Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Connecting to Devices Running Junos OS Using Ansible

 

Ansible is an IT automation framework that is used for infrastructure configuration management. Ansible and Juniper Networks provide collections of Ansible modules that you can use to manage devices running Junos OS. Starting in Ansible Release 2.1, Ansible natively includes a number of core modules for devices running Junos OS. In addition, Juniper Networks provides a collection of modules in the Juniper.junos role, which is hosted on the Ansible Galaxy website. The modules enable you to connect to devices running Junos OS using different connection methods.

Connection Methods Overview

The Ansible core and Ansible Galaxy modules for Junos OS enable you to connect to a device running Junos OS using NETCONF over SSH. In addition, the Ansible Galaxy modules also enable you to connect to devices running Junos OS using a serial console connection and telnet. You must use a serial console connection when you are physically connected to the CONSOLE port on a device. You can use telnet to connect to the device’s management interface or to a console server that is directly connected to the device’s CONSOLE port. New or zeroized devices that have factory-default configurations require access through a console connection. Thus, you can use Ansible for Junos OS to initially configure a device that is not yet configured for remote access by using either a serial console connection when you are directly connected to the device or by using telnet through a console server that is directly connected to the device.

Note

Starting in Ansible for Junos OS Release 2.0.0, all Juniper.junos Ansible modules use the same set of connection and authentication-related options when connecting to the managed device.

By default, Ansible for Junos OS modules connect to a device and establish a NETCONF session over SSH. The Ansible Galaxy modules in the Juniper.junos role also enable you to specify a different connection type by including the mode parameter in the module’s argument list. To telnet to a device, set the mode argument equal to "telnet". To connect to a device using a serial console connection, set the mode argument equal to "serial". Table 1 summarizes the connection methods and their default values for certain parameters.

Table 1: Ansible for Junos OS Connection Methods

Connection Mode

Value of mode Argument

Default Port

First Supported Ansible for Junos OS Release

NECONF over SSH (default)

830

1.0.0

Serial console connection

serial

/dev/ttyUSB0

2.0.0

Telnet

telnet

23

1.4.0

Default port added in 2.0.0

Note

Before you can access the management interface using telnet or NETCONF over SSH, you must first enable the appropriate service at the [edit system services] hierarchy. Because telnet uses clear-text passwords (therefore creating a potential security vulnerability), we recommend that you use SSH.

Connecting to a Device Using NETCONF over SSH

By default, Ansible for Junos OS modules connect to a device and establish a NETCONF session over SSH. To use this connection method, you must first satisfy the requirements outlined in Setting up Ansible for Junos OS Managed Nodes. In addition, the device must be able to authenticate the user using standard SSH authentication mechanisms. For more information, see Authenticating Users Executing Ansible Modules on Devices Running Junos OS.

When establishing a NETCONF session over SSH, Ansible for Junos OS modules first attempt SSH public key-based authentication and then try password-based authentication. When SSH keys are in use, the password argument is used as the passphrase for unlocking the private SSH key. When password-based authentication is used, the password argument is used as the password. If SSH public key-based authentication is being used and the SSH private key has an empty passphrase, then the password argument may be omitted. However, SSH private keys with empty passphrases are not recommended.

The following sample playbook retrieves the device facts using NETCONF over SSH, which is the default connection method. The playbook uses SSH keys in the default location.

For information and examples for the Ansible core modules for Junos OS, see https://docs.ansible.com/ansible/latest/list_of_network_modules.html#junos.

Connecting to a Device Using Telnet

The Ansible Galaxy modules in the Juniper.junos role enable you to connect to a device running Junos OS using telnet, which provides unencrypted access to the network device. You can telnet to the device’s management interface or to a console server that is directly connected to the device’s CONSOLE port. Accessing the device through a console server enables you to initially configure a new or zeroized device that is not yet configured for remote access. To telnet to the management interface, you must configure the Telnet service at the [edit system services] hierarchy level on all devices that require access to the interface.

To telnet to a device running Junos OS, you must set the module’s mode parameter to "telnet", and optionally include the port parameter to specify a port. When you set mode to "telnet" but omit the port parameter, the value for port defaults to 23.

The following sample playbook telnets to a device running Junos OS using port 7016, retrieves the device facts, and saves them to a file. The module uses the default user and prompts for the login password.

Connecting to a Device Using a Serial Console Connection

The Ansible Galaxy modules in the Juniper.junos role enable you to connect to a device running Junos OS using a serial console connection, which is useful when you must initially configure a new or zeroized device that is not yet configured for remote access. To use this connection method, you must be physically connected to the device through the CONSOLE port. For detailed instructions about connecting to the CONSOLE port on your device, see the hardware documentation for your specific device.

To connect to a device running Junos OS through a serial console connection, you must set the module’s mode parameter to "serial", and optionally include the port parameter to specify a port. When you set mode to "serial" but omit the port parameter, the value for port defaults to /dev/ttyUSB0.

The following sample playbook connects to a device running Junos OS through the CONSOLE port, retrieves the device facts, and saves them to a file. The module uses the default user and prompts for the login password.

Release History Table
Release
Description
Starting in Ansible for Junos OS Release 2.0.0, all Juniper.junos Ansible modules use the same set of connection and authentication-related options when connecting to the managed device.