rdancy01 / ansible-junos-stdlib Goto Github PK

Juniper Networks supports Ansible for managing devices running the Junos operating system (Junos OS). This role is hosted on the Ansible Galaxy website under the role Juniper.junos. The Juniper.junos role includes a set of Ansible modules that perform specific operational and configuration tasks on devices running Junos OS. These tasks include: installing and upgrading Junos OS, provisioning new Junos devices in the network, loading configuration changes, retrieving information, and resetting, rebooting, or shutting down managed devices. Please refer to the INSTALLATION section for instructions on installing this role.

Since Ansible version >= 2.1, Ansible also natively includes core modules for Junos. The Junos modules included in Ansible core have names which begin with the prefix junos_. The Junos modules included in this Juniper.junos role have names which begin with the prefix juniper_junos_. These two sets of Junos modules can coexist on the same Ansible control machine, and an Ansible play may invoke a module from either (or both) sets. Juniper Networks recommends using the modules in this role when writing new playbooks that manage Junos devices.

This Juniper.junos role includes the following modules:

• juniper_junos_command — Execute one or more CLI commands on a Junos device.
• juniper_junos_config — Manipulate the configuration of a Junos device.
• juniper_junos_facts — Retrieve facts from a Junos device.
• juniper_junos_jsnapy — Execute JSNAPy tests on a Junos device.
• juniper_junos_ping — Execute ping from a Junos device.
• juniper_junos_pmtud — Perform path MTU discovery from a Junos device to a destination.
• juniper_junos_rpc — Execute one or more NETCONF RPCs on a Junos device.
• juniper_junos_software — Install software on a Junos device.
• juniper_junos_srx_cluster — Add or remove SRX chassis cluster configuration.
• juniper_junos_system — Initiate operational actions on the Junos system.
• juniper_junos_table — Retrieve data from a Junos device using a PyEZ table/view.

Significant changes to the modules in the Juniper.junos role were made between versions 1.4.3 and 2.0.0. In versions <= 1.4.3 of the Juniper.junos role, the modules used different module and argument names. Versions >= 2.0.0 of the Juniper.junos role provide backwards compatibility with playbooks written to prior versions of the Juniper.junos role. If a playbook worked with a prior version of the Juniper.junos role, it should continue to work on the current version without requiring modifications to the playbook. However, these older module and argument names are no longer present in the current documentation. You may reference previous module and argument names by referring directly to the 1.4.3 version of the Juniper.junos role documentation.

In addition to the modules listed above, a callback_plugin jsnapy is available for the module juniper_junos_jsnapy.

The callback_plugin jsnapy helps to print on the screen additional information regarding jsnapy failed tests. For each failed test, a log will be printed after the RECAP of the playbook as shown in this example:

PLAY RECAP *********************************************************************
qfx10002-01                : ok=3    changed=0    unreachable=0    failed=1
qfx10002-02                : ok=3    changed=0    unreachable=0    failed=1
qfx5100-01                 : ok=1    changed=0    unreachable=0    failed=1

JSNAPy Results for: qfx10002-01 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "60021", "peer-state": "Idle", "peer-address": "192.168.0.1"}
Value of 'oper-status' not 'is-equal' at '//interface-information/physical-interface[normalize-space(admin-status)='up' and logical-interface/address-family/address-family-name ]' with {"oper-status": "down", "name": "et-0/0/18"}

JSNAPy Results for: qfx10002-02 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}

The jsnapy plugin is currently in Experimental stage, please provide feedback.

Callback plugins are not activated by default. They must be manually added to the Ansible configuration file under the [defaults] section using the variable callback_whitelist. Specifically, these lines should be added to the Ansible configuration file in order to allow the jsnapy callback plugin:

[defaults]
callback_whitelist = jsnapy

Official Juniper documentation (detailed information, including examples)

Ansible style documentation

You must have the DEPENDENCIES installed on your system.

To download the latest released version of the junos role to the Ansible server, execute the ansible-galaxy install command, and specify Juniper.junos.

[root@ansible-cm]# ansible-galaxy install Juniper.junos
- downloading role 'junos', owned by Juniper
- downloading role from https://github.com/Juniper/ansible-junos-stdlib/archive/1.3.1.tar.gz
- extracting Juniper.junos to /usr/local/etc/ansible/roles/Juniper.junos
- Juniper.junos was installed successfully

You can also use the ansible-galaxy install command to install the latest development version of the junos role directly from GitHub.

sudo ansible-galaxy install git+https://github.com/Juniper/ansible-junos-stdlib.git,,Juniper.junos

For testing you can git clone this repo and run the env-setup script in the repo directory:

user@ansible-junos-stdlib> source env-setup

This will set your $ANSIBLE_LIBRARY variable to the repo location and the installed Ansible library path. For example:

[jeremy@ansible-junos-stdlib]$ echo $ANSIBLE_LIBRARY
/home/jeremy/Ansible/ansible-junos-stdlib/library:/usr/share/ansible

To run this as a Docker container, which includes JSNAPy and PyEZ, simply pull it from the Docker hub and run it. The following will pull the latest image and run it in an interactive ash shell.

$ docker run -it --rm juniper/pyez-ansible ash

Although, you'll probably want to bind mount a host directory (perhaps the directory containing your playbooks and associated files). The following will bind mount the current working directory and start the ash shell.

$ docker run -it --rm -v $PWD:/project juniper/pyez-ansible ash

You can also use the container as an executable to run your playbooks. Let's assume we have a typical playbook structure as below:

example
|playbook.yml
|hosts
|-vars
|-templates
|-scripts

We can move to the example directory and run the playbook with the following command:

$ docker run -it --rm -v $PWD:/project juniper/pyez-ansible ansible-playbook -i hosts playbook.yml

You may have noticed that the base command is almost always the same. We can also use an alias to save some keystrokes.

$ alias pb-ansible="docker run -it --rm -v $PWD:/project juniper/pyez-ansible ansible-playbook"
$ pb-ansible -i hosts playbook.yml

This example outlines how to use Ansible to install or upgrade the software image on a device running Junos OS.

---
- name: Install Junos OS
  hosts: dc1
  roles:
    - Juniper.junos
  connection: local
  gather_facts: no
  vars:
    wait_time: 3600
    pkg_dir: /var/tmp/junos-install
    OS_version: 14.1R1.10
    OS_package: jinstall-14.1R1.10-domestic-signed.tgz
    log_dir: /var/log/ansible

  tasks:
    - name: Checking NETCONF connectivity
      wait_for: host={{ inventory_hostname }} port=830 timeout=5
    - name: Install Junos OS package
      juniper_junos_software:
        reboot: yes
        version: "{{ OS_version }}"
        package: "{{ pkg_dir }}/{{ OS_package }}"
        logfile: "{{ log_dir }}/software.log"
      register: sw
      notify:
        - wait_reboot

  handlers:
    - name: wait_reboot
      wait_for: host={{ inventory_hostname }} port=830 timeout={{ wait_time }}
      when: not sw.check_mode

This modules requires the following to be installed on the Ansible control machine:

• Python >= 2.7
• Ansible 2.3 or later
• Junos py-junos-eznc 2.1.7 or later
• jxmlease 1.0.1 or later

Apache 2.0

Support for this Juniper.junos role is provided by the community and Juniper Networks. If you have an issue with a module in the Juniper.junos role, you may:

• Open a GitHub issue.
• Post a question on our Google Group
• Email [email protected]
• Open a JTAC Case

Support for the Junos modules included in Ansible core is provided by Ansible. If you have an issue with an Ansible core module you should open a Github issue against the Ansible project.

Juniper Networks is actively contributing to and maintaining this repo. Please contact [email protected] for any queries.

Contributors: Nitin Kumar, Stacy W Smith, David Gethings

• v2.1.0: Raja Shekar, Stacy W Smith

Former Contributors: Jeremy Schulman, Rick Sherman, Damien Garros