and is restricted to pushing static configs which the CMC/SCC could do much more efficiently via policies.
Ha, but wait, if we can push commands to the SteelHead, we can also retrieve the output of these commands which we can then use.
The following is a simple Perl script (and Perl is installed by default on Macs and Linux) which uses the above principles then uses some fairly simple regular expressions to extract the output:
$cli = ‘ssh firstname.lastname@example.org < sh.txt’;
$shinfo = `$cli`;
if ($shinfo =~ /Version:\s+(\d.\d.\d[a-z])/)
print “The version is $1\n”;
The sh.txt file is the same as before. The $cli variable simple contains the commands to connect to the SteelHead and send the contents of the ssh.txt file.
The real work is contained in the next two lines. Firstly, the ` character cause the commands in $cli to be actually run and their output to be passed to the $shinfo variable. The next line is a simple if statement which uses a regular expression to extract the version number from the output which is stored in the memory variable $1. This is then simply printed on the screen.
What we have shown (and what we can do using this technique) is both script the CLI and then use the resulting output. Certainly with Perl, it would be very straightforward to cascade this (no pun intended) with other string of commands via other conditionals to dynamically control a SteelHead’s configuration. Even in simple terms we could extract the Current Connections (for example) at regular intervals and export to database to maintain historical information on connections and optimisation, something which currently cannot be done using Riverbed’s own software.
Hopefully, I have given a glimpse of what can be achieved through a combination of a Unix-like client, Perl and knowledge of the SteelHead CLI to not only control but also to flexibly extract information from the SteelHeads and then use that information to either change the config or save and use that information with other sources.