Using Salt to Restore a Device Running Junos OS to the Factory-Default Configuration Settings
Juniper Networks provides support for using
Salt to manage devices running Junos OS, and the Junos execution and
state modules (for Salt) define functions that enable you to perform
operational and configuration tasks on the managed devices. The salt.modules.junos.zeroize execution function
and the salt.states.junos.zeroize state function enable
you to restore a device running Junos OS to its factory-default configuration
settings. After a device is restored to the factory-default configuration
settings, you must log in through the console as root in order to
access the device.
junos.zeroize Function Overview
The junos.zeroize function executes
the request system zeroize operational command on the target
hosts. The function resets both Routing Engines in a dual Routing
Engine system.
This command removes all configuration information on the specified Routing Engines, resets all key values on the device, and then reboots the device and resets it to the factory-default configuration settings. The zeroize operation removes all data files, including customized configuration and log files, by unlinking the files from their directories, and it also removes all user-created files from the system including all plain-text passwords, secrets, and private keys for SSH, local encryption, local authentication, IPsec, RADIUS, TACACS+, and SNMP.
The salt.modules.junos.zeroize execution function
syntax is:
salt 'target' junos.zeroize
The salt.states.junos.zeroize state function syntax
is:
id: junos.zeroize
where id is the user-defined identifier for the state declaration.
For more information about the request system zeroize command, see request system zeroize.
How to Use the junos.zeroize Execution and State Functions
The junos.zeroize function enables
you to easily reset one or more devices running Junos OS to its factory-default
configuration settings from the Salt master command line.
For example, the following command resets the target device to its factory default settings:
saltuser@salt-master:~$ sudo salt -t 300 'router1' junos.zeroize
You can perform the same operation in a Salt state file. For example:
saltuser@salt-master:~$ cat /srv/salt/junos_zeroize.sls Reset device running Junos OS: junos.zeroize
saltuser@salt-master:~$ sudo salt -t 300 'router1' state.apply junos_zeroize
When you execute the junos.zeroize function, it resets the device configuration, including the hostname
and IP address and any configured connection and authentication information.
As a result, the proxy minion is unable to maintain the connection
to the device.
saltuser@salt-master:~$ sudo salt 'router1' test.ping
router1:
False
After the device is restored to its factory-default configuration
settings, you must log in through the console as root in order to
access the device. The device displays Amnesiac in place of a hostname, because the updated configuration no longer
specifies a hostname.
Amnesiac (ttyu0) login: root --- JUNOS 18.4R1.8 built 2018-12-17 03:28:10 UTC % cli root>
To restore the connection between the Salt proxy minion and the managed device, you must configure the device with the appropriate settings. For example, you must configure the NETCONF-over-SSH service. You must also configure the device with the same connection and authentication settings that are defined in the proxy configuration for that device in the pillar data on the Salt master. The proxy minion will automatically reconnect to the device after the appropriate settings are configured and committed.
saltuser@salt-master:~$ sudo salt 'router1' test.ping
router1:
True