Hello,
I have some Ansible playbooks running scheduled and collecting information from JunOS devices (Switches, SRX) and ran into an annoying problem with that. Seems I cannot find a solution, could anyone give me a hint?
The problem is that Ansible locks the configuration of an SRX cluster in exclusive mode when it retrieves it. It doesn't do any changes or need to commit anything, so I would like it to do the job in operational mode and not lock the cluster configuration. Trying to enter the firewall configuration mode at the same time when Ansible happens to be running the playbook produces this:
user@fw_node0> configure
warning: Clustering enabled; using private edit
warning: changes cannot be committed while 'configure exclusive' is active
warning: uncommitted changes will be discarded on exit
Entering configuration mode
Users currently editing the configuration:
ansible-username (pid 42598) on since 2020-04-15 13:30:15 EEST
exclusive
The playbooks are very simple configuration retrievals like these:
---
- name: Get VRFs
hosts: routers
roles:
- Juniper.junos
connection: local
gather_facts: no
tasks:
- name: Get list of VRFs
juniper_junos_config:
retrieve: "committed"
filter: "<configuration><security><zones></zones></security><routing-instances></routing-instances></configuration>"
format: "xml"
dest: "/somewhere/{{ inventory_hostname }}-vrf.txt"
register: response
- name: Get static NAT rules
juniper_junos_config:
retrieve: "committed"
filter: "<configuration><security><nat><static></static></nat></security></configuration>"
format: "xml"
dest: "/somewhere/{{ inventory_hostname }}-nat.txt"
register: response