Troubleshoot Ansible Authentication Errors When Managing Junos Devices
The following sections outline authentication errors that you might encounter when using Ansible to manage Junos devices. These sections also present potential causes and solutions for each error.
Troubleshoot ConnectAuthError Issues
Problem
Description
During execution of a juniper.device
module, the Ansible
control node generates a ConnectAuthError
error for failed
authentication. For example:
"msg": "Unable to make a PyEZ connection: ConnectAuthError(dc1a.example.net)"
Cause
The Junos device might fail to authenticate the user for the following reasons:
-
The user does not an have an account on the Junos device.
-
The user has an account with a text-based password configured on the Junos device, but the wrong password or no password is supplied for the user when executing the module.
-
The user has an account on the Junos device with SSH keys configured, but the SSH keys are inaccessible on either the device or the control node.
Solution
Ensure that the user executing the modules has a Junos OS login account on all target Junos devices and that an SSH public/private key pair or text-based password is configured for the account. If SSH keys are configured, verify that the user can access them. For more information, see Authenticate Users Executing Ansible Modules on Junos Devices.
Troubleshoot Attribute conn_type Errors
Problem
Description
During execution of a juniper.device
module on a Junos
device, the Ansible control node generates the following error:
AttributeError: 'JuniperJunosModule' object has no attribute 'conn_type'
Cause
Whereas the older, deprecated Juniper.junos
modules supported
using a provider
dictionary to define connection and
authentication parameters, the juniper.device
modules do not
support using a provider
dictionary and generate the
aforementioned error if one is referenced.
Solution
If you supply connection and authentication parameters in the playbook’s play for
the juniper.device
modules, the parameters must be defined in
the location appropriate for the Ansible connection. For persistent connections
(connection: juniper.device.pyez
), define the parameters
under the vars:
section. For local connections
(connection: local
), define the parameters either under the
vars:
section or as top-level module arguments. For
example:
--- - name: Get device facts hosts: dc1 connection: juniper.device.pyez gather_facts: no vars_prompt: - name: "DEVICE_PASSWORD" prompt: "Device password" private: yes vars: passwd: "{{ DEVICE_PASSWORD }}" tasks: - name: Get device facts juniper.device.facts: savedir: "{{ playbook_dir }}"
--- - name: Get device facts hosts: dc1 connection: local gather_facts: no vars_prompt: - name: "DEVICE_PASSWORD" prompt: "Device password" private: yes tasks: - name: Get device facts juniper.device.facts: passwd: "{{ DEVICE_PASSWORD }}" savedir: "{{ playbook_dir }}"