The repo is under active development. If you take a clone, you are getting the latest, and perhaps not entirely stable code.
Juniper Networks supports Ansible for managing devices running the Junos operating system (Junos OS). This collection is hosted on the Ansible Galaxy website under the collection Juniper.junos_collection. The Juniper.junos_collection collection includes a set of Ansible modules that perform specific operational and configuration tasks on devices running Junos OS. These tasks include: installing and upgrading Junos OS, provisioning new Junos devices in the network, loading configuration changes, retrieving information, and resetting, rebooting, or shutting down managed devices. Please refer to the INSTALLATION section for instructions on installing this collection.
Ansible galaxy is upgrading to collections and plans to deprecate roles in future. The master branch will now have Juniper.junos_collection support. Juniper.junos roles have been moved to roles branch. Roles will be supported for now. For more information for roles, check: https://github.com/Juniper/ansible-junos-stdlib/tree/roles
Since Ansible version >= 2.1, Ansible also natively includes
core modules for Junos. The Junos modules included
in Ansible core have names which begin with the prefix junos_. The Junos modules included in this Juniper.junos_collection
collection have names which begin with the prefix juniper_junos_. These two sets of Junos modules can coexist on the same
Ansible control machine, and an Ansible play may invoke a module from either (or both) sets. Juniper Networks recommends
using the modules in this collection when writing new playbooks that manage Junos devices.
This Juniper.junos_collection collection includes the following modules:
- juniper_junos_command — Execute one or more CLI commands on a Junos device.
- juniper_junos_config — Manipulate the configuration of a Junos device.
- juniper_junos_facts — Retrieve facts from a Junos device.
- juniper_junos_jsnapy — Execute JSNAPy tests on a Junos device.
- juniper_junos_ping — Execute ping from a Junos device.
- juniper_junos_pmtud — Perform path MTU discovery from a Junos device to a destination.
- juniper_junos_rpc — Execute one or more NETCONF RPCs on a Junos device.
- juniper_junos_software — Install software on a Junos device.
- juniper_junos_srx_cluster — Add or remove SRX chassis cluster configuration.
- juniper_junos_system — Initiate operational actions on the Junos system.
- juniper_junos_table — Retrieve data from a Junos device using a PyEZ table/view.
For ansible collection junos_collection we will need to install junos-eznc(PyEZ) version 2.5.0 or higher.
In addition to the modules listed above, a callback_plugin jsnapy is available for the module juniper_junos_jsnapy.
The callback_plugin jsnapy helps to print on the screen additional information regarding jsnapy failed tests.
For each failed test, a log will be printed after the RECAP of the playbook as shown in this example:
PLAY RECAP *********************************************************************
qfx10002-01 : ok=3 changed=0 unreachable=0 failed=1
qfx10002-02 : ok=3 changed=0 unreachable=0 failed=1
qfx5100-01 : ok=1 changed=0 unreachable=0 failed=1
JSNAPy Results for: qfx10002-01 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "60021", "peer-state": "Idle", "peer-address": "192.168.0.1"}
Value of 'oper-status' not 'is-equal' at '//interface-information/physical-interface[normalize-space(admin-status)='up' and logical-interface/address-family/address-family-name ]' with {"oper-status": "down", "name": "et-0/0/18"}
JSNAPy Results for: qfx10002-02 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}
The jsnapy plugin is currently in Experimental stage, please provide feedback.
Callback plugins are not activated by default. They must be manually added to the Ansible
configuration file under the [defaults] section using the variable callback_whitelist. Specifically, these lines
should be added to the Ansible configuration file in order to allow the jsnapy callback plugin:
[defaults]
callback_whitelist = jsnapy
Official Juniper documentation (detailed information, including examples)
You must have the DEPENDENCIES installed on your system.
If you're dealing with Ubuntu 14.04 and faced following error during the installation, it's because the system python
which used by Ubuntu 14.04 is locked to 2.7.6 till EOL, as a result, please consider to skip galaxy certification process
by appending -c option of ansible-galaxy. i.e. ansible-galaxy collection install Juniper.junos_collection -c
[WARNING]: - Juniper.junos_collection was NOT installed successfully: Failed to get data
from the API server (https://galaxy.ansible.com/api/): Failed to validate the
SSL certificate for galaxy.ansible.com:443. Make sure your managed systems have
a valid CA certificate installed. If the website serving the url uses SNI you
need python >= 2.7.9 on your managed machine (the python executable used
(/usr/bin/python) is version: 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC
4.8.4]) or you can install the `urllib3`, `pyOpenSSL`, `ndg-httpsclient`, and
`pyasn1` python modules to perform SNI verification in python >= 2.6. You can
use validate_certs=False if you do not need to confirm the servers identity but
this is unsafe and not recommended. Paths checked for this platform:
/etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share
/ca-certificates/cacert.org, /etc/ansible. The exception msg was: hostname
u'galaxy.ansible.com' doesn't match either of
'*.c1e4.galaxy.openshiftapps.com', 'c1e4.galaxy.openshiftapps.com'.
ERROR! - you can use --ignore-errors to skip failed collections and finish processing the list.
In MacOS Mojave and newer (>=10.14), ssh keys created with the system ssh-keygen are created using the newer 'OPENSSH' key format, even when specifying -t rsa during creation. This directly affects the usage of ssh keys, particularly when using the ssh_private_key_file. To create/convert/check keys, follow these steps:
- Create a new RSA key:
ssh-keygen -m PEM -t rsa -b 4096 - Check existing keys:
head -n1 ~/.ssh/some_private_keyRSA keys will be-----BEGIN RSA PRIVATE KEY-----and OPENSSH keys will be-----BEGIN OPENSSH PRIVATE KEY----- - Convert an OPENSSH key to an RSA key:
ssh-keygen -p -m PEM -f ~/.ssh/some_key
You can use the ansible-galaxy install command to install the latest development version of the junos collection directly from GitHub.
sudo ansible-galaxy collection install git+https://github.com/Juniper/ansible-junos-stdlib.git,,Juniper.junos_collectionFor testing you can git clone this repo and run the env-setup script in the repo directory:
user@ansible-junos-stdlib> source env-setupThis will set your $ANSIBLE_LIBRARY variable to the repo location and the installed Ansible library path. For example:
$ echo $ANSIBLE_LIBRARY
/home/jeremy/Ansible/ansible-junos-stdlib/library:/usr/share/ansibleTo run this as a Docker container, which includes JSNAPy and PyEZ, simply pull it from the Docker hub and run it. The following will pull the latest image and run it in an interactive ash shell.
docker run -it --rm juniper/pyez-ansible ashAlthough, you'll probably want to bind mount a host directory (perhaps the directory containing your playbooks and associated files). The following will bind mount the current working directory and start the ash shell.
docker run -it --rm -v $PWD:/playbooks juniper/pyez-ansible ashYou can also use the container as an executable to run your playbooks. Let's assume we have a typical playbook structure as below:
example
|playbook.yml
|hosts
|-vars
|-templates
|-scripts
We can move to the example directory and run the playbook with the following command:
cd example/
docker run -it --rm -v $PWD:/playbooks juniper/pyez-ansible ansible-playbook -i hosts playbook.ymlYou may have noticed that the base command is almost always the same. We can also use an alias to save some keystrokes.
alias pb-ansible="docker run -it --rm -v $PWD:/playbooks juniper/pyez-ansible ansible-playbook"
pb-ansible -i hosts playbook.ymlThis example outlines how to use Ansible to install or upgrade the software image on a device running Junos OS.
---
- name: Install Junos OS
hosts: dc1
collections:
- Juniper.junos_collection
connection: local
gather_facts: no
vars:
wait_time: 3600
pkg_dir: /var/tmp/junos-install
OS_version: 14.1R1.10
OS_package: jinstall-14.1R1.10-domestic-signed.tgz
log_dir: /var/log/ansible
tasks:
- name: Checking NETCONF connectivity
wait_for: host={{ inventory_hostname }} port=830 timeout=5
- name: Install Junos OS package
juniper_junos_software:
reboot: yes
version: "{{ OS_version }}"
package: "{{ pkg_dir }}/{{ OS_package }}"
logfile: "{{ log_dir }}/software.log"
register: sw
notify:
- wait_reboot
handlers:
- name: wait_reboot
wait_for: host={{ inventory_hostname }} port=830 timeout={{ wait_time }}
when: not sw.check_modeThis modules requires the following to be installed on the Ansible control machine:
- Python >= 2.7
- Ansible 2.3 or later
- Junos py-junos-eznc 2.1.7 or later
- jxmlease 1.0.1 or later
Apache 2.0
Support for this Juniper.junos_collection collection is provided by the community and Juniper Networks. If you have an issue with a module in the Juniper.junos_collection collection, you may:
- Open a GitHub issue.
- Post a question on our Google Group
- Email [email protected]
- Open a JTAC Case
Support for the Junos modules included in Ansible core is provided by Ansible. If you have an issue with an Ansible core module you should open a Github issue against the Ansible project.
Juniper Networks is actively contributing to and maintaining this repo. Please contact [email protected] for any queries.
Contributors: Nitin Kumar, Rahul Kumar
- v0.1.0: Rahul Kumar
Former Contributors:
Stacy W Smith, Stephen Steiner, Jeremy Schulman, Rick Sherman, Damien Garros, David Gethings