This repository was archived by the owner on Oct 12, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
09. Junos proxy end to end examples
Khelil Sator edited this page Jun 27, 2017
·
18 revisions
You can use any junos version and any device running Junos.
The only requirement is to enable netconf on your Junos devices:
set system services netconf ssh
commit
You can install Carbon but we highly recommand Nitrogen.
Nitrogen should be available on pypi by July 2017.
Meanwhile, install Nitrogen on the Master using the branch 2017.7 from the github Salt repository:
# pip install git+https://github.com/saltstack/[email protected]
# salt --version
salt 2017.7.0-202-g3c8dee0 (Nitrogen)
# more /etc/salt/master
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
engines_dirs:
- /srv/engines
engines:
- junos_syslog:
port: 516
reactor:
- 'jnpr/syslog/*/UI_COMMIT_COMPLETED':
- /srv/reactor/on_commit.sls
# more /srv/pillar/top.sls
base:
'ex4200-7':
- ex4200-7-details
'vsrx01':
- vsrx01-details
'vqfx01':
- vqfx01-details
This vqfx is a vagrant box.
# more /srv/pillar/vqfx01-details.sls
proxy:
proxytype: junos
host: 192.168.233.158
username: root
port: 8331
passwd: Juniper
to start it with a debug log level, use this command:
# salt-master -l debug
we do not install minions on junos devices as we are using a salt proxy.
Junos proxy provides:
- execution modules for junos so you can run junos commands on various devices in parallel with a flexible targeting system (remote execution).
- state modules for junos so you can apply sls files (configuration management).
Get the ip address of the master:
# ifconfig ens33 | grep "inet addr"
inet addr:192.168.233.17 Bcast:192.168.233.255 Mask:255.255.255.0
On the server that will run the salt proxy:
# more /etc/salt/proxy
master: 192.168.233.17
multiprocessing: False
On the server that will run the salt proxy, install junos-eznc python library:
sudo apt-get install -y python-dev libxml2-dev python-pip libxslt1-dev build-essential libssl-dev libffi-dev
sudo pip install junos-eznc jxmlease cryptography==1.8.1
You need one salt proxy process per device.
to start the proxy for vqfx01 with a debug log level, use this command:
sudo salt-proxy -l debug --proxyid=vqfx01
if you prefer to run it as a daemon, use this command:
sudo salt-proxy -d --proxyid=vqfx01
sudo salt-proxy -d --proxyid=ex4200-7
sudo salt-proxy -d --proxyid=vsrx01
On the master, you need to accept the minions/proxies public keys:
To list all public keys:
# salt-key -L
To accept a specified public key:
# salt-key -a vqfx01 -y
# salt-key -a vsrx01 -y
# salt-key -a ex4200-7 -y
Or, to accept all pending keys:
# salt-key -A -y
Verify:
# salt-key -L
# sudo salt "vqfx01" test.ping -d
test.ping:
Used to make sure the minion is up and responding. Not an ICMP ping.
Returns ``True``.
CLI Example:
salt '*' test.ping
# sudo salt "vqfx01" test.ping
vqfx01:
True
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.junos.html
Examples:
# salt "vq*" junos.cli -d
junos.cli:
Executes the CLI commands and returns the output in specified format. (default is text) The ouput can also be stored in a file.
Usage:
salt 'device_name' junos.cli 'show system commit'
salt 'device_name' junos.cli 'show version' dev_timeout=40
salt 'device_name' junos.cli 'show system alarms' 'xml' dest=/home/user/cli_output.txt
Parameters:
Required
* command:
The command that need to be executed on Junos CLI. (default = None)
Optional
* format:
Format in which to get the CLI output. (text or xml, default = 'text')
* kwargs: Keyworded arguments which can be provided like-
* dev_timeout:
Set NETCONF RPC timeout. Can be used for commands which
take a while to execute. (default = 30 seconds)
* dest:
The destination file where the CLI output can be stored. (default = None)
# salt "vq*" junos.cli "show version"
vqfx01:
----------
message:
fpc0:
--------------------------------------------------------------------------
Hostname: vqfx01
Model: vqfx-10000
Junos: 15.1X53-D63.9
JUNOS Base OS boot [15.1X53-D63.9]
JUNOS Base OS Software Suite [15.1X53-D63.9]
JUNOS Online Documentation [15.1X53-D63.9]
JUNOS Crypto Software Suite [15.1X53-D63.9]
JUNOS Packet Forwarding Engine Support (qfx-10-f) [15.1X53-D63.9]
JUNOS Kernel Software Suite [15.1X53-D63.9]
JUNOS Web Management [15.1X53-D63.9]
JUNOS Enterprise Software Suite [15.1X53-D63.9]
JUNOS SDN Software Suite [15.1X53-D63.9]
JUNOS Routing Software Suite [15.1X53-D63.9]
JUNOS py-base-i386 [15.1X53-D63.9]
out:
True
# salt "vq*" junos.rpc get-software-information
vqfx01:
----------
out:
True
rpc_reply:
----------
multi-routing-engine-results:
----------
multi-routing-engine-item:
----------
re-name:
fpc0
software-information:
----------
host-name:
vqfx01
junos-version:
15.1X53-D63.9
package-information:
|_
----------
comment:
JUNOS Base OS boot [15.1X53-D63.9]
name:
junos
|_
----------
comment:
JUNOS Base OS Software Suite [15.1X53-D63.9]
name:
jbase
|_
----------
comment:
JUNOS Online Documentation [15.1X53-D63.9]
name:
jdocs
|_
----------
comment:
JUNOS Crypto Software Suite [15.1X53-D63.9]
name:
jcrypto
|_
----------
comment:
JUNOS Packet Forwarding Engine Support (qfx-10-f) [15.1X53-D63.9]
name:
jpfe
|_
----------
comment:
JUNOS Kernel Software Suite [15.1X53-D63.9]
name:
jkernel
|_
----------
comment:
JUNOS Web Management [15.1X53-D63.9]
name:
jweb
|_
----------
comment:
JUNOS Enterprise Software Suite [15.1X53-D63.9]
name:
jswitch
|_
----------
comment:
JUNOS SDN Software Suite [15.1X53-D63.9]
name:
jsdn-i386
|_
----------
comment:
JUNOS Routing Software Suite [15.1X53-D63.9]
name:
jroute
|_
----------
comment:
JUNOS py-base-i386 [15.1X53-D63.9]
name:
py-base-i386
product-model:
vqfx-10000
product-name:
vqfx-10000
# salt "vq*" junos.rpc get-software-information "" 'text'
vqfx01:
----------
out:
True
rpc_reply:
fpc0:
--------------------------------------------------------------------------
Hostname: vqfx01
Model: vqfx-10000
Junos: 15.1X53-D63.9
JUNOS Base OS boot [15.1X53-D63.9]
JUNOS Base OS Software Suite [15.1X53-D63.9]
JUNOS Online Documentation [15.1X53-D63.9]
JUNOS Crypto Software Suite [15.1X53-D63.9]
JUNOS Packet Forwarding Engine Support (qfx-10-f) [15.1X53-D63.9]
JUNOS Kernel Software Suite [15.1X53-D63.9]
JUNOS Web Management [15.1X53-D63.9]
JUNOS Enterprise Software Suite [15.1X53-D63.9]
JUNOS SDN Software Suite [15.1X53-D63.9]
JUNOS Routing Software Suite [15.1X53-D63.9]
JUNOS py-base-i386 [15.1X53-D63.9]
# salt "vq*" junos.rpc get-software-information "file1" 'text'
vqfx01:
----------
out:
True
rpc_reply:
fpc0:
--------------------------------------------------------------------------
Hostname: vqfx01
Model: vqfx-10000
Junos: 15.1X53-D63.9
JUNOS Base OS boot [15.1X53-D63.9]
JUNOS Base OS Software Suite [15.1X53-D63.9]
JUNOS Online Documentation [15.1X53-D63.9]
JUNOS Crypto Software Suite [15.1X53-D63.9]
JUNOS Packet Forwarding Engine Support (qfx-10-f) [15.1X53-D63.9]
JUNOS Kernel Software Suite [15.1X53-D63.9]
JUNOS Web Management [15.1X53-D63.9]
JUNOS Enterprise Software Suite [15.1X53-D63.9]
JUNOS SDN Software Suite [15.1X53-D63.9]
JUNOS Routing Software Suite [15.1X53-D63.9]
JUNOS py-base-i386 [15.1X53-D63.9]
# more file1
fpc0:
--------------------------------------------------------------------------
Hostname: vqfx01
Model: vqfx-10000
Junos: 15.1X53-D63.9
JUNOS Base OS boot [15.1X53-D63.9]
JUNOS Base OS Software Suite [15.1X53-D63.9]
JUNOS Online Documentation [15.1X53-D63.9]
JUNOS Crypto Software Suite [15.1X53-D63.9]
JUNOS Packet Forwarding Engine Support (qfx-10-f) [15.1X53-D63.9]
JUNOS Kernel Software Suite [15.1X53-D63.9]
JUNOS Web Management [15.1X53-D63.9]
JUNOS Enterprise Software Suite [15.1X53-D63.9]
JUNOS SDN Software Suite [15.1X53-D63.9]
JUNOS Routing Software Suite [15.1X53-D63.9]
JUNOS py-base-i386 [15.1X53-D63.9]
# salt "vq*" junos.rpc 'get-interface-information' '/home/ksator/interface.log' 'text' interface_name='lo0' terse=True
vqfx01:
----------
out:
True
rpc_reply:
Interface Admin Link Proto Local Remote
lo0 up up
lo0.0 up up inet
inet6 fe80::200:f:fc00:0
lo0.16385 up up inet
# more interface.log
Interface Admin Link Proto Local Remote
lo0 up up
lo0.0 up up inet
inet6 fe80::200:f:fc00:0
lo0.16385 up up inet
# salt "vq*" junos.rpc 'get_config' '' 'text' filter='<configuration><system/></configuration>'
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.junos.html
master configuration file:
# more /etc/salt/master
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
engines_dirs:
- /srv/engines
engines:
- junos_syslog:
port: 516
reactor:
- 'jnpr/syslog/*/UI_COMMIT_COMPLETED':
- /srv/reactor/on_commit.sls
file_roots:
# ls /srv/salt/
ansible.sls config2.set config.set install_config.sls junos.sls salt.txt
junos.sls file (SLS stand for SaLt State):
# more /srv/salt/junos.sls
get-interface-information:
junos:
- rpc
- dest: /tmp/rpc.log
- interface_name: lo0
apply a state file:
# salt "vqf*" state.apply junos
vqfx01:
----------
ID: get-interface-information
Function: junos.rpc
Result: True
Comment:
Started: 13:28:29.967125
Duration: 186.43 ms
Changes:
----------
out:
True
rpc_reply:
----------
interface-information:
----------
physical-interface:
----------
admin-status:
up
if-config-flags:
----------
iff-snmp-traps:
if-device-flags:
----------
ifdf-loopback:
ifdf-present:
ifdf-running:
if-media-flags:
----------
ifmf-none:
if-type:
Loopback
ifd-specific-config-flags:
interface-flapped:
Never
local-index:
6
logical-interface:
|_
----------
address-family:
|_
----------
address-family-flags:
----------
ifff-sendbcast-pkt-to-re:
address-family-name:
inet
mtu:
Unlimited
|_
----------
address-family-flags:
----------
ifff-none:
address-family-name:
inet6
interface-address:
----------
ifa-flags:
----------
internal-flags:
0x800
ifa-local:
fe80::200:f:fc00:0
interface-address:
----------
in6-addr-flags:
----------
ifaf-none:
intf-curr-cnt:
0
intf-dropcnt:
0
intf-unresolved-cnt:
0
max-local-cache:
0
mtu:
Unlimited
new-hold-limit:
0
encapsulation:
Unspecified
filter-information:
if-config-flags:
----------
iff-down:
iff-snmp-traps:
local-index:
547
name:
lo0.0
policer-overhead:
snmp-index:
16
traffic-statistics:
----------
input-packets:
0
output-packets:
0
|_
----------
address-family:
----------
address-family-flags:
----------
ifff-none:
address-family-name:
inet
mtu:
Unlimited
encapsulation:
Unspecified
filter-information:
if-config-flags:
----------
iff-down:
iff-snmp-traps:
local-index:
548
name:
lo0.16385
policer-overhead:
snmp-index:
22
traffic-statistics:
----------
input-packets:
52230
output-packets:
52230
mtu:
Unlimited
name:
lo0
oper-status:
up
snmp-index:
6
traffic-statistics:
----------
input-packets:
52322
output-packets:
52322
Summary for vqfx01
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 186.430 ms
On the proxy:
# more /tmp/rpc.log
<interface-information style="normal">
<physical-interface>
<name>
lo0
</name>
<admin-status format="Enabled">
up
</admin-status>
<oper-status>
up
</oper-status>
<local-index>
6
</local-index>
<snmp-index>
6
</snmp-index>
<if-type>
Loopback
</if-type>
<mtu>
Unlimited
</mtu>
<if-device-flags>
<ifdf-present/>
<ifdf-running/>
<ifdf-loopback/>
</if-device-flags>
<ifd-specific-config-flags>
</ifd-specific-config-flags>
<if-config-flags>
<iff-snmp-traps/>
</if-config-flags>
<if-media-flags>
<ifmf-none/>
</if-media-flags>
<interface-flapped seconds="0">
Never
</interface-flapped>
<traffic-statistics style="brief">
<input-packets>
52322
</input-packets>
<output-packets>
52322
</output-packets>
</traffic-statistics>
<logical-interface>
<name>
lo0.0
</name>
<local-index>
547
</local-index>
<snmp-index>
16
</snmp-index>
<if-config-flags>
<iff-down/>
<iff-snmp-traps/>
</if-config-flags>
<encapsulation>
Unspecified
</encapsulation>
<policer-overhead>
</policer-overhead>
<traffic-statistics style="brief">
<input-packets>
0
</input-packets>
<output-packets>
0
</output-packets>
</traffic-statistics>
<filter-information>
</filter-information>
<address-family>
<address-family-name>
inet
</address-family-name>
<mtu>
Unlimited
</mtu>
<address-family-flags>
<ifff-sendbcast-pkt-to-re/>
</address-family-flags>
</address-family>
<address-family>
<address-family-name>
inet6
</address-family-name>
<mtu>
Unlimited
</mtu>
<max-local-cache>
0
</max-local-cache>
<new-hold-limit>
0
</new-hold-limit>
<intf-curr-cnt>
0
</intf-curr-cnt>
<intf-unresolved-cnt>
0
</intf-unresolved-cnt>
<intf-dropcnt>
0
</intf-dropcnt>
<address-family-flags>
<ifff-none/>
</address-family-flags>
<interface-address>
<ifa-flags>
<internal-flags>
0x800
</internal-flags>
</ifa-flags>
<ifa-local>
fe80::200:f:fc00:0
</ifa-local>
<interface-address>
<in6-addr-flags>
<ifaf-none/>
</in6-addr-flags>
</interface-address>
</interface-address>
</address-family>
</logical-interface>
<logical-interface>
<name>
lo0.16385
</name>
<local-index>
548
</local-index>
<snmp-index>
22
</snmp-index>
<if-config-flags>
<iff-down/>
<iff-snmp-traps/>
</if-config-flags>
<encapsulation>
Unspecified
</encapsulation>
<policer-overhead>
</policer-overhead>
<traffic-statistics style="brief">
<input-packets>
52230
</input-packets>
<output-packets>
52230
</output-packets>
</traffic-statistics>
<filter-information>
</filter-information>
<address-family>
<address-family-name>
inet
</address-family-name>
<mtu>
Unlimited
</mtu>
<address-family-flags>
<ifff-none/>
</address-family-flags>
</address-family>
</logical-interface>
</physical-interface>
</interface-information>
install_config2.sls file:
# more /srv/salt/install_config2.sls
salt://config2.set:
junos:
- install_config
- comment: commit from Salt
- template_vars:
dev_name: qefdwfcxwc
# more /srv/salt/config2.set
set system host-name {{ template_vars['dev_name'] }}
apply the state file:
# salt "vq*" state.apply install_config2
vqfx01:
----------
ID: salt://config2.set
Function: junos.install_config
Result: True
Comment:
Started: 13:48:35.874331
Duration: 2234.312 ms
Changes:
----------
message:
Successfully loaded and committed!
out:
True
Summary for vqfx01
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 2.234 s
Verify on the junos device:
vagrant@vqfx01#
vagrant@qefdwfcxwc#
vagrant@qefdwfcxwc# run show system commit
0 2017-06-24 00:54:05 UTC by root via netconf
commit from Salt
1 2017-06-24 00:50:41 UTC by vagrant via cli
...
vagrant@qefdwfcxwc# show | compare rollback 1
[edit system]
- host-name vqfx01;
- host-name qefdwfcxwc;
vagrant@qefdwfcxwc# show system host-name host-name qefdwfcxwc;
# junos syslog engine