Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Installing Puppet for Junos OS

 

Setting Up the Puppet Master

Juniper Networks provides support for using Puppet to manage certain devices running Junos OS. The Puppet master must be running Puppet open-source edition. Table 1 outlines the version of Puppet that must be installed on the Puppet master in order to manage the different Junos OS variants and releases of Puppet for Junos OS on the client.

Table 1: Puppet Version Required on Puppet Master

Junos OS Variant

Puppet for Junos OS Version

Puppet Version

Junos OS or Junos OS with Enhanced Automation

1.0

Puppet 2.7.19 or later

2.0

3.0

4.0

Puppet 3.6.1 or later

Junos OS Evolved

Puppet 3.8.7 or later

The Puppet master must also have the following software installed in order to use Puppet to manage devices running Junos OS:

  • Juniper Networks NETCONF Ruby gem—Ruby gem that enables device management using the NETCONF protocol.

  • netdevops/netdev_stdlib Puppet module—includes the Puppet type definitions for the netdev resources.

  • juniper/netdev_stdlib_junos Puppet module—includes the Junos OS-specific code that implements each of the types. When you install this module on the Puppet master, it automatically installs the netdev_stdlib module.

To configure the Puppet master for use with devices running Junos OS:

  1. Install Puppet open-source edition.

    See the Puppet website for Puppet installation instructions.

  2. Install the Juniper Networks NETCONF Ruby gem using the command appropriate for your Puppet master installation.
    root@server:~# gem install netconf
  3. Install or upgrade the Juniper Networks netdev_stdlib_junos Puppet module.
    • To install the netdev_stdlib_junos module, execute the following command on the Puppet master, and specify the module version required to manage your particular devices.

      root@server:~# puppet module install juniper-netdev_stdlib_junos --version 2.0.6
    • To upgrade the module when you have an older version installed, use the upgrade option.

      root@server:~# puppet module upgrade juniper-netdev_stdlib_junos --version 2.0.6
  4. Set up the puppet.conf file on the Puppet master.

    For information about the configuration file, see Setting Up the Puppet Configuration File on the Puppet Master and Puppet Agents Running Junos OS.

Note

The Puppet agent identifies with the Puppet master using SSL. By default, the puppet master service does not sign client certificate requests. As a result, the Puppet master must approve the agent certificate the first time an agent tries to connect to the master. After the Puppet agent node is configured and running, approve the client certificate on the Puppet master by using the command appropriate for your installation, for example, by using the puppet cert sign host command or the puppetserver ca sign --certname host command.

Configuring the Puppet Agent Node

Juniper Networks provides support for using Puppet to manage certain devices running Junos OS. The setup on the agent node depends on the device and the Junos OS variant running on the device. Certain devices require installing the Puppet agent package on the device, other devices have the Puppet agent integrated into the software image, and some devices support running the Puppet agent as a Docker container. To verify support for a specific platform and determine which setup to use for a given device and Junos OS release, see Puppet for Junos OS Supported Platforms.

Table 2 outlines the tasks required to configure the Puppet agent node for the different types of setups. To configure the node, perform the steps in each linked task.

Table 2: Puppet Agent Setup

Puppet Agent Setup

Tasks

Puppet agent must be installed using the jpuppet package

Perform the steps in the following tasks:

  1. Installing the Puppet Agent Package

  2. Configuring the Junos OS User Account

  3. Configuring the Environment Settings

Puppet agent is integrated on the device

Perform the steps in the following tasks:

  1. Configuring the Junos OS User Account

  2. Configuring the Environment Settings

  3. Starting the Puppet Agent Process

Puppet agent will run as a Docker container

Perform the steps in the following tasks:

  1. Configuring the Junos OS User Account

  2. Using the Puppet Agent Docker Container

Note

OCX1100 switches, QFX Series switches running Junos OS with Enhanced Automation, and devices running Junos OS Evolved have the Puppet agent integrated with the software. If the device also supports using the Puppet agent Docker container, you can elect to run the Puppet agent as a Docker container instead of using the integrated Puppet agent.

Installing the Puppet Agent Package

To install the Puppet agent on devices running Junos OS that do not have the agent integrated into the software:

  1. Determine the jpuppet software package required for your platform and release at Puppet for Junos OS Supported Platforms.
  2. Access the download page at https://github.com/Juniper/jpuppet-download.
  3. Select the release folder corresponding to the Puppet for Junos OS release to download.
  4. Download to the /var/tmp/ directory on the agent device the jpuppet software package that is specific to your platform or device microprocessor architecture, depending on the Puppet for Junos OS release.Note

    Starting in Puppet for Junos OS Release 2.0, the jpuppet packages are specific to the microprocessor architecture. In earlier releases, the packages are specific to a particular platform. If you do not know the microprocessor architecture of your device, you can use the UNIX shell command uname -a to determine it.

    Note

    We recommend that you install the jpuppet software package from the /var/tmp/ directory on your device to ensure the maximum amount of disk space and RAM for the installation.

  5. Configure the provider name, license type, and deployment scope associated with the application.
  6. Install the software package using the request system software add operational mode command, and include the no-validate option.
  7. Verify that the installation is successful by issuing the show version command.

    The list of installed software should include the jpuppet package. For example:

    admin@jd> show version
    Note

    The package name might vary depending on the Puppet for Junos OS release.

Configuring the Junos OS User Account

You must configure a user account to run the Puppet agent. The user must have configure, control, and view permissions. You can configure any username and authentication method for the account.

To configure a Junos OS user account to run the Puppet agent:

  1. Configure the account username, login class, authentication method, and shell.
  2. Commit the configuration.

Configuring the Environment Settings

Set up the directory structure and environment settings on any agent nodes on which you installed the Puppet agent package or that use the Puppet agent that is integrated with the software image.

To configure the necessary directory structure and environment settings to run the Puppet agent:

  1. Log in to the agent node using the Puppet account username and password.
  2. If you are not already in the UNIX-level shell, enter the shell.
  3. Create a $HOME/.cshrc file, and include the content corresponding to the variant of Junos OS and the release of Puppet for Junos OS installed on the device, which is outlined in Table 3.

    Table 3: Content in Puppet Agent .cshrc File

    Junos OS Variant

    Puppet for Junos OS Release

    .cshrc content

    Junos OS or

    Junos OS with Enhanced Automation

    1.0 or 2.0

    setenv PATH ${PATH}:/opt/sdk/juniper/bin

    3.0 or 4.0

    setenv PATH ${PATH}:/opt/jet/juniper/bin

    Junos OS Evolved

    setenv PATH ${PATH}:/usr/bin

  4. Exit the device and log back in using the Puppet account username and password.
  5. If you are not already in the UNIX-level shell, enter the shell.
  6. Verify that the jpuppet code is installed and that the PATH variable is correct by running Facter, which should display device-specific information. For example:
    % facter
  7. Create the following $HOME/.puppet directory structure:
  8. Place your puppet.conf file in the $HOME/.puppet directory.

    For information about the configuration file, see Setting Up the Puppet Configuration File on the Puppet Master and Puppet Agents Running Junos OS.

Starting the Puppet Agent Process

Devices that have the Puppet agent integrated into the software require that you start the Puppet agent process on the device. Start the Puppet agent process after configuring the Junos OS user account and environment settings.

To start the Puppet agent process:

  1. Enter the shell.
  2. Start the Puppet agent process by executing the puppet agent command, and include any desired options.
    • For example, on devices running Junos OS or Junos OS with Enhanced Automation:

    • On devices running Junos OS Evolved, switch to the default VRF for management traffic, vrf0, and then start the agent.

    Note

    You can choose to define the server settings in your Puppet configuration file instead of specifying the settings as command options.

Using the Puppet Agent Docker Container

Certain devices running Junos OS Evolved support running the Puppet agent as a Docker container. Docker is a software container platform that is used to package and run an application and its dependencies in an isolated container. Juniper Networks provides a Docker image for the Puppet agent on Docker Hub.

When you run the Puppet agent using the Docker container, the container:

  • Shares the hostname and network namespace of the host

  • Uses the host network to communicate with the Puppet server

  • Authenticates to the host using key-based SSH authentication

To use the Puppet agent Docker container on supported devices:

  1. Log in as the root user.
  2. Switch to the default VRF for management traffic, vrf0.
    [vrf:none] root@host:~# switchvrf $$ vrf0
  3. Start the Docker service, and bind it to the default VRF for management traffic, vrf0.
    [vrf:vrf0] root@host:~# systemctl start docker@vrf0
  4. Set the DOCKER_HOST environment variable.
    [vrf:vrf0] root@host:~# export DOCKER_HOST=unix:///run/docker-vrf0.sock
  5. Start the Puppet agent Docker container as follows, and set the NETCONF_USER to the Junos OS user account that was set up to run the agent.
    [vrf:vrf0] root@host:~# docker run -d -e PATH="/usr/local/bundle/bin:$PATH" -e NETCONF_USER=puppet --network=host --name=puppet-agent juniper/puppet-agent:latest
  6. Generate the SSH key pair that will be used to authenticate the container to the host.
    [vrf:vrf0] root@host:~# docker exec -it puppet-agent ssh-keygen -t rsa -N "" -f /root/.ssh/id_rsa
  7. Copy the public key to the host, and add it to the root user’s authorized_keys file.
    [vrf:vrf0] root@host:~# docker cp puppet-agent:/root/.ssh/id_rsa.pub .
    [vrf:vrf0] root@host:~# cat id_rsa.pub >> .ssh/authorized_keys
  8. Verify the connection from the container to the host.
    [vrf:vrf0] root@host:~# docker exec -it puppet-agent ssh puppet@localhost
  9. Place your puppet.conf file in the container’s /etc/puppet directory.
    [vrf:vrf0] root@host:~# docker cp /var/tmp/puppet.conf puppet-agent:/etc/puppet
    Note

    For information about the configuration file, see Setting Up the Puppet Configuration File on the Puppet Master and Puppet Agents Running Junos OS.

  10. Start the Puppet agent.
    [vrf:vrf0] root@host:~# docker exec -it puppet-agent puppet agent -t
  11. On the Puppet master, accept the agent’s keys using the command appropriate for your installation.
    root@server:~# puppet cert sign host.example.com

Setting Up the Puppet Configuration File on the Puppet Master and Puppet Agents Running Junos OS

The Puppet configuration file, puppet.conf, defines the settings for the Puppet master and agent nodes. It is an INI-formatted file with code blocks that contain indented setting = value statements. The main code blocks are:

  • [master]—settings for the Puppet master.

  • [agent]—settings for the agent node.

  • [main]—global settings that are used by all commands and services. The settings in the [master] and [agent] blocks override those in [main].

On the Puppet master, the configuration file resides at $confdir/puppet.conf. On agent nodes running Junos OS, the location depends on your setup. Table 4 outlines the location where the Puppet configuration file should reside for a given setup on devices running Junos OS.

Table 4: Puppet Configuration File Location

Puppet agent setup

puppet.conf location

Puppet agent is installed using the jpuppet package

$HOME/.puppet directory for the Junos OS user account set up to run the Puppet agent

Puppet agent is integrated on the device

$HOME/.puppet directory for the Junos OS user account set up to run the Puppet agent

Puppet agent is running as a Docker container

/etc/puppet directory within the container

Creating environment-specific Puppet configuration files is beyond the scope of this document. However, when using Puppet to manage devices running Junos OS, the Puppet master and agent node puppet.conf files must contain the following statement within the [main] configuration block:

In addition, client devices running Junos OS Evolved must include the certname statement in the puppet.conf file and specify the node’s certificate name. The Puppet master uses the certificate name, which can be a hostname, an IP address, or any user-defined name in lowercase characters, to identify the client.

The following example shows a sample puppet.conf file for an agent node running Junos OS:

The following example shows a sample puppet.conf file for an agent node running Junos OS Evolved:

For more information about Puppet configuration files, see the Puppet website at https://puppet.com/.

Configuring the Puppet for Junos OS Addressable Memory

On devices running Junos OS, the amount of memory available to Puppet is 64 MB by default. You can expand the usable memory to the system maximum values as defined in Table 5.

Table 5: Puppet Agent Execution Environment Memory Limits

Device

Upper Memory Limit

EX4200, EX4500, EX4550

128 MB

EX4300

64 MB

MX5, MX10, MX40, MX80

64 MB

MX104

64 MB

MX240, MX480, MX960

2048 MB

OCX1100

64 MB

QFX3500, QFX3600

1024 MB

QFX5100

64 MB

QFX10002, QFX10008, QFX10016

1024 MB

To expand the amount of memory available to the Puppet agent execution environment, including the Puppet agent and Facter processes:

  1. Log in to the Puppet agent using the Puppet user account username and password.
  2. In the Puppet user $HOME/.cshrc file, add the limit data memory command to the file. For example:
Release History Table
Release
Description
Starting in Puppet for Junos OS Release 2.0, the jpuppet packages are specific to the microprocessor architecture. In earlier releases, the packages are specific to a particular platform.