How to install and use Juniper Netconify 1.0.0
This library can be used as initial configuration of the new devices(also known as New-Out-Of-Box (NOOB)).
This library is a dependency for Junos modules for Ansible.
More information about the usage/installation/upgrade can be found here:
https://github.com/Juniper/py-junos-netconify
Let’s start with a practical example of installation and how to use it:
This is how you install the utility:
lab@UBUNTU:~$ sudo pip install junos-netconify [sudo] password for lab: Downloading/unpacking junos-netconify Downloading junos-netconify-1.0.0.tar.gz Running setup.py (path:/tmp/pip_build_root/junos-netconify/setup.py) egg_info for package junos-netconify Requirement already satisfied (use --upgrade to upgrade): pyserial in /usr/lib/python2.7/dist-packages (from junos-netconify) Requirement already satisfied (use --upgrade to upgrade): lxml in /usr/local/lib/python2.7/dist-packages (from junos-netconify) Installing collected packages: junos-netconify Running setup.py install for junos-netconify changing mode of /usr/local/bin/netconify to 755 Successfully installed junos-netconify Cleaning up... lab@UBUNTU:~$
If you connect for the first time on the console of a new device, you will see something like this:
FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 36483 free (11 frags, 4559 blocks, 0.0% fragmentation) Amnesiac (ttyu0) login:
I have a specific default configuration that I’m applying to new devices. The only thing that changes between each configuration is the hostname and the IP for the management port.
This is the configuration:
system { host-name EX3300; time-zone Europe/Amsterdam; root-authentication { encrypted-password "$1$VrQv3XWs$OCS7VICV9SLiEOchLSdN90"; ## SECRET-DATA } login { user lab { uid 2005; class super-user; authentication { encrypted-password "$1$syrUhQ8I$5suXg7k4zv.Mlsavixa65/"; ## SECRET-DATA } } } services { ssh; telnet; } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } } ntp { server 192.168.100.250; } } interfaces { me0 { unit 0 { family inet { address 192.168.1.185/23; } } } } routing-options { static { route 0.0.0.0/0 next-hop 192.168.1.1; } }
I know the console IP address and port, so I can use the utility to make the initial configuration so I can connect using SSH and perhaps continue the specific configuration need for this device. You will need to specify the file that has the default configuration. Keep in mind that the configuration should be in hierarchical mode and not in display set mode:
lab@UBUNTU:/usr/local/bin$ python2.7 netconify --telnet 192.168.17.220,7036 -f /home/lab/netconify.conf TTY:login:connecting to TTY:192.168.17.220:7036 ... TTY:login:logging in ... TTY:login:starting NETCONF conf:loading into device ... conf:commit ... please be patient conf:commit completed. TTY:logout:logging out ... lab@UBUNTU:/usr/local/bin$
After this, the configuration was applied and we can test if we can connect using ssh:
lab@UBUNTU:/usr/local/bin$ ssh root@192.168.1.185 The authenticity of host '192.168.1.185 (192.168.1.185)' can't be established. ECDSA key fingerprint is 3c:b0:c5:47:d3:b9:17:17:94:e1:0f:f1:39:5f:af:28. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.185' (ECDSA) to the list of known hosts. root@192.168.1.185's password: --- JUNOS 12.3R7.7 built 2014-06-12 14:14:29 UTC root@EX3300:RE:0% cli {master:0} root@EX3300>
By default, load override is used but load merge can be used as well in case you want to push additional configuration on top of what you have already:
Jan 16 10:04:45 login: Login attempt for user root from host [unknown] Jan 16 10:04:45 login: LOGIN_INFORMATION: User root logged in from host [unknown] on device ttyu0 Jan 16 10:04:45 login: LOGIN_ROOT: User root logged in as root from host [unknown] on device ttyu0 Jan 16 10:04:50 file[1782]: UI_LOAD_EVENT: User 'root' is performing a 'load override' Jan 16 10:04:52 file[1782]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)
Let’s try another one. You can retrieve different information from the device, by using the option –facts and store them somewhere on your server:
lab@UBUNTU:/usr/local/bin$ python2.7 netconify --telnet 192.168.17.220,7036 -u root -P lab123 --facts --savedir /var/tmp TTY:login:connecting to TTY:192.168.17.220:7036 ... TTY:login:logging in ... TTY:login:starting NETCONF facts:retrieving device facts... facts:saving: /var/tmp/EX3300-facts.json inventory:saving: /var/tmp/EX3300-inventory.xml TTY:logout:logging out ... lab@UBUNTU:/usr/local/bin$ lab@UBUNTU:/var/tmp$ ls -lt | grep EX330 -rw-rw-r-- 1 lab lab 100 Jan 16 10:22 EX3300-facts.json -rw-rw-r-- 1 lab lab 1996 Jan 16 10:22 EX3300-inventory.xml lab@UBUNTU:/var/tmp$ cat EX3300-facts.json {"model": "EX3300-48P", "version": "12.3R7.7", "serialnumber": "GB0212019933", "hostname": "EX3300"} lab@UBUNTU:/var/tmp$
This is a great tool if you need to apply default configuration to new Juniper devices, but not only for that. You can update the configuration on a Juniper device as well so its great for configuration automation.
Paris ARAU
Latest posts by Paris ARAU (see all)
- Junos Fusion – Part IV – Satellite policies and uplink failure detection - 30 July 2018
- Junos Fusion – Part III – Satellite commands and traffic forwarding - 16 July 2018
- Junos Fusion – Part II – Configuration, Administration and Operation - 16 July 2018
- Junos Fusion – Part I – Overview, Components, Ports and Software - 11 July 2018
- Vagrant – Part IV – Network topology using Juniper and Cumulus - 26 April 2018
Hi
Is it possible for you to post up an example program on an interpreter? I have to mesh netconify with another program but for the life of me I can not figure out using the module in an interpreter.
Hi Oscar,
What is exactly that you want to achieve?
Thanks,
Paris
Hi Paris.
Right now what I want to do is push an initial config to a NOOB machine to gain connection and continue to configure (will have to reconnect) it with PyEZ. I am assuming once you have Netconf SSH enabled you can configure Juniper boxes through a Serial with PyEZ (is this wrong?)
What I am failing is figuring out how to connect to the machines through Signal.
On PyEZ you do on an Interpreter the below to connect.
dev = Device(host=’Name’, user=’User’, password=’Password’)
dev.open()
But I can not find the netconify.Telnet module counterpart on any document out there. I can not figure out how to connect to a machine through signal and push a file with an interpreter such as IDLE or Pychar etc
Regards
Oscar
I am also forced to run it on Windows, since work laptop is windows. Does it matter?
Hi Oscar,
Sorry for the late reply.
Unfortunately I don’t have that much experience with PyEZ(this is something that I should work on) nor I have I tried Netconify in other way than I explained in the post.
Thanks,
Paris
Thanks for your reply
From what I can see you are simply running the “netconify” module and not a program, or am I wrong. That might be where I am getting stuck at in Windows, as long as I can figure out to make netconify to work by itself as a module in Windows, integrating it into another problem should be easy.
Hi Oscar,
Yes, I’m using only the netconify module, but as you can see, it was done on Ubuntu.
So I’m not sure if this is because you are trying on Windows or something is wrongly set up in your setup.
Thanks,
Paris
Hi Paris.
I finally gave up on Windows last week and ran VM Ubuntu on laptop. It worked just fine, after some customization.
What I am doing right now is running netconify command from Python’s “os” module which runs it on terminal. So I can push config, upgrade software and run tests in one program. I am using direct serial connection instead of telnet.
I run basically smt like this in the interpreter
import os
basic_conf=”sudo python /usr/local/bin/netconify –p /dev/ttyS1 -u root -f /home/basic.conf”
os.system(basic_conf)
Afterwards I am just continuing with the rest of my program
Hi Paris,
The resources out here are very helpful. The project I am currently working has small changes in it. For example the devices I have , has some configuration already on it and this configurations are made by the customers to whom the device is loaned, so once we get back , we don’t know the configurations. Hence in my automation task, I want to install the Junos OS on the device, without pushing any additional config to it. Is it possible if I just enable NETCONF on the target device using netconify and then run the install OS script and if so what should I include in my .conf file through which I just want to enable NETCONF. FYI , I have a console connection to my device.
Oscar,
I am currently researching how to do exactly what you’re doing. Doing the initial config and upgrade software via the console cable. Can you give me some tips on how I can create the python script for that?
Hi,
Are aren’t you using Ansible to perform initial configuration over console?
Thanks,
Paris
I prefer python, but whatever tools I need to basically load the initial configs into the device (preferably over console) then commit in one script. Probably won’t do move the software via a console. I understand there’s a way to run a .py in the device but that requires setup and the file to be in the device. Hope that clarifies what I want to do. Any help would be greatly appreciated.
Hi,
So you would like to handle this natively in Python and also make it (as much as possible) vendor-independent, right?
Thanks,
Paris