This repository contains a number of useful Ansible modules geared toward Juniper Networks devices. These modules perform a variety of functions, but they largely focus on retrieving operational data.
ansible-junos-extras is a rolling release. The master branch
should always be considered stable. Individual feature branches exist
for development code, and "more stable" releases are available in tagged
or milestone releases.
Although
masteris considered stable, if you are paranoid about stability, stick to a tagged version.
Run the following commands:
mkdir $HOME/src && cd $_
git clone https://github.com/supertylerc/ansible-junos-extras.git
cd
echo "source $HOME/src/ansible-junos-extras/env-setup" >> $HOME/.zshrcI make a lot of assumptions (source directory, $SHELL, etc). Adjust the instructions for your preferred environment.
Tagged versions are guaranteed more stable than the master branch. If
you're overly paranoid, you should grab the latest tagged version that
coincides with your current major.minor release. If you're using
1.0.x, for example, you should grab the latest tagged release for 1.0.x.
If you're using 1.0.x and you're overly paranoid, you should not get
any of the 1.1.x tagged releases without testing thoroughly first.
To get a tagged release:
mkdir $HOME/src && cd $_
git clone https://github.com/supertylerc/ansible-junos-extras.git -b v1.0.0
cd
echo "source $HOME/src/ansible-junos-extras/env-setup" >> $HOME/.zshrcDevelopment work is performed on branches. There is a separate branch for each feature or bug fix.
While the sections below go over general usage, they may not cover every
module available. For a more complete listing of modules and how to use
them, see the doc directory in this repository.
The below playbook might be called junos_baseline.yml.
---
- name: IPSec
hosts: fw01.hq.example.com
connection: local
gather_facts: no
vars:
peers:
- 1.1.1.1
- 2.2.2.2
tasks:
- name: Get Pre-Change IPSec Information
junos_ipsec_summary:
host={{ inventory_hostname }}
peers="{{ peers }}"
register: ipsec
- name: Get Pre-Change BGP Information
junos_bgp_summary:
host={{ inventory_hostname }}
register: bgp
- name: Pre-Change Ping
junos_ping:
host={{ inventory_hostname }}
register: ping
- name: Get Pre-Change LLDP Information
junos_lldp:
host={{ inventory_hostname }}
user=tyler
register: lldp_neighbors
- name: Display Pre-Change LLDP Neighbor Information
debug:
var=lldp_neighbors.results
- name: Display Pre-Change IPSec Information
debug:
var=ipsec.results
- name: Display Pre-Change BGP Information
debug:
var=bgp.results
- name: Display Pre-Change Ping Information
debug:
var=ping.resultsThe debug statements are there for you to see the results of your tests. If you remove them, you won't actually know the results! This is the most basic playbook example. More sophisticated playbooks could return only specific data, push configurations, and rerun everything to return a post-change baseline.
Run the following:
ansible-playbook ./junos_baseline.ymlThis assumes you're currently in the same directory as your playbook.
╭─tyler at deathstar in /etc/ansible using ‹ruby-2.1.1› 14-07-11 - 15:18:57
╰─○ ansible-playbook junos_baseline.yml
PLAY [Baseline]
***************************************************************
TASK: [Get Pre-Change IPSec Information]
*************************************************
ok: [fw01.hq.example.com]
TASK: [Get Pre-Change BGP Information]
***************************************************
ok: [fw01.hq.example.com]
TASK: [Pre-Change Ping]
*******************************************************
ok: [fw01.hq.example.com]
TASK: [Get Pre-Change LLDP Information]
*********************************************************
ok: [fw01.hq.example.com]
TASK: [Display LLDP Neighbor Information]
*************************************
ok: [fw01.hq.example.com] => {
"lldp_neighbors.results": {
"xe-0/0/26.0": {
"local_int": "xe-0/0/26.0",
"local_parent": "-",
"remote_chassis-id": "2c:21:72:a0:1d:00",
"remote_port-desc": "xe-2/1/0.0",
"remote_sysname": "as01.example.com",
"remote_type": "Mac address"
},
"xe-1/0/30.0": {
"local_int": "xe-1/0/30.0",
"local_parent": "-",
"remote_chassis-id": "2c:21:72:a0:1d:00",
"remote_port-desc": "xe-0/1/0.0",
"remote_sysname": "as01.example.com",
"remote_type": "Mac address"
}
}
}
TASK: [Display Pre-Change IPSec Information]
******************************************
"ipsec.results": {
ok: [fw01.hq.example.com] => {
"ike": {
"9119268": {
"address": "1.1.1.1",
"index": "9119268",
"state": "UP"
},
"9119269": {
"address": "2.2.2.2",
"index": "9119269",
"state": "UP"
}
},
"ipsec": {
"131077": {
"address": "2.2.2.2",
"index": "131077",
"interface": "st0.3",
"name": "TEST-VPC_1",
"state": "up"
},
"131078": {
"address": "1.1.1.1",
"index": "131078",
"interface": "st0.4",
"name": "TEST-VPC_2",
"state": "up"
}
}
}
}
TASK: [Display Pre-Change BGP Information]
********************************************
ok: [fw01.hq.example.com] => {
"bgp.results": {
"10.0.0.1": {
"accepted_prefixes": "0",
"active_prefixes": "0",
"address": "10.0.0.1",
"asn": "65501",
"received_prefixes": "0",
"rib": "inet.0",
"state": "Established",
"suppressed_prefixes": "0"
},
"10.0.0.2": {
"accepted_prefixes": "1",
"active_prefixes": "1",
"address": "10.0.0.2",
"asn": "65501",
"received_prefixes": "1",
"rib": "inet.0",
"state": "Established",
"suppressed_prefixes": "0"
}
}
}
TASK: [Display Pre-Change Ping Information]
*******************************************
ok: [fw01.hq.example.com] => {
"ping.results": {
"10.0.0.1": {
"success": true
},
"10.0.0.2": {
"success": true
},
"10.1.1.1": {
"success": true
},
"10.1.1.2": {
"success": false
},
"10.2.2.1": {
"success": true
}
}
}
PLAY RECAP
********************************************************************
fw01.hq.example.com : ok=6 changed=0 unreachable=0 failed=0
╭─tyler at deathstar in /etc/ansible using ‹ruby-2.1.1› 14-07-11 - 15:22:11
╰─○Depending on the function of your device(s), the junos_ping module can
be very expensive in terms of execution time. It shouldn't effect your
devices CPU or memory usage, though. On a test device with ~500 ARP
entries, it took about 90 seconds to complete.
See the docs folder for documentation on specific modules. Or read
the source code.
junos_ipsec_summarymodule does not have a default value forpeers- No Continuous Integration Tests/Validators
junos_pingmodule does not support routing instances or IPv6- Code needs to be refactored and deduplicated
This issue is not insurmountable; however, it was decided that this issue should not block the first alpha release.
Please contribute!
If you want to add new features to existing modules, create new features, fix bugs, or just update documentation, please do so! I only ask that you dedicate a branch to an individual feature/task/update, and that it follow the following naming conventions:
feat/for a new feature or modulebug/for a bug fixdoc/for a documentation update
master follows the latest tagged version. The latest tagged version is
v1.0.0.
The next milestone, v1.1.0, will include the following:
- GH1:
junos_ipsec_summary: add default value for 'peers' - GH2:
junos_ping: add IPv6 support - GH3:
junos_ping: add 'routing-instance' support - GH4:
junos_lldp: add LLDP module - GH8: Add Support for Scrutinizer
- Jeremy Schulman - For creating ansible-junos-stdlib, the inspiration and basis of this module.
1.0.0
Tyler Christiansen
BSD 2-Clause License. See LICENSE for more detail.