Running the SNS CLI script in command line

From the command line interface, you can:

  • add a script in the script folder on the SMC server and run it immediately.
  • run a script that has already been stored on the SMC server,
  • add a script in the script folder on the SMC server.
  • delete a script from the script folder on the SMC server,
  • show the list of scripts stored on the SMC server.

The main command smc-sns-cli-script must be followed by one of the five commands corresponding to these actions.

The scripts storage repository is named nsrpc-scripts and is available from /data/users/.

  • To display the list of commands, type --help:

List of commands for SNS CLI scripts

  • Each of these commands has specific options. To display them, type smc-sns-cli-script <name_of_action> -h.
  • To add a script on the SMC server and run it immediately, use the command:
    smc-sns-cli-script exec <file_path>
  • To run a script that has already been stored on the SMC server, use the command:
    smc-sns-cli-script run <script_name>

From the options that come with these commands, you must choose one of the following:

  • --firewall-list: to be followed by a list of firewall names separated by commas,
  • --all: indicates that the script will be run on all firewalls,
  • --csv-file: to be followed by a path to a CSV file containing the list of firewalls and the associated variables. The command will then list the firewalls specified in this file. For more information, please refer to the section Using variables.

The option --csv-file can be used together with the options --firewall-list and --all. In this case, both of these options specify the list of firewalls on which the script is to be run.

The following options are not mandatory:

  • --dry-run: allows displaying the contents of the script including the variables associated with each firewall, for the purpose of reference only.
  • --raw-output: allows showing how the script was run in raw text,
  • --update: makes it possible to force the script to be added on the server if a script with the same name already exists. This option is only available for the command exec.

When the deployment of a configuration is in progress, or another script is being run, a new script cannot be run in command line. An error message will appear if the deployment has not fully ended on all connected firewalls or if the script has not finished running. Firewalls on which the configuration was deployed in batches will not prevent scripts from running.

To send or receive files attached to a script, please refer to the section Attaching files to a script and receiving files generated by script.

To add a script in the script folder on the SMC server, use the command smc-sns-cli-script add <file_path>.

Option--update: makes it possible to force the script to be added on the server if a script with the same name already exists.

To delete a script from the SMC server, use the command smc-sns-cli-script delete <script_name>.

To show the list of scripts found in the script folder of the SMC server, use the command smc-sns-cli-script list.

The following is an example of how a CSV file can be used with a script. For all firewalls in a pool (two in this example), we wish to create an object that represents the main Active Directory server and an object that represents the secondary AD server, taking into account the following conditions:

  • The main AD server has to be an object with static IP address resolution,
  • The secondary AD server has to be an object with dynamic IP address resolution,
  • The name of each object has to indicate whether it is a main or secondary server,
  • The comments of each object must indicate the name of the firewall on which it will be created.
  • The IP address of each AD server is different for each firewall.
  1. Create the script /var/tmp/ad.script:

    # Create a new host

    CONFIG OBJECT HOST NEW name=name=%type%AD.%FW_NAME%".com comment="%type% AD server for FW %FW_NAME%" ip="%ip_addr%" resolve=%mode%
    CONFIG OBJECT ACTIVATE

  2. Create the CSV file /var/tmp/ad.csv for the pool of two firewalls:

    firewall;type;ip_addr;mode
paris;Main;1.1.1.1;static
paris;Backup;1.1.2.2;dynamic
lyon;Main;4.4.4.4;static
lyon;Backup;4.4.5.5;dynamic

  3. Enter the following command in the command line interface:

    smc-sns-cli-script exec /var/tmp/ad.script --csv-file /var/tmp/ad.csv

The following is the expected result for each of the firewalls paris and lyon:

CONFIG OBJECT HOST NEW name=MainAD.paris.com comment="Main AD server for FW paris" ip="1.1.1.1" resolve=static
100 code=00e01700 msg="Object successfully added"
CONFIG OBJECT ACTIVATE
100 code=00a00100 msg="Ok"
CONFIG OBJECT HOST NEW name=BackupAD.paris.com comment="Backup AD server for FW paris" ip="1.1.2.2" resolve=dynamic
100 code=00e01700 msg="Object successfully added"
CONFIG OBJECT ACTIVATE
100 code=00a00100 msg="Ok"

CONFIG OBJECT HOST NEW name=MainAD.lyon.com comment="Main AD server for FW lyon" ip="4.4.4.4" resolve=static
100 code=00e01700 msg="Object successfully added"
CONFIG OBJECT ACTIVATE
100 code=00a00100 msg="Ok"
CONFIG OBJECT HOST NEW name=BackupAD.lyon.com comment="Backup AD server for FW lyon" ip="4.4.5.5" resolve=dynamic
100 code=00e01700 msg="Object successfully added"
CONFIG OBJECT ACTIVATE
100 code=00a00100 msg="Ok"

In CSV files, fields are often separated by a comma or semi-colon. The smc-sns-cli-script command interprets semi-colons (;) as separators by default. The separator may be different depending on the CSV file. To change the separator expected by the command, the value of the variable SMC_SNS_CLI_CSV_DELIMITER must be changed:

  1. Log in to the SMC server via the console of your hypervisor or in SSH.
  2. In the file /data/config/fwadmin-env.conf.local, change the value of the environment variable: SMC_SNS_CLI_CSV_DELIMITER=,.
  3. Restart the server with the command nrestart fwadmin-server.