Hi All, first of all sorry for coming out late with next blog. Was busy in some personal and official stuff.
Also during past few days, I have been exploring having Ansible set up in our network for ease of configuring and having a centralised place to do some configuration on single or all boxes at once.
Ansible if you don’t know is Configuration Management, software provisioning tool. Ansible is in same league as Puppet, Chef, Salt provisioning tool but its different from them in some sense like Pull vs Push, Stateless vs Stateful etc. We will discuss these difference below but Ansible on top provides configuration/provisioning support for Network engineers in a sense that it has modules from different vendors like Cisco, Huawei, Arista, Nokia and Juniper. We will specifically discuss about Junos here.
Juniper provides support for using Ansible to deploy devices running the Junos operating system (Junos OS). The Juniper Networks Ansible library, which is hosted on the Ansible Galaxy website under the role junos, enables you to use Ansible to perform specific operational and configuration tasks on devices running Junos OS, including installing and upgrading, deploying specific devices in the network, loading configuration changes, retrieving information, and resetting, rebooting, or shutting down managed devices.
I have just started to explore Ansible so I am really Amateur in this area however may be after some months of work I will be in position to provide more details on this 🙂 . Before we dive into some examples let’s review what I said before regarding differences.
Push vs Pull –> Puppet basically works on Pull mechanism where its hosts periodically pulls the configurations from server which is good for some things but not if you want change to deployed asap. On the other hand Ansible works in Push model where config is applied instantly to nodes/hosts.
Stateless vs Stateful –> Ansible works in stateless mode where to use Ansible, nothing needs to be installed on Hosts i.e. switches/routers. Ansible and other libraries are installed on Server which is controller and it connects to nodes/hosts via SSH/Netconf.
For Ansible to work with Junos, 3 requirements needs to be fulfilled first on server.
1) pip install ncclient (this is python lib for netconf)
2) pip install junos-eznc (this is python lib for Junos)
3) Install Juniper.junos Galaxy role using command:
ansible-galaxy install Juniper.junos
Once this is done, we can run raw modules from Ansible server as Ad-hoc commands which basically uses SSH instead of netconf.
I am running ansible on CentOS 6.9
mmittal@ANS01$ cat /etc/redhat-release CentOS release 6.9 (Final)
So basically here we will be using raw module to check the version on host and we will provide the username with it and –k option will invoke us to put password.
ansible -v 10.198.123.103 -m raw -a "show version" -u mmittal –k SSH password: 10.198.123.103 | SUCCESS | rc=0 >> Hostname: MX-104-PE-Volvo Model: mx104 Junos: 15.1F6.9 JUNOS Base OS boot [15.1F6.9] JUNOS Base OS Software Suite [15.1F6.9] JUNOS Crypto Software Suite [15.1F6.9] JUNOS Packet Forwarding Engine Support (MX104) [15.1F6.9] JUNOS Web Management [15.1F6.9] JUNOS Online Documentation [15.1F6.9] JUNOS Services Application Level Gateways [15.1F6.9] JUNOS Services Jflow Container package [15.1F6.9] JUNOS Services Stateful Firewall [15.1F6.9] JUNOS Services NAT [15.1F6.9] JUNOS Services RPM [15.1F6.9] JUNOS Services Captive Portal and Content Delivery Container package [15.1F6.9] JUNOS Macsec Software Suite [15.1F6.9] JUNOS Services Crypto [15.1F6.9] JUNOS Services IPSec [15.1F6.9] JUNOS Kernel Software Suite [15.1F6.9] JUNOS Routing Software Suite [15.1F6.9] Shared connection to 10.198.123.103 closed.
This adhoc commands lets you check things without having to do any real programming however real use of Ansible comes via way of playbooks which are basically scripts in layman term. Under playbook we will mention the module which want to run and tasks to be performed. Before running Ansible playbook it is better to talk about one important file name called ansible.cfg which basically resides in etc/ansible/ansible.cfg
However ansible.cfg is picked up in following order and it is recommended to have our own ansible.cfg in current/home directory so that we can control the parameters we want to have.
* ANSIBLE_CONFIG (an environment variable)
* ansible.cfg (in the current directory)
* .ansible.cfg (in the home directory)
* .ansible.cdg (in /etc/ansible/ansible.cfg)
Example from my ansible.cfg which apart from standard defaults is also pointing to hostfile where all IP Addresses of routers/switches will reside.
mmittal@ANS01$ cat ansible.cfg [defaults] hostfile = ./ansible_hosts host_key_checking = false timeout = 5 log_path=./ansible.log
Lets see one example of playbook.
So in this playbook we are adding a task of running multiple commands on 2 hosts and module we have used in junos_command and we are printing the output on session.
mmittal@ANS01$ cat ansible_multiplecommands.yml --- - name: show version and other user level commands hosts: 10.198.123.100, 10.198.123.103 roles: - Juniper.junos gather_facts: no connection: local tasks: - name: run multiple commands on remote nodes junos_command: commands: - show version - show interfaces register: print_output - debug: var=print_output.stdout_lines To run this playbook we have to use the following command: mmittal@ANS01$ ansible-playbook ansible_multiplecommands.yml -u mmittal -k SSH password: PLAY [show version and other user level commands] ************************************************************************************************************************************************************* TASK [run multiple commands on remote nodes] ****************************************************************************************************************************************************************** ok: [10.198.123.103] ok: [10.198.123.100] TASK [debug] ************************************************************************************************************************************************************************************************** ok: [10.198.123.100] => { "print_output.stdout_lines": [ [ "Hostname: re1.MX104_PE_Pagani", "Model: mx104", "Junos: 15.1F6.9", "JUNOS Base OS boot [15.1F6.9]", "JUNOS Base OS Software Suite [15.1F6.9]", "JUNOS Crypto Software Suite [15.1F6.9]", "JUNOS Packet Forwarding Engine Support (MX104) [15.1F6.9]", "JUNOS Web Management [15.1F6.9]", "JUNOS Online Documentation [15.1F6.9]", "JUNOS Services Application Level Gateways [15.1F6.9]", "JUNOS Services Jflow Container package [15.1F6.9]", "JUNOS Services Stateful Firewall [15.1F6.9]", "JUNOS Services NAT [15.1F6.9]", "JUNOS Services RPM [15.1F6.9]", "JUNOS Services Captive Portal and Content Delivery Container package [15.1F6.9]", "JUNOS Macsec Software Suite [15.1F6.9]", "JUNOS Services Crypto [15.1F6.9]", "JUNOS Services IPSec [15.1F6.9]", "JUNOS Kernel Software Suite [15.1F6.9]", "JUNOS Routing Software Suite [15.1F6.9]" ], [ "Physical interface: ge-0/0/0, Enabled, Physical link is Up", " Interface index: 154, SNMP ifIndex: 512", " Description: Connected to MX104 RR-3_ge-0/1/0", " Link-level type: Ethernet, MTU: 1600, MRU: 1608, LAN-PHY mode,", " Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None,", " Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,", " Auto-negotiation: Enabled, Remote fault: Online", " Pad to minimum frame size: Disabled", " Device flags : Present Running", " Interface flags: SNMP-Traps Internal: 0x0", " CoS queues : 8 supported, 8 maximum usable queues", " Current address: 54:1e:56:f7:78:00, Hardware address: 54:1e:56:f7:78:00", " Last flapped : 2017-08-18 13:32:41 GMT (2w3d 21:51 ago)", . . (o/p trunacated) . . . . ] ] } ok: [10.198.123.103] => { "print_output.stdout_lines": [ [ "Hostname: MX-104-PE-Volvo", "Model: mx104", "Junos: 15.1F6.9", "JUNOS Base OS boot [15.1F6.9]", "JUNOS Base OS Software Suite [15.1F6.9]", "JUNOS Crypto Software Suite [15.1F6.9]", "JUNOS Packet Forwarding Engine Support (MX104) [15.1F6.9]", "JUNOS Web Management [15.1F6.9]", "JUNOS Online Documentation [15.1F6.9]", "JUNOS Services Application Level Gateways [15.1F6.9]", "JUNOS Services Jflow Container package [15.1F6.9]", "JUNOS Services Stateful Firewall [15.1F6.9]", "JUNOS Services NAT [15.1F6.9]", "JUNOS Services RPM [15.1F6.9]", "JUNOS Services Captive Portal and Content Delivery Container package [15.1F6.9]", "JUNOS Macsec Software Suite [15.1F6.9]", "JUNOS Services Crypto [15.1F6.9]", "JUNOS Services IPSec [15.1F6.9]", "JUNOS Kernel Software Suite [15.1F6.9]", "JUNOS Routing Software Suite [15.1F6.9]" ], [ "Physical interface: lc-0/0/0, Enabled, Physical link is Up", " Interface index: 142, SNMP ifIndex: 506", " Speed: 800mbps", " Device flags : Present Running", " Link flags : None", " Last flapped : Never", " Input packets : 0", " Output packets: 0", "", " Logical interface lc-0/0/0.32769 (Index 329) (SNMP ifIndex 507)", " Flags: Encapsulation: ENET2", " Bandwidth: 0", " Input packets : 0", " Output packets: 0", " Protocol vpls, MTU: Unlimited", " Flags: Is-Primary", "", (o/p trunacated) . . . ] ] } PLAY RECAP **************************************************************************************************************************************************************************************************** 10.198.123.100 : ok=2 changed=0 unreachable=0 failed=0 10.198.123.103 : ok=2 changed=0 unreachable=0 failed=0
So that’s all for today.. Its very basic intro to Ansible on Junos however I hope you get an idea and will try to use it in your network 🙂
Regards
Mohit