- play_arrow Disclaimer
- play_arrow Ansible Overview
- play_arrow Install Ansible for Junos OS
- play_arrow Use Ansible to Connect to Junos Devices
- play_arrow Use Ansible to Manage the Configuration
- play_arrow Troubleshoot Ansible for Junos OS
- Ansible for Junos OS Troubleshooting Summary
- Troubleshoot Junos PyEZ (junos-eznc) Install Errors for Ansible Modules
- Troubleshoot Ansible Collection and Module Errors When Managing Junos Devices
- Troubleshoot Ansible Connection Errors When Managing Junos Devices
- Troubleshoot Ansible Authentication Errors When Managing Junos Devices
- Troubleshoot Ansible Errors When Configuring Junos Devices
Use Ansible to Restore a Junos Device to the Factory-Default Configuration Settings
Use the Juniper Networks Ansible modules to restore a Junos device to its factory-default configuration settings.
How to Use Ansible to Restore the Factory-Default Configuration Settings
Juniper Networks provides an Ansible module that you can use to restore a Junos device to its factory-default configuration settings. Table 1 outlines the module.
Content Set | Module Name |
|---|---|
|
To use the juniper.device.system module to restore a device to
its factory-default configuration settings, set the module’s
action argument to 'zeroize'. After you
restore a device to the factory-default configuration settings, you must log in
through the console as root in order to access the device.
The action: "zeroize" argument causes the module to execute the
request system zeroize operational command on the target
host. This command removes all configuration information on the specified
Routing Engines, resets all key values on the device, and then reboots the
device and resets it to the factory-default configuration settings. The zeroize
operation removes all data files, including customized configuration and log
files, by unlinking the files from their directories. It also removes all
user-created files from the system including all plain-text passwords, secrets,
and private keys for SSH, local encryption, local authentication, IPsec, RADIUS,
TACACS+, and SNMP.
For more information, see:
The following Ansible playbook uses the juniper.device.system
module with action: "zeroize" to reset all Routing Engines on
each host in the inventory group to the factory-default configuration
settings.
---
- name: Restore Junos devices to factory-default configuration
hosts: dc1
connection: local
gather_facts: no
tasks:
- name: Restore all Routing Engines to factory-default configuration
juniper.device.system:
action: "zeroize"
By default, the action: "zeroize" operation resets all Routing
Engines in a dual Routing Engine or Virtual Chassis setup to the factory-default
configuration settings. You can also instruct the module to perform the
operation on only the Routing Engine to which the application is connected.
To explicitly indicate that the operation should be performed on all Routing
Engines in a dual Routing Engine or Virtual Chassis setup, include the
all_re: True argument, which is the default.
tasks:
- name: Restore all Routing Engines to factory-default configuration
juniper.device.system:
action: "zeroize"
all_re: True
To perform the requested action on only the Routing Engine to which the
application is connected, include the all_re: False
argument.
tasks:
- name: Restore connected Routing Engine to factory-default configuration
juniper.device.system:
action: "zeroize"
all_re: False
To instruct the module to also scrub all memory and media, in addition to
removing all configuration and log files, include the media:
True argument. Including the media: True argument
is equivalent to executing the request system zeroize media
operational mode command. The media option scrubs every storage
device that is attached to the system, including disks, flash memory devices,
removable USBs, and so on. The duration of the scrubbing process is dependent on
the size of the media being erased.
tasks:
- name: Restore device to the factory-default configuration and scrub media
juniper.device.system:
action: "zeroize"
media: True
Example: Use Ansible to Restore the Factory-Default Configuration Settings
This example demonstrates how to use the juniper.device.system
module to restore a Junos device to its factory-default configuration settings. You
can execute the module using any type of connection; however, once you reset the
device, you can only access it again as root through a console server or the
CONSOLE port. This example connects to the devices
through a console server.
Requirements
This example uses the following hardware and software components:
Configuration management server running Ansible 2.18 or later with the
juniper.devicecollection installedJunos device that has access to the console port through a console server and has a user account configured with appropriate permissions
Existing Ansible inventory file with required hosts defined
Overview
This example creates an Ansible playbook that uses the
juniper.device.system module to reset each host in the
inventory group to its factory-default configuration settings. The value of the
module’s action argument defines the operation to execute on
the host. Setting action to "zeroize" executes
the request system zeroize command on each host. This command
removes all configuration information on the Routing Engines, resets all key
values on the device, and then reboots the device and resets it to the
factory-default configuration settings.
The request system zeroize command removes all data files,
including customized configuration and log files, by unlinking the files
from their directories. The command also removes all user-created files from
the system including all plain-text passwords, secrets, and private keys for
SSH, local encryption, local authentication, IPsec, RADIUS, TACACS+, and
SNMP.
When calling the module from a playbook, we recommend that you use an interactive
prompt to confirm that the user does intend to reset the devices. If a user
unintentionally runs the playbook and there is no check, it could inadvertently
revert devices back to factory-default configurations and disrupt any networks
that require those devices. As a precaution, this playbook uses an interactive
prompt to verify that the user intends to reset the devices and requires that
the user manually type 'yes' on the command line in order
to execute the module. If the Confirmation check task fails,
the Ansible control node skips the other tasks in the play for that device.
The playbook executes the juniper.device.system module provided
that the confirmation check was successful. The mode: "telnet"
and port: 23 arguments instruct the module to telnet to port 23
of the console server. The password parameter is set to the
value of the password variable, which the playbook prompts for
during execution. After the reboot, you must log in through the console as root
in order to access the device.
Configuration
Create and Execute the Ansible Playbook
Step-by-Step Procedure
To create a playbook that uses the juniper.device.system
module to restore a Junos device to its factory-default configuration
settings:
Include the boilerplate for the playbook and this play, which executes the modules locally.
content_copy zoom_out_map--- - name: Restore Junos devices to factory-default configuration settings hosts: dc1_console connection: local gather_facts: no
Create an interactive prompt to prevent the accidental execution of the module.
content_copy zoom_out_mapvars_prompt: - name: reset_confirmation prompt: > This playbook resets hosts to factory-default configurations! Enter 'yes' to continue. default: "no" private: noCreate an interactive prompt for the
passwordvariable, if the user credentials are not already passed in through some other means.content_copy zoom_out_map- name: "device_password" prompt: "Device password" private: yesDefine the connection parameters.
content_copy zoom_out_mapvars: password: "{{ device_password }}" mode: "telnet" port: 23Create the task that confirms the user's intent.
content_copy zoom_out_maptasks: - name: Confirmation check fail: msg="Playbook run confirmation failed" when: reset_confirmation != "yes"Create the task to reset all Routing Engines on the device to the factory-default configuration settings.
content_copy zoom_out_map- name: Restore all Routing Engines to factory-default configuration juniper.device.system: action: "zeroize" timeout: 120 register: result(Optional) Create a task to print the response.
content_copy zoom_out_map- name: Print response ansible.builtin.debug: var: result
Results
On the Ansible control node, review the completed playbook. If the playbook does not display the intended code, repeat the instructions in this example to correct the playbook.
---
- name: Restore Junos devices to factory-default configuration settings
hosts: dc1_console
connection: local
gather_facts: no
vars_prompt:
- name: reset_confirmation
prompt: >
This playbook resets hosts to factory-default configurations!
Enter 'yes' to continue.
default: "no"
private: no
- name: "device_password"
prompt: "Device password"
private: yes
vars:
password: "{{ device_password }}"
mode: "telnet"
port: 23
tasks:
- name: Confirmation check
fail: msg="Playbook run confirmation failed"
when: reset_confirmation != "yes"
- name: Restore all Routing Engines to factory-default configuration
juniper.device.system:
action: "zeroize"
timeout: 120
register: result
- name: Print response
ansible.builtin.debug:
var: result
Execute the Playbook
To execute the playbook:
Issue the
ansible-playbookcommand on the control node, and provide the playbook path and any desired options.content_copy zoom_out_maproot@ansible-cn:~/ansible# ansible-playbook ansible-pb-junos-zeroize.yaml This playbook resets hosts to factory-default configurations! Enter 'yes' to continue. [no]: yes Device password: PLAY [Restore Junos devices to factory-default configuration settings] TASK [Confirmation check] ********************************************** skipping: [dc1a-console.example.net] TASK [Restore all Routing Engines to factory-default configuration] **** changed: [dc1a-console.example.net] TASK [Print response] ************************************************** ok: [dc1a-console.example.net] => { "result": { "action": "zeroize", "all_re": true, "changed": true, "failed": false, "media": false, "msg": "zeroize successfully initiated.", "other_re": false, "reboot": false "vmhost": false } } PLAY RECAP ************************************************************ dc1a-console.example.net : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
Verification
Verify Playbook Execution
Purpose
Verify that the Junos devices were successfully reset to the factory-default configuration.
Action
Access the device through the console port as root. The device should now be in Amnesiac state.
Amnesiac <ttyd0> login:
Meaning
The Amnesiac prompt is indicative of a device that is
booting from a factory-default configuration and that does not have a
hostname configured.
