Upgrading Junos Software using Ansible

Overview

Before we deep down into configuration, I would like to take few minutes explaining what the Ansible is and how it works.

Well, Ansible is basically an open-source tool which you can use for configuration management, software provisioning and application development. We can run it on many systems like Microsoft Windows, MacOS or Unix-like operating system. Be aware that Ansible and Python are not the same. They both are not equivalents. Python is a programming language where Ansible is a tool which is written in Python.

Install Ubuntu on Windows

Go to Microsoft Store and install Ubuntu so that we can run Ubuntu on Windows.

Dependencies

This modules requires the following to be installed on the Ansible control machine:
  1. Python >= 2.7
  2. Ansible 2.3 or later
  3. Junos py-junos-eznc 2.1.7 or later
  4. jxmlease 1.0.1 or later

Installation

After you installed Ubuntu, lunch it then install the following.

sudo -s
apt-get update
apt-get upgrade
apt-get install -y ansible python-dev libxml2-dev python-pip libxslt1-dev zlib1g-dev software-properties-common python-setuptools build-essential libssl-dev libffi-dev git
pip install junos-eznc junos-netconify jxmlease wget jsnapy ansible requests ipaddress cryptography
ansible-galaxy install Juniper.junos
 
ansible --version
# has to be version 2.0.1.0 at least
 
cd /etc/ansible/roles/
ansible-galaxy install Juniper.junos
 
cd /etc/ansible/roles/Juniper.junos
python setup.py install
 
To see the name and version of each role installed:
ansible-galaxy list
 
Preparation on Juniper devices
set system login user ansible class super-user authentication encrypted-password "$6$ABC"
set system services netconf ssh
commit
 
Inventory file:
The default hosts file lives in /etc/ansible/hosts.
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups
 
# Ex 1: Ungrouped hosts, specify before any group headers.
 
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
[ex2300]
10.1.1.21
10.1.1.22
10.1.1.23
10.1.1.24
10.1.1.25
10.1.1.26
10.1.1.27
 
# Ex 2: A collection of hosts belonging to the 'webservers' group
 
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
 
# If you have multiple hosts following a pattern you can specify
# them like this:
 
## www[001:006].example.com
 
# Ex 3: A collection of database servers in the 'dbservers' group
 
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
 
# Here's another example of host ranges, this time there are no
# leading 0s:
 
## db-[99:101]-node.example.com
 
Playbook

In Ansible terms, any action is called “task” and any file that defines a task or list of tasks is called “playbook”.

Administrator could follow a few tactics:

  • one playbook – one task
    That means a separate file for any kind of task. An example: playbook “set-domain.yml” to change hostname and playbook “shutdown.yml” to shut down an end system;
  • one playbook – many tasks
    That means in a single playbook file a lot of tasks are defined and by specific tag only distinct task performed.
[email protected]:~/ansible/playbooks$ cd /home/seyma/ansible/playbooks/
[email protected]:~/ansible/playbooks$ ll
total 249772
drwxrwxrwx 1 seyma seyma       512 Dec 11 15:50 ./
drwxrwxrwx 1 seyma seyma       512 Dec  7 11:30 ../
-rw-rw-rw- 1 seyma seyma      1600 Dec 11 14:59 junos-software-upgrade.yml
-rwxrw-rw- 1 seyma seyma 255753973 Nov 15 14:32 junos-arm-32-15.1X53-D591.1.tgz*
-rw-rw-rw- 1 seyma seyma      1434 Dec  7 11:48 Junos-push-config.yml
 
Below is sample junos-software-upgrade.yml file
---
- name: Install Junos OS
  hosts: ex2300
  roles:
          - Juniper.junos
  connection: local
  gather_facts: no
  vars_prompt:
          - name: username
            prompt: Junos Username
            private: no
 
          - name: password
            prompt: Junos Password
            private: Yes
  vars:
          OS_version: "15.1X53-D591.1"
          OS_package: "junos-arm-32-15.1X53-D591.1.tgz"
          pkg_dir: "/home/seyma/ansible/playbooks"
          log_dir: "/var/log"
          netconf_port: 830
          wait_time: 3600
 
  tasks:
          - name: Checking NETCONF connectivity
            wait_for:
                    host: "{{ inventory_hostname }}"
                    port: "{{ netconf_port }}"
                    timeout: 5
 
          - name: Install Junos OS package
            juniper_junos_software:
                    user: "{{ username }}"
                    passwd: "{{ password }}"
                    version: "{{ OS_version }}"
                    local_package: "{{ pkg_dir }}/{{ OS_package }}"
                    reboot: true
                    logfile: "{{ log_dir }}/ansible.log"
            register: sw
            notify:
            - wait_reboot
 
          - name: Print response
            debug:
                    var: response
 
  handlers:
          - name: wait_reboot
            wait_for:
                    host: "{{ inventory_hostname }}"
                    port: "{{ netconf_port }}"
                    timeout: "{{ wait_time }}"
            when: not sw.check_mode
 
You can define hosts: ex2300 for specific nodes to be upgraded or hosts: all for all nodes defined in /etc/ansible/hosts

Run the Playbook

ansible-playbook -v junos-software-upgrade.yml
 
 
Additional Resources

Leave a Reply

Your email address will not be published. Required fields are marked *