Automation

Expand all | Collapse all

Ansible netconf error

Jump to Best Answer
  • 1.  Ansible netconf error

    Posted 07-12-2018 16:43

    Hi,

    I have Juniper SRX and Juniper Ex series switch .

    When I run ansible-playbook , I don't have any issue but SRX has netconf connection issue.

    fatal: [BVSP-FW]: FAILED! => {"msg": "Could not open socket to 10.30.11.1:830"}

     

    Could you let me know what's wrong ? If I use port 22 , I don't have any issue to run python or ansible

    jkim3@mrac-bvsp-fw> show configuration system services
    ssh {
    protocol-version v2;
    }
    xnm-clear-text;
    netconf {
    ssh;
    }
    dhcp-local-server {
    group mrac-bvsp-dhcp {
    interface irb.0;
    }
    }
    web-management {
    https {
    system-generated-certificate;
    interface [ irb.0 st0.1 ];
    }
    session {
    idle-timeout 60;
    }



  • 2.  RE: Ansible netconf error

    Posted 07-12-2018 19:10

    Hi,

     

    Can you please check if your netconf to the device is working ? You can use any linux machine to test it

    e.g:  ssh root@<IP_Address> -p 830 -s netconf
    Password:
    <!-- No zombies were killed during the creation of this user interface -->

    If it doesn't work then please below on the SRX:

     

     

    1: Depending on the version, You may need to allow root login in the SSH if you are using root as user : # set system services ssh root-login allow

    2: If 10.30.11.1 is assigned to revenue interface not fxp then please make sure you allow the netconf in the host-inboud traffic

    e.g: # set security zones security-zone untrust interfaces ge-0/0/0 host-inbound-traffic system-services netconf

     

    Thanks,

    Vikas

     



  • 3.  RE: Ansible netconf error

    Posted 07-13-2018 11:35

    Thanks , I have added netconf in host-inbound-traffic system-services and netconf is working now.

     

    But I have another issue it was worked before but I got unkonwn host key error from some of juniper devices.

     

     

     



  • 4.  RE: Ansible netconf error

    Posted 07-14-2018 05:27

    Can you please paste the complete error? what happens when you initiate direct SSH session to these devices?

     

    Thanks,

    Vikas



  • 5.  RE: Ansible netconf error

    Posted 07-16-2018 13:16

    kim3@jeff:~/ansible_test$ ssh jkim3@10.30.11.1
    Password:
    Last login: Mon Jul 16 09:36:47 2018 from 10.5.18.97
    --- JUNOS 15.1X49-D70.3 built 2016-12-13 14:48:08 UTC
    jkim3@mrac-bvsp-fw> exit

    Connection to 10.30.11.1 closed.
    jkim3@jeff:~/ansible_test$ ssh jkim3@10.30.11.2
    Password:
    Last login: Mon Jul 16 09:37:11 2018 from 10.5.18.97
    --- JUNOS 15.1X53-D57.3 Kernel 32-bit JNPR-11.0-20170825.354680_build
    {master:0}
    jkim3@mrac-bvsp-sw>

    jkim3@jeff:~/ansible_test$ sudo ansible-playbook -i inventory.yml Mrac_facts.yml
    [sudo] password for jkim3:
    [WARNING]: Ignoring invalid attribute: gather_subset

    PLAY [MRAC-Junos] ***********************************************************************************************************************************************************************************************************************

    TASK [Gather Mrac FW and SW Device Facts] ***********************************************************************************************************************************************************************************************
    fatal: [BVSP-FW]: FAILED! => {"msg": "Unknown host key [50:94:a6:45:38:d0:c5:74:90:da:00:f2:71:a7:eb:4f] for [10.30.11.1]"}
    fatal: [BVSP-SW]: FAILED! => {"msg": "Unknown host key [1a:74:86:67:79:b9:51:9c:5d:cc:84:91:0f:06:7a:8c] for [10.30.11.2]"}
    ok: [Auto-SW]
    ok: [NB-SW]
    ok: [Auto-FW]

     



  • 6.  RE: Ansible netconf error
    Best Answer

     
    Posted 07-16-2018 19:01

    Hi Kim,

     

    Do you intend to prompt for user/password or use SSH keys?

     

    For using SSH keys, generate public and private key pair and load to Junos CLI.  The procedure is under "Authenticating using SSH keys" here: 

    https://www.juniper.net/documentation/en_US/junos-ansible/topics/task/configuration/junos-ansible-authenticating-users.html#task-config-section-authenticating-ssh-keys

     

    If prompting for user/password, try this:

    Edit the /etc/ansible/ansible.cfg file and uncomment this line:

    host_key_checking = False

     

    Ensure Netconf port is set as default 830:
    ansible_port=830

     

    Hope this helps.

     

    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated Smiley Happy.

     



  • 7.  RE: Ansible netconf error

    Posted 07-17-2018 09:24

    Thanks for your help.

    My problem is resolved now.

     



  • 8.  RE: Ansible netconf error

    Posted 07-17-2018 10:33

    Ond of our SRX can't  gaterring get-facts .

    jkim3@MRAC-BH-RTR> show version
    Hostname: MRAC-BH-RTR
    Model: srx220h2
    JUNOS Software Release [12.1X44-D35.5]

     

    An exception occurred during task execution. To see the full traceback, use -vvv. The error was: `
    fatal: [BH-FW]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_6jhC7o/ansible_module_junos_facts.py\", line 379, in <module>\n main()\n File \"/tmp/ansible_6jhC7o/ansible_module_junos_facts.py\", line 361, in main\n inst.populate()\n File \"/tmp/ansible_6jhC7o/ansible_module_junos_facts.py\", line 227, in populate\n reply = exec_rpc(self.module, tostring(ele))\n File \"/tmp/ansible_6jhC7o/ansible_modlib.zip/ansible/module_utils/network/common/netconf.py\", line 47, in exec_rpc\n File \"/tmp/ansible_6jhC7o/ansible_modlib.zip/ansible/module_utils/network/common/netconf.py\", line 70, in __rpc__\n File \"/tmp/ansible_6jhC7o/ansible_modlib.zip/ansible/module_utils/network/common/netconf.py\", line 102, in parse_rpc_error\nansible.module_utils.connection.ConnectionError: Unexpected session close\nIN_BUFFER: `\n<rpc-reply xmlns=\"urn:ietf:params:xml:ns:netconf:base:1.0\" xmlns:junos=\"http://xml.juniper.net/junos/12.1X44/junos\" xmlns:nc=\"urn:ietf:params:xml:ns:netconf:base:1.0\" message-id=\"urn:uuid:bfa1e55d-38ca-473b-90ef-7dc31ea938ed\">\n<interface-information xmlns=\"http://xml.juniper.net/junos/12.1X44/junos-interface\" junos:style=\"normal\">\n<physical-interface>\n<name>\nge-0/0/0\n</name>\n<admin-status junos:format=\"Enabled\">\nup\n</admin-status>\n<oper-status>\nup\n</oper-status>\n<local-index>\n134\n</local-index>\n<snmp-index>\n508\n</snmp-index>\n<generation>\n137\n</generation>\n<description>\ninternet#1-twc\n</description>\n<link-level-type>\nEthernet\n</link-level-type>\n<mtu>\n1514\n</mtu>\n<source-filtering>\ndisabled\n</source-filtering>\n<link-mode>\nFull-duplex\n</link-mode>\n<speed>\n1000mbps\n</speed>\n<bpdu-error>\nnone\n</bpdu-error>\n<l2pt-error>\nnone\n</l2pt-error>\n<loopback>\ndisabled\n</loopback>\n<if-flow-control>\nenabled\n</if-flow-control>\n<if-auto-negotiation>\nenabled\n</if-auto-negotiation>\n<if-remote-fault>\nonline\n</if-remote-fault>\n<if-device-flags>\n<ifdf-present/>\n<ifdf-running/>\n</if-device-flags>\n<if-config-flags>\n<iff-snmp-traps/>\n<internal-flags>\n0x0\n</internal-flags>\n</if-config-flags>\n<if-media-flags>\n<ifmf-none/>\n</if-media-flags>\n<physical-interface-cos-information>\n<physical-interface-cos-hw-max-queues>\n8\n</physical-interface-cos-hw-max-queues>\n<physical-interface-cos-use-max-queues>\n8\n</physical-interface-cos-use-max-queues>\n</physical-interface-cos-information>\n<up-hold-time>\n0\n</up-hold-time>\n<down-hold-time>\n0\n</down-hold-time>\n<current-physical-address>\n88:a2:5e:62:3a:e5\n</current-physical-address>\n<hardware-physical-address>\n88:a2:5e:62:3a:e5\n</hardware-physical-address>\n<interface-flapped junos:seconds=\"418658\">\n2018-07-12 14:10:30 PDT (4d 20:17 ago)\n</interface-flapped>\n<statistics-cleared>\nNever\n</statistics-cleared>\n<traffic-statistics junos:style=\"verbose\">\n<input-bytes>\n12562895518\n</input-bytes>\n<input-bps>\n413024\n</input-bps>\n<output-bytes>\n1658748889\n</output-bytes>\n<output-bps>\n640232\n</output-bps>\n<input-packets>\n11169079\n</input-packets>\n<input-pps>\n331\n</input-pps>\n<output-packets>\n7755825\n</output-packets>\n<output-pps>\n408\n</output-pps>\n</traffic-statistics>\n<queue-counters junos:style=\"brief\">\n<interface-cos-short-summary>\n<intf-cos-queue-type>\nEgress queues\n</intf-cos-queue-t