Troubleshoot Ansible Connection Errors When Managing Junos Devices
The following sections outline connection errors that you might encounter when using Ansible to manage Junos devices. These sections also present potential causes and solutions for each error.
Troubleshoot Failed or Invalid Connection Errors
Problem
Description
During execution of a juniper.device or
Juniper.junos module on a Junos device, the Ansible
control node generates an error about a failed SSH connection or an unknown
command. For example:
UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ", "unreachable": true}
or
unknown command: /bin/sh\r\n
Cause
These errors can arise when the module is not run locally on the Ansible control node.
Normally Ansible requires Python on the managed node, and the Ansible control node sends the module to the node, where it is executed and then removed. The Juniper Networks modules do not require Python on Junos devices, because they use Junos PyEZ and the Junos XML API over NETCONF to interface with the device. Therefore, to perform operations on Junos devices, you must run the modules locally on the Ansible control node where Python is installed. If Ansible tries to execute a module directly on the Junos device, it generates an error.
Solution
To direct the Ansible control node to run the juniper.device or
Juniper.junos modules locally, include
connection: local in the Ansible playbook, or include the
--connection local command-line argument when executing
individual modules. For example:
--- - name: Get Device Facts hosts: junos connection: local gather_facts: no
Troubleshoot Unknown Host Errors
Problem
Description
During execution of a juniper.device or
Juniper.junos module, the Ansible control node
generates a ConnectUnknownHostError error.
"msg": "Unable to make a PyEZ connection: ConnectUnknownHostError(dc1a.example.net)"
Cause
The host is not defined in the Ansible inventory file or the Ansible control node is unable to resolve the hostname.
When executing an Ansible module either directly or from a playbook, any host referenced in the module arguments or the playbook must be defined in the Ansible inventory file. The default location for the inventory file is /etc/ansible/hosts. If the inventory file references a hostname, the Ansible control node must be able to resolve the hostname.
Solution
Update the Ansible inventory file to include the missing host, and ensure that DNS resolution is working correctly.
For information about the Ansible inventory file, see Understanding the Ansible Inventory File When Managing Junos Devices as well as the official Ansible documentation at https://www.ansible.com/.
Troubleshoot Refused Connection Errors
Problem
Description
During execution of a juniper.device or
Juniper.junos module, the Ansible control node
generates a ConnectRefusedError error. For example:
"msg": "Unable to make a PyEZ connection: ConnectRefusedError(dc1a.example.net)"
Cause
The most likely cause for a refused connection error is that NETCONF over SSH is not enabled on the Junos device.
To quickly test whether NETCONF is enabled, verify that the user account executing the Ansible module can successfully start a NETCONF session with the device.
[user@ansible-cn]$ ssh user@dc1a.example.net -p 830 -s netconf
If the user can successfully establish a NETCONF session with the device on either the default NETCONF port (830) or a port that is specifically configured for NETCONF on your device, then NETCONF is enabled. Otherwise, you must enable NETCONF over SSH on the device.
Solution
Enable the NETCONF-over-SSH service on the Junos device.
[edit] user@host# set system services netconf ssh user@host# commit