-
Notifications
You must be signed in to change notification settings - Fork 0
09. Junos proxy end to end examples
You can use any junos version and any device running Junos.
The only requirement is to enable netconf on your Junos devices. So either configure:
set system services netconf ssh
commit
or alternatively, just configure:
set system services ssh
commit
The former allows NETCONF connections on port 830 while the latter allows NETCONF connections on port 22.
Technically, you also need to configure a root password (otherwise you can't commit) and IP reachability between the
Junos Proxy and Junos device.
You can install Carbon but we highly recommand Nitrogen.
Nitrogen should be available on pypi by July 2017.
Meanwhile, install Nitrogen on the Master using the branch 2017.7 from the github Salt repository:
# pip install git+https://github.com/saltstack/salt.git@2017.7
# salt --version
salt 2017.7.0-202-g3c8dee0 (Nitrogen)
# more /etc/salt/master
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
engines_dirs:
- /srv/engines
engines:
- junos_syslog:
port: 516
reactor:
- 'jnpr/syslog/*/UI_COMMIT_COMPLETED':
- /srv/reactor/on_commit.sls
# more /srv/pillar/top.sls
base:
'ex4200-7':
- ex4200-7-details
'vsrx01':
- vsrx01-details
'vqfx01':
- vqfx01-details
This vqfx is a vagrant box.
# more /srv/pillar/vqfx01-details.sls
proxy:
proxytype: junos
host: 192.168.233.158
username: root
port: 8331
passwd: Juniper
to start it with a debug log level, use this command:
# salt-master -l debug
we do not install minions on junos devices as we are using a salt proxy.
Junos proxy provides:
- execution modules for junos so you can run junos commands on various devices in parallel with a flexible targeting system (remote execution).
- state modules for junos so you can apply sls files (configuration management).
Get the ip address of the master:
# ifconfig ens33 | grep "inet addr"
inet addr:192.168.233.17 Bcast:192.168.233.255 Mask:255.255.255.0
On the server that will run the salt proxy:
# more /etc/salt/proxy
master: 192.168.233.17
On the server that will run the salt proxy, install junos-eznc python library.
Nitrogen requires junos-eznc >= 2.1
sudo apt-get install -y python-dev libxml2-dev python-pip libxslt1-dev build-essential libssl-dev libffi-dev
sudo pip install junos-eznc jxmlease cryptography==1.8.1
You need one salt proxy process per device.
to start the proxy for vqfx01 with a debug log level, use this command:
sudo salt-proxy -l debug --proxyid=vqfx01
if you prefer to run it as a daemon, use this command:
sudo salt-proxy -d --proxyid=vqfx01
sudo salt-proxy -d --proxyid=ex4200-7
sudo salt-proxy -d --proxyid=vsrx01
On the master, you need to accept the minions/proxies public keys:
To list all public keys:
# salt-key -L
To accept a specified public key:
# salt-key -a vqfx01 -y
# salt-key -a vsrx01 -y
# salt-key -a ex4200-7 -y
Or, to accept all pending keys:
# salt-key -A -y
Verify the keys:
# salt-key -L
# sudo salt "vqfx01" test.ping -d
test.ping:
Used to make sure the minion is up and responding. Not an ICMP ping.
Returns ``True``.
CLI Example:
salt '*' test.ping
# sudo salt "vqfx01" test.ping
vqfx01:
True
# salt "vq*" junos.cli "show version"
vqfx01:
----------
message:
fpc0:
--------------------------------------------------------------------------
Hostname: vqfx01
Model: vqfx-10000
Junos: 15.1X53-D63.9
JUNOS Base OS boot [15.1X53-D63.9]
JUNOS Base OS Software Suite [15.1X53-D63.9]
JUNOS Online Documentation [15.1X53-D63.9]
JUNOS Crypto Software Suite [15.1X53-D63.9]
JUNOS Packet Forwarding Engine Support (qfx-10-f) [15.1X53-D63.9]
JUNOS Kernel Software Suite [15.1X53-D63.9]
JUNOS Web Management [15.1X53-D63.9]
JUNOS Enterprise Software Suite [15.1X53-D63.9]
JUNOS SDN Software Suite [15.1X53-D63.9]
JUNOS Routing Software Suite [15.1X53-D63.9]
JUNOS py-base-i386 [15.1X53-D63.9]
out:
True
Documentation: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.junos.html
Please visit this section for examples.
Documentation: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.junos.html
Please visit this section for examples.
Documentation: https://docs.saltstack.com/en/develop/ref/engines/all/salt.engines.junos_syslog.html
Please visit this section for examples.