Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Setting up Ansible for Junos OS Managed Nodes

 

Juniper Networks provides support for using Ansible to manage devices running Junos OS. You do not need to install any client software on the remote nodes in order to use Ansible to manage the devices. Also, Python is not required on the managed devices running Junos OS, because the Ansible for Junos OS modules are executed locally on the Ansible control machine and use NETCONF and the Junos XML API to perform the corresponding operational and configuration tasks.

You can execute Ansible for Junos OS modules using any user account that has access to the managed device running Junos OS. When you execute Ansible modules, Junos OS user account access privileges are enforced. The class configured for the Junos OS user account determines the permissions. Thus, if a user executes a module that loads configuration changes onto a device, the user must have permissions to change the relevant portions of the configuration. For information about configuring user accounts on devices running Junos OS, see the User Access and Authentication Feature Guide.

The Ansible core and Ansible Galaxy modules for Junos OS enable you to connect to a device running Junos OS using NETCONF over SSH. In addition, the Ansible Galaxy modules also enable you to telnet to the device’s management interface or to a console server that is directly connected to the device’s CONSOLE port. To use Ansible to telnet to the device’s management interface, you must configure the Telnet service on the managed device. To manage devices through a NETCONF session over SSH, you must enable the NETCONF service over SSH on the managed device and ensure that the device meets requirements for SSHv2 connections.

The following sections outline the requirements and required configuration on devices running Junos OS when using Ansible for Junos OS to access the device using the different connection protocols:

  1. Configuring Telnet Service on Devices Running Junos OS

  2. Enabling NETCONF on Devices Running Junos OS

  3. Satisfying Requirements for SSHv2 Connections

Configuring Telnet Service on Devices Running Junos OS

Juniper.junos Ansible modules can connect to a device running Junos OS using telnet. To telnet to a device running Junos OS, you must configure the Telnet service on the device. Configuring Telnet service for a device enables unencrypted, remote access to the device.

To enable Telnet service:

  1. Configure the service.

  2. (Optional) Configure the connection limit, rate limit, and order of authentication, as necessary.

  3. Commit the configuration.

Enabling NETCONF on Devices Running Junos OS

To enable NETCONF over SSH on the default port (830) on a device running Junos OS:

  1. Configure the NETCONF over SSH service.

  2. Commit the configuration.

Satisfying Requirements for SSHv2 Connections

The NETCONF server communicates with client applications within the context of a NETCONF session. The server and client explicitly establish a connection and session before exchanging data, and close the session and connection when they are finished. The Ansible for Junos OS modules access the NETCONF server using the SSH protocol and standard SSH authentication mechanisms. When you use Ansible to manage devices running Junos OS, the most convenient way to access a device is to configure SSH keys.

To establish an SSHv2 connection with a device running Junos OS, you must ensure that the following requirements are met:

  • The NETCONF service over SSH is enabled on each device where a NETCONF session will be established.

  • The client application has a user account and can log in to each device where a NETCONF session will be established.

  • The login account used by the client application has an SSH public/private key pair or a text-based password configured.

  • The client application can access the public/private keys or text-based password.

For information about enabling NETCONF on a device running Junos OS and satisfying the requirements for establishing an SSH session, see the NETCONF XML Management Protocol Developer Guide.