Introduction to Ansible NETCONF Automation on Juniper Routers
(UPDATE: We now have a video demo to accompany this post! Check it out on YouTube.)
Ansible is one of the most popular automation frameworks in recent years. Today, we'll take a look at an Ansible NETCONF module that we may use to automate our network infrastructure.
Are you familiar with NETCONF?
Before reading this post, I highly recommend our first NETCONF post if you are new to this subject. In this earlier post, I go over the fundamentals of the NETCONF protocol.
Today's goal
For today's post, we'll take a look at a simple ansible playbook for fetching the configuration from a juniper SRX router.
Installing our required dependencies
To get started, install Ansible and Python on your workstation. I'm running Ubuntu 18.04, so I'll share the appropriate commands for this OS.
sudo apt-get update
sudo apt-get upgrade -y
sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible -y
sudo apt-get install python -y
sudo apt install python-pipNext, we'll install two python packages. The first, "ncclient", is the NETCONF client that our ansible module will leverage. And the second, "jxmlease", will allow ansible to display configuration data in the JSON format.
pip install ncclient
pip install jxmleaseHow to setup our ansible hosts file
Let's now edit the "hosts" file for our ansible inventory at the default location /etc/ansible/hosts. We'll add variables required for the NETCONF session and of course our Juniper SRX host.
Once edited it should look similar to the file below. Replace the parameter values with your own.
[all:vars]
ansible_connection=netconf
ansible_netconf_user=root
ansible_netconf_pass=juniper123
ansible_ssh_user=root
ansible_ssh_pass=juniper123
[vsrx]
192.168.159.10The "netconf_get" ansible module
There are many ansible NETCONF modules in existence. We'll highlight the vendor-neutral ones.
- netconf_get – Fetch configuration/state
- netconf_config – Device configuration
- netconf_rpc – Operation commands
Specifically, we'll be using the "netconf_get" module in this post.
How to create our playbook
Create a playbook file as shown below.
# Filename: get_config.yaml
- name: Demonstration of the get_config Ansible module
gather_facts: false
hosts: all
tasks:
- name: Execute the get_config RPC
netconf_get:
display: json
register: result
- name: Print the configuration as JSON
debug:
var: result.outputHow to run our playbook
We may now execute our playbook with the ansible-playbook command.
ansible-playbook get_config.yamlUpon execution, the configuration should print to the terminal as a JSON object.
ucgadmin@ucgserver:~/ansible$ ansible-playbook get_config.yaml
PLAY [Demonstration of the get_config Ansible module] ************************
TASK [Execute the get_config RPC] ********************************************
ok: [192.168.159.10]
TASK [Print the configuration as JSON] ***************************************
ok: [192.168.159.10] => {
"result.output": {
"rpc-reply": {
"data": {
"configuration": {
"interfaces": {
"interface": [
{
"name": "ge-0/0/0",
"unit": {
"family": {
"inet": {
"address": {
"name": "192.168.159.10/24"
...
PLAY RECAP *******************************************************************
192.168.159.10 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0There we have it! In our next ansible post, we'll run through an example of the "netconf_config" module.
Ultra Config Generator
If you work for a business in the telecommunications industry, I would highly recommend you to check out Ultra Config Generator. We designed the product to allow network engineers to generate and automate network configuration in a highly flexible, efficient and elegant manner. Our users love the application and I hope that you will too.
Take care until next time!
Ultra Config
JOIN THE DISCUSSION
Subscribe to the Blog
Subscribe now and never miss a new post!
Success! You'll now receive emails when new blogs are posted.
