Ansible is a very powerful tool for automating provisioning and maintenance tasks on Junos devices using the Py-EZ module. Usually you require at least SSH or Netconf set on the device for ansible to work but there will be times a student breaks your ansible-able configuration. Using the Juniper device’s console port we can have Ansible re-upload a configuration. In this guide we use a bash script to prompt the user for the device, configuration file to load and credentials.
You will need to have installed Ansible and the python modules (junos-py-EZ and py-junos-netconify). We tested this with SRX240 and EX4200 devices.
Load Junos Config using Ansible + Console + Bash Part 2
When searching I found very little documentation about using the console port as a serial port with Junos devices. It turns out the arguments you give to the console= are the same ones you use when using netconify in a shell prompt. By default netconify assumes you are using the serial port /dev/USBtty0 so all we had to do was pass the username and password. Using the serial port does require sudo privileges to access, you will therefore need to use sudo to run the playbook or modify the privileges for the user to access the USB port without sudo.
Create the playbook
nano playbookconsoleconfig
Here is the Ansible playbook to use with Juniper console port using your host’s serial port. You will need to set your username and password for the Junos device. You also need to specify a host to test on since Ansible won’t run without a specified host, note that the host still needs to be in the Ansible inventory file.
- hosts: '{{ hostrouter }}' roles: - Juniper.junos connection: local gather_facts: no tasks: - name: Installing Junos configuration via console port junos_install_config: host="{{ inventory_hostname }}" console="-u {{ junosu }}" passwd="{{ junosp }}" file="{{ junosc }}" overwrite=yes
Ctrl+X, Y and Enter to save
Create the Ansible bash script to load a default Junos configuration using the console port.
This Ansible bash script is perfect for technicians. It prompts for the hostname of the router and looks in the inventory file to see if it is valid. You are prompted for the absolute path of the default configuration file to load using the console port and verify the file exists. THen you are prompted for the username and password for the Juniper device and attempts to load the configuration using the playbook and passing the bash variables to Ansible using –extra-vars.
nano ansibleconsoleconfig.sh
Paste the Ansible Junos load default configuration bash script.
#!/usr/bin/env bash # from https://ittechnologist.wordpress.com if [ $(id -u) != "0" ]; then echo "Error: You must be root to run this script, please use the root user." exit 1 fi echo Enter device to install new oonfig via console on read router #Search inventory file for hostname and extract IP to pass to ansible # assumes inventory file has format # 10.210.14.170 ssh_ansible_host=srxA-1 routertouse=$(cat inventory | grep -i $router | awk '{print $1}') if [ -z $routertouse ] ; then echo Invalid hostname exit 1 fi #Get configuration file echo "Enter full path to configuration file (e.g. /home/user/srxa-1.ansible.default.conf)" read junosconfig if ! [ -f $junosconfig ] ; then echo Configuration not found fi #Get username and password for Junos device echo Enter username read $junosuser echo Enter password read $junospass echo Installing config on $routertouse sudo ansible-playbook playbookconsoleconfig -i inventory --extra-vars "hostrouter=$routertouse junosu=$junosuser junosp=$junospass junosc=$junosconfig"
Run the Ansible as root or a sudo user, you can just use the -s switch instead of sudo
sudo bash ansibleconsoleconfig.sh
If you require other parameters for netconify you can get them from getting help
netconify --help