Using Salt to Retrieve a Junos OS Configuration
Juniper Networks provides support for using
Salt to manage devices running Junos OS, and the Junos execution and
state modules (for Salt) define functions that enable you to retrieve
the configuration from managed devices. You can use the salt.modules.junos.rpc execution function or
the salt.states.junos.rpc state function to execute
the get_config RPC to retrieve configuration
data from a device running Junos OS.
You can use the get_config RPC to
retrieve the complete configuration or a subset of the configuration
from the candidate, committed, or ephemeral configuration databases.
You can return data for the pre-inheritance or post-inheritance configuration.
In addition, you can return the data in several different formats
and save the data to a file on the proxy minion server.
How to Retrieve the Complete Candidate Configuration
To retrieve the complete candidate configuration from a device
running Junos OS, call the junos.rpc function,
and execute the get_config RPC.
saltuser@salt-master:~$ sudo salt 'router1' junos.rpc get_config
router1:
----------
out:
True
rpc_reply:
----------
configuration:
----------
apply-groups:
- global
- re0
- re1
...
Similarly, you can define a Salt state file that retrieves the configuration. The following sample state file retrieves the complete candidate configuration for the target devices in text format:
saltuser@salt-master:~$ cat /srv/salt/junos_get_config.sls
get_config:
junos.rpc:
- format: text
When you apply the state, it displays the candidate configuration for each target device.
saltuser@salt-master:~$ sudo salt 'router1' state.apply junos_get_config
router1:
----------
ID: get_config
Function: junos.rpc
Result: True
Comment:
Started: 20:15:20.409910
Duration: 973.546 ms
Changes:
----------
out:
True
rpc_reply:
## Last changed: 2019-08-06 11:38:21 PDT
version 18.4R1.8;
groups {
re0 {
system {
host-name router1;
}
...
Summary for router1
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 973.546 msHow to Specify the Source Database for the Configuration Data
By default, the get_config RPC retrieves
configuration data from the candidate configuration database. You
can also retrieve data from the committed configuration database or
the ephemeral configuration database by including the database parameter with the appropriate value.
Committed Configuration Database
To retrieve data from the committed configuration database,
set the database argument equal to committed. For example:
saltuser@salt-master:~$ sudo salt 'router1' junos.rpc get_config database=committed
router1:
----------
out:
True
rpc_reply:
----------
configuration:
----------
apply-groups:
- global
- re0
- re1
...
Ephemeral Configuration Database
You can also use Salt to retrieve data from the ephemeral configuration database on devices that support this database. When you retrieve configuration data from the shared configuration database, by default, the results do not include data from the ephemeral configuration database.
To retrieve data from the default instance of the ephemeral
configuration database, include the database argument and set it equal to ephemeral.
saltuser@salt-master:~$ sudo salt 'router1' junos.rpc get_config database=ephemeral
To retrieve data from a user-defined instance of the ephemeral
configuration database, set the database argument equal to ephemeral, and set
the ephemeral-instance argument to the
name of the ephemeral instance.
saltuser@salt-master:~$ sudo salt 'router1' junos.rpc get_config database=ephemeral ephemeral-instance=eph1
router1:
-
out:
True
rpc_reply:
-
configuration:
-
protocols:
-
mpls:
-
label-switched-path:
-
name:
to-hastings
to:
192.0.2.1
How to Specify the Scope of the Configuration Data to Return
In addition to retrieving the complete Junos OS configuration,
the get_config RPC can retrieve a subset
of the configuration by using the filter parameter. The filter parameter takes
a string containing the subtree filter that selects the configuration
statements to return. The subtree filter returns the configuration
data that matches the selection criteria.
To request multiple hierarchies, the filter string must include the <configuration> root element. Otherwise, the value of filter must represent all levels of the configuration hierarchy starting
just under the root <configuration> element
down to the hierarchy to display. To select a subtree, include the
empty tag for that hierarchy level. To return a specific object, include
a content match node that defines the element and value to match.
The following command retrieves and prints the configuration
at the [edit interfaces] and [edit protocols] hierarchy levels in the candidate configuration:
saltuser@salt-master:~$ sudo salt 'router1' junos.rpc get_config filter='<configuration><interfaces/><protocols/></configuration>'
The following command retrieves and prints the configuration
at the [edit system services] hierarchy level:
saltuser@salt-master:~$ sudo salt 'router1' junos.rpc get_config filter='<system><services/></system>'
The following state file retrieves the <name> element for each <interface> element
at the <interfaces> hierarchy level
in the post-inheritance candidate configuration:
saltuser@salt-master:~$ cat /srv/salt/junos_get_config_interface_names.sls
get_config:
junos.rpc:
- filter: <interfaces><interface><name/></interface></interfaces>
- inherit: inherit
Applying the state returns the list of interface names.
saltuser@salt-master:~$ sudo salt 'router1' state.apply junos_get_config_interface_names
router1:
----------
ID: get_config
Function: junos.rpc
Result: True
Comment:
Started: 22:11:24.430639
Duration: 1522.123 ms
Changes:
----------
out:
True
rpc_reply:
----------
configuration:
----------
interfaces:
----------
interface:
|_
----------
name:
ge-1/0/0
|_
----------
name:
ge-1/0/2
|_
----------
name:
ge-1/0/3
|_
----------
name:
ge-1/0/4
|_
----------
name:
lo0
|_
----------
name:
fxp0
Summary for router1
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 1.522 s
Similarly, the following example retrieves the subtree for the ge-1/0/1 interface:
saltuser@salt-master:~$ sudo salt 'router1' junos.rpc get_config filter='<interfaces><interface><name>ge-1/0/1</name></interface></interfaces>' format=text
router1:
----------
out:
True
rpc_reply:
## Last changed: 2019-08-06 14:58:44 PDT
interfaces {
ge-1/0/1 {
unit 0 {
family inet {
address 10.1.1.1;
}
}
}
}
How to Specify the Format of the Configuration Data to Return
By default, the junos.rpc function
returns the RPC output in XML format for both the data displayed in
standard output as well as the data saved to the destination file,
if specified. To specify an output format, include the format argument, and set the value equal to the desired
format. To request text format or Junos XML elements, use text or xml, respectively.
To save the configuration data to a destination file in JSON format,
specify json.
The following command saves the configuration data to the specified file and also displays it in standard output in text format:
saltuser@salt-master:~$ sudo salt 'router1' junos.rpc get_config dest=/var/configs/router1_config.txt format=text
The following command saves the configuration data to the specified file in JSON format:
saltuser@salt-master:~$ sudo salt 'router1' junos.rpc get_config dest=/var/configs/router1_config.xml format=json
How to Specify Inheritance and Groups Options
The get_config RPC retrieves data
from the pre-inheritance configuration, in which the <groups>, <apply-groups>, <apply-groups-except>, and <interface-range> tags are separate elements in
the configuration output. To retrieve data from the post-inheritance
configuration, which displays statements that are inherited from user-defined
groups and ranges as children of the inheriting statements, you can
include the inherit=inherit argument. If
you also include the groups=groups argument,
the text and XML-formatted output will indicate the group from which
a statement was inherited.
For example, the following command retrieves the configuration
at the [edit system services] hierarchy level from the
post-inheritance candidate configuration. In this case, if the configuration
also contains statements configured at the [edit groups global
system services] hierarchy level, those statements are inherited
at the [edit system services] hierarchy level in the post-inheritance
configuration and returned in the configuration data.
saltuser@salt-master:~$ sudo salt 'router1' junos.rpc get_config filter='<system><services/></system>' inherit=inherit groups=groups dest=/var/configs/router1-system-services.xml
In the destination file, the elements that are inherited from
a group include the group attribute. The group attribute value indicates the group from which
the element was inherited.
<configuration changed-seconds="1565131770" changed-localtime="2019-08-06 15:49:30 PDT"><system><services>
<ftp group="global"></ftp>
<ssh group="global"></ssh>
<netconf group="global"><ssh group="global">
</ssh><traceoptions group="global"><file group="global"><filename group="global">netconf.log</filename><size group="global">10m</size><files group="global">2</files></file><flag group="global"><name group="global">all</name></flag></traceoptions></netconf>
</services></system></configuration>How to Save Retrieved Configuration Data to a File
When you execute the junos.rpc function,
you can save the returned data in a file on the proxy minion server
by including the dest argument and specifying
the path of the destination file. If you do not specify an absolute
path, the path is relative to the top-level root (/) directory. If
the target output file already exists, the new file overwrites the
old file.
To retrieve configuration data from a device running Junos OS
and save the output to a file for later reference, execute the get_config RPC and include the dest parameter. The following command retrieves the complete configuration,
displays the data in standard output, and also saves the data in the
specified file on the proxy minion server:
saltuser@salt-master:~$ sudo salt 'router1' junos.rpc get_config dest=/var/configs/router1_config.xml
router1:
----------
out:
True
rpc_reply:
----------
configuration:
----------
apply-groups:
- global
- re0
- re1
...
On the proxy minion server, the configuration data is saved to the specified file.
saltuser@minion:~$ ls /var/configs router1_config.xml
Similarly, you can define a Salt state that retrieves configuration data and saves it in a file. The following sample state file retrieves the complete configuration and writes the data to both standard output and to the specified file on the proxy minion server:
saltuser@salt-master:~$ cat /srv/salt/junos_save_config.sls
get_config:
junos.rpc:
- dest: /var/configs/{{ grains['id'] }}_config.txt
- format: text
In this case, the proxy identifier stored in the id grain is included in the destination filename to
distinguish the output files when the state is applied to multiple
targets. When you apply the state to devices that match the os_family:junos grain, it saves the configuration for
each device to its own file on the proxy minion server.
saltuser@salt-master:~$ sudo salt -G 'os_family:junos' state.apply junos_save_config
router1:
----------
ID: get_config
Function: junos.rpc
Result: True
Comment:
Started: 20:58:25.705709
Duration: 284.552 ms
Changes:
----------
out:
True
rpc_reply:
## Last changed: 2019-08-05 17:24:18 PDT
...Each device configuration is saved in a separate file on the proxy minion server.
saltuser@minion:~$ ls /var/configs router1_config.txt router2_config.txt