Issuing Junos Commands Using Ansible raw Module

26 10 2016

If you want to issue something quick on a lot of devices, you don’t need to write a whole Ansible playbook to do that.  In fact you don’t really need the Junos module installed.

Ansible expects there to be Python on the managed device.  As you can read in this PacketPushers blog, it pushes the module out to the device and tries to execute it there.  Junos is going to get on-box Python at some point, but right now that’s roadmap (or SOPD if you must). Read the rest of this entry »





Ansible and Junos Notes

18 10 2016

I’m working on a project to push out configs to Juniper devices and upgrade them if necessary. Ultimately it will be vendor-independent.  In the first instance I thought about writing it all in Python, but there’s really no need because quite a lot of legwork has already been done for you in the form of ‘PyEz’ and the Junos Ansible core modules.

Juniper give you a few examples to get you started, but don’t really explain what each of the lines in the YAML file does, but I guess they expect you to figure that out.  Below are a few notes on things I discovered – perhaps obvious to some, but they might help someone else. Read the rest of this entry »





Freeradius setup on Ubuntu 14.04

22 01 2016

Frustrated with a dilapidated installation of Freeradius 1.x in our lab, and conscious that it is unsupported any more, I decided to install a new Freeradius server.

Ubuntu 14.04.3 LTS is the platform I am installing it on, and this is a relatively fresh installation of Ubuntu server.   It needs to serve access-requests from a Redback and a Juniper router in our lab for both PPP and DHCP clients.

Read the rest of this entry »





Suppressing contributors to an aggregate route

5 11 2014

This was a new one on me – in the past I have always advertised an aggregate route and then written policy to match the contributing routes so that they can be suppressed.  It turns out there’s an easier way to do this:

Read the rest of this entry »





Protecting Junos config

23 09 2014

In the middle of a migration, and I just discovered the ability to protect parts of the Junos configuration from modification by other users. Could be quite useful!

[edit]
root@VMX1# show system services
[edit]
root@VMX1# protect interfaces
[edit]
root@VMX1# show interfaces
##
## protect: interfaces
##
ge-0/0/0 {
description "LINK TO VMX0";
vlan-tagging;
mtu 2000;
encapsulation flexible-ethernet-services;
unit 10 {
vlan-id 10;
family inet {
address 10.1.1.2/30;
}
}
}
[edit]
root@VMX1# set interfaces ge-0/0/1 description "LINK TO NOWHERE"
warning: [interfaces] is protected, 'interfaces ge-0/0/1' cannot be created
[edit]
root@VMX1#





NTP in the lab

6 12 2012

Currently trying to get NTP to sync, but failing at present.  My Juniper MX is showing that it isn’t in sync, while the host it should be syncing with is showing as being ok.  There is IP reachability between the two and no firewall in the way.  Back to head-scratching for a bit, I think…

In the process I came across this site, which has a good description of NTP on Linux…





Recovering an MX80 that is booting on “alternate media”

3 09 2012

Just came into the lab to find an MX80 sitting at a DB>   prompt.  Not having seen that before, and being in a rush, I powered it off and back on again.  It came up asking me to type recovery or just hit enter for single-user mode.  So here’s what I did….

Read the rest of this entry »