Apstra ZTP - Juniper Junos
EX switches require Junos OS version 21.2 or higher. The Python module that's required for ztp is missing on EX switches using Junos OS versions below 21.2
Juniper Junos and ZTP Disk Space
Apstra ZTP manages the bootstrap and lifecycle of Juniper Junos devices. It uses a custom script to create offbox agents, create local users and set other system configuration. As part of the ZTP process a new OS image is copied to the switch. Before installing Apstra ZTP ensure that the switch has sufficient disk space for the OS image.
root@leaf001-001-2> show system storage Filesystem Size Used Avail Capacity Mounted on /dev/gpt/junos 6.0G 1.0G 4.5G 18% /.mount <...>
Example: Juniper Junos ztp.json
Juniper Junos Offbox Agent / Apstra ZTP 4.0
{
"junos": {
"junos-versions": [ "20.2R2-S3.5" ],
"junos-image": "http://192.168.59.4/jinstall-host-qfx-5-20.2R2-S3.5-signed.tgz",
"device-root-password": "root-password",
"device-user": "admin",
"device-user-password": "admin-password",
"custom-config": "junos_custom.sh",
"system-agent-params": {
"platform": "junos",
"agent_type": "offbox",
"job_on_create": "install"
}
}
}
Juniper Junos Bootstrap File
Apstra ZTP uses a Python script to provision the device during ZTP. To allow the
Python script (ztp.py) to run on the Junos device, additional
configuration is required. Use the junos_apstra_ztp_bootstrap.sh
script to bootstrap Apstra ZTP on Junos. It downloads and runs the ZTP script.
Juniper Junos Custom Config File
When configuring custom-config for Juniper Junos devices, refer to
the example junos_custom.sh, a bash file executed during the ZTP
process. It can set system configuration (such as Syslog, NTP, SNMP authentication)
prior to device system agent installation.
#!/bin/sh SOURCE_IP=$(cli -c "show conf interfaces em0.0" | grep address | sed 's/.*address \([0-9.]*\).*/\1/') # Syslog SYSLOG_SERVER="192.168.59.4" SYSLOG_PORT="514" # NTP NTP_SERVER="192.168.59.4" # SNMP SNMP_NAME="SAMPLE" SNMP_SERVER="192.168.59.3" # Syslog cli -c "configure; \ set system syslog host $SYSLOG_SERVER any notice ; \ set system syslog host $SYSLOG_SERVER authorization any ; \ set system syslog host $SYSLOG_SERVER port $SYSLOG_PORT ; \ set system syslog host $SYSLOG_SERVER routing-instance mgmt_junos ; \ commit and-quit" cli -c "configure; \ set system syslog file messages any notice ; \ set system syslog file messages authorization any ; \ commit and-quit" # NTP cli -c "configure; \ set system ntp server $NTP_SERVER routing-instance mgmt_junos ; \ set system ntp source-address $SOURCE_IP routing-instance mgmt_junos ; \ commit and-quit;" # SNMP cli -c "configure; \ set snmp name $SNMP_NAME; \ set snmp community public clients $SNMP_SERVER/32 ; \ set snmp community public routing-instance mgmt_junos ; \ set snmp routing-instance-access access-list mgmt_junos ; \ commit and-quit"
If you set external AAA authentication (for example
authentication-order), replicate the device system agent
device-user and device-user-password in
the AAA system. Otherwise, the device system agent generates an authentication
error.
Restart Juniper Junos ZTP
To erase (zeroize) the device and restart Juniper Junos ZTP process:
root@leaf3> request system zeroize
Troubleshoot Juniper Junos ZTP
When in ZTP mode, the Juniper switch downloads the ztp.py and
ztp.json files to the /var/preserve/apstra
directory. For diagonstics, take note of the
/var/preserve/apstra/aosztp.log file.
Additional useful messages can be found in /var/log/messages (search
for 'ztp')