https://medium.com/@anthonypjshaw/ansible-v-s-salt-saltstack-v-s-stackstorm-3d8f57149368
There are two Ansible librairies to interact with Junos
- An Ansible library for Junos built by Juniper.
- An Ansible library for Junos built by Ansible.
Both of them are used in this repository.
Hosted on the Ansible Galaxy website (https://galaxy.ansible.com/Juniper/junos/).
Modules (version 1.4.0):
- junos_cli - Execute CLI on device and save the output locally
- junos_commit - Execute commit on device
- junos_get_config - Retrieve configuration of device
- junos_get_facts - Retrieve facts for a device running Junos OS.
- junos_get_table - Retrieve data from a Junos device using Tables/Views
- junos_install_config - Load a configuration file or snippet onto a device running Junos OS.
- junos_install_os - Install a Junos OS image.
- junos_jsnapy - Execute JSNAPy test from Ansible
- junos_rollback - Rollback configuration of device
- junos_rpc - Run given rpc
- junos_shutdown - Shut down or reboot a device running Junos OS.
- junos_srx_cluster - Create an srx chassis cluster for cluster capable srx running Junos OS.
- junos_ping - Execute ping on junos devices
- junos_zeroize - Erase all data including configuration and log files on a device running Junos OS.
Documentation: http://junos-ansible-modules.readthedocs.io/
Source code: https://github.com/Juniper/ansible-junos-stdlib
Installation: Hosted on the Ansible Galaxy website (https://galaxy.ansible.com/Juniper/junos/).
To download them to the Ansible server, execute the command:
sudo ansible-galaxy install Juniper.junos
Modules (Ansible 2.1.1.0):
- junos_command - Execute arbitrary commands on a remote device running Junos
- junos_config - Manage configuration on remote devices running Junos
- junos_facts - Collect facts from remote device running Junos
- junos_netconf - Configure the Junos Netconf system service
- junos_package - Install packages on remote devices running Junos
- junos_template - Manage configuration on remote devices running Junos
Documentation: http://docs.ansible.com/ansible/list_of_network_modules.html
Installation: core modules. They ship with ansible itself (from Ansible 2.1). Ansible 2.1 or above is required.
Source code: https://github.com/ansible/ansible-modules-core/tree/devel/network/junos
Most of these Ansbile modules require installing the python library py-junos-eznc on the Ansible server.
Some options (like the console option in the junos_install_config module) also require the python library junos-netconify.
Except for the module junos_netconf, all these Ansible modules for Junos require the Netconf API to be configured on the Junos devices:
set system services netconf ssh
commit
Note: It is not required to use cli to configure Netconf on Junos devices. This can be done with the Ansible module junos_netconf.
This project has many ready-to-use Ansible playbooks to interact with Junos devices.
I am using them to deliver Ansible trainings to network engineers.
There is an ansible presentation available in this repository: [ansible.pdf] (https://github.com/ksator/ansible-training-for-junos/blob/master/ansible.pdf)
The playbooks in this repository are ready-to-use if you access the Junos devices referred to this project.
The default 'hosts' file is supposed to live in /etc/ansible/hosts.
The inventory file we are using in this repository is hosts. It is at the root of the repository (https://github.com/ksator/ansible-training-for-junos/blob/master/hosts), so it is not at the default place.
It also defines the ip address of each device with the variable junos_host. This variable is re-used in the playbooks.
There is an ansible.cfg file at the root of the repository (https://github.com/ksator/ansible-training-for-junos/blob/master/ansible.cfg).
It refers to our inventory file (hosts): So even if the inventory file is not /etc/ansible/hosts, there is no need to add -i hosts to your ansible-playbook commands.
group_vars and host_vars directories at the root of this repository define variables for hosts and for groups.
The inventory file (hosts file at the root of the repository) also defines some variables.
Our playbooks use all of them.
Some playbooks also use other variables.
In order to see all variables for a hostname, you can run this command:
ansible -m debug -a "var=hostvars['hostname']" localhost
All playbooks are named pb.*.yml
These playbooks use the modules from the two Ansible librairies to interact with Junos (the one built by Juniper and hosted on galaxy, and the core modules built by Ansible).
They also use other Ansible modules (template, assemble, uri, wait_for, debug, ...).
They are all ready-to-use if you access to the lab.
You will find them in different directories.
Playbooks are in different directories.
Each directory has a readme file as well. Please read the instructions in the readme.md file of each directory before executing the playbooks.
The Junos devices we are using in this repository are in a lab which is only accessible from the Juniper Networks corporate network.
The lab topology is described in the file [lab topology.pdf] (https://github.com/ksator/ansible-training-for-junos/blob/master/lab%20topology.pdf)
You can very easily re-use this automation content with your own Junos devices (Junos physical devices, Junos virtual devices, vagrant boxes running Junos): you would just need to build a similar topology and to adapt this content with your IP addresses, username and password.
If you want to build a Junos topology using Vagrant boxes, you can refer to this repository: https://github.com/ksator/vagrant-junos
There are currently 2 branches in this repository:
- master - This is the original one, and the active one.
- topology_independent - This is a new one. The topology_independent branch allows to use a different network topology without changing the playbooks. The automation content in this branch is probably not always up to date/in sync with the master branch.
Here's how the topology_independent branch works:
There is a file [topology.yml] (https://github.com/ksator/ansible-training-for-junos/blob/topology_independent/group_vars/all/topology.yml) in group_vars/all. This yaml file defines the topology. Here's an example:
---
topo:
ex4300-4:
port1: { name: ge-0/0/0, peer: ex4300-9, pport: port2 }
port2: { name: ge-0/0/1, peer: ex4300-10, pport: port2 }
ex4300-9:
port1: { name: ge-0/0/0, peer: ex4300-10, pport: port1 }
port2: { name: ge-0/0/1, peer: ex4300-4, pport: port1 }
ex4300-10:
port1: { name: ge-0/0/0, peer: ex4300-9, pport: port1 }
port2: { name: ge-0/0/1, peer: ex4300-4, pport: port2 }
This file is a dictionary with the key topo. The value of this key is the topology.
Because this file is located in the directory group_vars/all, {{topo}} can be automatically used for all devices.
Files in the host_vars directory were re-written.
- files in the host_vars directory in the master branch:
They are static. So if you use another network topology, it doesn’t work anymore until you rewrite these files.
Example with https://github.com/ksator/ansible-training-for-junos/blob/master/host_vars/ex4300-10/bgp.yml
---
loopback: 10.20.1.3
local_asn: 110
neighbors:
- interface: ge-0/0/0
name: ex4300-9
asn: 109
peer_ip: 192.168.0.5
local_ip: 192.168.0.4
peer_loopback: 192.179.0.95
- interface: ge-0/0/1
name: ex4300-4
asn: 104
peer_ip: 192.168.0.2
local_ip: 192.168.0.3
peer_loopback: 192.179.0.65
- files in the host_vars directory in the topology_independent branch:
In the topology_independent branch, they use {{topo}}. So if we change the file [topology.yml] (https://github.com/ksator/ansible-training-for-junos/blob/topology_independent/group_vars/all/topology.yml), the content of the files in the host_vars directory change: no need to re-write it.
Example with https://github.com/ksator/ansible-training-for-junos/blob/topology_independent/host_vars/ex4300-10/bgp.yml
---
loopback: 10.20.1.3
local_asn: 110
neighbors:
- interface: "{{ topo[inventory_hostname].port1.name }}"
name: "{{ topo[inventory_hostname].port1.peer }}"
asn: 109
peer_ip: 192.168.0.5
local_ip: 192.168.0.4
peer_loopback: 192.179.0.95
- interface: "{{ topo[inventory_hostname].port2.name }}"
name: "{{ topo[inventory_hostname].port2.peer }}"
asn: 104
peer_ip: 192.168.0.2
local_ip: 192.168.0.3
peer_loopback: 192.179.0.65
Download the content:
git clone https://github.com/ksator/ansible-training-for-junos.git
And use ansible-playbook commands to execute the playbooks:
cd ansible-training-for-junos/
ls
ls xxx/
more xxx/readme.md
ansible-playbook xxx/pb.*.yml
Please submit github issues or pull requests.
There is a github webhook with Travis CI.
The playbooks in this repository are tested automatically by Travis CI.
The files .travis.yml and requirements.txt at the root of this repository are used for this.
We are using two types of playbooks in this repository:
Travis CI is testing them.
ansible-playbook has a built-in option to check only the playbook's syntax (--syntax-check). This is how Travis is testing our playbooks that interact with Junos. If there are any syntax errors, Travis will fail the build and output the errors in the log.
For more examples, you can visit these repositories:
https://github.com/JNPRAutomate/ansible-junos-examples
https://github.com/dgjnpr/ansible-template-for-junos
https://github.com/JNPRAutomate/ansible-junos-evpn-vxlan
https://github.com/JNPRAutomate/ansible-demo-ip-fabric
https://juniper.gosavo.com/Document/Document.aspx?id=38124877&view=&srlid=49559553&srisprm=False&sritidx=0&srpgidx=0&srpgsz=25
How to automate junos with python (pyez, ncclient, napalm, json, yaml, jinja, netconf, lxml, rest api)
https://github.com/ksator/python-training-for-network-engineers
How to automate junos with Ansible (ansible, travis CI)
https://github.com/ksator/ansible-training-for-junos-automation
How to use Openconfig with Juniper devices (openconfig, pyang, pyangbind, netconf, yang, pyez, ansible, jinja, travis CI)
https://github.com/ksator/openconfig-demo-with-juniper-devices
How to package junos automation tools in a Dockerfile on Github, and to publish the Docker image automatically in the docker registery
https://github.com/ksator/junos-automation-apps-dockerized
How to orchestrate Junos virtual machines with Vagrant (vsrx, vqfx, vagrant, virtualbox, ansible)
https://github.com/ksator/vagrant-with-junos
How to automate operational states verifications and configuration audits on Junos devices using JSNAPy (jsnapy, pyez, ansible)
https://github.com/ksator/junos-verifications-automation-with-jsnapy
junos automation with IaC (Infrastructure as Code, gitlab CI, gitlab runners, gitflow, Continuous Integration/Continuous Delivery, docker, ansible, jinja, yaml)
https://github.com/ksator/network-Infrastructure-as-Code
How to delegate junos automation tasks chatting to hubot with slack (chatops, chatbot, hubot, slack, docker, Travic CI, ansible)
https://github.com/ksator/junos-automation-with-chatops
How to automate Junos with stackstorm (stackstorm, event driven automtion, napalm, ansible)
https://github.com/ksator/junos-automation-with-stackstorm
How to automate tests for Python with pytest, and tests coverage reporting with Coveralls. CI with Travis.
https://github.com/ksator/continuous-integration-with-python