ZipTie contains a number of built-in tools that are based on the ZipTie Script Tools Framework (STF). The STF is itself based on the ZipTie Java Tools Framework (JTF). The purpose of the STF is to simplify the creation of tools for use within ZipTie by providing configuration by convention and the use of a common high-level scripting language (Perl) that network engineers and developers alike are familiar with. In this chapter, you will learn about the anatomy of a scripted tool, the various kinds of supported results display, and how to create more powerful tools through interactive input.
Tools based on the STF are first-class tools, peers of native tools written in the Java Tools Framework, and therefore appear in the primary tools menu within the ZipTie user interface.
A scripted tool contains two principal components: a perl script and a properties file. The properties file describes metadata about the tool itself including: invocation format, display name and description, output table definition, interactive inputs (if any), and threading behavior. By convention the name of the script and the name of the properties file are the same, for example ping.properties and ping.pl, but this is only convention and tool writers can choose to make them different as the properties file references the script file by name.
Scripted tools reside in the scripts folder within the org.ziptie.core.scripttools plugin. The full relative path from the ZipTie installation is ziptie/plugins/org.ziptie.core.scripttools/scripts. It is in this directory that both the Perl scripts and their associated properties files reside. A properly formatted properties file and tool script dropped into this directory will automatically appear on the tools menu within ZipTie. For a new tool, the server and client must be restarted before the tool will appear. Changes made to scripts or in this directory are also picked up immediately by ZipTie making the task of developing, debugging, and testing a tool much easier.
The simplest way to introduce a properties file is to look at an concrete example. The properties file presented below is the actual snmp.properties file for the SNMP System Info tool as it exists at the time of this writing. All of the properties will be explained in greater detail in the coming sections in this chapter.
script.name=snmpwalk.pl {device.ipAddress} {cred.roCommunity}
menu.label=SNMP System Info.
menu.tooltip=Gather SNMP Information from a device
mode.supported=multi
column.0=
column.1=Device
column.2=System Description
column.3=System Uptime
column.4=System Contact
column.5=System Name
column.6=System Location
column.0.icons=success.gif,warning.gif,error.gif
column.0.regex=(OK)|(WARN)|(ERROR)
column.0.resizable=false
column.0.align=center
column.0.width=20
column.1.width=90
column.2.width=300
column.3.width=150
column.4.width=100
column.5.width=200
column.6.width=100
thread.concurrency=8
This is an explanation of the properties file listing above.
| Property | Description |
| script.name | The name of the script used to execute the tool. Additionally, you can see that some macro-ized parameters are passed to the script as arguments. These will be discussed later in this chapter. |
| menu.label | The name that will appear on the Tools menu in the UI. |
| menu.tooltip | The text of the tooltip that is associated with the tool. |
| mode.supported | Determines the mode this tool is allowed to run in. The three possible modes are 'single', 'multi', and 'combined'. If the tool is a 'single' mode tool it is only allowed to run against a single device selection and typically displays multiple lines of output for a given device. If the tool is a 'multi' mode tool it can be run against a multiple device selection and displays one line of output for each device. If the tool is a 'combined' mode tool it can be run against one or more devices, but that only has a single invocation of the script. These modes will be discussed later in the chapter. |
| column.x | The names of the columns in the output table. |
| column.x.icons | Defines icons that can appear in the specified column. This icon works in conjunction with the 'regex' attribute below. Multiple icon images can be specified by separating them with a comma. |
| column.x.regex | Defines a regular expression that will be matched against the tool output for the given column to select an icon image to display in the output table. This regular expression should be defined with multiple 'match groups', with the first match group resolving to the first image, the second match group resolving to the second image, etc. |
| column.x.resizable, align, width | Specifies columnar layout information, including the ability to resize, horizontal alignment, and pixel width. |
| thread.concurrency | Specifies the number of worker threads will be used to run this tool when multiple devices are selected. |
Script tools interact with ZipTie via command arguments (input) and stdout (output). Command arguments are passed in as per their definition in the script.name property, and the script is expected to output specially formatted data to stdout. The form of the output varies depending upon the 'mode' that the tool is defined to support via the mode.supported property. The two currently supported modes are 'multi' and 'single' and are described in the following two sections.
A multi-mode tool is a tool that is meant to run against multiple devices, providing columnar output for the purposes of comparison across devices. These tools must be able to summarize their output in a single row of a table; as one row is given to each device. In the case of running a multi-mode tool, consider the SNMP System Info tool as an example. In the ZipTie environment, the user would select several IP addresses, right-click and pick SNMP System Info from the Tools sub-menu. The perl script will not get several IP addresses as command-line parameters, but instead STF will invoke the script once per device. The script will be invoked with the input arguments just as declared in the properties file, which in the case of SNMP System Info is simply the IP address of a device. STF will actually start several threads and run the script against a single IP, one instance per thread. The script doesn't need care whether the tool was selected to run against one device or one hundred devices, its input and output will be the same.
The format of output from a multi-mode tool is a single line of comma separated values (CSV), followed by a blank line, followed by multiple lines of detail. Looking at just the column definitions from the snmpwalk.properties file these are the columns that are defined:
column.0=
column.1=Device
column.2=System Description
column.3=System Uptime
column.4=System Contact
column.5=System Name
column.6=System Location
Therefore, the tool must output a single line of CSV where each column is accounted for, followed by detailed output that is associated with that information. Often that is just the raw output of some command that was parsed to generate the CSV. Here is some example output from the SNMP System Info tool:
OK,10.100.22.6,"Cisco Systems WS-C292","45 days, 3:33:12.84","XXX","cisco2621.ziptie.org","ziptie"
SNMPv2-MIB::sysDescr.0 = STRING: Cisco Systems WS-C292
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(12e), RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Mon 12-May-03 14:42 by pwade
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.209
SNMPv2-MIB::sysUpTime.0 = Timeticks: (390079284) 45 days, 3:33:12.84
SNMPv2-MIB::sysContact.0 = STRING: XXX
SNMPv2-MIB::sysName.0 = STRING: cisco2621.ziptie.org
SNMPv2-MIB::sysLocation.0 = STRING: ziptie
SNMPv2-MIB::sysServices.0 = INTEGER: 78
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00
You can see that the Ping tool output a single line of CSV corresponding to the columns defined in the snmpwalk.properties file. Column 0 had a value of 'OK', column 1 had a value of '10.100.22.6', column 2 had a value of 'Cisco Internetwork Operating System Software ', etc. Following the line of CSV is a mandatory blank line, and then the full detail of the raw SNMP data from which the CSV output was generated. This detail is displayed when a user clicks on a summary entry (generated by the CSV) in the output table as seen in this example:
A single-mode tool is a tool that is meant to run against a single selected device. Exactly one invocation of the tool script is made to gather the output for display. These tools can produce multiple lines of output for the selected device. In the case of running a single-mode tool, consider the Traceroute tool as an example. In the ZipTie environment, the user would select a single device, right-click and pick Traceroute from the Tools sub-menu. The tool script will be invoked with the input substitution parameters specified in the properties file. As in the case of the SNMP System Info tool, the Traceroute tool (and any single-mode tool) produces CSV output matching the columns defined in the properties file. However, unlike a multi-mode tool, a single-mode tool may produce one or more lines of CSV output for the selected device. And like a multi-mode tool, this CSV output can then be followed by a blank line and then detailed output. However, unlike the multi-mode tool this detailed output applies to the entire output of the tool and not to a specific row that is selected in the output table.
The following output is an example of output from the Perl script that implements the Traceroute tool:
OK,1,core.ziptie.org,10.10.1.1,2.407,0.720,0.730
OK,2,labcore.ziptie.org,10.10.30.2,0.502,0.508,0.478
OK,3,cisco3640.ziptie.org,10.100.22.15,2.130,*,2.185,
traceroute to 10.100.22.15 (10.100.22.15), 16 hops max, 40 byte packets
1 corp-core.inside.eclyptic.com (10.10.1.1) 2.407 ms 0.720 ms 0.730 ms
2 labcore.inside.eclyptic.com (10.10.30.2) 0.502 ms 0.508 ms 0.478 ms
3 cisco3640.inside.eclyptic.com (10.100.22.15) 2.130 ms * 2.185 ms
You can see in this example output that the Traceroute tool produces three lines of CSV which correspond to the three hops the in the detailed output, whose content follows the CSV after the required blank line.
A combined-mode tool is a tool that is run against one or more devices, but that only has a single invocation of the script. This is in contrast to the single-mode and multi-mode tools in which the tool script is run once per each selected device. Combined-mode is not of much utility without having information about the selected list of devices as input parameters and to this end the framework provides a flexible way of getting this information. The STF provides for a property named devices.selected that can contain the same input substitution parameters as used in the script.name property. The devices.selected property can then be referred to in the script.name entry and its value is expanded for each selected device before before being supplied as an input parameter. Perhaps looking at an example will provide clarification:
script.name=vlan_membership.pl {input.vlan} {devices.selected}
devices.selected={device.ipAddress} {device.osType} {cred.username} {cred.password} {cred.enablePassword}
menu.label=VLAN Member Ports
menu.tooltip=Shows Cisco VLAN member ports.
input.0=vlan
input.0.label=VLAN ID
input.0.type=string
input.0.default=1
column.0=Device
column.0.width=200
column.1=Port
mode.supported=combined
This example is from the VLAN Member Ports tool. Without getting to far ahead in discussing interactive tool inputs (see the next section on “Interactive Tools”), you can see that the script.name property defines two inputs: an interactive input ({input.vlan}) and the aforementioned devices.selected property. The devices.selected property is defined to expand the IP address, OS type, username, password, and “enable” password for a device. The devices.selected definition will be expanded for every selected device, and then the concatenation of that expansion supplied as input to the vlan_membership.pl script. If the user selected 2 devices then the vlan_membership.pl script would be passed 1) the interactive input.vlan parameter, and 2) the IP address, OS type, username, etc. for the first selected device followed by the IP address, OS type, username, etc. of the second device. If hundreds of devices were selected, there would be thousands of input parameters to the script which should be designed to process each set of input parameters supplied.
ZipTie STF supports the concept of an interactive tool. An interactive tool is one which defines one or more input parameters which should be provided interactively by the user when running the tool. Outside of the scope of this chapter but worth mentioning is that the types of input can be expanded through the use of the JTF from the ones that ZipTie inherently provides. Let's look at an example of an interactive tool and the types of inputs available to you. This example is from the Switch port/IP mapping tool.
script.name=switchport.pl {input.switchIP} {input.switchSnmpCred} {input.routerIP} {input.routerSnmpCred}
menu.label=Switch port/IP mapping
menu.tooltip=Perform a mapping of IP Address to switch port
input.0=switchIP
input.0.label=Switch IP
input.0.type=ipAddress
input.0.default={device.ipAddress}
input.1=switchSnmpCred
input.1.label=Switch SNMP Community
input.1.type=password
input.1.default={cred.roCommunityString}
input.2=routerIP
input.2.label=Router IP
input.2.type=ipAddress
input.2.default={device.ipAddress}
input.3=routerSnmpCred
input.3.label=Router SNMP Community
input.3.type=password
input.3.default={cred.roCommunityString}
You can see above that four inputs are defined, input.0, input.1, input.2, and input.3. The numbers appended to the input. property must begin at zero (0) and increase by one for each subsequent input defined. Examining an individual input definition we see the following:
input.0=switchIP
input.0.label=Switch IP
input.0.type=ipAddress
input.0.default={device.ipAddress}
Here is a line-by-line explanation of this definition:
| Line | Description |
| input.0 | This defines the name ('switchIP') by which this input can be referenced by. Looking at the listing (???) you can see this input referred to in the parameter list that defines the parameters passed into the script. |
| input.0.label | The label field defines the display label that appears in the UI next to the control associated with this input. |
| input.0.type | The type field defines one of the input types supported by ZipTie. These include: ipAddress, password, string. We'll discuss these below. |
| input.0.default | The default field is optional and defines a value that will be used to pre-populate the control for this input. It can be a literal string, a macro-ized parameter, or a combination of both. |
When this tool is executed by the user, ZipTie examines the properties of the tool and based on any inputs defined therein constructs a dialog dynamically with the appropriate controls. The Switch port/IP mapping tool therefore presents the following dialog:
| Type | Description |
| string | |
| ipAddress | |
| password | |
| passwordValidate | |
| datetime | |
| hidden | |
| combo | |
| list | |
| grid | |
| checkbox | |
| toolStoreBrowser | |
An interactive tool might require the location of a file to be one of its inputs. Rather than forcing a user of the tool to manually type in the location of this file, the toolStoreBrowser input parameter can be used to define a file browser dialog that can browse the entire directory structure of the tool store on the ZipTie Server.
The tool store refers to a directory that exists on the ZipTie Server that is used to house files and directories to be used by script tools. By default, the tool store directory is configured to be the tool-file-store directory located in the base directory of the ZipTie Server installation. This directory will be created upon server startup if it does not exist. The tool store can reference a different directory by setting the tool.file.store environment variable/system property to refer to some other directory. It is assumed that this directory is relative to the base directory of the ZipTie Server installation and will be created on server startup if it does not exist.
It is simple to incorporate a file browser dialog of the tool store location into an interactive script tool; the following is code snippet of how this can be done:
input.0=specifiedFile
input.0.label=Select a file to use with the tool ...
input.0.type=toolStoreBrowser
Here is a line-by-line explanation of what these properties do:
| Property | Description |
| input.0 | Stores the location of the file selected by the tool store file browser. This can then be passed into the script tool as a parameter. |
| input.0.label | A brief description to instruct the user to select a file, within the context of the script tool (see image below). |
| input.0.type | Specifies that the input is of the toolStoreBrowser type, which will generate a file browser dialog to navigate the contents of the tool store located on the ZipTie Server. |
Here is an example of what the initial tool store file browser looks like in the ZipTie Client (note that in the first image, the value of the input.0.label property is used):
Here is an example of the actual tool store file browser:
The ZipTie STF work allows for powerful tools to be written, but it may be the case where a tool is written for a specific type of device and is not meant to be used generically by any other type of device. Fortunately, the ZipTie STF provides a simple yet powerful property that can be specified within the properties file of a script tool called enable.filter.
The enable.filter property lets the author of a tool to specify certain requirements for a tool to be enabled based on an LDAP-type filter string (refer to RFC 2254 for information on LDAP filter strings). Using an LDAP-type filter string allows for logical operators to be performed on one or many macro-ized script tool parameters to ensure that the tool should be enabled for use.
Let's take a look at the enable.filter property for the IOS Password Change tool:
enable.filter=(device.osType=ZipTie::Adapters::Cisco::IOS)
In this example, the tool is specifying that it only wants to be enabled if the device adapter associated with the device is ZipTie::Adapters::Cisco::IOS. This is made possible by combining the power of an LDAP filter with the macro-ized parameters supported by the ZipTie STF. Essentially, a macro-ized parameter is a parameter that will be evaluated by the STF and replaced with its actual value. Here is a list of all the macro-ized parameters that the ZipTie STF supports:
| Parameter Name | Description |
| device.ipAddress | The IP address of the device that the tool is running against. |
| device.osType | The ID of the adapter associated with the device (for example: “ZipTie::Adapters::Cisco::IOS”). |
| device.hostname | The host name of the device. |
| device.managedNetwork | The name of the managed network that the device belongs to. |
| config.make | The name of the hardware vendor for the device. |
| config.model | The model number for the device. |
| config.chassis.softwareVersion | The version number of the operating system that the device is running. |
| device.osVersion | The version number of the operating system that the device is running. |
Please note that if the enable.filter string is not specified or is empty that the script tool will be available for all devices to use.
