Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Using Ansible to Restore a Device Running Junos OS to the Factory-Default Configuration Settings

 

Using Ansible to Restore the Factory-Default Configuration Settings

The juniper_junos_system module in the Juniper.junos role enables you to restore a device running Junos OS to the factory-default configuration settings. To restore a device to the factory-default configuration, the juniper_junos_system module action argument must be set to 'zeroize'. After a device is restored to the factory-default configuration settings, you must log in through the console as root in order to access the device.

Note

Starting in Ansible for Junos OS Release 2.0.0, the juniper_junos_system module replaces the functionality of the junos_shutdown and junos_zeroize modules.

The action: "zeroize" argument causes the juniper_junos_system module to execute the request system zeroize operational command on the target host. This command removes all configuration information on the specified Routing Engines, resets all key values on the device, and then reboots the device and resets it to the factory-default configuration settings. The zeroize operation removes all data files, including customized configuration and log files, by unlinking the files from their directories, and it also removes all user-created files from the system including all plain-text passwords, secrets, and private keys for SSH, local encryption, local authentication, IPsec, RADIUS, TACACS+, and SNMP. For more information about the request system zeroize command, see request system zeroize.

The following Ansible playbook uses the juniper_junos_system module with action: "zeroize" to restore all Routing Engines on each host in the inventory group to the factory-default configuration settings.

By default, the juniper_junos_system module with action: "zeroize" restores all Routing Engines in a dual Routing Engine or Virtual Chassis setup to the factory-default configuration settings. You can also instruct the module to perform the operation on only the Routing Engine to which the application is connected.

To explicitly indicate that the operation should be performed on all Routing Engines in a dual Routing Engine or Virtual Chassis setup, include the all_re: true argument, which is the default.

To perform the requested action on only the Routing Engine to which the application is connected, include the all_re: false argument.

To instruct the juniper_junos_system module to also scrub all memory and media, in addition to removing all configuration and log files, include the media: true argument. Including the media: true argument is equivalent to executing the request system zeroize media operational mode command. The media option scrubs every storage device attached to the system, including disks, flash memory devices, removable USBs, and so on. The duration of the scrubbing process is dependent on the size of the media being erased.

Example: Using Ansible to Restore the Factory-Default Configuration Settings

Juniper Networks provides support for using Ansible to manage devices running Junos OS. This example outlines how to use Ansible and the juniper_junos_system module to restore a device running Junos OS to the factory-default configuration settings. You can execute the module through the console or through NETCONF over SSH; however, once you reset the device, you can only access it again through the console as root.

Requirements

This example uses the following hardware and software components:

  • Configuration management server running Ansible 2.1 or later with version 2.0.0 or later of the Juniper.junos role installed

  • Device running Junos OS that has access to the console port through a console server and has a user account configured with appropriate permissions

  • Existing Ansible inventory file with required hosts defined

Overview

The juniper_junos_system module in the Juniper.junos role enables you to restore a device running Junos OS to the factory-default configuration settings. This example presents an Ansible playbook that uses the juniper_junos_system module to reset each host in the inventory group to the factory-default configuration through a console server. The value of the module’s action argument defines the operation to execute on the host. Setting action to "zeroize" executes the request system zeroize operational command on each host. This command removes all configuration information on the Routing Engines, resets all key values on the device, and then reboots the device and resets it to the factory-default configuration settings.

Note

The request system zeroize command removes all data files, including customized configuration and log files, by unlinking the files from their directories. The command also removes all user-created files from the system including all plain-text passwords, secrets, and private keys for SSH, local encryption, local authentication, IPsec, RADIUS, TACACS+, and SNMP.

Note

Starting in Ansible for Junos OS Release 2.0.0, the juniper_junos_system module replaces the functionality of the junos_shutdown and junos_zeroize modules.

When calling the module from a playbook, we recommend that you use an interactive prompt to confirm that the user does intend to reset the devices. If a user unintentionally runs the playbook and there is no check, it could inadvertently revert devices back to factory-default configurations and disrupt any networks that require those devices. As a precaution, this playbook uses an interactive prompt to verify that the user intends to reset the devices, and requires that the user manually type 'yes' on the command line in order to execute the module. If the Confirmation check task fails, the Ansible control machine skips the other tasks in the play for that device.

The task that restores the hosts to the factory-default configuration executes the juniper_junos_system module provided that the confirmation check was successful. The mode: "telnet" and port: 23 arguments instruct the module to telnet to port 23 of the console server. The  password parameter is set to the value of the password variable, which the playbook prompts for during execution. After the reboot, you must log in through the console as root in order to access the device.

Configuration

Creating and Executing the Ansible Playbook

Step-by-Step Procedure

To create a playbook that uses the juniper_junos_system module to restore a device running Junos OS to its factory-default configuration settings:

  1. Include the boilerplate for the playbook and this play, which must contain connection: local and the Juniper.junos role.

  2. Create an interactive prompt for the password variable, if the user credentials are not already passed in through some other means.

  3. Create an interactive prompt to prevent the accidental execution of the module.

  4. Create the task that confirms the users intent.

  5. Create the task to reset all Routing Engines on the device to the factory-default configuration settings.

  6. (Optional) Create a task to print the response.

Results

On the Ansible control machine, review the completed playbook. If the playbook does not display the intended code, repeat the instructions in this example to correct the playbook.

Executing the Playbook

Step-by-Step Procedure

To execute the playbook:

  • Issue the ansible-playbook command on the control machine, and provide the playbook path and any desired options.

    root@ansible-cm:~/ansible# ansible-playbook ansible-pb-junos-zeroize.yaml

Verification

Verifying Playbook Execution

Purpose

Verify that the devices running Junos OS were successfully reset to the factory-default configuration.

Action

Access the device through the console port as root. The device should now be in Amnesiac state.

Meaning

The Amnesiac prompt is indicative of a device that is booting from a factory-default configuration and that does not have a hostname configured.

Release History Table
Release
Description
Starting in Ansible for Junos OS Release 2.0.0, the juniper_junos_system module replaces the functionality of the junos_shutdown and junos_zeroize modules.