Create and Execute Ansible Playbooks to Manage Junos Devices

SUMMARY You can create Ansible playbooks that execute Juniper Networks modules to perform operational and configuration tasks on Junos devices.

Juniper Networks supports using Ansible to manage Junos devices, and Ansible and Juniper Networks provide Ansible modules that enable you to perform operational and configuration tasks on the devices. This topic outlines how to create a simple Ansible playbook to execute Juniper Networks modules on Junos devices.

You create Ansible playbooks to handle more complex management tasks. Playbooks consist of one or more plays, or groups of tasks, that operate on a set of defined hosts. Ansible hosts that are referenced in the playbook must be defined in the Ansible inventory file, which by default resides at /etc/ansible/hosts. Each play must specify:

• The hosts on which the tasks operate

• The list of tasks to execute on each host

• Any required variables or module parameters, including authentication parameters, if these are not defined elsewhere

The Juniper Networks Ansible modules are distributed through the juniper.device collection and the Juniper.junos role, which are hosted on Ansible Galaxy. To use the Juniper Networks modules in your playbook, you must install the collection or role on the Ansible control node. For more information about the Juniper Networks collection, role, and modules, see Understanding the Ansible for Junos OS Collections, Roles, and Modules.

The Juniper Networks modules do not require Python on Junos devices, because they use Junos PyEZ and the Junos XML API over NETCONF to interface with the device. Therefore, to perform operations on Junos devices, you must run modules locally on the Ansible control node, where Python is installed. You can run the modules locally by including connection: local in the playbook play. When you use connection: local, Ansible establishes a separate connection to the host for each task in the play that requires a connection. The juniper.device collection modules also support connection: juniper.device.pyez, which still executes the modules locally on the Ansible control node but instead establishes a connection to the host that persists over the execution of all tasks in a play.

By default, Ansible plays automatically gather system facts from the remote host. However, when you execute the plays locally, Ansible gathers the facts from the Ansible control node instead of the remote host. To avoid gathering facts for the control node, include gather_facts: no in the playbook.

When you execute the Juniper Networks modules using a NETCONF session over SSH, which is the default, you must have NETCONF enabled on the Junos device. We recommend that you create a simple task in the playbook that explicitly tests whether NETCONF is enabled on each device before executing other tasks. If this task fails for any host, by default, Ansible does not execute the remaining tasks for this host. Without this test, you might get a generic connection error during playbook execution that does not indicate whether this or another issue is the cause of any failures.

Playbooks are expressed in YAML. Because YAML is white-space sensitive and indentation is significant, you should always use spaces rather than tabs when creating playbooks. In YAML, items preceded by a hyphen (-) are considered list items, and the key: value notation represents a hash. For detailed information about creating Ansible playbooks, refer to the official Ansible documentation at https://docs.ansible.com/ansible/latest/user_guide/playbooks.html .

The following sections outline the steps for creating and running a simple playbook that executes Ansible modules on a Junos device.