Setting Up Junos PyEZ Managed Nodes

 

Junos PyEZ is a Python library that enables you to manage and automate devices running Junos OS. You do not need to install any client software on the nodes in order to use Junos PyEZ to manage the devices. Also, Python is not required on the managed devices, because Junos PyEZ utilizes NETCONF and the Junos XML APIs.

You can use Junos PyEZ to manage devices running Junos OS using any user account that has access to the device. You can explicitly define the user when creating a new instance of the jnpr.junos.device.Device class, or if you do not specify a user in the parameter list, the user defaults to $USER. When you use Junos PyEZ to access and manage devices running Junos OS, Junos OS user account access privileges are enforced. The class configured for the Junos OS user account determines the permissions. Thus, if you use Junos PyEZ to load configuration changes onto a device, the user must have permissions to change the relevant portions of the configuration.

Junos PyEZ enables you to connect to a device running Junos OS using a serial console connection, telnet, or a NETCONF session over SSH. To use Junos PyEZ to telnet directly to a device, you must first configure the Telnet service on the managed device. To use Junos PyEZ to manage devices through a NETCONF session over SSH, you must enable the NETCONF service over SSH on the managed device and ensure that the device meets requirements for SSHv2 connections. The following sections outline the requirements and required configuration on devices running Junos OS when using Junos PyEZ to access the device using the different connection protocols:

Configuring Telnet Service on Devices Running Junos OS

Starting in Junos PyEZ Release 2.0, Junos PyEZ applications can connect to a device running Junos OS using telnet. To telnet to a device running Junos OS, you must configure the Telnet service on the device. Configuring Telnet service for a device enables unencrypted, remote access to the device.

To enable Telnet service:

  1. Configure the service.

  2. (Optional) Configure the connection limit, rate limit, and order of authentication, as necessary.

  3. Commit the configuration.

Enabling NETCONF on Devices Running Junos OS

To enable the NETCONF over SSH service on the default port (830) on a device running Junos OS:

  1. Configure the NETCONF over SSH service.

  2. Commit the configuration.

Satisfying Requirements for SSHv2 Connections

The NETCONF server communicates with client applications within the context of a NETCONF session. The server and client explicitly establish a connection and session before exchanging data, and close the session and connection when they are finished. Junos PyEZ accesses the NETCONF server using the SSH protocol and standard SSH authentication mechanisms. When you use Junos PyEZ to manage devices running Junos OS, the most convenient way to access the devices is to configure SSH keys.

To establish an SSHv2 connection with a device running Junos OS, you must ensure that the following requirements are met:

  • The NETCONF service over SSH is enabled on each device where a NETCONF session will be established.

  • The client application has a user account and can log in to each device where a NETCONF session will be established.

  • The login account used by the client application has an SSH public/private key pair or a text-based password configured.

  • The client application can access the public/private keys or text-based password.

For additional information about enabling NETCONF on a device running Junos OS and satisfying the requirements for establishing an SSH session, see the NETCONF XML Management Protocol Developer Guide.