How to install and use Juniper Netconify 1.0.0

This library can be used as initial configuration of the new devices(also known as New-Out-Of-Box (NOOB)).

This library is a dependency for Junos modules for Ansible.

More information about the usage/installation/upgrade can be found here:

https://github.com/Juniper/py-junos-netconify

Let’s start with a practical example of installation and how to use it:

This is how you install the utility:

lab@UBUNTU:~$ sudo pip install junos-netconify
[sudo] password for lab:
Downloading/unpacking junos-netconify
  Downloading junos-netconify-1.0.0.tar.gz
  Running setup.py (path:/tmp/pip_build_root/junos-netconify/setup.py) egg_info for package junos-netconify

Requirement already satisfied (use --upgrade to upgrade): pyserial in /usr/lib/python2.7/dist-packages (from junos-netconify)
Requirement already satisfied (use --upgrade to upgrade): lxml in /usr/local/lib/python2.7/dist-packages (from junos-netconify)
Installing collected packages: junos-netconify
  Running setup.py install for junos-netconify

    changing mode of /usr/local/bin/netconify to 755
Successfully installed junos-netconify
Cleaning up...
lab@UBUNTU:~$

 

If you connect for the first time on the console of a new device, you will see something like this:

 

FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 36483 free (11 frags, 4559 blocks, 0.0% fragmentation)

Amnesiac (ttyu0)

login:

 

I have a specific default configuration that I’m applying to new devices. The only thing that changes between each configuration is the hostname and the IP for the management port.

This is the configuration:

 

system {
    host-name EX3300;
    time-zone Europe/Amsterdam;
    root-authentication {
        encrypted-password "$1$VrQv3XWs$OCS7VICV9SLiEOchLSdN90"; ## SECRET-DATA
    }
    login {
        user lab {
            uid 2005;
            class super-user;
            authentication {
                encrypted-password "$1$syrUhQ8I$5suXg7k4zv.Mlsavixa65/"; ## SECRET-DATA
            }
        }
    }
    services {
        ssh;
        telnet;
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any any;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    ntp {
        server 192.168.100.250;
    }
}
interfaces {
    me0 {
        unit 0 {
            family inet {
                address 192.168.1.185/23;
            }
        }
    }

}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 192.168.1.1;
    }
}

 

I know the console IP address and port, so I can use the utility to make the initial configuration so I can connect using SSH and perhaps continue the specific configuration need for this device. You will need to specify the file that has the default configuration. Keep in mind that the configuration should be in hierarchical mode and not in display set mode:

 

lab@UBUNTU:/usr/local/bin$ python2.7 netconify --telnet 192.168.17.220,7036 -f /home/lab/netconify.conf
TTY:login:connecting to TTY:192.168.17.220:7036 ...
TTY:login:logging in ...
TTY:login:starting NETCONF
conf:loading into device ...
conf:commit ... please be patient
conf:commit completed.
TTY:logout:logging out ...
lab@UBUNTU:/usr/local/bin$

 

After this, the configuration was applied and we can test if we can connect using ssh:

 

lab@UBUNTU:/usr/local/bin$ ssh root@192.168.1.185
The authenticity of host '192.168.1.185 (192.168.1.185)' can't be established.
ECDSA key fingerprint is 3c:b0:c5:47:d3:b9:17:17:94:e1:0f:f1:39:5f:af:28.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.185' (ECDSA) to the list of known hosts.
root@192.168.1.185's password:
--- JUNOS 12.3R7.7 built 2014-06-12 14:14:29 UTC



root@EX3300:RE:0% cli
{master:0}
root@EX3300>

 

By default, load override is used but load merge can be used as well in case you want to push additional configuration on top of what you have already:

 

Jan 16 10:04:45   login: Login attempt for user root from host [unknown]
Jan 16 10:04:45   login: LOGIN_INFORMATION: User root logged in from host [unknown] on device ttyu0
Jan 16 10:04:45   login: LOGIN_ROOT: User root logged in as root from host [unknown] on device ttyu0
Jan 16 10:04:50   file[1782]: UI_LOAD_EVENT: User 'root' is performing a 'load override'
Jan 16 10:04:52   file[1782]: UI_COMMIT: User 'root' requested 'commit' operation (comment: none)

 

Let’s try another one. You can retrieve different information from the device, by using the option –facts and store them somewhere on your server:

 

lab@UBUNTU:/usr/local/bin$ python2.7 netconify --telnet 192.168.17.220,7036 -u root -P lab123 --facts --savedir /var/tmp
TTY:login:connecting to TTY:192.168.17.220:7036 ...
TTY:login:logging in ...
TTY:login:starting NETCONF
facts:retrieving device facts...
facts:saving: /var/tmp/EX3300-facts.json
inventory:saving: /var/tmp/EX3300-inventory.xml
TTY:logout:logging out ...
lab@UBUNTU:/usr/local/bin$
lab@UBUNTU:/var/tmp$ ls -lt | grep EX330
-rw-rw-r-- 1 lab  lab         100 Jan 16 10:22 EX3300-facts.json
-rw-rw-r-- 1 lab  lab        1996 Jan 16 10:22 EX3300-inventory.xml
lab@UBUNTU:/var/tmp$ cat EX3300-facts.json
{"model": "EX3300-48P", "version": "12.3R7.7", "serialnumber": "GB0212019933", "hostname": "EX3300"}
lab@UBUNTU:/var/tmp$

 

This is a great tool if you need to apply default configuration to new Juniper devices, but not only for that. You can update the configuration on a Juniper device as well so its great for configuration automation.

 

The following two tabs change content below.

Paris ARAU

Paris ARAU is a networking professional with strong background on routing and switching technologies. He is a holder of CCIE R&S and dual JNCIE(SP and ENT). The day to day work allows him to dive deeply in networking technologies. Part of the continuously training, he is focusing on Software Defined Network and cloud computing.

Comments

This post currently has 13 responses

  • Hi
    Is it possible for you to post up an example program on an interpreter? I have to mesh netconify with another program but for the life of me I can not figure out using the module in an interpreter.

      • Hi Paris.
        Right now what I want to do is push an initial config to a NOOB machine to gain connection and continue to configure (will have to reconnect) it with PyEZ. I am assuming once you have Netconf SSH enabled you can configure Juniper boxes through a Serial with PyEZ (is this wrong?)

        What I am failing is figuring out how to connect to the machines through Signal.

        On PyEZ you do on an Interpreter the below to connect.
        dev = Device(host=’Name’, user=’User’, password=’Password’)
        dev.open()

        But I can not find the netconify.Telnet module counterpart on any document out there. I can not figure out how to connect to a machine through signal and push a file with an interpreter such as IDLE or Pychar etc

        Regards
        Oscar

        • Hi Oscar,

          Sorry for the late reply.

          Unfortunately I don’t have that much experience with PyEZ(this is something that I should work on) nor I have I tried Netconify in other way than I explained in the post.

          Thanks,
          Paris

          • Thanks for your reply

            From what I can see you are simply running the “netconify” module and not a program, or am I wrong. That might be where I am getting stuck at in Windows, as long as I can figure out to make netconify to work by itself as a module in Windows, integrating it into another problem should be easy.

          • Hi Oscar,

            Yes, I’m using only the netconify module, but as you can see, it was done on Ubuntu.

            So I’m not sure if this is because you are trying on Windows or something is wrongly set up in your setup.

            Thanks,
            Paris

  • Hi Paris.
    I finally gave up on Windows last week and ran VM Ubuntu on laptop. It worked just fine, after some customization.
    What I am doing right now is running netconify command from Python’s “os” module which runs it on terminal. So I can push config, upgrade software and run tests in one program. I am using direct serial connection instead of telnet.

    I run basically smt like this in the interpreter
    import os
    basic_conf=”sudo python /usr/local/bin/netconify –p /dev/ttyS1 -u root -f /home/basic.conf”
    os.system(basic_conf)

    Afterwards I am just continuing with the rest of my program

  • Hi Paris,
    The resources out here are very helpful. The project I am currently working has small changes in it. For example the devices I have , has some configuration already on it and this configurations are made by the customers to whom the device is loaned, so once we get back , we don’t know the configurations. Hence in my automation task, I want to install the Junos OS on the device, without pushing any additional config to it. Is it possible if I just enable NETCONF on the target device using netconify and then run the install OS script and if so what should I include in my .conf file through which I just want to enable NETCONF. FYI , I have a console connection to my device.

  • Oscar,
    I am currently researching how to do exactly what you’re doing. Doing the initial config and upgrade software via the console cable. Can you give me some tips on how I can create the python script for that?

    • Hi,

      Are aren’t you using Ansible to perform initial configuration over console?

      Thanks,
      Paris

      • I prefer python, but whatever tools I need to basically load the initial configs into the device (preferably over console) then commit in one script. Probably won’t do move the software via a console. I understand there’s a way to run a .py in the device but that requires setup and the file to be in the device. Hope that clarifies what I want to do. Any help would be greatly appreciated.

        • Hi,

          So you would like to handle this natively in Python and also make it (as much as possible) vendor-independent, right?

          Thanks,
          Paris

Leave a Reply to Paris ARAU Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar



%d bloggers like this: