Running the SNS CLI script in command line

• To display the list of commands, type --help:

• Each of these commands has specific options. To display them, type smc-sns-cli-script <name_of_action> -h.

• To add a script on the SMC server and run it immediately, use the command:
  smc-sns-cli-script exec <file_path>
• To run a script that has already been stored on the SMC server, use the command:
  smc-sns-cli-script run <script_name>

From the options that come with these commands, you must choose one of the following:

• --firewall-list: to be followed by a list of firewall names separated by commas,
• --all: indicates that the script will be run on all firewalls,
• --csv-file: to be followed by a path to a CSV file containing the list of firewalls and the associated variables. The command will then list the firewalls specified in this file. For more information, please refer to the section Using variables.

The option --csv-file can be used together with the options --firewall-list and --all. In this case, both of these options specify the list of firewalls on which the script is to be run.

The following options are not mandatory:

• --dry-run: allows displaying the contents of the script including the variables associated with each firewall, for the purpose of reference only.
• --raw-output: allows showing how the script was run in raw text,
• --update: makes it possible to force the script to be added on the server if a script with the same name already exists. This option is only available for the command exec.

When the deployment of a configuration is in progress, or another script is being run, a new script cannot be run in command line. An error message will appear if the deployment has not fully ended on all connected firewalls or if the script has not finished running. Firewalls on which the configuration was deployed in batches will not prevent scripts from running.

To send or receive files attached to a script, please refer to the section Attaching files to a script and receiving files generated by script.

To add a script in the script folder on the SMC server, use the command smc-sns-cli-script add <file_path>.

Option--update: makes it possible to force the script to be added on the server if a script with the same name already exists.

To delete a script from the SMC server, use the command smc-sns-cli-script delete <script_name>.

To show the list of scripts found in the script folder of the SMC server, use the command smc-sns-cli-script list.

The following is an example of how a CSV file can be used with a script. For all firewalls in a pool (two in this example), we wish to create an object that represents the main Active Directory server and an object that represents the secondary AD server, taking into account the following conditions:

• The main AD server has to be an object with static IP address resolution,
• The secondary AD server has to be an object with dynamic IP address resolution,
• The name of each object has to indicate whether it is a main or secondary server,
• The comments of each object must indicate the name of the firewall on which it will be created.
• The IP address of each AD server is different for each firewall.

1. Create the script /var/tmp/ad.script:

   # Create a new host CONFIG OBJECT HOST NEW name=AD-%type% comment="%type% AD server for FW %FW_NAME%" ip="%ip_addr%" resolve=%mode%
   CONFIG OBJECT ACTIVATE

2. Create the CSV file /var/tmp/ad.csv for the pool of two firewalls:

   firewall;type;ip_addr;mode
   sns-paris;Main;1.1.1.1;static
   sns-paris;Backup;1.1.2.2;dynamic
   sns-lyon;Main;4.4.4.4;static
   sns-lyon;Backup;4.4.5.5;dynamic

3. Enter the following command in the command line interface:

   smc-sns-cli-script exec /var/tmp/ad.script --csv-file /var/tmp/ad.csv

The following is the expected result for each of the firewalls sns-paris and sns-lyon: