This article demonstrates how to upgrade large-scale Juniper lab infrastructure using Ansible HEAT templates. The same process can also be considered for production deployments.
Prerequisites for the upgrade:
- Linux Server. I’m using Ubuntu 14.04
- Juniper PyEZ Library
- Ansible
- IP Connectivity to the devices you are planning to upgrade
- NetConf over SSH Enabled on Juniper devices you are upgrading
Preparing the Infrastructure
Install PyEZ on your Linux Server
- Fetch the list of available updates
sudo apt-get update
- Upgrade current packages
sudo apt-get upgrade
- Install ‘pip’
sudo apt-get install python-pip
- Install PyEZ library dependencies
sudo apt-get install python-dev libxml2-dev libxslt-dev libssl-dev libffi-dev
- Install PyEZ
sudo pip install junos-eznc
Install Ansible with Juniper Library
- Install Ansible
apt-get install ansible
- Install Juniper Ansible Library
ansible-galaxy install Juniper.junos
Enable Netconf over SSH
Enable Netconf over SSH on all the devices you are planning to upgrade:
set system services netconf ssh
Create Ansible Log Directory
On your Linux Server, create Ansible directory and change the ownership to the user launching Ansible Playbook
sudo mkdir /var/log/ansible/ sudo chown juniper /var/log/ansible/
Configure Ansible Playbook and Hosts file
Create YML file
vi junos_install_os.yml
Populate YML File
---
- name: Install Junos OS
hosts: JunOS-vSRX
roles:
- Juniper.junos
connection: local
gather_facts: no
vars:
wait_time: 3600
pkg_dir: /home/juniper/sw_images
OS_version: 12.1X47-D45.4
OS_package: junos-vsrx-12.1X47-D45.4-domestic.tgz
log_dir: /var/log/ansible
vars_prompt:
- name: USERNAME
prompt: User name
private: no
- name: DEVICE_PASSWORD
prompt: Device password
private: yes
tasks:
- name: Checking NETCONF connectivity
wait_for: host={{ inventory_hostname }} port=830 timeout=5
- name: Install Junos OS package
junos_install_os:
host={{ inventory_hostname }}
user={{ USERNAME }}
passwd={{ DEVICE_PASSWORD }}
reboot=yes
version={{ OS_version }}
package={{ pkg_dir }}/{{ OS_package }}
logfile={{ log_dir }}/software.log
register: sw
notify:
- wait_reboot
handlers:
- name: wait_reboot
wait_for: host={{ inventory_hostname }} port=830 timeout={{ wait_time }}
when: not sw.check_mode
Populate Ansible Hosts
In order to execute the playbook, you need to populate Ansible’s hosts file information with the list of nodes you are planning to upgrade. In my lab, I do this by the platform, e.g. vSRX, MX80, EX4300, etc.
vi /etc/ansible/hosts [JunOS-vSRX] 192.168.3.201 192.168.3.202 192.168.3.203 192.168.3.204 192.168.3.210 192.168.3.211 192.168.3.212 192.168.3.222 192.168.3.223 192.168.3.224 192.168.3.225 192.168.3.226 192.168.3.227 192.168.3.228
Prepare JunOS image
Create the directory where you plan to store JunOS images
mkdir/home/juniper/sw_images
Copy JunOS image to the server
scp junos-vsrx-12.1X47-D45.4-domestic.tgz juniper@server:/home/juniper/sw_images
Perform the upgrade
Launch Ansible Playbook
ansible-playbook ./junos_install_os.yml
Monitor Software Installation
juniper@host:~/ansible$ ansible-playbook ./junos_install_os.yml User name: root Device password: PLAY [Install Junos OS] ******************************************************* TASK: [Checking NETCONF connectivity] ***************************************** ok: [192.168.3.201] TASK: [Install Junos OS package] ********************************************** changed: [192.168.3.201] NOTIFIED: [wait_reboot] ******************************************************* ok: [192.168.3.201] PLAY RECAP ******************************************************************** 192.168.3.201 : ok=3 changed=1 unreachable=0 failed=0
If errors occur, review ‘/var/log/ansible/software.log’ file.