Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Juniper Apstra Juniper Apstra 5.0.1 / 5.0.0 User Guide Devices Apstra ZTP

Juniper Apstra 5.0.1 / 5.0.0 User Guide

keyboard_arrow_up
close
keyboard_arrow_left
Juniper Apstra 5.0.1 / 5.0.0 User Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

ztp.json Keys

Release: Juniper Apstra 5.0
{}
Change Release
date_range 04-Nov-24
arrow_backward
arrow_forward

The Apstra ZTP configuration file (ztp.json) includes all configuration for the Apstra ZTP script (ztp.py). Never modify ztp.py directly. You can use several methods for configuring ztp.json. First, familiarize yourself with the keys in the file, as described below, then configure the file, as needed for your devices (as described in later pages).

Key Categories

Contents of the ztp.json file are organized from more general sections to more specific sections as follows:

  • defaults - Configured values in the defaults section are used for all devices unless more specific sections use the same keys. The more specific section values take precedence. Here's an example of what you might put in the defaults section:

    content_copy zoom_out_map
    "defaults": {
  "device-root-password": "root-password-123",
  "device-user": "admin",
  "device-user-password": "admin-password-123",
  "system-agent-params": {
    "agent_type": "onbox",
    "install_requirements": false
  }
}

  • platform-specific - Configured values in each of the vendor platform sections (junos, junos-evo, eos, nxos, sonic, linux) are used for all devices from that vendor unless the same keys in more specific sections are defined. Here's an example for devices using SONiC OS:

    content_copy zoom_out_map
    "sonic": {
  "sonic-versions": ["SONiC-OS-3.4.0-Enterprise_Advanced"],
  "sonic-image": "http://10.85.24.52/sonic/3.4.0/sonic-3.4.0-GA-adv-bcm.bin",
  "device-root-password": "admin",
  "device-user": "admin",
  "device-user-password": "admin",
  "custom-config": "sonic_custom.sh",
  "system-agent-params": {
    "agent_type": "onbox",
    "job_on_create": "install"
  }
}

  • model-specific - Configured values in a specific model number section are used for all devices of that model, unless, of course, the same keys are used in a serial number section. Then the value in the serial number section would be used. Here's an example for a specific Juniper device:

    content_copy zoom_out_map
    "QFX10002-36Q": {
  "junos-versions": ["21.2R1-S2.2"],
  "junos-image": "http://10.85.24.52/juniper/21.2R1-S2.2/jinstall-host-qfx-10-f-x86-64-21.2R1-S2.2-secure-signed.tgz"
 }

  • serial number-specific - Configured values under a specific serial number (system ID) are used for that one device. For example:

    content_copy zoom_out_map
    "TH0TFD6TCET0015G0015": {
   "sonic-versions": ["SONIC-OS-4.0.5-Enterprise_Advanced"],
   "sonic-image": "http://10.85.24.52/sonic/4.0.5/sonic-broadcom-enterprise-advanced-4.0.5-GA.bin"
}

Keys List

See descriptions and examples below for all keys in the ztp.json file. All keys are included in each category, whether or not they apply specifically to that category. For example, you may notice the junos section includes the key nxos-version. This is to allow all keys to be included in the defaults category. You can ignore or remove keys that don't apply to your devices.

nxos-versions

The nxos-versions parameter includes valid OS versions for Cisco NX-OS devices.

Example: "nxos-versions": [ "10.2(5)", "9.3(11)" ]

nxos-image(-location)

In the Configurator is called nxos-image-location and in the code editor and CLI it's called nxos-image.

If the version running on the device doesn't match a version in nxos-versions, then the Cisco NX-OS image location specified in the nxos-image field is uploaded.

By default, the image is loaded via TFTP. You can also load the image via HTTP by specifying the HTTP/HTTPS server URL with the IP address. You can also upload NX-OS images to Devices / OS images on the Apstra server.

TFTP Example (default): "nxos-image": [ "nxos.10.2.5.bin" ]

HTTP Server Example: "nxos-image": "http://192.168.59.4/nxos.10.2.5.bin"

Devices / OS Images Example: "nxos-image": "https://192.168.59.3/dos_images/nxos.10.2.5.bin"

eos-versions

The eos-versions parameter includes valid OS versions for Arista EOS devices.

Example: "eos-versions": [ "4.27.6M" ]

eos-image(-location)

In the Configurator is called eos-image-location and in the code editor and CLI it's called eos-image.

If the version running on the device doesn't match a version in eos-versions, then the Arista EOS SWI image location specified in the eos-image field is uploaded.

By default, the image is loaded via TFTP. You can also load the image via HTTP by specifying the HTTP/HTTPS server URL with the IP address. You can also upload NX-OS images to Devices / OS images on the Apstra server.

TFTP Example (default): "eos-image": [ "EOS-4.24.5M.swi" ]

HTTP Server Example: "eos-image": "http://192.168.59.3/dos_images/EOS-4.21.51F.swi"

Devices / OS Images Example: "nxos-image": "https://192.168.59.3/dos_images/nxos.10.2.5.bin"

To use any HTTP server for image transfer, enter a valid HTTP or HTTPS URL with IP address. For example: "eos-image": "http://192.168.59.3/dos_images/EOS-4.27.6M.swi"

This example uses HTTP from the Apstra ZTP server (192.168.59.4) to transfer the Arista EOS image from the Apstra ZTP /container_data/tftp/ directory.

You can also upload Arista EOS images to the Apstra controller Devices / OS Images. For example:

"nxos-image": "https://192.168.59.3/dos_images/EOS-4.27.6M.swi"

junos-versions

The junos-versions parameter includes valid OS versions for Juniper Junos OS devices.

Example: "junos-versions": [ "22.4R2" ]

junos-image(-location)

In the Configurator is called junos-image-location and in the code editor and CLI it's called junos-image.

If the running Junos OS version doesn't match a version in the junos-versions list, then the image in the junos-image field is uploaded.

By default, the image is loaded from the ZTP server's /container_data/tftp/ directory via TFTP. To use any HTTP server for transferring the image, enter a valid HTTP URL with IP address. For example:

"junos-image": "http://192.168.59.4/jinstall-host-qfx-5-18.4R3-S4.2-signed.tgz"

To use any HTTP server for image transfer, enter a valid HTTP or HTTPS URL with IP address. For example:

content_copy zoom_out_map
"junos-image": "http://192.168.59.4/jinstall-host-qfx-5e-x86-64-21.4R3-S4.13-secure-signed.tgz"

This example uses HTTP from the Apstra ZTP server (192.168.59.4) to transfer the Juniper Junos image from the Apstra ZTP /container_data/tftp/ directory.

You can also upload Juniper Junos images to the Apstra controller Devices / OS Images. For example:

content_copy zoom_out_map
"junos-image": "https://192.168.59.3/dos_images/jinstall-host-qfx-5e-x86-64-21.4R3-S4.13-secure-signed.tgz"

junos-evo-versions

The junos-evo-versions parameter includes valid OS versions for Juniper Junos OS Evolved devices.

Example: "junos-versions": [ "22.4R2-EVO" ]

junos-evo-image(-location)

sonic-versions

The sonic-versions parameter includes valid OS versions for Enterprise SONiC devices.

Example: "sonic-versions": [ "SONiC-OS-4.0.5-Enterprise_Advanced" ]

sonic-image(-location)

In the Configurator is called sonic-image-location and in the code editor and CLI it's called sonic-image.

This is the filename of the SONiC ONIE BIN image to load if the running version does not match a version in the sonic-versions list.

To use any HTTP server for image transfer, enter a valid HTTP or HTTPS URL with IP address. For example:

content_copy zoom_out_map
"sonic-image":
          "http://192.168.59.3/sonic-broadcom-enterprise-advanced-4.0.5-GA.bin"

This example uses HTTP from the Apstra ZTP server (192.168.59.4) to transfer the SONiC image from the Apstra ZTP /container_data/tftp/ directory.

You can also upload SONiC images to the Apstra controller Devices / OS Images. For example:

content_copy zoom_out_map
"sonic-image":
        "https://192.168.59.3/dos_images/sonic-broadcom-enterprise-advanced-4.0.5-GA.bin"

device-root-password

The ZTP process sets the device root password to this value. For Arista EOS and Cisco NX-OS devices, the device-root-password is used to set the password for the system admin password.

Example: "device-root-password": "root-admin-password"

device-user

Username for the device system agent. Also, if necessary, the ZTP process creates a user on the device with this username and and the device-user-password.

Example:

content_copy zoom_out_map
"device-user": "aosadmin",
   "device-user-password": "aosadmin-password"

device-user-password

Password for the device system agent. Also, if necessary, the ZTP process creates a user on the device with the device-user and this password.

Example:

content_copy zoom_out_map
"device-user": "aosadmin",
   "device-user-password": "aosadmin-password"

custom-config

This is the filename of the custom configuration shell script in the TFTP directory or a URL pointing to the file on a HTTP server. This shell script runs during the ZTP process allowing you to add custom configuration to the device. See Platform Specific Information for more information.

Example: "custom-config": "junos_custom.sh"

dual-routing-engine (check box)

system-agent-params

System agent parameters are used to create new users and device system agents on each device. (For all available system-agent-params options, see the REST API documentation for /api/system-agents.)

content_copy zoom_out_map
"system-agent-params": {
  "id": "",
  "agent_type": "",
  "platform": "",
  "job_on_create": "",
  "operation_mode": "",
  "profile": "",
  "packages": [],
  "force_package_install": false,
  "install_requirements": false,
  "enable_monitor": false

The individual system agent parameters are described below.

agent_type (system-agent-params)

Agent type is either onbox or offbox

Example: "agent_type": "onbox"

platform (system-agent-params)

This field is used only for offbox agents only. Set it to the device platform ("eos", "nxos", "junos"). Lowercase only

Example: "platform": "junos"

job_on_create (system-agent-params)

To have the onbox agent installed on the device, set job_on_create to install

Example: "job_on_create": "install"

operation_mode (system-agent-params)

profile (system-agent-params)

The device agent profile as defined in Apstra to use during agent creation. The value must be the ID of the agent profile, not the agent profile name.

Example: “profile”: “8d68d1ec-c168-4ef3-8ffd-09389c17a3e4”

Requirements for Juniper on Apstra version 4.2.0: If you need to provide “profile” parameters, you must use UUID instead of the profile name/label.

The parameters force_package_install, install_requirements, and enable_monitor are always visible in the ZTP server. These will cause agent creation failure during the ZTP process. You must remove these parameters from system-agent-params for Juniper agent creation to work. However, due to a bug, when you remove these parameters from the ztp.json file via the Apstra GUI, they aren't actually removed. The configurator adds them back in. To prevent this from happening, use the CLI instead of the Apstra ZTP GUI, and log in via an SSH connection to the ZTP server. Then restart the tftp container.

packages (system-agent-params)

Set to configure the additional SDK or extended telemetry packages to upload to the system agent.

Example:

content_copy zoom_out_map
"packages": [
  "aos-deployment-helper-nxos",
  "aosstdcollectors-builtin-nxos",
  "aosstdcollectors-custom-nxos"
]

force_package_install (system-agent-params)

For Juniper devices used in Apstra 4.2.0, you must remove this parameter via CLI. If you use the Apstra ZTP GUI, the parameter will be added back in.

install_requirements (system-agent-params)

Always set to false. Not currently needed for any supported Network Operating System.

Example: "install_requirements": false

For Juniper devices used in Apstra 4.2.0, you must remove this parameter via CLI. If you use the Apstra ZTP GUI, the parameter will be added back in.

enable_monitor (system-agent-params)

For Juniper devices used in Apstra 4.2.0, you must remove this parameter via CLI. If you use the Apstra ZTP GUI, the parameter will be added back in.

open_options (is this still relevant?)

Example:

content_copy zoom_out_map
"open_options": {
  "proto": "https",
  "port": "443"
}

Offbox agents only. Set to enable HTTPS between offbox agent to device API interface. If open_options isn't defined, the connection defaults to HTTP.

Examples

See the sections below for some examples of ztp.json values.

Defaults

An example of values you might want to include as defaults include the following:

content_copy zoom_out_map
"defaults": {
   "nxos-image": "http://buildfiles.dc1.apstra.com/apstrktr/switch_images/cisco/nxos.10.2.5.bin",
   "eos-image": "http://buildfiles.dc1.apstra.com/apstrktr/switch_images/arista/EOS-4.27.6M.swi",
   "junos-image": "http://10.24.128.10/apstrktr/switch_images/juniper/junos-5e-22.2R3.15.tgz",
   "junos-evo-image": "http://10.24.128.10/apstrktr/switch_images/juniper/junos-evo-install-qfx-ms-fixed-x86-64-22.2R3.13-EVO.iso",
   "sonic-image": "http://buildfiles.dc1.apstra.com/apstrktr/switch_images/sonic/sonic-4.0.5-GA-adv-bcm.bin",
   "device-root-password": "strongrootpassword",
   "device-user": "admin",
   "device-user-password": "stronguserpassword"
   "system-agent-params": {
       "agent_type": "onbox",
       "install_requirements": false
}

All devices would use these values unless values for more specific categories are configured, then those would take precedence. More specific categories include platform-specific, such as "junos", "junos-evo", "eos", "nxos", and "sonic"; model-specific, such as "QFX10002-60C"; and serial number-specific, such as "TH0TFD6TCET0015G0015".

Cisco Onbox Agent on Apstra ZTP 4.2.0 Example

content_copy zoom_out_map
{
"nxos": {
   "nxos-versions": [ "10.2(5)" ],
   "nxos-image": "http://192.168.59.4/nxos.10.2.5.bin",
   "device-root-password": "strongrootpassword",
   "custom-config": "nxos_custom.sh",
   "device-user": "admin",
   "device-user-password": "stronguserpassword",
   "system-agent-params": {
      "agent_type": "onbox",
      "job_on_create": "install"
      }
   }
}

Cisco Offbox Agent with HTTP on Apstra ZTP 4.2.0 Example

content_copy zoom_out_map
{
"nxos": {
   "nxos-versions": [ "10.2(5)" ],
   "nxos-image": "http://192.168.59.4/nxos.10.2.5.bin",
   "custom-config": "nxos_custom.sh",
      ]"device-user": "admin",
      "device-user-password": "admin-password",
   "system-agent-params": {
	  "username": "admin",
	  "password": "admin",
	  "agent_type": "offbox",
	  "platform": "nxos",
	  "open_options": {
	     "proto": "https",
	     "port": "443"
	  },
	  "packages": [
	     "aos-deployment-helper-nxos",
	     "aosstdcollectors-builtin-nxos",
	     "aosstdcollectors-custom-nxos"
         ]
      }
   }
}

This configuration enables secure offbox agent HTTPS (port 443) between the offbox agent on the server and the device API.

Note:

open_options" can't be configured from the Apstra ZTP UI configurator. You must use the GUI code editor or edit the ztp.json file from the CLI.

Arista Onbox Agent on Apstra ZTP 4.2.0 Example

content_copy zoom_out_map
{
  "eos": {
    "eos-versions": [ "4.27.6M" ],
    "eos-image": "http://192.168.59.3/EOS-4.27.6M.swi",
    "custom-config": "eos_custom.sh",
    "device-root-password": "admin-password",
    "device-user": "admin",
    "device-user-password": "admin-password",
    "system-agent-params": {
      "agent_type": "onbox",
      "job_on_create": "install"
    }
  }
}

Junos Offbox Agent on Apstra ZTP 4.2.0 Example

content_copy zoom_out_map
{
  "junos": {
    "junos-versions": [ "21.4R3-S4.13" ],
    "junos-image": "http://192.168.59.4/jinstall-host-qfx-5e-x86-64-21.4R3-S4.13-secure-signed.tgz",
    "device-root-password": "root-password",
    "device-user": "admin",
    "device-user-password": "admin-password",
    "custom-config": "junos_custom.sh",
    "system-agent-params": {
      "platform": "junos",
      "agent_type": "offbox",
      "job_on_create": "install"
    }
  }
}
content_copy zoom_out_map
{
        "junos": {
                "junos-versions": ["21.2R1-S2.2"],
                "junos-image": "http://10.85.24.52/juniper/21.2R1-S2.2/jinstall-host-qfx-5e-x86-64-21.2R1-S2.2-secure-signed.tgz",
                "device-root-password": "root123",
                "device-user": "admin",
                "device-user-password": "admin",
                "system-agent-params": {
                        "platform": "junos",
                        "agent_type": "offbox",
                        "job_on_create": "install"
                }
        },
        "QFX10002-36Q": {
               "junos-versions": ["21.2R1-S2.2"],
                "junos-image": "http://10.85.24.52/juniper/21.2R1-S2.2/jinstall-host-qfx-10-f-x86-64-21.2R1-S2.2-secure-signed.tgz"
        },
        "JNP10002-60C [QFX10002-60C]": {
                "junos-versions": ["21.2R1-S1.3"],
                "junos-image": "http://10.85.24.52/juniper/21.2R1-S1.3/junos-vmhost-install-qfx-x86-64-21.2R1-S1.3.tgz"
        }
}

Junos Evolved Onbox Agent on Apstra ZTP 4.2.0 Example

content_copy zoom_out_map
{
  "junos-evo": {
    "junos-evo-versions": [ "22.4R2.11-EVO" ],
    "junos-evo-image": "http://192.168.59.4/junos-evo-install-qfx-ms-x86-64-22.4R2.11-EVO.iso",
    "device-root-password": "root-password",
    "device-user": "admin",
    "device-user-password": "admin-password",
    "custom-config": "junos_custom.sh",
    "system-agent-params": {
      "agent_type": "onbox",
      "job_on_create": "install"
    }
  }
}

You can use the following additional fields for dual RE platforms, such as PTX10004.

content_copy zoom_out_map
"dual-routing-engine": true,
"management-ip": "10.161.37.7",
"management-gw-ip": "10.161.39.254",
"management-subnet-prefixlen": "21",
"management-master-ip": "10.161.37.8",
"management-backup-ip": "10.161.37.9",

Juniper OS Evolved

Enterprise SONiC Onbox Agent on Apstra ZTP 4.2.0 Example

content_copy zoom_out_map
{
"sonic": {
   "sonic-versions": [ "SONiC-OS-4.0.5-Enterprise_Advanced" ],
   "sonic-image": "http://192.168.59.4/sonic-broadcom-enterprise-advanced-4.0.5-GA.bin",
   "device-root-password": "root-password",
   "device-user": "admin",
   "device-user-password": "admin-password",
   "custom-config": "sonic_custom.sh",
   "system-agent-params": {
      "agent_type": "onbox",
      "job_on_create": "install"
      }
   }
}
Note:

If you use another device-user besides admin (aosadmin for example) Apstra ZTP creates this new user, but it doesn't change the password for the default SONiC admin user (password set to YourPaSsWoRd by default).

Model-specific Example

content_copy zoom_out_map
"JNP10002-60C [QFX10002-60C]": {
    "junos-versions": [ "21.2R1-S1.3" ],
    "junos-image": "http://10.85.24.52/juniper/21.2R1-S1.3/junos-vmhost-install-qfx-x86-64-21.2R1-S1.3.tgz",
arrow_backward PREVIOUS Configure DHCP Server for Apstra ZTP
NEXT arrow_forward Configure ztp.json with Configurator
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top