Upgrading Junos Software using Ansible


Before we deep down into configuration, I would like to take few minutes explaining what the Ansible is and how it works.

Well, Ansible is basically an open-source tool which you can use for configuration management, software provisioning and application development. We can run it on many systems like Microsoft Windows, MacOS or Unix-like operating system. Be aware that Ansible and Python are not the same. They both are not equivalents. Python is a programming language where Ansible is a tool which is written in Python.

Install Ubuntu on Windows

Go to Microsoft Store and install Ubuntu so that we can run Ubuntu on Windows.


This modules requires the following to be installed on the Ansible control machine:
  1. Python >= 2.7
  2. Ansible 2.3 or later
  3. Junos py-junos-eznc 2.1.7 or later
  4. jxmlease 1.0.1 or later


After you installed Ubuntu, lunch it then install the following.

sudo -s
apt-get update
apt-get upgrade
apt-get install -y ansible python-dev libxml2-dev python-pip libxslt1-dev zlib1g-dev software-properties-common python-setuptools build-essential libssl-dev libffi-dev git
pip install junos-eznc junos-netconify jxmlease wget jsnapy ansible requests ipaddress cryptography
ansible-galaxy install Juniper.junos
ansible --version
# has to be version at least
cd /etc/ansible/roles/
ansible-galaxy install Juniper.junos
cd /etc/ansible/roles/Juniper.junos
python setup.py install
To see the name and version of each role installed:
ansible-galaxy list
Preparation on Juniper devices
set system login user ansible class super-user authentication encrypted-password "$6$ABC"
set system services netconf ssh
Inventory file:
The default hosts file lives in /etc/ansible/hosts.
# This is the default ansible 'hosts' file.
# It should live in /etc/ansible/hosts
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.com

In Ansible terms, any action is called “task” and any file that defines a task or list of tasks is called “playbook”.

Administrator could follow a few tactics:

  • one playbook – one task
    That means a separate file for any kind of task. An example: playbook “set-domain.yml” to change hostname and playbook “shutdown.yml” to shut down an end system;
  • one playbook – many tasks
    That means in a single playbook file a lot of tasks are defined and by specific tag only distinct task performed.
[email protected]:~/ansible/playbooks$ cd /home/seyma/ansible/playbooks/
[email protected]:~/ansible/playbooks$ ll
total 249772
drwxrwxrwx 1 seyma seyma       512 Dec 11 15:50 ./
drwxrwxrwx 1 seyma seyma       512 Dec  7 11:30 ../
-rw-rw-rw- 1 seyma seyma      1600 Dec 11 14:59 junos-software-upgrade.yml
-rwxrw-rw- 1 seyma seyma 255753973 Nov 15 14:32 junos-arm-32-15.1X53-D591.1.tgz*
-rw-rw-rw- 1 seyma seyma      1434 Dec  7 11:48 Junos-push-config.yml
Below is sample junos-software-upgrade.yml file
- name: Install Junos OS
  hosts: ex2300
          - Juniper.junos
  connection: local
  gather_facts: no
          - name: username
            prompt: Junos Username
            private: no
          - name: password
            prompt: Junos Password
            private: Yes
          OS_version: "15.1X53-D591.1"
          OS_package: "junos-arm-32-15.1X53-D591.1.tgz"
          pkg_dir: "/home/seyma/ansible/playbooks"
          log_dir: "/var/log"
          netconf_port: 830
          wait_time: 3600
          - name: Checking NETCONF connectivity
                    host: "{{ inventory_hostname }}"
                    port: "{{ netconf_port }}"
                    timeout: 5
          - name: Install Junos OS package
                    user: "{{ username }}"
                    passwd: "{{ password }}"
                    version: "{{ OS_version }}"
                    local_package: "{{ pkg_dir }}/{{ OS_package }}"
                    reboot: true
                    logfile: "{{ log_dir }}/ansible.log"
            register: sw
            - wait_reboot
          - name: Print response
                    var: response
          - name: wait_reboot
                    host: "{{ inventory_hostname }}"
                    port: "{{ netconf_port }}"
                    timeout: "{{ wait_time }}"
            when: not sw.check_mode
You can define hosts: ex2300 for specific nodes to be upgraded or hosts: all for all nodes defined in /etc/ansible/hosts

Run the Playbook

ansible-playbook -v junos-software-upgrade.yml
Additional Resources

Leave a Reply

Your email address will not be published. Required fields are marked *