Introduction to Ansible NETCONF Automation on Juniper Routers

, September 22nd 2019

(UPDATE: We now have a video demo to accompany this post! Check it out on YouTube.)

Ansible is one of the most popular automation frameworks in recent years. Today, we'll take a look at an Ansible NETCONF module that we may use to automate our network infrastructure.

Are you familiar with NETCONF?

Before reading this post, I highly recommend our first NETCONF post if you are new to this subject. In this earlier post, I go over the fundamentals of the NETCONF protocol.

Today's goal

For today's post, we'll take a look at a simple ansible playbook for fetching the configuration from a juniper SRX router.

Installing our required dependencies

To get started, install Ansible and Python on your workstation. I'm running Ubuntu 18.04, so I'll share the appropriate commands for this OS.

sudo apt-get update
sudo apt-get upgrade -y

sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible -y

sudo apt-get install python -y
sudo apt install python-pip

Next, we'll install two python packages. The first, "ncclient", is the NETCONF client that our ansible module will leverage. And the second, "jxmlease", will allow ansible to display configuration data in the JSON format.

pip install ncclient
pip install jxmlease

How to setup our ansible hosts file

Let's now edit the "hosts" file for our ansible inventory at the default location /etc/ansible/hosts. We'll add variables required for the NETCONF session and of course our Juniper SRX host.

Once edited it should look similar to the file below. Replace the parameter values with your own.



The "netconf_get" ansible module

There are many ansible NETCONF modules in existence. We'll highlight the vendor-neutral ones.

Specifically, we'll be using the "netconf_get" module in this post.

How to create our playbook

Create a playbook file as shown below.

# Filename: get_config.yaml

- name: Demonstration of the get_config Ansible module
  gather_facts: false
  hosts: all
    - name: Execute the get_config RPC
        display: json
      register: result
    - name: Print the configuration as JSON
        var: result.output

How to run our playbook

We may now execute our playbook with the ansible-playbook command.

ansible-playbook get_config.yaml

Upon execution, the configuration should print to the terminal as a JSON object.

ucgadmin@ucgserver:~/ansible$ ansible-playbook get_config.yaml

PLAY [Demonstration of the get_config Ansible module] ************************

TASK [Execute the get_config RPC] ********************************************

ok: []

TASK [Print the configuration as JSON] ***************************************
ok: [] => {
    "result.output": {
        "rpc-reply": {
            "data": {
                "configuration": {
                    "interfaces": {
                        "interface": [
                                "name": "ge-0/0/0",
                                "unit": {
                                    "family": {
                                        "inet": {
                                            "address": {
                                                "name": ""
PLAY RECAP *******************************************************************             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

There we have it! In our next ansible post, we'll run through an example of the "netconf_config" module.

Ultra Config Generator

If you work for a business in the telecommunications industry, I would highly recommend you to check out Ultra Config Generator. We designed the product to allow network engineers to generate and automate network configuration in a highly flexible, efficient and elegant manner. Our users love the application and I hope that you will too.

Take care until next time!

Ultra Config


Subscribe to the Blog

Subscribe now and never miss a new post!