Juniper / ansible-junos-stdlib

Junos modules for Ansible
Apache License 2.0
306 stars 158 forks source link
ansible python

Documentation Status

Juniper Ansible collection for Junos

About

Juniper Networks supports Ansible for managing devices running the Junos operating system (Junos OS and Junos Evolved). This collection is hosted on the Ansible Galaxy website under the collection juniper.device.

The juniper.device collection includes a set of Ansible modules that perform specific operational and configuration tasks on devices running Junos OS. These tasks include: installing and upgrading Junos OS, provisioning new Junos devices in the network, loading configuration changes, retrieving information, and resetting, rebooting, or shutting down managed devices. Please refer to the INSTALLATION section for instructions on installing this collection.

Two Sets of Ansible Modules for Junos devices

Since Ansible version >= 2.1, Ansible also natively includes core modules for Junos. The Junos modules included in Ansible core have names which begin with the prefix junos_. The Junos modules included in this Juniper.device collection have names starting with module types. These two sets of Junos modules can coexist on the same Ansible control machine, and an Ansible playbook may invoke a module from either (or both) sets. Juniper Networks recommends using the modules in juniper.device collection when writing new playbooks that manage Junos devices.

Overview of Modules

This juniper.device collection includes the following modules:

PyEZ Version Requirement

For ansible collection juniper.device we will need to install junos-eznc version 2.6.0 or higher.

Overview of Plugins

In addition to the modules listed above, a callback_plugin jsnapy is available for the module jsnapy.

The callback_plugin jsnapy helps to print on the screen additional information regarding jsnapy failed tests. For each failed test, a log will be printed after the RECAP of the playbook as shown in this example:

PLAY RECAP *********************************************************************
qfx10002-01                : ok=3    changed=0    unreachable=0    failed=1
qfx10002-02                : ok=3    changed=0    unreachable=0    failed=1
qfx5100-01                 : ok=1    changed=0    unreachable=0    failed=1

JSNAPy Results for: qfx10002-01 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "60021", "peer-state": "Idle", "peer-address": "192.168.0.1"}
Value of 'oper-status' not 'is-equal' at '//interface-information/physical-interface[normalize-space(admin-status)='up' and logical-interface/address-family/address-family-name ]' with {"oper-status": "down", "name": "et-0/0/18"}

JSNAPy Results for: qfx10002-02 ************************************************
Value of 'peer-state' not 'is-equal' at '//bgp-information/bgp-peer' with {"peer-as": "65200", "peer-state": "Active", "peer-address": "100.0.0.21"}

Callback plugins are not activated by default. They must be manually added to the Ansible configuration file under the [defaults] section using the variable callback_whitelist. Specifically, these lines should be added to the Ansible configuration file in order to allow the jsnapy callback plugin:

[defaults]
callback_whitelist = jsnapy

DOCUMENTATION

Official Juniper documentation (detailed information, including examples)

Ansible style documentation

INSTALLATION

You must have the DEPENDENCIES installed on your system. Check requirements.txt for the dependencies.

NOTICES

MacOS Mojave and newer

In MacOS Mojave and newer (>=10.14), ssh keys created with the system ssh-keygen are created using the newer 'OPENSSH' key format, even when specifying -t rsa during creation. This directly affects the usage of ssh keys, particularly when using the ssh_private_key_file. To create/convert/check keys, follow these steps:

Ansible Galaxy collection

You can use the ansible-galaxy install command to install the latest version of the juniper.device collection.

sudo ansible-galaxy collection install juniper.device

You can also use the ansible-galaxy install command to install the latest development version of the junos collections directly from GitHub.

sudo ansible-galaxy collection install git+https://github.com/Juniper/ansible-junos-stdlib.git#/ansible_collections/juniper/device

For more information visit - https://docs.ansible.com/ansible/latest/user_guide/collections_using.html#specifying-the-location-to-search-for-collections

Git clone

For testing you can git clone this repo and run the env-setup script in the repo directory:

user@ansible-junos-stdlib> source env-setup

This will set your $ANSIBLE_LIBRARY variable to the repo location and the installed Ansible library path. For example:

$ echo $ANSIBLE_LIBRARY /home/jeremy/Ansible/ansible-junos-stdlib/library:/usr/share/ansible

Docker

To run this as a Docker container, which includes JSNAPy and PyEZ, simply pull it from the Docker hub and run it. The following will pull the latest image and run it in an interactive ash shell.

docker run -it --rm juniper/pyez-ansible

Although, you'll probably want to bind mount a host directory (perhaps the directory containing your playbooks and associated files). The following will bind mount the current working directory and start the ash shell.

docker run -it --rm -v $PWD:/project juniper/pyez-ansible

You can also use the container as an executable to run your playbooks. Let's assume we have a typical playbook structure as below:

example
|playbook.yml
|hosts
|-vars
|-templates
|-scripts

We can move to the example directory and run the playbook with the following command:

cd example/ docker run -it --rm -v $PWD:/playbooks juniper/pyez-ansible ansible-playbook -i hosts playbook.yml

You can pass any valid command string after the container name and it will be passed to Bash for execution.

You may have noticed that the base command is almost always the same. We can also use an alias to save some keystrokes.

alias pb-ansible="docker run -it --rm -v $PWD:/project juniper/pyez-ansible ansible-playbook" pb-ansible -i hosts playbook.yml

Extending the container with additional packages

It's possible to install additional OS (Alpine) packages, Python packages (via pip), and Ansible collections at container instantiation. This can be done by passing in environment variables or binding mount files.

OS Packages

Environment Variable: $APK Bind Mount: /extras/apk.txt File Format: list of valid Alpine packages, one per line Examples:

As an environment variable, where the file containing a list of packages is in the current directory.

docker run -it --rm -v $PWD:/project -e APK="apk.txt" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/apk.txt:/extras/apk.txt juniper/pyez-ansible

Python Packages

Environment Variable: $REQ Bind Mount: /extras/requirements.txt File Format: pip requirements file

Examples:

docker run -it --rm -v $PWD:/project -e REQ="requirements.txt" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/requirements.txt:/extras/requirements.txt juniper/pyez-ansible

Ansible Packages

Environment Variable: $ROLES Bind Mount: /extras/requirements.yml File Format: Ansible requirements file

NOTE: This works for collections as well as roles.

Examples:

docker run -it --rm -v $PWD:/project -e REQ="requirements.yml" juniper/pyez-ansible

As a bind mount.

docker run -it --rm -v $PWD/requirements.txt:/extras/requirements.yml juniper/pyez-ansible

Example Playbook

This example outlines how to use Ansible to install or upgrade the software image on a device running Junos OS.

---
- name: Install Junos OS
  hosts: dc1
  connection: local
  gather_facts: false
  vars:
    wait_time: 3600
    pkg_dir: /var/tmp/junos-install
    os_version: 14.1R1.10
    os_package: jinstall-14.1R1.10-domestic-signed.tgz
    log_dir: /var/log/ansible

  tasks:
    - name: Checking NETCONF connectivity
      ansible.builtin.wait_for:
        host: "{{ inventory_hostname }}"
        port: 830
        timeout: 5
    - name: Install Junos OS package
      juniper.device.software:
        reboot: true
        version: "{{ os_version }}"
        package: "{{ pkg_dir }}/{{ os_package }}"
        logfile: "{{ log_dir }}/software.log"
      register: sw
      notify:
        - Wait_reboot

  handlers:
    - name: Wait_reboot
      ansible.builtin.wait_for:
        host: "{{ inventory_hostname }}"
        port: 830
        timeout: "{{ wait_time }}"
      when: not sw.check_mode

DEPENDENCIES

This modules requires the following to be installed on the Ansible control machine:

LICENSE

Apache 2.0

SUPPORT

Support for this juniper.device collection is provided by the community and Juniper Networks. If you have an issue with a module in the juniper.device collection, you may:

Support for the Junos modules included in Ansible core is provided by Ansible. If you have an issue with an Ansible core module you should open a Github issue against the Ansible project.

CONTRIBUTORS

Juniper Networks is actively contributing to and maintaining this repo. Please contact jnpr-community-netdev@juniper.net for any queries.

Contributors: Stephen Steiner, Dinesh Babu, Chidanand Pujar

Former Contributors:

Stacy W Smith, Jeremy Schulman, Rick Sherman, Damien Garros, David Gethings, Nitin Kumar, Rahul Kumar