Administering Juniper Switches with Ansible
It all started with the task of creating a certain amount of vlan on a stack of switches, but I didn't want to do this at all. Knowledgeable people have advised to use Ansible. It does not pretend to be a manual, as there is not a lot of experience yet, but I want to share what happened. Constructive criticism, comments and suggestions are welcome.
Details under the cut.
Installation on Centos is quite simple.
')
Next you need to install the modules from Juniper for Ansible, here the Juniper team a special thanks.
You can check the installed modules with the command.
After installation, you can check the version
In the configuration file, ansible.cfg , the path to the log file and the list of devices are defined, as well as the option that disables the check of SSH keys in the local storage when connected to the switch:
The list of devices is in the hosts file . Hosts can be grouped, groups can be members of other groups:
You need to create a ansible playbook - a script in which Ansible will perform certain actions. The first playbook for making changes to the switch configuration is changeconfig.yml . Just create an empty file with the extension yml:
Run the playbook with the ansible-playbook command changeconfig.yml
I cleaned the output a bit, but overall, ok shows that the connection was successful, changed = 1 - that the changes were made to the switch. At 192.168.8.218 the right vlan was already
Before launch, you can test exactly what changes will be made. To do this, run the command with the parameter ansible-playbook changeconfig.yml -bDC
The changes will be shown in the log, but in fact they will not be applied, key C allows you to make a check, and bD will show the difference. In the example below, one of the switches described Vlan 10 with the name SRV, ansible will remove it and add a new one, and create the vlan itself.
Another Playbook shows how to collect the necessary data from the switches and save the results to a local file. I was interested in the Junos version. Below I will give only a part of the tasks, everything above is similar to the previous playbook
To debug, you can run the playbook with the command ansible-playbook -vvv getversion.yml
Also, all logs will be in the /var/log/ansible.log specified in the config
In general, I liked Ansible, I will explore further, thank you for your attention.
Details under the cut.
Installation
Installation on Centos is quite simple.
')
yun install ansible Next you need to install the modules from Juniper for Ansible, here the Juniper team a special thanks.
ansible-galaxy install Juniper.junos You can check the installed modules with the command.
ansible-galaxy list After installation, you can check the version
ansible --version ansible 2.3.1.0 config file = /etc/ansible/ansible.cfg configured module search path = Default w/o overrides python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] In the configuration file, ansible.cfg , the path to the log file and the list of devices are defined, as well as the option that disables the check of SSH keys in the local storage when connected to the switch:
[defaults] inventory = /etc/ansible/hosts host_key_checking = False log_path = /var/log/ansible.log The list of devices is in the hosts file . Hosts can be grouped, groups can be members of other groups:
[testswitches] #SWTEST 192.168.8.192 #SWAC_0901 192.168.8.218 [prodswitches] #SWAC_1301 192.168.8.81 #SWAC_1302 192.168.8.82 [allswitches:children] testswitches prodswitches Making configuration changes to the switch
You need to create a ansible playbook - a script in which Ansible will perform certain actions. The first playbook for making changes to the switch configuration is changeconfig.yml . Just create an empty file with the extension yml:
#playbook --- --- # - name: Juniper Config Changes # , playbook hosts: testswitches #, - Juniper, roles: - Juniper.junos connection: local gather_facts: no # Python, vars: ansible_python_interpreter: /usr/bin/python # , playbook vars_prompt: - name: USERNAME prompt: Username private: no - name: PASSWORD prompt: Password private: yes # , #timeout 120 , commit EX2200 , tasks: - name: Retrieve information from devices running Junos OS junos_config: host: "{{ inventory_hostname }}" username: "{{ USERNAME }}" password: "{{ PASSWORD }}" timeout: 120 port: 22 # , lines: - delete interfaces vme unit 0 family inet dhcp - set vlans vlan10 description "TestVlan" - set vlans vlan10 vlan-id 10 Run the playbook with the ansible-playbook command changeconfig.yml
Username: admin Password: PLAY [Juniper Config Changes] ********************************************** TASK [Retrieve information from devices running Junos OS] ok: [192.168.8.218] changed: [192.168.8.192] PLAY RECAP ****************************************************** 192.168.8.192 : ok=1 changed=1 unreachable=0 failed=0 192.168.8.218 : ok=1 changed=0 unreachable=0 failed=0 I cleaned the output a bit, but overall, ok shows that the connection was successful, changed = 1 - that the changes were made to the switch. At 192.168.8.218 the right vlan was already
Before launch, you can test exactly what changes will be made. To do this, run the command with the parameter ansible-playbook changeconfig.yml -bDC
The changes will be shown in the log, but in fact they will not be applied, key C allows you to make a check, and bD will show the difference. In the example below, one of the switches described Vlan 10 with the name SRV, ansible will remove it and add a new one, and create the vlan itself.
* [edit vlans vlan10] - description SRV; + description "TestVlan"; + vlan-id 10; changed: [192.168.8.192] ok: [192.168.8.218] Collecting information from switches
Another Playbook shows how to collect the necessary data from the switches and save the results to a local file. I was interested in the Junos version. Below I will give only a part of the tasks, everything above is similar to the previous playbook
tasks: - name: Retrieve information from devices running Junos OS junos_command: host: "{{ inventory_hostname }}" username: "{{ USERNAME }}" password: "{{ PASSWORD }}" timeout: 120 port: 22 commands: - show version # , , register: printout - name: Save Output #debug: msg="{{printout.stdout_lines}}" lineinfile: path: versions.log create: yes line: "{{printout.stdout_lines}}" To debug, you can run the playbook with the command ansible-playbook -vvv getversion.yml
Also, all logs will be in the /var/log/ansible.log specified in the config
In general, I liked Ansible, I will explore further, thank you for your attention.
Source: https://habr.com/ru/post/343682/
All Articles