Automation

Hi,

I have Juniper SRX and Juniper Ex series switch .

When I run ansible-playbook , I don't have any issue but SRX has netconf connection issue.

fatal: [BVSP-FW]: FAILED! => {"msg": "Could not open socket to 10.30.11.1:830"}

Could you let me know what's wrong ? If I use port 22 , I don't have any issue to run python or ansible

jkim3@mrac-bvsp-fw> show configuration system services
ssh {
protocol-version v2;
}
xnm-clear-text;
netconf {
ssh;
}
dhcp-local-server {
group mrac-bvsp-dhcp {
interface irb.0;
}
}
web-management {
https {
system-generated-certificate;
interface [ irb.0 st0.1 ];
}
session {
idle-timeout 60;
}

Hi,

Can you please check if your netconf to the device is working ? You can use any linux machine to test it

e.g:  ssh root@<IP_Address> -p 830 -s netconf
Password:
<!-- No zombies were killed during the creation of this user interface -->

If it doesn't work then please below on the SRX:

1: Depending on the version, You may need to allow root login in the SSH if you are using root as user : # set system services ssh root-login allow

2: If 10.30.11.1 is assigned to revenue interface not fxp then please make sure you allow the netconf in the host-inboud traffic

e.g: # set security zones security-zone untrust interfaces ge-0/0/0 host-inbound-traffic system-services netconf

Thanks,

Vikas

Thanks , I have added netconf in host-inbound-traffic system-services and netconf is working now.

But I have another issue it was worked before but I got unkonwn host key error from some of juniper devices.

Can you please paste the complete error? what happens when you initiate direct SSH session to these devices?

Thanks,

Vikas

kim3@jeff:~/ansible_test$ ssh jkim3@10.30.11.1
Password:
Last login: Mon Jul 16 09:36:47 2018 from 10.5.18.97
--- JUNOS 15.1X49-D70.3 built 2016-12-13 14:48:08 UTC
jkim3@mrac-bvsp-fw> exit

Connection to 10.30.11.1 closed.
jkim3@jeff:~/ansible_test$ ssh jkim3@10.30.11.2
Password:
Last login: Mon Jul 16 09:37:11 2018 from 10.5.18.97
--- JUNOS 15.1X53-D57.3 Kernel 32-bit JNPR-11.0-20170825.354680_build
{master:0}
jkim3@mrac-bvsp-sw>

jkim3@jeff:~/ansible_test$ sudo ansible-playbook -i inventory.yml Mrac_facts.yml
[sudo] password for jkim3:
[WARNING]: Ignoring invalid attribute: gather_subset

PLAY [MRAC-Junos] ***********************************************************************************************************************************************************************************************************************

TASK [Gather Mrac FW and SW Device Facts] ***********************************************************************************************************************************************************************************************
fatal: [BVSP-FW]: FAILED! => {"msg": "Unknown host key [50:94:a6:45:38:d0:c5:74:90:da:00:f2:71:a7:eb:4f] for [10.30.11.1]"}
fatal: [BVSP-SW]: FAILED! => {"msg": "Unknown host key [1a:74:86:67:79:b9:51:9c:5d:cc:84:91:0f:06:7a:8c] for [10.30.11.2]"}
ok: [Auto-SW]
ok: [NB-SW]
ok: [Auto-FW]

Hi Kim,

Do you intend to prompt for user/password or use SSH keys?

For using SSH keys, generate public and private key pair and load to Junos CLI.  The procedure is under "Authenticating using SSH keys" here: 

https://www.juniper.net/documentation/en_US/junos-ansible/topics/task/configuration/junos-ansible-authenticating-users.html#task-config-section-authenticating-ssh-keys

If prompting for user/password, try this:

Edit the /etc/ansible/ansible.cfg file and uncomment this line:

host_key_checking = False

Ensure Netconf port is set as default 830:
ansible_port=830

Hope this helps.

-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy.

Thanks for your help.

My problem is resolved now.

Ond of our SRX can't  gaterring get-facts .

jkim3@MRAC-BH-RTR> show version
Hostname: MRAC-BH-RTR
Model: srx220h2
JUNOS Software Release [12.1X44-D35.5]

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: `
fatal: [BH-FW]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_6jhC7o/ansible_module_junos_facts.py\", line 379, in <module>\n main()\n File \"/tmp/ansible_6jhC7o/ansible_module_junos_facts.py\", line 361, in main\n inst.populate()\n File \"/tmp/ansible_6jhC7o/ansible_module_junos_facts.py\", line 227, in populate\n reply = exec_rpc(self.module, tostring(ele))\n File \"/tmp/ansible_6jhC7o/ansible_modlib.zip/ansible/module_utils/network/common/netconf.py\", line 47, in exec_rpc\n File \"/tmp/ansible_6jhC7o/ansible_modlib.zip/ansible/module_utils/network/common/netconf.py\", line 70, in __rpc__\n File \"/tmp/ansible_6jhC7o/ansible_modlib.zip/ansible/module_utils/network/common/netconf.py\", line 102, in parse_rpc_error\nansible.module_utils.connection.ConnectionError: Unexpected session close\nIN_BUFFER: `\n<rpc-reply xmlns=\"urn:ietf:params:xml:ns:netconf:base:1.0\" xmlns:junos=\"http://xml.juniper.net/junos/12.1X44/junos\" xmlns:nc=\"urn:ietf:params:xml:ns:netconf:base:1.0\" message-id=\"urn:uuid:bfa1e55d-38ca-473b-90ef-7dc31ea938ed\">\n<interface-information xmlns=\"http://xml.juniper.net/junos/12.1X44/junos-interface\" junos:style=\"normal\">\n<physical-interface>\n<name>\nge-0/0/0\n</name>\n<admin-status junos:format=\"Enabled\">\nup\n</admin-status>\n<oper-status>\nup\n</oper-status>\n<local-index>\n134\n</local-index>\n<snmp-index>\n508\n</snmp-index>\n<generation>\n137\n</generation>\n<description>\ninternet#1-twc\n</description>\n<link-level-type>\nEthernet\n</link-level-type>\n<mtu>\n1514\n</mtu>\n<source-filtering>\ndisabled\n</source-filtering>\n<link-mode>\nFull-duplex\n</link-mode>\n<speed>\n1000mbps\n</speed>\n<bpdu-error>\nnone\n</bpdu-error>\n<l2pt-error>\nnone\n</l2pt-error>\n<loopback>\ndisabled\n</loopback>\n<if-flow-control>\nenabled\n</if-flow-control>\n<if-auto-negotiation>\nenabled\n</if-auto-negotiation>\n<if-remote-fault>\nonline\n</if-remote-fault>\n<if-device-flags>\n<ifdf-present/>\n<ifdf-running/>\n</if-device-flags>\n<if-config-flags>\n<iff-snmp-traps/>\n<internal-flags>\n0x0\n</internal-flags>\n</if-config-flags>\n<if-media-flags>\n<ifmf-none/>\n</if-media-flags>\n<physical-interface-cos-information>\n<physical-interface-cos-hw-max-queues>\n8\n</physical-interface-cos-hw-max-queues>\n<physical-interface-cos-use-max-queues>\n8\n</physical-interface-cos-use-max-queues>\n</physical-interface-cos-information>\n<up-hold-time>\n0\n</up-hold-time>\n<down-hold-time>\n0\n</down-hold-time>\n<current-physical-address>\n88:a2:5e:62:3a:e5\n</current-physical-address>\n<hardware-physical-address>\n88:a2:5e:62:3a:e5\n</hardware-physical-address>\n<interface-flapped junos:seconds=\"418658\">\n2018-07-12 14:10:30 PDT (4d 20:17 ago)\n</interface-flapped>\n<statistics-cleared>\nNever\n</statistics-cleared>\n<traffic-statistics junos:style=\"verbose\">\n<input-bytes>\n12562895518\n</input-bytes>\n<input-bps>\n413024\n</input-bps>\n<output-bytes>\n1658748889\n</output-bytes>\n<output-bps>\n640232\n</output-bps>\n<input-packets>\n11169079\n</input-packets>\n<input-pps>\n331\n</input-pps>\n<output-packets>\n7755825\n</output-packets>\n<output-pps>\n408\n</output-pps>\n</traffic-statistics>\n<queue-counters junos:style=\"brief\">\n<interface-cos-short-summary>\n<intf-cos-queue-type>\nEgress queues\n</intf-cos-queue-t