Ansible is a very powerful tool for automating provisioning and maintenance tasks on Junos devices using the Py-EZ module. Usually you require at least SSH or Netconf set on the device for ansible to work but there will be times a student breaks your ansible-able configuration. Using the Juniper device’s console port we can have Ansible re-upload a configuration. In this guide we use a bash script to prompt the user for the device, configuration file to load and credentials.
You will need to have installed Ansible and the python modules (junos-py-EZ and py-junos-netconify). We tested this with SRX240 and EX4200 devices.
Load Junos Config using Ansible + Console + Bash Part 2
When searching I found very little documentation about using the console port as a serial port with Junos devices. It turns out the arguments you give to the console= are the same ones you use when using netconify in a shell prompt. By default netconify assumes you are using the serial port /dev/USBtty0 so all we had to do was pass the username and password. Using the serial port does require sudo privileges to access, you will therefore need to use sudo to run the playbook or modify the privileges for the user to access the USB port without sudo.
Create the playbook
nano playbookconsoleconfig
Here is the Ansible playbook to use with Juniper console port using your host’s serial port. You will need to set your username and password for the Junos device. You also need to specify a host to test on since Ansible won’t run without a specified host, note that the host still needs to be in the Ansible inventory file.
- hosts: '{{ hostrouter }}'
roles:
- Juniper.junos
connection: local
gather_facts: no
tasks:
- name: Installing Junos configuration via console port
junos_install_config:
host="{{ inventory_hostname }}"
console="-u {{ junosu }}"
passwd="{{ junosp }}"
file="{{ junosc }}"
overwrite=yes
Ctrl+X, Y and Enter to save
Create the Ansible bash script to load a default Junos configuration using the console port.
This Ansible bash script is perfect for technicians. It prompts for the hostname of the router and looks in the inventory file to see if it is valid. You are prompted for the absolute path of the default configuration file to load using the console port and verify the file exists. THen you are prompted for the username and password for the Juniper device and attempts to load the configuration using the playbook and passing the bash variables to Ansible using –extra-vars.
nano ansibleconsoleconfig.sh
Paste the Ansible Junos load default configuration bash script.
#!/usr/bin/env bash
# from https://ittechnologist.wordpress.com
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use the root user."
exit 1
fi
echo Enter device to install new oonfig via console on
read router
#Search inventory file for hostname and extract IP to pass to ansible
# assumes inventory file has format
# 10.210.14.170 ssh_ansible_host=srxA-1
routertouse=$(cat inventory | grep -i $router | awk '{print $1}')
if [ -z $routertouse ] ; then
echo Invalid hostname
exit 1
fi
#Get configuration file
echo "Enter full path to configuration file (e.g. /home/user/srxa-1.ansible.default.conf)"
read junosconfig
if ! [ -f $junosconfig ] ; then
echo Configuration not found
fi
#Get username and password for Junos device
echo Enter username
read $junosuser
echo Enter password
read $junospass
echo Installing config on $routertouse
sudo ansible-playbook playbookconsoleconfig -i inventory --extra-vars "hostrouter=$routertouse junosu=$junosuser junosp=$junospass junosc=$junosconfig"
Run the Ansible as root or a sudo user, you can just use the -s switch instead of sudo
sudo bash ansibleconsoleconfig.sh
If you require other parameters for netconify you can get them from getting help
netconify --help
IT Technologist 