Creating and Executing Ansible Playbooks to Manage Devices Running Junos OS


Juniper Networks provides support for using Ansible to manage devices running Junos OS. The Ansible core and Ansible Galaxy modules for Junos OS provide simple yet powerful methods to perform operational and configuration tasks on devices running Junos OS. This topic outlines how to create a simple playbook to execute Ansible for Junos OS modules.

You create Ansible playbooks to handle more complex management tasks. Playbooks consist of one or more plays, or groups of tasks, that operate on a set of defined hosts. Ansible hosts that are referenced in the playbook must be defined in the Ansible inventory file, which by default resides at /etc/ansible/hosts. Each play must specify the hosts on which the tasks operate, the list of tasks to execute on each host, and any required variables or module parameters. Because devices running Junos OS do not require Python, you must run modules locally on the control machine by including connection: local in the playbook play. You can avoid gathering unnecessary facts about the server by also including gather_facts: no.

Starting in Ansible Release 2.1, Ansible natively includes a number of core modules for devices running Junos OS. In addition, Juniper Networks provides a collection of modules in the Juniper.junos role, which is hosted on the Ansible Galaxy website. The Ansible core modules are available when you install Ansible. To use the Ansible Galaxy modules in the Juniper.junos role in your playbook, you must install the role on the Ansible server and include the role in the playbook.

When you execute Ansible for Junos OS modules using a NETCONF session over SSH, you must have NETCONF enabled on the devices running Junos OS. We recommend that you create a simple task in the playbook that explicitly tests whether NETCONF is enabled on each device before executing other tasks. If this task fails for any host, by default, Ansible does not execute the remaining tasks for this host. Without this test, you might get a generic connection error during playbook execution that does not indicate whether this or another issue is the cause of any failures.

Playbooks are expressed in YAML. Because YAML is white-space sensitive and indentation is significant, you should always use spaces rather than tabs when creating playbooks. In YAML, items preceded by a hyphen (-) are considered list items, and the key: value notation represents a hash. For detailed information about creating Ansible playbooks, refer to the official Ansible documentation at .

The following sections outline the steps for creating and running a simple playbook that executes Ansible for Junos OS modules:

Creating a Playbook

To create a simple playbook to perform tasks on devices running Junos OS:

  1. In your favorite editor, create a new file with a descriptive playbook name that uses the .yaml file extension.
  2. Enter the required opening line for the playbook, and provide a descriptive name for the play.

  3. Define a colon-delimited list of the hosts or groups of hosts on which the modules will operate, or specify all to indicate all hosts in the inventory file.

    Note that any hosts or groups referenced in the playbook must be defined in the Ansible inventory file.

  4. Include the Juniper.junos role to use the Juniper.junos Ansible Galaxy modules for Junos OS.

  5. Because there is no requirement for Python on the devices running Junos OS, include connection: local to execute the plays locally on the Ansible control machine where Python is installed.

  6. (Optional) Because Ansible executes plays locally on the control machine, avoid gathering unnecessary facts about the server by including gather_facts: no.

  7. Define a tasks section, and include one or more tasks with each task as a list item.

  8. (Optional) As an additional check, create a task to verify NETCONF connectivity for each device running Junos OS.

  9. Create tasks that use the Ansible core or Ansible Galaxy modules for Junos OS, and provide any necessary connection or authentication parameters, for example:

Executing a Playbook

To execute the playbook:

  • Issue the ansible-playbook command on the control machine, and provide the playbook path and any desired options.

    user@ansible-cm:~$ ansible-playbook playbook.yaml