Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create and Execute Ansible Playbooks to Manage Junos Devices

SUMMARY You can create Ansible playbooks that execute Juniper Networks modules to perform operational and configuration tasks on Junos devices.

Juniper Networks supports using Ansible to manage Junos devices, and Ansible and Juniper Networks provide Ansible modules that enable you to perform operational and configuration tasks on the devices. This topic outlines how to create a simple Ansible playbook to execute Juniper Networks modules on Junos devices.

You create Ansible playbooks to handle more complex management tasks. Playbooks consist of one or more plays, or groups of tasks, that operate on a set of defined hosts. Ansible hosts that are referenced in the playbook must be defined in the Ansible inventory file, which by default resides at /etc/ansible/hosts. Each play must specify:

  • The hosts on which the tasks operate

  • The list of tasks to execute on each host

  • Any required variables or module parameters, including authentication parameters, if these are not defined elsewhere

The Juniper Networks Ansible modules are distributed through the juniper.device collection and the Juniper.junos role, which are hosted on Ansible Galaxy. To use the Juniper Networks modules in your playbook, you must install the collection or role on the Ansible control node. For more information about the Juniper Networks collection, role, and modules, see Understanding the Ansible for Junos OS Collections, Roles, and Modules.

The Juniper Networks modules do not require Python on Junos devices, because they use Junos PyEZ and the Junos XML API over NETCONF to interface with the device. Therefore, to perform operations on Junos devices, you must run modules locally on the Ansible control node, where Python is installed. You can run the modules locally by including connection: local in the playbook play. When you use connection: local, Ansible establishes a separate connection to the host for each task in the play that requires a connection. The juniper.device collection modules also support connection: juniper.device.pyez, which still executes the modules locally on the Ansible control node but instead establishes a connection to the host that persists over the execution of all tasks in a play.

By default, Ansible plays automatically gather system facts from the remote host. However, when you execute the plays locally, Ansible gathers the facts from the Ansible control node instead of the remote host. To avoid gathering facts for the control node, include gather_facts: no in the playbook.

When you execute the Juniper Networks modules using a NETCONF session over SSH, which is the default, you must have NETCONF enabled on the Junos device. We recommend that you create a simple task in the playbook that explicitly tests whether NETCONF is enabled on each device before executing other tasks. If this task fails for any host, by default, Ansible does not execute the remaining tasks for this host. Without this test, you might get a generic connection error during playbook execution that does not indicate whether this or another issue is the cause of any failures.

Playbooks are expressed in YAML. Because YAML is white-space sensitive and indentation is significant, you should always use spaces rather than tabs when creating playbooks. In YAML, items preceded by a hyphen (-) are considered list items, and the key: value notation represents a hash. For detailed information about creating Ansible playbooks, refer to the official Ansible documentation at https://docs.ansible.com/ansible/latest/user_guide/playbooks.html .

The following sections outline the steps for creating and running a simple playbook that executes Ansible modules on a Junos device.

Create a Playbook

To create a simple playbook to perform tasks on Junos devices:

  1. In your favorite editor, create a new file with a descriptive playbook name that uses the .yaml file extension.
  2. Include three dashes to indicate the start of the YAML document.
  3. Provide a descriptive name for the play.
  4. Define a colon-delimited list of the hosts or groups of hosts on which the modules will operate, or specify all to indicate all hosts in the inventory file.

    Any hosts or groups referenced in the playbook must be defined in the Ansible inventory file.

  5. Instruct Ansible to execute the play’s tasks locally on the Ansible control node where Python is installed because there is no requirement for Python on Junos devices.
    • Include connection: local to execute tasks locally but establish a separate connection to the host for each task in the play that requires a connection.

    • Include connection: juniper.device.pyez to execute tasks locally but establish a persistent connection to the host that persists over the execution of all tasks in the play. This connection type is only supported by the juniper.device collection modules.

    The remaining steps use connection: local. To use the juniper.device collection modules with a persistent connection, update the final playbook to use connection: juniper.device.pyez.

  6. (Optional) Include gather_facts: no to avoid gathering facts for the target host, which for local connections is the Ansible control node.
  7. Reference the juniper.device collection or the Juniper.junos role, as appropriate for your Ansible setup.
    • On Ansible control nodes running Ansible 2.10 or later that have the juniper.device collection installed, the recommended method is to omit the collections key and instead reference collection content by its fully qualified collection name (FQCN).

    • On Ansible control nodes that have the Juniper.junos role installed, include the role.

    The remaining steps use the juniper.device collection and module names. To use the Juniper.junos role, update the final playbook to use the role and role module names.

  8. Define a tasks section, and include one or more tasks as list items.
  9. (Optional) As an additional check, create a task to verify NETCONF connectivity for each Junos device.
  10. Create tasks that use the Juniper Networks modules, and provide any necessary connection and authentication parameters.

    This example uses existing SSH keys in the default location and does not explicitly provide credentials for the facts module in the playbook.

  11. (Optional) Define additional plays as needed by repeating steps 3 through 10.

Execute the Playbook

To execute the playbook:

  • Issue the ansible-playbook command on the control node, and provide the playbook path and any desired options.