ansible-network / juniper_junos Goto Github PK
View Code? Open in Web Editor NEWAnsible Network Juniper JUNOS Provider Role
Ansible Network Juniper JUNOS Provider Role
When a device has ansible_connection set to netconf:
TASK [ansible-network.juniper_junos : testing] **********************************************************************************
ok: [tovllpst_sc1] =>
msg:
- 'ansible_connection: netconf'
- 'ansible_network_os: junos'
TASK [ansible-network.juniper_junos : validate ansible_connection == 'network_cli' or ansible_connection == 'netconf'] **********
fatal: [tovllpst_sc1]: FAILED! => changed=false
msg: expected ansible_network to be `network_cli` or `netconf`, got `netconf`
to retry, use: --limit @/home/4032956/network-automation/retry/get-facts.retry
Expected result:
TASK [ansible-network.juniper_junos : testing] **********************************************************************************
ok: [tovllpst_sc1] =>
msg:
- 'ansible_connection: netconf'
- 'ansible_network_os: junos'
TASK [ansible-network.juniper_junos : set ansible_provider_functions fact] ******************************************************
ok: [tovllpst_sc1]
My fix:
Edit includes/init.yaml
- name: validate ansible_connection == 'network_cli' or ansible_connection == 'netconf'
fail:
msg: "expected ansible_network to be `network_cli` or `netconf`, got `{{ ansible_connection }}`"
when: "not ansible_connection == 'network_cli' and not ansible_connection == 'netconf'"
# when: "not ansible_connection == 'network_cli' or ansible_connection == 'netconf'"
- name: use ansible-network provider roles to gather facts
include_role:
name: "{{ ansible_network_provider }}"
tasks_from: get_facts.yaml
vars:
subset:
- system
ansible_connection: network_cli
TASK [ansible-network.juniper_junos : run rpc command] ***************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: TypeError: 'NoneType' object is not iterable
fatal: [qatfw2bj-sc1]: FAILED! => changed=false
module_stderr: |-
Traceback (most recent call last):
File "/home/4032956/.ansible/tmp/ansible-local-94658eg4njtmh/ansible-tmp-1543890239.3495862-60100278778874/AnsiballZ_junos_command.py", line 113, in <module>
_ansiballz_main()
File "/home/4032956/.ansible/tmp/ansible-local-94658eg4njtmh/ansible-tmp-1543890239.3495862-60100278778874/AnsiballZ_junos_command.py", line 105, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/home/4032956/.ansible/tmp/ansible-local-94658eg4njtmh/ansible-tmp-1543890239.3495862-60100278778874/AnsiballZ_junos_command.py", line 48, in invoke_module
imp.load_module('__main__', mod, module, MOD_DESC)
File "/tmp/ansible_junos_command_payload_8YJyWe/__main__.py", line 451, in <module>
File "/tmp/ansible_junos_command_payload_8YJyWe/__main__.py", line 371, in main
TypeError: 'NoneType' object is not iterable
module_stdout: ''
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
rc: 1
- name: use ansible-network provider roles to gather facts
include_role:
name: "{{ ansible_network_provider }}"
tasks_from: get_facts.yaml
vars:
subset:
- system
ansible_connection: netconf
TASK [ansible-network.juniper_junos : run command] *******************************************************************************************************************************
fatal: [qatfw2bj-sc1]: FAILED! => changed=false
msg: jxmlease is required but does not appear to be installed. It can be installed using `pip install jxmlease`
pip list
$ pip list
Package Version
----------------- ---------
ansible 2.7.2
asn1crypto 0.24.0
astroid 2.0.4
atomicwrites 1.2.1
attrs 18.2.0
bcrypt 3.1.4
certifi 2018.8.24
cffi 1.11.5
chardet 3.0.4
cryptography 2.3.1
idna 2.7
isort 4.3.4
Jinja2 2.10
junos-eznc 2.2.0
jxmlease 1.0.1
lazy-object-proxy 1.3.1
lxml 4.2.3
MarkupSafe 1.0
mccabe 0.6.1
more-itertools 4.3.0
ncclient 0.6.0
netaddr 0.7.19
paramiko 2.4.2
pip 18.1
pluggy 0.8.0
py 1.7.0
pyasn1 0.4.4
pycparser 2.19
pylint 2.1.1
PyNaCl 1.3.0
pyserial 3.4
pytest 4.0.0
PyYAML 3.13
requests 2.19.1
scp 0.11.0
selectors2 2.0.1
setuptools 39.0.1
six 1.11.0
typed-ast 1.1.0
urllib3 1.23
wrapt 1.10.11
This seems like something we we would really like to utilize on our team, specifically get_facts
and the pre-built network-engine parser.
Is there any way you could provide some usage instructions?
I am using this playbook to run compliance checks on the juniper firewall.
name: Syslog server check
junos_config:
src: ~/ansible_junos/files/syslog_config.txt
comment: Ensure that appropriate Syslog server configured
register: junos_output
debug:
var: junos_output
name: success
debug:
msg: Syslog server check - This check has passed with the following output({{ junos_output }})
when: not junos_output.changed
name: failed
debug:
msg: Syslog server check - This check has failed with the following output({{ junos_output }})
when: junos_output.changed
name: Admin credentials check
junos_config:
src: ~/ansible_junos/files/admin_user.txt
comment: Ensure that Admin user havee been created
register: junos_output
debug:
var: junos_output
name: success
debug:
msg: Admin credentials check - This check has passed with the following output({{ junos_output }})
when: not junos_output.changed
name: failed
debug:
msg: Admin credentials check - This check has failed with the following output({{ junos_output }})
when: junos_output.changed
name: NTP Server check
junos_config:
src: ~/ansible_junos/files/NTP_server.txt
comment: Ensure that correct NTP servers has been configured
register: junos_output
debug:
var: junos_output
name: success
debug:
msg: NTP Server check - This check has passed with the following output({{ junos_output }})
when: not junos_output.changed
name: failed
debug:
msg: NTP Server check - This check has failed with the following output({{ junos_output }})
when: junos_output.changed
name: Idle timeout check
junos_config:
src: ~/ansible_junos/files/idle_timeout.txt
comment: Ensure that idle timeout has been configured
register: junos_output
debug:
var: junos_output
name: success
debug:
msg: Idle timeout check - This check has passed with the following output({{ junos_output }})
when: not junos_output.changed
name: failed
debug:
msg: Idle timeout check - This check has failed with the following output({{ junos_output }})
when: junos_output.changed
I am runnning into this message when I do this :
ansible-playbook -i inventory junos_config_new.yml --check -vvv
ansible-playbook 2.9.9 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /root/.local/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.6.8 (default, Nov 21 2019, 19:31:34) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)] Using /etc/ansible/ansible.cfg as config file host_list declined parsing /home/gefela/ansible_junos/inventory as it did not pass its verify_file() method script declined parsing /home/gefela/ansible_junos/inventory as it did not pass its verify_file() method auto declined parsing /home/gefela/ansible_junos/inventory as it did not pass its verify_file() method Parsed /home/gefela/ansible_junos/inventory inventory source with ini plugin
PLAYBOOK: junos_config_new.yml ***************************************************************************************************************************** 1 plays in junos_config_new.yml
PLAY [Juniper SRX configuration compliance checks] ********************************************************************************************************* META: ran handlers
TASK [Syslog server check] ********************************************************************************************************************************* task path: /home/gefela/ansible_junos/junos_config_new.yml:8 fatal: [172.16.203.121]: FAILED! => { "changed": false, "msg": "path specified in src not found" }
PLAY RECAP ************************************************************************************************************************************************* 172.16.203.121 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
The directory ~/ansible_junos/files/syslog_config.txt is in the right place
My question is ; should ~/ansible_junos/files/ be the right place to place all the configuration to be compared against the firewall .
Please let me know ..
Ansible playbook with junos_interfaces module executes but fails to bring up a disabled port on EX3400.
The playbook executes successfully but has no impact on the port. However, similar playbook to disable a port brings down the port.
ansible-playbook 2.9.13
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.8/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.8.5 (default, Aug 12 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)]
name: "Get Junos OS configuration."
hosts: "{{ switch }}"
roles:
tasks:
ge-0/0/22 is disabled and we want the above playbook to re-enable it.
admin@EX300-CABB-TEMP> show configuration interfaces ge-0/0/22 | display set
set interfaces ge-0/0/22 description "LAB10E-NFX13 - Ge-0/0"
set interfaces ge-0/0/22 disable
set interfaces ge-0/0/22 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/22 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/0/22 unit 0 family ethernet-switching storm-control default
admin@EX300-CABB-TEMP> show interfaces terse ge-0/0/22
Interface Admin Link Proto Local Remote
ge-0/0/22 down down
Example - Running the playbook with verbose +++
[lab@lab-ansible01 ~]$ ansible-playbook juniper_port_up.yml --extra-vars "switch=EX300-CABB-TEMP port=ge-0/0/22" -vvv
ansible-playbook 2.9.14
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/lab/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
Parsed /etc/ansible/hosts inventory source with ini plugin
PLAYBOOK: juniper_port_up.yml ******************************************************************************************************************************************************************************
1 plays in juniper_port_up.yml
PLAY [ Configuring Junos device] *************************************************************************************************************************************************************************
META: ran handlers
TASK [Enabling switch port] *******************************************************************************************************************************************************************************
task path: /home/lab/juniper_port_up.yml:8
ESTABLISH LOCAL CONNECTION FOR USER: lab
EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/lab/.ansible/tmp/ansible-local-30797cyspwcwk
"&& mkdir "echo /home/lab/.ansible/tmp/ansible-local-30797cyspwcwk/ansible-tmp-1602683695.5519297-30803-24392853617769
" && echo ansible-tmp-1602683695.5519297-30803-24392853617769="echo /home/lab/.ansible/tmp/ansible-local-30797cyspwcwk/ansible-tmp-1602683695.5519297-30803-24392853617769
" ) && sleep 0'
Using module file /home/lab/.ansible/collections/ansible_collections/junipernetworks/junos/plugins/modules/junos_interfaces.py
PUT /home/lab/.ansible/tmp/ansible-local-30797cyspwcwk/tmphqptwaxw TO /home/lab/.ansible/tmp/ansible-local-30797cyspwcwk/ansible-tmp-1602683695.5519297-30803-24392853617769/AnsiballZ_junos_interfaces.py
EXEC /bin/sh -c 'chmod u+x /home/lab/.ansible/tmp/ansible-local-30797cyspwcwk/ansible-tmp-1602683695.5519297-30803-24392853617769/ /home/lab/.ansible/tmp/ansible-local-30797cyspwcwk/ansible-tmp-1602683695.5519297-30803-24392853617769/AnsiballZ_junos_interfaces.py && sleep 0'
EXEC /bin/sh -c '/usr/bin/python3 /home/lab/.ansible/tmp/ansible-local-30797cyspwcwk/ansible-tmp-1602683695.5519297-30803-24392853617769/AnsiballZ_junos_interfaces.py && sleep 0'
EXEC /bin/sh -c 'rm -f -r /home/lab/.ansible/tmp/ansible-local-30797cyspwcwk/ansible-tmp-1602683695.5519297-30803-24392853617769/ > /dev/null 2>&1 && sleep 0'
ok: [EX300-CABB-TEMP] => {
"before": [
{
"description": "Vers EX4300 - Ge-7/0/14",
"enabled": true,
"name": "ge-0/0/0"
},
{
"enabled": true,
"name": "ge-0/0/1"
},
{
"description": "LAB10E-NFX7 - Ge-0/9",
"enabled": true,
"name": "ge-0/0/2"
},
{
"description": "LAB10E-NFX7 - Ge-0/8",
"enabled": true,
"name": "ge-0/0/3"
},
{
"description": "LAB10E-NFX7 - Ge-0/0",
"enabled": true,
"name": "ge-0/0/4"
},
{
"description": "LAB10E-NFX8 - Ge-0/9",
"enabled": true,
"name": "ge-0/0/5"
},
{
"description": "LAB10E-NFX8 - Ge-0/8",
"enabled": true,
"name": "ge-0/0/6"
},
{
"description": "LAB10E-NFX8 - Ge-0/0",
"enabled": true,
"name": "ge-0/0/7"
},
{
"description": "LAB10E-NFX9 - Ge-0/9",
"enabled": true,
"name": "ge-0/0/8"
},
{
"description": "LAB10E-NFX9 - Ge-0/8",
"enabled": true,
"name": "ge-0/0/9"
},
{
"description": "LAB10E-NFX9 - Ge-0/0",
"enabled": true,
"name": "ge-0/0/10"
},
{
"description": "LAB10E-NFX10 - Ge-0/9",
"enabled": true,
"name": "ge-0/0/11"
},
{
"description": "LAB10E-NFX10 - Ge-0/8",
"enabled": true,
"name": "ge-0/0/12"
},
{
"description": "LAB10E-NFX10 - Ge-0/0",
"enabled": true,
"name": "ge-0/0/13"
},
{
"description": "LAB10E-NFX11 - Ge-0/9",
"enabled": true,
"name": "ge-0/0/14"
},
{
"description": "LAB10E-NFX11 - Ge-0/8",
"enabled": true,
"name": "ge-0/0/15"
},
{
"description": "LAB10E-NFX11 - Ge-0/0",
"enabled": true,
"name": "ge-0/0/16"
},
{
"description": "LAB10E-NFX12 - Ge-0/9",
"enabled": true,
"name": "ge-0/0/17"
},
{
"description": "LAB10E-NFX12 - Ge-0/8",
"enabled": true,
"name": "ge-0/0/18"
},
{
"description": "LAB10E-NFX12 - Ge-0/0",
"enabled": true,
"name": "ge-0/0/19"
},
{
"description": "LAB10E-NFX13 - Ge-0/9",
"enabled": true,
"name": "ge-0/0/20"
},
{
"description": "LAB10E-NFX13 - Ge-0/8",
"enabled": true,
"name": "ge-0/0/21"
},
{
"description": "LAB10E-NFX13 - Ge-0/0",
"enabled": false,
"name": "ge-0/0/22"
},
{
"description": "LAB10E-NFX14 - Ge-0/9",
"enabled": true,
"name": "ge-0/0/23"
},
{
"description": "LAB10E-NFX14 - Ge-0/8",
"enabled": true,
"name": "ge-0/0/24"
},
{
"description": "LAB10E-NFX14 - Ge-0/0",
"enabled": true,
"name": "ge-0/0/25"
},
{
"enabled": true,
"name": "ge-0/0/26"
},
{
"enabled": true,
"name": "ge-0/0/27"
},
{
"enabled": true,
"name": "ge-0/0/28"
},
{
"enabled": true,
"name": "ge-0/0/29"
},
{
"enabled": true,
"name": "ge-0/0/30"
},
{
"enabled": true,
"name": "ge-0/0/31"
},
{
"enabled": true,
"name": "ge-0/0/32"
},
{
"enabled": true,
"name": "ge-0/0/33"
},
{
"enabled": true,
"name": "ge-0/0/34"
},
{
"enabled": true,
"name": "ge-0/0/35"
},
{
"enabled": true,
"name": "ge-0/0/36"
},
{
"enabled": true,
"name": "ge-0/0/37"
},
{
"enabled": true,
"name": "ge-0/0/38"
},
{
"enabled": true,
"name": "ge-0/0/39"
},
{
"enabled": true,
"name": "ge-0/0/40"
},
{
"enabled": true,
"name": "ge-0/0/41"
},
{
"enabled": true,
"name": "ge-0/0/42"
},
{
"enabled": true,
"name": "ge-0/0/43"
},
{
"enabled": true,
"name": "ge-0/0/44"
},
{
"enabled": true,
"name": "ge-0/0/45"
},
{
"enabled": true,
"name": "ge-0/0/46"
},
{
"enabled": true,
"name": "ge-0/0/47"
},
{
"description": "IPVPN WAN LABOPS-QCMTRL3-R01",
"enabled": true,
"name": "ge-0/2/0"
},
{
"description": "IPVPN WAN LABOPS-QCMTRL4-R01",
"enabled": true,
"name": "ge-0/2/1"
},
{
"enabled": true,
"name": "ge-0/2/2"
},
{
"description": "IPVPN WAN LABOPS-QCMTRL1-R01",
"enabled": true,
"name": "xe-0/2/2"
},
{
"enabled": true,
"name": "ge-0/2/3"
},
{
"description": "IPVPN WAN LABOPS-QCMTRL2-R01",
"enabled": true,
"name": "xe-0/2/3"
},
{
"description": "Vers EX4300 - ae12",
"enabled": true,
"mtu": 9216,
"name": "ae0"
},
{
"enabled": true,
"name": "irb"
},
{
"enabled": true,
"name": "vme"
}
],
"changed": false,
"commands": [
"<nc:interfaces xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">nc:interfacenc:namege-0/0/22</nc:name></nc:interface></nc:interfaces>"
],
"invocation": {
"module_args": {
"config": [
{
"description": null,
"duplex": null,
"enabled": true,
"hold_time": null,
"mtu": null,
"name": "ge-0/0/22",
"speed": null
}
],
"running_config": null,
"state": "merged"
}
}
}
META: ran handlers
META: ran handlers
PLAY RECAP *************************************************************************************************************************************************************************************************
EX300-CABB-TEMP : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
admin@EX300-CABB-TEMP> show interfaces terse ge-0/0/22
Interface Admin Link Proto Local Remote
ge-0/0/22 down down
Interestingly, the playbook to disable a port successfully disables a port.
name: "Get Junos OS configuration."
hosts: "{{ switch }}"
roles:
tasks:
junos_interfaces is the newer module. junos_interface( without the s at the end) is the older module.
If we use the older interface module, then the playbook can successfully bring up the disabled port.
name: "Get Junos OS configuration."
hosts: junos
connection: local
roles:
gather_facts: no
tasks:
name: remove interface
junos_interface: >>>>>>>>>>>>
name: ge-0/0/1
enabled: yes
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.