- What to find in this repository
- Requirements to use this repository
- Source of truth
- How to locate a mac address in the network using Python
- How to collect data from the network using Ansible
- How to configure the network using Ansible
- How to audit the network using Ansible
- How to audit the network using JSNAPy
- Repository structure
- Continuous integration with Travis CI
- Looking for help
Junos automation content for data center network fabric.
It is used to manage a lab.
It is based on:
- Junos devices
- Ansible, PyEZ, JSNAPy
sudo -s
git clone https://github.com/ksator/lab_management
ls lab_management
cd lab_management
sudo -s
This repository has been tested using Ansible 2.4.2.0
Run these commands on Ubuntu 16.04 to install these tools:
sudo -s
apt-get update
apt-get install -y python-dev libxml2-dev python-pip libxslt1-dev build-essential libssl-dev libffi-dev git
pip install junos-eznc jxmlease wget jsnapy ansible==2.4.2.0 requests ipaddress cryptography
ansible-galaxy install Juniper.junos,1.4.3
Check the Ansible version:
ansible --version
Verify you have the Juniper.junos role:
ls /etc/ansible/roles/
This repository has been tested using the version 1.4.3 of the Juniper.junos role available on Galaxy.
Use this command to see the name and version of each role installed:
ansible-galaxy list
You can now use the local copy of this remote repository.
You need to run the below commands within the root of the project tree.
This repository uses Ansible, PyEZ and JSNAPy.
Ansible is the source of truth for the inventory and the credentials, so:
- JSNAPy inventory file is created automatically (using this playbook and template), based on the Ansible inventory file and based on the Ansible variables for devices credentials
- Devices list for PyEZ is created automatically based on the Ansible inventory file (using this python script). In addition, using this python script, PyEZ is able to reuse the Ansible variables for devices credentials.
Execute this python script to locate a mac address in the network
python ./python/locate.mac.address.py 38:4f:49:f2:5f:fc
Edit the cli.yml file to indicate the list of junos show commands you want to use
vi cli.yml
Run this command to execute the pb.collect.cli.output.yml playbook.
It runs the junos show commands from the cli.yml file and saves the output on the Ansible server in the cli directory.
ansible-playbook pb.collect.cli.output.yml
The junos show commands output is available in the cli directory
ls cli
Edit the pb.collect.commands.output.yml file to indicate the list of junos show commands you want to use
vi pb.collect.commands.output.yml
Run this command to execute the pb.collect.commands.output.yml playbook.
It runs the junos show commands and saves the output on the Ansible server in the command directory.
ansible-playbook pb.collect.commands.output.yml
The commands output is available in the command directory.
ls command
The playbook pb.collect.facts.yml collects the facts on junos devices and saves them on Ansible in the directory facts
Run this command to collect the facts from the junos devices
ansible-playbook pb.collect.facts.yml
The facts are available in the directory facts
ls facts/
The playbook pb.collect.configuration.yml collects the Junos configuration in set, xml, json and text formats, and saves the configuration files in the directory configuration
Run this command to collect the junos configuration files for a device/group.
ansible-playbook pb.collect.configuration.yml --limit DC1
Run this command to collect the junos configuration files for the whole network
ansible-playbook pb.collect.configuration.yml
The configuration files are available in the directory configuration
ls configuration/
How to collect the running configuration on the junos devices and update the golden configuration files
The golden configuration files are the configuration files that will be loaded at the beginning of each demo.
The playbook pb.collect.golden.yml collects the running configuration on the junos devices and updates the directory golden_configuration with these files.
Run this command to do it for a device/group
ansible-playbook pb.collect.golden.yml --limit QFX5110
Run this command to do it for the whole network
ansible-playbook pb.collect.golden.yml
The golden configuration files are available in the directory golden_configuration
ls golden_configuration
The playbook pb.configure.golden.yml overwrites the running configuration on the junos devices with the files in the directory golden_configuration.
You can use it at the beginning of each demo to restore the golden configuration files on the Junos devices.
Run this command to do it for a device/group
ansible-playbook pb.configure.golden.yml --limit QFX10K2-176
Run this command to do it for the whole network
ansible-playbook pb.configure.golden.yml
The playbook pb.configure.golden.yml backs-up the current running configuration from the remote devices in the directory backup before applying the golden configuration.
ls backup/
The playbook pb.configure.lines.yml configures the junos devices with set/delete commands.
Edit the playbook pb.configure.lines.yml to indicate the list of set and delete commands you want to use:
vi pb.configure.lines.yml
In order to know which junos devices would have a configuration change if you execute the playbook pb.configure.lines.yml, execute it in dry run mode.
This won’t change the junos configuration.
ansible-playbook pb.configure.lines.yml --check
In order to know if a junos device will have a configuration change if you execute the playbook pb.configure.lines.yml, and also to know the difference between the desired state described in the playbook pb.configure.lines.yml and the device actual state, run this command.
This won’t change the junos configuration.
ansible-playbook pb.configure.lines.yml --check --diff --limit QFX10K2-176
Run this command to execute the playbook pb.configure.lines.yml for one device/group.
This will configure the device/group with the list of set/delete commands.
ansible-playbook pb.configure.lines.yml --limit DC2
Run this command to execute the playbook pb.configure.lines.yml.
This will configure the whole network with the list of set/delete commands.
ansible-playbook pb.configure.lines.yml
The playbook pb.configure.lines.yml backs-up the current running configuration from the remote devices in the directory backup before applying the configuration change.
ls backup/
The directory templates has the jinja templates.
The template telemetry.j2 is used by the playbook pb.configure.telemetry.yml to generate the junos configuration for streaming telemetry.
more templates/telemetry.j2
Run this command to render the telemetry template locally.
This will generate the junos telemetry configuration files, without actually configuring the junos devices.
The directory render has the files generated from the jinja templates and variables.
ansible-playbook pb.configure.telemetry.yml --tag render
ls render/telemetry/
In order to know which junos devices will have a configuration change if you execute the playbook pb.configure.telemetry.yml, execute it in dry run mode.
This won’t change the junos configuration.
ansible-playbook pb.configure.telemetry.yml --check
In order to know if a junos device will have a configuration change if you execute the playbook pb.configure.telemetry.yml, and also to know the difference between the desired state and the device actual state, run this command.
This won’t change the junos configuration.
ansible-playbook pb.configure.telemetry.yml --check --diff --limit QFX10K2-176
Run this command to execute the playbook pb.configure.telemetry.yml for one device/group.
This will configure telemetry on the device/group
ansible-playbook pb.configure.telemetry.yml --limit QFX10K2-176
Run this command to execute the playbook pb.configure.telemetry.yml.
This will configure telemetry on the whole network.
ansible-playbook pb.configure.telemetry.yml
The playbook pb.configure.telemetry.yml backs-up the current running configuration from the remote devices in the directory backup before applying the configuration change.
ls backup/
The playbook pb.rollback.yml playbook performs a configuration rollback on junos devices.
Run this command to rollback 1 the whole network
ansible-playbook pb.rollback.yml --extra-vars rbid=1
Run this command to rollback 3 the group DC2
ansible-playbook pb.rollback.yml --extra-vars rbid=3 --limit DC2
The directory rollback has the Junos configuration differences from rollbacks done with the ansible playbook pb.rollback.yml
ls rollback/
The playbook pb.check.ports.availability.yml checks if Ansible can connect on some ports on Junos devices (ssh, telnet, ftp, netconf)
Run this command to execute this playbook for the whole network:
ansible-playbook pb.check.ports.availability.yml
The playbook pb.check.interfaces.yml checks from device operational state if the status (admin status and op status) of the interfaces is up. It does it for the interfaces described in YAML in host_vars.
Run this command to execute this playbook for the whole network:
ansible-playbook pb.check.interfaces.yml
The playbook pb.check.lldp.yml compares the desired LLDP neighbors (described in YAML in host_vars) against the actual LLDP neighbors
Run this command to execute this playbook for the whole network:
ansible-playbook pb.check.lldp.yml
The playbook pb.check.lldp.json.yml does the same thing but uses a json represention of the LLDP neighbors instead of xml.
ansible-playbook pb.check.lldp.json.yml
The playbook pb.check.bgp.yml checks from the devices operationnal state if the sessions state of the BGP neighbors described in YAML in host_vars is Established.
Run this command to execute this playbook for the whole network:
ansible-playbook pb.check.bgp.yml
The playbook pb.check.vlans.yml checks from devices operational state if the desired vlans described in YAML in host_vars are present
Run this command to execute this playbook for the whole network:
ansible-playbook pb.check.vlans.yml
The playbook pb.print.facts.yml collects the facts on junos devices and prints them on Ansible.
Run this command to execute this playbook for the whole network:
ansible-playbook pb.print.facts.yml
The playbook pb.check.all.yml includes these playbooks:
- pb.check.ports.availability.yml
- pb.check.interfaces.yml
- pb.check.lldp.yml
- pb.check.bgp.yml
- pb.check.vlans.yml
- pb.print.facts.yml
Run this command to execute this playbook for the whole network:
ansible-playbook pb.check.all.yml
In order to know which junos devices will have a configuration change if you load the golden configuration files, execute the playbook pb.configure.golden.yml in dry run mode.
This won’t load the golden configuration.
ansible-playbook pb.configure.golden.yml --check
Run this command to do it for one device/group.
This won’t load the golden configuration.
ansible-playbook pb.configure.golden.yml --check --limit QFX10K2-176
How to get the difference between the configuration running on devices and their golden configuration
In order to know if a junos device will have a configuration change if you load its golden configuration file, and also to know the difference between its running configuration and its golden configuration, run this command.
This won’t change the junos configuration.
ansible-playbook pb.configure.golden.yml --check --diff --limit QFX10K2-176
Run this command to do it for the whole network.
This won’t load the golden configuration.
ansible-playbook pb.configure.golden.yml --check --diff
JSNAPy is a tool to take snapshots, store snapshots, compare snapshots.
There are 2 JSNAPy workflows:
- take snapshots and compare them against pre defined criteria
- take pre snapshots before any modification and then take post snapshots after modification and then compare them based on test cases
JSNAPy is supported in three modes
- a command line tool
- a Python module
- An Ansible module hosted on the Ansible Galaxy
The JSNAPy configuration file cfg_file_snapcheck_alarms.yml is used to validate there is no active alarm on the devices.
It uses the JSNAPy test file test_file_snapcheck_alarms.yml
Run this command to validate there is no active alarm on the devices.
JSNAPy will take snapshots and compare them against criteria described in the JSNAPy test file test_file_snapcheck_alarms.yml.
jsnapy --snapcheck -f jsnapy/cfg_file_snapcheck_alarms.yml --folder jsnapy
The directory snapshots has the snapshots taken by jsnapy. If you want to read the snapshots, run this command:
ls jsnapy/snapshots
The JSNAPy configuration file cfg_file_snapcheck_interfaces.yml is used to validate there is no interfaces error.
It uses the JSNAPy test file test_file_snapcheck_interfaces.yml
Run this command to validate there is no interfaces error on the devices.
JSNAPy will take snapshots and compare them against criteria described in the JSNAPy test file test_file_snapcheck_interfaces.yml
jsnapy --snapcheck -f jsnapy/cfg_file_snapcheck_interfaces.yml --folder jsnapy
The directory snapshots has the snapshots taken by jsnapy. If you want to read the snapshots, run this command:
ls jsnapy/snapshots
The JSNAPy configuration file cfg_file_snapcheck_bgp.yml jsnapy file is used to validate some BGP details
It uses the JSNAPy test file test_file_snapcheck_bgp.yml
Run this command to validate some BGP details.
JSNAPy will take snapshots and compare them against criteria described in the JSNAPy test file test_file_snapcheck_bgp.yml
jsnapy --snapcheck -f jsnapy/cfg_file_snapcheck_bgp.yml --folder jsnapy
The directory snapshots has the snapshots taken by jsnapy. If you want to read the snapshots, run this command:
ls jsnapy/snapshots
Note: As xml output of "show lldp neighbors" is different on QFX and EX, it requires a different parsing. So we are using different JSNAPy files for EX and QFX.
The JSNAPy configuration file cfg_file_check_topology_EX.yml is used to check if the topology changed. It uses the JSNAPy test file test_file_check_topology_EX.yml
The JSNAPy configuration file cfg_file_check_topology_QFX.yml is used to check if the topology changed. It uses the JSNAPy test file test_file_check_topology_QFX.yml
Take a first snapshot. It will be the source of Truth
jsnapy --snap pre -f jsnapy/cfg_file_check_topology_QFX.yml --folder jsnapy
jsnapy --snap pre -f jsnapy/cfg_file_check_topology_EX.yml --folder jsnapy
The directory snapshots has the snapshots taken by jsnapy. If you want to read the snapshots, run this command:
ls jsnapy/snapshots/
Later on, if you want to check if the topology changed, take a new snapshot:
jsnapy --snap post -f jsnapy/cfg_file_check_topology_QFX.yml --folder jsnapy
jsnapy --snap post -f jsnapy/cfg_file_check_topology_EX.yml --folder jsnapy
The directory snapshots has the snapshots taken by jsnapy. If you want to read the snapshots, run this command:
ls jsnapy/snapshots/
Then, to actually check if the topology changed, JSNAPy will compare the pre and post snapshots based on test cases described in the JSNAPy test files test_file_check_topology_QFX.yml and test_file_check_topology_EX.yml.
Run this command:
jsnapy --check pre post -f jsnapy/cfg_file_check_topology_QFX.yml --folder jsnapy
jsnapy --check pre post -f jsnapy/cfg_file_check_topology_EX.yml --folder jsnapy
You can also limit this action to one device, and use the verbose mode:
jsnapy --check pre post -f jsnapy/cfg_file_check_topology_QFX.yml --folder jsnapy -v -t 172.25.90.174
The ansible inventory file is hosts file at the root of the repository.
The ansible configuration file is ansible.cfg at the root of the repository.
The variables are yml files under group_vars and host_vars directories.
Host specific variables under the directory host_vars.
The variables are yml files under group_vars and host_vars directories.
Group related variables are yml files under the directory group_vars
The directory templates has the jinja templates
The directory render has the files generated from the jinja templates and variables
The ansible playbooks are at the root of the repository.
All playbooks are named pb.*.yml
- pb.configure.golden.yml playbook overwrites the running configuration on the junos devices with the files in the directory golden_configuration.
- pb.configure.lines.yml playbook configures junos devices with set/delete commands
- pb.configure.telemetry.yml playbook configures junos devices with telemetry
- pb.rollback.yml playbook performs a rollback on junos devices.
- pb.collect.configuration.yml playbook performs a configuration backup of the network and saves the configuration files in the directory configuration
- pb.collect.golden.yml playbook collects the running configuration on the junos devices and updates the directory golden_configuration with these files.
- pb.collect.commands.output.yml playbook runs junos show commands and saves the output on Ansible
- pb.collect.cli.output.yml playbook runs junos show commands and saves the output on Ansible. This playbook uses the show commands in the file cli.yml
- pb.collect.facts.yml playbook collects the facts on junos devices and saves them on Ansible in the directory facts
-
pb.check.lldp.json.yml playbook checks the LLDP topology.
-
pb.check.all.yml playbook includes these playbooks:
- pb.check.ports.availability.yml playbook checks if Ansible can connect on some ports on Junos devices (ssh, telnet, ftp, netconf)
- pb.check.interfaces.yml playbook checks the status of the interfaces on Junos devices
- pb.check.lldp.yml playbook checks the LLDP topology
- pb.check.bgp.yml playbook checks the BGP states
- pb.check.vlans.yml playbook checks if desired vlans are present from devices operational state
- pb.print.facts.yml playbook collects the facts on junos devices and prints them on Ansible
- pb.generate.variables.structure.yml playbook was used at the beginning of the project to create some of the directories and files used to define yaml variables.
- pb.generate.jsnapy.inventory.yml playbook creates the JSNAPy inventory file devices.yml based on the Ansible inventory file hosts
The directory cli has the output of the Junos show commands from the playbook pb.collect.cli.output.yml
The directory command has the output of the Junos show commands from the playbook pb.collect.commands.output.yml
The directory facts has the Junos facts collected by the playbook pb.collect.facts.yml
The directory rollback has the Junos configuration differences from rollbacks done with ansible playbook pb.rollback.yml
The directory backup has the junos configuration files automatically backed up by the playbooks:
The directory configuration has the junos configuration files backed up when we ran the playbook pb.collect.configuration.yml
The directory golden_configuration has the junos configuration files we need to push on the junos devices before starting the demo.
- The playbook pb.collect.golden.configuration.yml collects the running configuration on the junos devices and updates the directory ebgp_underlay_evpn_vxlan_overlay with these files.
- The playbook pb.configure.golden.yml overwrites the running configuration on the junos devices with the files in the directory ebgp_underlay_evpn_vxlan_overlay
The directory fragments is used by the playbook pb.generate.jsnapy.inventory.yml to create the JSNAPy inventory file devices.yml based on the Ansible inventory file hosts.
The directory fragments doesn’t contain the JSNAPy inventory file devices.yml itself.
The directory python has the python scripts
- The file inventory.py creates a python list of devices ip address based on the ansible inventory file hosts
- The file credentials.py gets the devices username and password from the ansible variables file credentials.yml
- The file locate.mac.address.py indicates where a given mac address in the network is located.
The directory jsnapy has the jsnapy content:
- The directory jsnapy has the JSNAPy configuration files. They are named cfg_file_*.yml.
- cfg_file_check_topology_EX.yml jsnapy file checks if the topology changed between 2 snapshots
- cfg_file_check_topology_QFX.yml jsnapy file checks if the topology changed between 2 snapshots
- cfg_file_snapcheck_alarms.yml jsnapy file checks if they are active alarms
- cfg_file_snapcheck_bgp.yml jsnapy file checks some BGP details
- cfg_file_snapcheck_interfaces.yml jsnapy file checks if there are interfaces errors
- The directory snapshots has the snapshots taken by jsnapy
- The directory testfiles has the JSNAPy inventory file devices.yml. It is created with the playbook pb.generate.jsnapy.inventory.yml, based on the Ansible inventory file hosts and on Ansible variables file for devices credentials credentials.yml
- The directory testfiles also has the test files used by jsnapy. They are named test_file_*.yml.
There is a github webhook with Travis CI
The playbooks in this repository are tested automatically by Travis CI.
The files .travis.yml and requirements.txt at the root of this repository are used for this.
We are using two types of playbooks in this repository:
- Some playbooks do not interact with Junos:
- Travis CI is executing them.
- Some playbooks interact with Junos
- ansible-playbook has a built-in option to check only the playbook's syntax (using the flag
--syntax-check). This is how Travis is testing them. If there is any syntax error, Travis will fail the build and output the errors in the log.
- ansible-playbook has a built-in option to check only the playbook's syntax (using the flag
Here's the last build status
https://github.com/ksator?tab=repositories
https://gitlab.com/users/ksator/projects
https://gist.github.com/ksator/
You can refer to these projects:
https://github.com/JNPRAutomate/ansible-junos-evpn-vxlan
https://github.com/ksator/EVPN_DCI_automation