Troubleshooting Ansible Connection Errors When Managing Devices Running Junos OS
The following sections outline connection errors that you might encounter when using Ansible to manage devices running Junos OS. These sections also present potential causes and solutions for each error.
Troubleshooting Failed or Invalid Connection Errors
Problem
Description
During execution of a juniper.device or Juniper.junos module on a device running
Junos OS, the Ansible control node generates an error about a failed
SSH connection or an unknown command. For example:
UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ", "unreachable": true}
or
unknown command: /bin/sh\r\n
Cause
These errors can arise when the module is not run locally on the Ansible control node.
Normally Ansible requires Python on the managed node, and the Ansible control node sends the module to the node, where it is executed and then removed. The Juniper Networks modules do not require Python on devices running Junos OS, because they use Junos PyEZ and the Junos XML API over NETCONF to interface with the device. Therefore, to perform operations on devices running Junos OS, you must run the modules locally on the Ansible control node where Python is installed. If Ansible tries to execute a module directly on the device running Junos OS, it generates an error.
Solution
To direct the Ansible control node to run the juniper.device or Juniper.junos modules locally, include connection: local in the Ansible playbook, or include the --connection local command-line argument when executing individual modules. For example:
--- - name: Get Device Facts hosts: junos connection: local gather_facts: no
Troubleshooting Unknown Host Errors
Problem
Description
During execution of a juniper.device or Juniper.junos module, the Ansible
control node generates a ConnectUnknownHostError error.
"msg": "Unable to make a PyEZ connection: ConnectUnknownHostError(dc1a.example.net)"
Cause
The host is not defined in the Ansible inventory file or the Ansible control node is unable to resolve the hostname.
When executing an Ansible module either directly or from a playbook, any host referenced in the module arguments or the playbook must be defined in the Ansible inventory file. The default location for the inventory file is /etc/ansible/hosts. If the inventory file references a hostname, the Ansible control node must be able to resolve the hostname.
Solution
Update the Ansible inventory file to include the missing host, and ensure that DNS resolution is working correctly.
For information about the Ansible inventory file, see Understanding the Ansible Inventory File When Managing Devices Running Junos OS as well as the official Ansible documentation at https://www.ansible.com/.
Troubleshooting Refused Connection Errors
Problem
Description
During execution of a juniper.device or Juniper.junos module, the Ansible
control node generates a ConnectRefusedError error. For example:
"msg": "Unable to make a PyEZ connection: ConnectRefusedError(dc1a.example.net)"
Cause
The most likely cause for a refused connection error is that NETCONF over SSH is not enabled on the device running Junos OS.
To quickly test whether NETCONF is enabled, verify that the user account executing the Ansible module can successfully start a NETCONF session with the device.
[user@ansible-cn]$ ssh user@dc1a.example.net -p 830 -s netconf
If the user can successfully establish a NETCONF session with the device on either the default NETCONF port (830) or a port that is specifically configured for NETCONF on your device, then NETCONF is enabled. Otherwise, you must enable NETCONF over SSH on the device.
Solution
Enable the NETCONF-over-SSH service on the device running Junos OS.
[edit] user@host# set system services netconf ssh user@host# commit