Topic: tech juniper ijaut prev
tech juniper ijaut > 12: Introduction to Ansible
Idempotence: running the same operation multiple times causes the same result. If an Ansible playbook is run multiple times with no configuration changes between runs, no changes will be made.
Ansible connects via SSH, copies the Python module, and executes it on the remote host. The playbook is in YAML format. Once executed, the modules and playbooks are deleted from the device.
Junos Ansible modules are executed instead on an Ansible server and NETCONF is used to execute commands on remote Junos devices. Ansible server runs on Linux, OS X or BSD. Python 2.6+ or 3.5+ is required. Use pip or pip3 to install Junos-PyEZ, jxmlease, and Ansible.
pip3 install junos-eznc
pip3 install jxmlease
pip3 install ansible
Ansible ‘modules’ are units of code for performing a specific task. The Ansible Module Library includes core modules, which are included as part of an Ansible installation and are supported by Ansible and the community. Junos modules are included as part of the Ansible Module Library. Additional Junos (and other) modules are available in Ansible Galaxy. Similar modules are grouped by role. Juniper modules are in the Juniper.junos role.
pip3 install ansible-galaxy
Modules in the Ansible Module Library are supported by Ansible. Modules in Ansible Galaxy are supported by Juniper.
The Ansible inventory contains hosts and groups of hosts managed by Ansible. The default inventory file is /etc/ansible/hosts, but separate inventory files should be used for production & staging.
vmx-1
srx-1
[vmx_devices]
vmx-1
An inventory file can be given when running Ansible using -i.
The Ansible configuration file, ansible.cfg, contains configuration values such as SSH session parameters and connection timeouts.
The Ansible playbook attaches tasks to hosts which have been defined in the hosts file.
---
- name: My Play
hosts: vmx_devices
roles:
- Juniper.junos
connection: local
gather_facts: no
Basic facts can be retrieved with the juniperjunosfacts module. RPC’s can be executed with the juniperjunosrpc module. Output can be printed or saved. Data can be retrieved using PyEZ operational tables using juniperjunoscommand juniperjunostable. Integration is the JSNAPy tool is done with juniperjunosjsnapy.
Asserts can be performed using the Ansible ‘assert’ module to ensure devices are in the proper state.
vars_prompt:
- name: USERNAME
prompt: Username
private: no
- name: DEVICE_PASSWORD
prompt: Password
private: yes
tasks:
- name: Get Junos device information
juniper_junos_command:
user: "{{ USERNAME }}"
passwd: "{{ DEVICE_PASSWORD }}"
commands:
- show interfaces ge-0/0/[01]* terse
register: cmd_output
- name: Print result
debug:
msg: "{{ cmd_output.stdout_lines }}"
Group variables can be defined in the hosts file. Devices which are members of a group can use the variables defined for their device group.
[vmx_devices:vars]
ntp_server=172...
Example to write the NTP server configuration.
tasks:
- name: Load NTP server configuration
juniper_junos_config:
user: "{{ USERNAME }}"
passwd: "{{ DEVICE_PASSWORD }}"
config_mode: exclusive
load: replace
lines:
- <configuration>
- <system>
- <ntp replace="replace">
- <server>
- <name>{{ ntp_server }}</name>
- </server>
- </ntp>
- </configuration>
format: xml
commit: true
register: cmd_output