SMC certificate expiration on July 04, 2022, update your SMC !
Update is not possible? See the SMC not functionnal after the 4th of July 2022 article on the KB (authentication required).
Running the SNS CLI script in command line
From the command line interface, you can:
- add a script in the script folder on the SMC server and run it immediately.
- run a script that has already been stored on the SMC server,
- add a script in the script folder on the SMC server.
- delete a script from the script folder on the SMC server,
- show the list of scripts stored on the SMC server.
The main command
smc-sns-cli-script must be followed by one of the five commands corresponding to these actions.
The scripts storage repository is named nsrpc-scripts and is available from /data/users/.
- To display the list of commands, type --help:
- Each of these commands has specific options. To display them, type
smc-sns-cli-script <name_of_action> -h.
- To add a script on the SMC server and run it immediately, use the command:
smc-sns-cli-script exec <file_path>
- To run a script that has already been stored on the SMC server, use the command:
smc-sns-cli-script run <script_name>
From the options that come with these commands, you must choose one of the following:
- --firewall-list: to be followed by a list of firewall names separated by commas,
- --all: indicates that the script will be run on all firewalls,
- --csv-file: to be followed by a path to a CSV file containing the list of firewalls and the associated variables. The command will then list the firewalls specified in this file. For more information, please refer to the section Using variables.
The option --csv-file can be used together with the options --firewall-list and --all. In this case, both of these options specify the list of firewalls on which the script is to be run.
The following options are not mandatory:
- --dry-run: allows displaying the contents of the script including the variables associated with each firewall, for the purpose of reference only.
- --raw-output: allows showing how the script was run in raw text,
- --update: makes it possible to force the script to be added on the server if a script with the same name already exists. This option is only available for the command
When the deployment of a configuration is in progress, or another script is being run, a new script cannot be run in command line. An error message will appear if the deployment has not fully ended on all connected firewalls or if the script has not finished running. Firewalls on which the configuration was deployed in batches will not prevent scripts from running.
To send or receive files attached to a script, please refer to the section Attaching files to a script and receiving files generated by script.
To add a script in the script folder on the SMC server, use the command
smc-sns-cli-script add <file_path>.
Option--update: makes it possible to force the script to be added on the server if a script with the same name already exists.
To delete a script from the SMC server, use the command
smc-sns-cli-script delete <script_name>.
To show the list of scripts found in the script folder of the SMC server, use the command
The following is an example of how a CSV file can be used with a script. For all firewalls in a pool (two in this example), we wish to create an object that represents the main Active Directory server and an object that represents the secondary AD server, taking into account the following conditions:
- The main AD server has to be an object with static IP address resolution,
- The secondary AD server has to be an object with dynamic IP address resolution,
- The name of each object has to indicate whether it is a main or secondary server,
- The comments of each object must indicate the name of the firewall on which it will be created.
- The IP address of each AD server is different for each firewall.
- Create the script /var/tmp/ad.script:
# Create a new host CONFIG OBJECT HOST NEW name=AD-%type% comment="%type% AD server for FW %FW_NAME%" ip="%ip_addr%" resolve=%mode%
CONFIG OBJECT ACTIVATE
- Create the CSV file /var/tmp/ad.csv for the pool of two firewalls:
firewall;type;ip_addr;mode sns-paris;Main;18.104.22.168;static sns-paris;Backup;22.214.171.124;dynamic sns-lyon;Main;126.96.36.199;static sns-lyon;Backup;188.8.131.52;dynamic
- Enter the following command in the command line interface:
smc-sns-cli-script exec /var/tmp/ad.script --csv-file /var/tmp/ad.csv
The following is the expected result for each of the firewalls sns-paris and sns-lyon:
In CSV files, fields are often separated by a comma or semi-colon. The
smc-sns-cli-scriptcommand interprets semi-colons (;) as separators by default. The separator may be different depending on the CSV file. In order to change the separator, put the variable FWADMIN_SNS_CLI_CSV_DELIMITER before the command. For example:
FWADMIN_SNS_CLI_CSV_DELIMITER=, smc-sns-cli-script exec --csv-file=/var/tmp/myfile.csv /var/tmp/myscript.script