CUC (6) CUCM (28) Jabber (6) Python (4) Routing (3) Solarwinds Orion NPM (4) switching (1) Video (6) voice (3)

Monday, 10 February 2020

Pycharm and git hub version control, using branches

I already created a post on how to use github repositories in Pycharm, so you can work on your code on your local client, from a central place; git hub. Granted this is an awesome feature, but it is not really doing version control, it just controls one version of a file or files and keeps them in sync, using push, pull and commit mechanisms. i suggest you read my previous post on repositories, before continuing:

Now, I am by no means an expert programmer, but one of the first thing i was looking for was a way to keep track of my code and keep the code that i was working on separate from the code that i already has an knew was working.
For instance I was working on a piece of code that, i wanted to log into a bunch of network switches, check the IOS version and write it to a file. I got this to work. The next step for me was to add multiprocessing to it, so it wouldnt take 3 hours for the script to run, on a 200 or 300 node network. I could see that i needed to add to my existing script, however I wanted to keep my already working script intact or at least make sure i wouldnt break it by mistake. and once done, merge my multiprocessing script back into my initial script without multiprocessing. I realise that there might be a dozen other motives to start using version control with brances, but this was my motivation to look into. I just could not continue to work with folders containing a multitude of version of the same code, with no easy way to revert.

in Pycharm all branc related operations are done , using the Git Branches popup, at the bottom of the Pycharm client:

Clicking on it, will take you into its menu, for instance:

Fig.1.- PyCharm Git menu

You can pretty much drive and control all your version control and branches from this menu. As can be seen in figure 1, there are 3 main components:

1-Repositories; these are the local repositories on your machine running PyCharm

2-Common local Branches - these branches exist locally on your machine, within a certain repository and are most likely in sync with Github, but dont have to be until they are pushed into github.

3-Common remote branches - these branches exist on the repositories on git hub, but dont necissarily have to exist locally, untill the branch is pulled.

When you look at the git popup you can see which branches exist, also you can see branchnames like origin/master. all revision branches are forked off the master branch.

Switching between branches

There will be times when you want to work on different branches within the same repository.  Select the branch that you want to switch to under Local Branches and choose Checkout from the list of available operations. As you can see in Fig. 2  i am working in the master branch (as it has the tag symbol in front of it and is therefore considered the current version).  So i select the "Revision_1_DFJ" branch and select check out.

Fig.2. Pycharm Git pop up switch between branches

Once finished, you should see the code under that branch in the main code window in Pycharm.

Creating a new branch locally and pushing it out to github

This comes in handy when you want to change code and put it in a separate branches and making it available for others in github. again go to git popup.

select the master branch. go to New Branch from selected

Fig.3. - create a new branch

Give the branch a name, I have called it revision_2_DFJ, hit create. This should automatically bring you in that new branch, you can check ghoing to the githgub popup, anmd check if the yellow tag icon shows up left of your brtanch, or easier: hoover over the git popup button:

Fig.4. see active branch/currernt branch

as you can see my active branch (purple) is now revision_2_DFJ.

so the next thing todo is make a change in the code, I am just gonna add a comment at the top. for this, again, select the file > git commit file and the commit changes windows pops up:

Fig. 6 - commit window
Fig.6 shows the commit window, and with version control its the same as anything else multiple people work on: only as good as its weakest link, so make sure, you put meaning full comments in your commits.  Also you can see in figure 6, that this commit applies to the revision_2_DFJ branch. 

Please note: nothing will be pushed out until your changes are comitted!

After you hit commit you can see all branch related action in the version contol popup in Pycharm, its not necassary to check this, but it provides great overview of how your branches grow:

Fig.7. Version control popup window
As you can see in Fig.7 my latest branch creation is not forked off from the root, as revision_1_DFJ is.

Now let me push it back into github, so i got to the git popup, select my revisoin_2_DFJ branch and select PUSH and verify in my event log that the push is indeed sucessful.

So now, if i go into githubv itself; I should see the newly created branch that was pushed out from Pycharm, so let me check:

Fig.8 - Github branches within the repository

As you can see above, here is a revision_2_DFJ branch in github.

Creating a new branch on github and pulling it to local machine

This will come in handy when you are an existing PyCharm user and you are invited into participating in the development on a certain piece of code that is already in github, or if you have been working on github online and you want to continue using PyCharm

By know I assume you know how to add a new branch to github

Ok let me give you a clue:


Because i selected the master branch first, my revision_3_DFJ will fork of from master. so master\revision_3_DFJ. there is no right or wrong here, different branches for different collaborations and code.  But remember if you create a branch out of the master branch an you alreay have existing branches, from the master branch,  that you have made alteration to, these changes will not be refelcted in your latest master\revision  branch, because the master is the original. I strongly suggest the master to stay original, unless you are 100% happy your added code works and can be merged into the master.

So you cant really work on inidvidual branches, you have to clone an existing repository from github. I have already described how to do this by going to VCS in Pycharm, so please refer to

Ok, so I have now imported the netmiko_login_devices repositories from github into Pycharm, after this, indeed i can see the various branches in the git popup. Now i can check them out and toggle between them, as can be seen in the picture below.

Fig.10 - popup toggle between branches

Pull requestsPull requests let you tell others about changes you've pushed to a branch in a repository on GitHub. Once a pull request is opened, you can discuss and review the potential changes with collaborators and add follow-up commits before your changes are merged into the base branch.

for example, I am asking Jim Bob to revise a certain piece of code.

Now in github i create a pull request on a certain branch that I am collaborating on with jim bob, and i put in a comment for him to review:

Fig. 11 . Pull request in github

Dont merge the pull request yet, as you are still doing work on this code, or Jim Bob might come back with revisions.  So now back to Pycharm.

Fig. 12 - Pull request in Pycharm
Pycharm now display for revision on the code on Jim bobs Pycharm. in the Pull request part of the version control window.


Monday, 3 February 2020

Using github repositories from PyCharm

If you want to share your code with other people so they can work on it in a combined effort, dont use gmail or dropbox, like a cave man. Gmail and dropbox have no concept of version control and are therefore not suitable to collaborate on code. Github is, because it supports version control natively.  I will not go into subversions and branches in this post, pretty much because i havent figured out how to use this properly myself, so stay tuned for a post on that.

There are essentially 3 mechanisms in place to keep version control, all these are performed from your pycharm client:

commit:  this 'save' your change to the code locally on your pycharm client
(by default the \users\name\PyCharmProjects folder,  contains the repository/project data).
pull:  Pull the code off the github repository. so that is changes were made by another author, this will be reflected locally on your pycharm client (do this every time you start working on the code, so that other people's changes are refelcted)
push: use this once done with your changes, so that it gets uploaded onto your github repository, centrally. after you pushed your code,  others can see your changes.

before i continue, assure you have the following in place:

-create github account 
-create a repository on github
-install git.exe on your local machine (download from
-configure your github creds into pycharm (go to File>setttings>version control >github and add a credential set)

At this point i am assuming you are not a coding n00b and alreayd have some meaningfull code in a repository on your github account.

Every repository in github has its own URL, this is how pycharm connects to it:

get this url from github, as per below:

Copy this URL (see picture above), into pycharm, VCS > Check out from version control and paste the URL in.  This will clone the repository locally on you machine.

You can test the connecttion, by guessed it..., then CLONE.

Now you can work on your cloned respository, remember to save, as all your changes are local even though you use commit; changes will not automatically update the github repository, until it is manually pushed back out from your pycharm client to the github repository!!! so you will need to save your changes as per usual (CXTRL+S).


righ click the file : git >  commit file

the window will also show you exactly what changes you made and you can add a commit comment in that, once pushed to the github repository will show you that comment, so your project coworkers can see what was changed, so it is important that these comments are meaningful and not just some facebook crap.

Once you are done making changes and you want to put your work back into the repsoitory, under a branch. you will need to push it back to git hub using a PUSH:

first select the directory or file that you have made changes to and select push:

This will actually show you what change you made or at least what was changed in the commit and what will be pushed out to git hub:

If for some reason you have issues with version control, you can check the Version control log in PyCharm, which you can find on the tab at the bottom of PyCharm, where you terminal and Python Console is as well:


Monday, 9 December 2019

Creating Solarwinds alerts based on custom pollers

Some times you have a requirement to alert on non pre-canned condition in Solarwinds, such as HA fail over, a certain change in routing table (size) or really anything that can be monitored on a devices through SNMP, or put differently: any OID value available.

For this post i am gonna use Palo alto HA fail over as a trigger for an alert. The first part is a brief explanation on how to create a costum poller for palo Alto HA state, because that is all we need to know, once you can poll the state (active/passive), you can use that value as as a condition to perform an alert action.

Below is the definition of the OID call PanSysHAState (which is A Reference to Panorama High Availability state)

Figure 1 - Custom poller definition

You can see the current value, of the OID by testing it, going into the MIB browser. as can bee seen in the screenshot below, fw002 is passive in this case, (and thus fw001 is active, in our particular scenario).

Figure 2 - Browse MIB

So now we have the correct OID, the next step is to set up a new Alert in Solarwinds.

so go to settings > all settings > manage alerts > add new alert

Figure 3 - Alert description and evaluation

Really, there is no point in evaluation the alert every 4 minutes as Fig3. depicts, if your polling frequency is more than 4 minutes (enterprise polling interval is more likely to be around 5 minutes)

Ok, now the interesting part, the trigger condition, first select . I want to alert on Custom Node Poller, as can be see in figure 4. so the scope of the alert is to only look at one particular custom poller, in our case called "panSysHAState" (see figure 1)

Figure 4 - Trigger condition

We want to trigger an action when the state on fw001 (the active on in the pair) is no longer 'active'. no need to include fw002 in the trigger condition.

Figure 5 - Trigger action
i this case I opted to send an email out as soon as the condition is met.


Wednesday, 20 November 2019

Solarwinds SQL queries

Sometime you will just have to go into the Solarwinds Orion DB to do certain queries, that cannot be done through the solarwinds GUI. In this post i will describe a number of queries that have helped me in the past to achieve various bits and pieces. to do these queries, open the data base manager on your solarwinds box and add the default server, the select SolarwindsOrionDatabase.

Finding interfaces in UNKNOWN Status

I needed to do this query to summarise interfaces in unknown status, that were orphaned from the actual node, and that were not visible when doing a rediscovery of the particular node, simply because the interfaces (logical) had been removed and solarwinds had not cleaned up the DB for whatever reason

Select InterfaceID, NodeID, Caption, interfacename, Status, StatusLED From [dbo].[Interfaces]
Where StatusLED = 'Unknown.gif' 


To delete any of these interfaces, you need the interfaceID (above) and run:

delete from Interfaces where InterfaceID=953insert into DeletedInterfaces (InterfaceId) values (953)

Monday, 26 August 2019

VentraIP using SCP for file transfers

Okay, this turned out to be a bit of a bitch.

I have a hosting account with VentraIP, recently VentraIP did some upgrades on their front end and as a result a feauture that I always used did no longer work:

FTP to and from my own hosting partition. after some mucking around I got file transfer to work with scp. here is how:

1-log onto your VIP control panel and got to MY services > Hosting > Manage :

2-Go to Configuration > SSH access and whitelist your own IP address (use www.ipchicken to find out),  now please note this whitelist only lasts 28 days, so you have to keep redoing it.  Also note Ventra allows a non standard port of 2683 

The username, can also be found in the cpanel under Special FTP accounts.

I have used WinSCP to connect to my ventraIP hosting partition, using the details as depeicted above. 

Anyone have any new insights on how to achieve this: please drop me a line

Sunday, 28 April 2019

Palo Alto verify VPN tunnels


Tunnel configuration check

First thing to check is probably the tunnel definition/configuration itself. use the following command to find a summary of all tunnels defined on your PA:

show running tunnel flow all

This will show you local and remote peer address, name, state, tunnel if and tunnel ID. once you know the tunnel ID you can find that tunnels configuration details as follows:

IPSEC tunnel details
This is an example of tunnel ID 27. showing the peer addresses and the protected traffic, you can also see the tunnel is in INIT state meaning it has not been established.

one of the most power full commands is the show vpn ike-sa.  This will show you phase 1 and 2 SA's:

What this also shows is, that your tunnel is up, what encryption it uses, authentication, DH groups, integrity checks etc.

You can drill down to see the individual tunnel details, using:

show vpn ike-sa detail gateway <name>

check logs:

the log for phase 1 negotiation can be found as, its probably best to turn debugging on befgore you chech the logs:

less mp-log ikemgr.log

This log will show mismatches in the proposal and or pre shared key


debug ike global on debug

This will give insight and details in the negotiations of phase 1.
If the tunnel does  not establish, this is probably the first thing to debug.

To view the debug output:

less mp-log ikemgr.log

debug ike pcap on   (debug ike pcap off to TURN the debug OFF again)

after you turn the debug off, to view the actual pcap:

view-pcap no-dns-lookup yes no-port-lookup yes debug-pcap ikemgr.pcap

verify IPSEC using

show vpn flow / show vpn flow name <name>

this command will show all the encryption parameters, peer IP addresses, and most importantly, the number of encapsulated and decapsulated bytes, so you can verify if the tunnel functions in both directions.
Other Useful CLI commands:

> show vpn ike-sa gateway <name>
> test vpn ike-sa gateway <name>
> debug ike stat


Tuesday, 23 April 2019

Palo Alto CLI cheat sheet

on cisco cli:

ovtlledge001#show ip bgp vpnv4 vrf wan neighbors advertised-routes

Routing (general)

To view the complete routing table of a certain virtual router:

show routing fib virtual-router <name of virtual router>

To view a specific route on a certain virtual machine:

 show routing fib virtual-router outer-vr | match <subnet/mask>

to verify how a certain subnet is routed:

show routing route virtual-router outer-vr destination


To view bgp peers on a certain virtual router:

show routing protocol bgp loc-rib peer ?

to find out routes receive from a specific BGP peer and you have multiple BGP peers on a single virtual router. first find out which peers exist and what their names are by issuing:

show routing protocol bgp loc-rib peer <peer-name> ?

this should give you a list of BGP peer names/IP addresses. so this allows you to pick the one you are intersted in and issue:

show routing protocol bgp peer virtual-router outer-vr peer-name Azure_2_bgppeer

show routing protocol bgp peer virtual-router outer-vr




Knowing how to apply filters in traffic logs is imperative, to cut through a whole bunch of logged information. Some useful ones are

(addr.src in  searches all based on a certain source IP

(addr.dst in   searches all based on a certain destination IP

to combine these two:

(addr.src in  and (addr.dst in

you dont have to search based on a host IP address, you can also use a full subnet, for instance:

(addr.dst in  

If you use userID based filtering, you can search the log, for instance on user ID and potentially blocks against this user:

(user.src eq 'mydomain\johndoe')  and ( action eq deny)

To search based on port:

(port.dst eq 22)  

searches for all traffic on tcp/22

again this can be combined with and additional search filter using a single host for instance