`_ >= 2.2.0 * Python >= 2.7 .. _module-specific-options-label: Module-specific Options ----------------------- The following options may be specified for this module: .. raw:: html

parameter	type	required	default	choices	comments
all_re	bool	no	True	yes no	Whether or not to install the software on all Routing Engines of the target Junos device. If `true`, and the device has multiple Routing Engines, the software is installed on all Routing Engines. If `false`, the software is only installed on the current Routing Engine.
checksum	str	no	none		The pre-calculated checksum, using the checksum_algorithm of the file specified by the local_package option. Specifying this option is simply an optimization to avoid repeatedly computing the checksum of the local_package file once for each target Junos host.
checksum_algorithm	str	no	md5		The algorithm to use when calculating the checksum of the local and remote software packages.
checksum_timeout	int	no	300 (5 minutes)		The number of seconds to wait for the calculation of the checksum to complete on the target Junos device.
cleanfs	bool	no	true (unless no_copy is `true`, then `false`)	yes no	Whether or not to perform a `request system storage cleanup` prior to copying or installing the software.
cleanfs_timeout	int	no	300 (5 minutes)		The number of seconds to wait for the `request system storage cleanup` to complete on the target Junos device.
force_host	bool	no	False	yes no	Forces the upgrade of the Host Software package on QFX-series devices.
install_timeout	int	no	1800 (30 minutes)		The number of seconds to wait for the software installation to complete on the target Junos device.
issu	bool	no	False	yes no	Indicates if a unified in-service software upgrade (ISSU) should be attempted. ISSU enables the upgrade between two different Junos OS releases with no control plane disruption and minimal data plane traffic disruption. In order for an ISSU to succeed, ISSU must be supported. This includes support for the current to desired Junos versions, the hardware of the target Junos device, and the current software configuration of the target Junos device. The issu and nssu options are mutually exclusive.
kwargs	dict	no	none		Additional keyword arguments and values which are passed to the `<request-package-add>` RPC used to install the software package. The value of this option is a dictionary of keywords and values. aliases: kwarg, args, arg
local_package	path	no	none		The path, on the local Ansible control machine, of a Junos software package. This Junos software package will be installed on the target Junos device. If this option is specified, and a file with the same MD5 checksum doesn't already exist at the remote_package location on the target Junos device, then the file is copied from the local Ansible control machine to the target Junos device. If this option is not specified, it is assumed that the software package already exists on the target Junos device. In this case, the remote_package option must be specified. aliases: package
no_copy	bool	no	False	yes no	Indicates if the file containing the software package should be copied from the local_package location on the local Ansible control machine to the remote_package location on the target Junos device. If the value is `true`, or if the local_package option is not specified, then the copy is skipped and the file must already exist at the remote_package location on the target Junos device.
nssu	bool	no	False	yes no	Indicates if a non-stop software upgrade (NSSU) should be attempted. NSSU enables the upgrade between two different Junos OS releases with minimal data plane traffic disruption. NSSU is specific to EX-series Virtual Chassis systems or EX-series stand-alone systems with redundant Routing Engines. In order for an NSSU to succeed, NSSU must be supported. This includes support for the current to desired Junos versions, the hardware of the target Junos device, and the current software configuration of the target Junos device. The nssu and issu options are mutually exclusive.
pkg_set	list	no	False		install software on the members in a mixed Virtual Chassis. Currently we are not doing target package check this option is provided.
reboot	bool	no	True	yes no	Indicates if the target Junos device should be rebooted after performing the software install.
reboot_pause	int	no	10		The amount of time, in seconds, to wait after the reboot is issued before the module returns. This gives time for the reboot to begin. The default value of 10 seconds is designed to ensure the device is no longer reachable (because the reboot has begun) when the next task begins. The value must be an integer greater than or equal to 0.
remote_package	path	no	`/var/tmp/` + filename portion of local_package		This option may take one of two formats. The first format is a URL, from the perspective of the target Junos device, from which the device retrieves the software package to be installed. The acceptable formats for the URL value may be found here. When using the URL format, the local_package and no_copy options must not be specified. The second format is a file path, on the taget Junos device, to the software package. If the local_package option is also specified, and the no_copy option is `false`, the software package will be copied from local_package to remote_package, if necessary. If the no_copy option is `true` or the local_package option is not specified, then the file specified by this option must already exist on the target Junos device. If this option is not specified, it is assumed that the software package will be copied into the `/var/tmp` directory on the target Junos device using the filename portion of the local_package option. In this case, the local_package option must be specified. Specifying the remote_package option and not specifying the local_package option is equivalent to specifying the local_package option and the no_copy option. In this case, you no longer have to explicitly specify the no_copy option. If the remote_package value is a directory (ends with /), then the filename portion of local_package will be appended to the remote_package value. If the remote_package value is a file (does not end with /), then the filename portion of remote_package must be the same as the filename portion of local_package.
validate	bool	no	False	yes no	Whether or not to have the target Junos device should validate the current configuration against the new software package.
version	str	no	Attempt to extract the version from the file name specified by the local_package or remote_package option values IF the package appears to be a Junos software package. Otherwise, `none`.		The version of software contained in the file specified by the local_package and/or remote_package options. This value should match the Junos version which will be reported by the device once the new software is installed. If the device is already running a version of software which matches the version option value, the software install is not necessary. In this case the module returns a changed value of `false` and an failed value of `false` and does not attempt to perform the software install. aliases: target_version, new_version, desired_version
vmhost	bool	no	False	yes no	Whether or not this is a vmhost software installation.

Common Connection-related Options --------------------------------- In addition to the :ref:`module-specific-options-label`, the following connection-related options are also supported by this module: .. raw:: html

parameter type required default choices comments

attempts

int

The number of times to try connecting and logging in to the Junos device. This option is only applicable when using mode = 'telnet' or mode = 'serial'. Mutually exclusive with the console option.

baud

int

9600

The serial baud rate, in bits per second, used to connect to the Junos device. This option is only applicable when using mode = 'serial'. Mutually exclusive with the console option.

console

str

none

An alternate method of specifying a NETCONF over serial console connection to the Junos device using Telnet to a console server. The value of this option must be a string in the format --telnet <console_hostname>,<console_port_number>. This option is deprecated. It is present only for backwards compatibility. The string value of this option is exactly equivalent to specifying host with a value of <console_hostname>, mode with a value of telnet, and port with a value of <console_port_number>. Mutually exclusive with the mode, port, baud, and attempts options.

cs_passwd

str

The password used to authenticate with the console server over SSH. This option is only required if you want to connect to a device over console using SSH as transport. Mutually exclusive with the console option.

aliases: console_password

cs_user

str

The username used to authenticate with the console server over SSH. This option is only required if you want to connect to a device over console using SSH as transport. Mutually exclusive with the console option.

aliases: console_username

host

str

yes

{{ inventory_hostname }}

The hostname or IP address of the Junos device to which the connection should be established. This is normally the Junos device itself, but is the hostname or IP address of a console server when connecting to the console of the device by setting the mode option to the value telnet. This option is required, but does not have to be specified explicitly by the user because it defaults to {{ inventory_hostname }}.

aliases: hostname, ip

mode

str

none

none
telnet
serial

The PyEZ mode used to establish a NETCONF connection to the Junos device. A value of none uses the default NETCONF over SSH mode. Depending on the values of the host and port options, a value of telnet results in either a direct NETCONF over Telnet connection to the Junos device, or a NETCONF over serial console connection to the Junos device using Telnet to a console server. A value of serial results in a NETCONF over serial console connection to the Junos device. Mutually exclusive with the console option.

passwd

str

The first defined value from the following list 1) The ANSIBLE_NET_PASSWORD environment variable. (used by Ansible Tower) 2) The value specified using the -k or --ask-pass command line arguments to the ansible or ansible-playbook command. 3) none (An empty password/passphrase)

The password, or ssh key's passphrase, used to authenticate with the Junos device. If this option is not specified, authentication is attempted using an empty password, or ssh key passphrase.

aliases: password

port

int or str

830 if mode = none, 23 if mode = 'telnet', '/dev/ttyUSB0' if (mode = 'serial')

The TCP port number or serial device port used to establish the connection. Mutually exclusive with the console option.

provider

dict

An alternative syntax for specifying the connection options. Rather than specifying each connection-related top-level option, the connection-related options may be specified as a dictionary of suboptions to the provider option. All connection-related options must either be specified as top-level options or as suboptions of the provider option. You can not combine the two methods of specifying connection-related options.

**Dictionary object provider**
parameter	type	required	default	choices	comments
attempts	int	no	10		The number of times to try connecting and logging in to the Junos device. This option is only applicable when using `mode = 'telnet'` or `mode = 'serial'`. Mutually exclusive with the console option.
baud	int	no	9600		The serial baud rate, in bits per second, used to connect to the Junos device. This option is only applicable when using `mode = 'serial'`. Mutually exclusive with the console option.
console	str	no	none		An alternate method of specifying a NETCONF over serial console connection to the Junos device using Telnet to a console server. The value of this option must be a string in the format `--telnet <console_hostname>,<console_port_number>`. This option is deprecated. It is present only for backwards compatibility. The string value of this option is exactly equivalent to specifying host with a value of `<console_hostname>`, mode with a value of `telnet`, and port with a value of `<console_port_number>`. Mutually exclusive with the mode, port, baud, and attempts options.
host	str	yes	`{{ inventory_hostname }}`		The hostname or IP address of the Junos device to which the connection should be established. This is normally the Junos device itself, but is the hostname or IP address of a console server when connecting to the console of the device by setting the mode option to the value `telnet`. This option is required, but does not have to be specified explicitly by the user because it defaults to `{{ inventory_hostname }}`.
mode	str	no	none	none telnet serial	The PyEZ mode used to establish a NETCONF connection to the Junos device. A value of `none` uses the default NETCONF over SSH mode. Depending on the values of the host and port options, a value of `telnet` results in either a direct NETCONF over Telnet connection to the Junos device, or a NETCONF over serial console connection to the Junos device using Telnet to a console server. A value of `serial` results in a NETCONF over serial console connection to the Junos device. Mutually exclusive with the console option.
passwd	str	no	The first defined value from the following list 1) The `ANSIBLE_NET_PASSWORD` environment variable. (used by Ansible Tower) 2) The value specified using the `-k` or `--ask-pass` command line arguments to the `ansible` or `ansible-playbook` command. 3) none (An empty password/passphrase)		The password, or ssh key's passphrase, used to authenticate with the Junos device. If this option is not specified, authentication is attempted using an empty password, or ssh key passphrase.
port	int or str	no	`830` if `mode = none`, `23` if `mode = 'telnet'`, `'/dev/ttyUSB0'` if (mode = 'serial')		The TCP port number or serial device port used to establish the connection. Mutually exclusive with the console option.
ssh_private_key_file	path	no	The first defined value from the following list 1) The `ANSIBLE_NET_SSH_KEYFILE` environment variable. (used by Ansible Tower) 2) The value specified using the `--private-key` or `--key-file` command line arguments to the `ansible` or `ansible-playbook` command. 3) none (the file specified in the user's SSH configuration, or the operating-system-specific default)		The path to the SSH private key file used to authenticate with the Junos device. If this option is not specified, and no default value is found using the algorithm below, then the SSH private key file specified in the user's SSH configuration, or the operating-system-specific default is used. This must be in the RSA PEM format, and not the newer OPENSSH format. To check if the private key is in the correct format, issue the command `head -n1 ~/.ssh/some_private_key` and ensure that it's RSA and not OPENSSH. To create a key in the RSA PEM format, issue the command `ssh-keygen -m PEM -t rsa -b 4096`. To convert an OPENSSH key to an RSA key, issue the command `ssh-keygen -p -m PEM -f ~/.ssh/some_private_key`
ssh_config	path	no			The path to the SSH client configuration file. If this option is not specified, then the PyEZ Device instance by default queries file ~/.ssh/config.
timeout	int	no	30		The maximum number of seconds to wait for RPC responses from the Junos device. This option does NOT control the initial connection timeout value.
user	str	yes	The first defined value from the following list 1) The `ANSIBLE_NET_USERNAME` environment variable. (used by Ansible Tower) 2) The `remote_user` as defined by Ansible. Ansible sets this value via several methods including a) `-u` or `--user` command line arguments to the `ansible` or `ansible-playbook` command. b) `ANSIBLE_REMOTE_USER` environment variable. c) `remote_user` configuration setting. See the Ansible documentation for the precedence used to set the `remote_user` value. 3) The `USER` environment variable.		The username used to authenticate with the Junos device. This option is required, but does not have to be specified explicitly by the user due to the algorithm for determining the default value.
cs_user	str	no			The username used to authenticate with the console server over SSH. This option is only required if you want to connect to a device over console using SSH as transport. Mutually exclusive with the console option.
cs_passwd	str	no			The password used to authenticate with the console server over SSH. This option is only required if you want to connect to a device over console using SSH as transport. Mutually exclusive with the console option.

ssh_config

path

The path to the SSH client configuration file. If this option is not specified, then the PyEZ Device instance by default queries file ~/.ssh/config.

ssh_private_key_file

path

The first defined value from the following list 1) The ANSIBLE_NET_SSH_KEYFILE environment variable. (used by Ansible Tower) 2) The value specified using the --private-key or --key-file command line arguments to the ansible or ansible-playbook command. 3) none (the file specified in the user's SSH configuration, or the operating-system-specific default)

The path to the SSH private key file used to authenticate with the Junos device. If this option is not specified, and no default value is found using the algorithm below, then the SSH private key file specified in the user's SSH configuration, or the operating-system-specific default is used.

This must be in the RSA PEM format, and not the newer OPENSSH format. To check if the private key is in the correct format, issue the command `head -n1 ~/.ssh/some_private_key` and ensure that it's RSA and not OPENSSH. To create a key in the RSA PEM format, issue the command `ssh-keygen -m PEM -t rsa -b 4096`. To convert an OPENSSH key to an RSA key, issue the command `ssh-keygen -p -m PEM -f ~/.ssh/some_private_key`

aliases: ssh_keyfile

timeout

int

The maximum number of seconds to wait for RPC responses from the Junos device. This option does NOT control the initial connection timeout value.

user

str

yes

The first defined value from the following list 1) The ANSIBLE_NET_USERNAME environment variable. (used by Ansible Tower) 2) The remote_user as defined by Ansible. Ansible sets this value via several methods including a) -u or --user command line arguments to the ansible or ansible-playbook command. b) ANSIBLE_REMOTE_USER environment variable. c) remote_user configuration setting. See the Ansible documentation for the precedence used to set the remote_user value. 3) The USER environment variable.

The username used to authenticate with the Junos device. This option is required, but does not have to be specified explicitly by the user due to the algorithm for determining the default value.

aliases: username

Common Logging-related Options ------------------------------ In addition to the :ref:`module-specific-options-label`, the following logging-related options are also supported by this module: .. raw:: html

parameter	type	required	default	choices	comments
level	str	no	WARNING	INFO DEBUG	The level of information to be logged can be modified using this option 1) By default, messages at level `WARNING` or higher are logged. 2) If the `-v` or `--verbose` command-line options to the `ansible-playbook` command are specified, messages at level `INFO` or higher are logged. 3) If the `-vv` (or more verbose) command-line option to the `ansible-playbook` command is specified, or the `ANSIBLE_DEBUG` environment variable is set, then messages at level `DEBUG` or higher are logged. 4) If `level` is mentioned then messages at level `level` or more are logged.
logdir	path	no	none		The path to a directory, on the Ansible control machine, where debugging information for the particular task is logged. If this option is specified, debugging information is logged to a file named `{{ inventory_hostname }}.log` in the directory specified by the logdir option. The log file must be writeable. If the file already exists, it is appended. It is the users responsibility to delete/rotate log files. The level of information logged in this file is controlled by Ansible's verbosity, debug options and level option in task 1) By default, messages at level `WARNING` or higher are logged. 2) If the `-v` or `--verbose` command-line options to the `ansible-playbook` command are specified, messages at level `INFO` or higher are logged. 3) If the `-vv` (or more verbose) command-line option to the `ansible-playbook` command is specified, or the `ANSIBLE_DEBUG` environment variable is set, then messages at level `DEBUG` or higher are logged. 4) If `level` is mentioned then messages at level `level` or more are logged. The logfile and logdir options are mutually exclusive. The logdir option is recommended for all new playbooks. aliases: log_dir
logfile	path	no	none		The path to a file, on the Ansible control machine, where debugging information for the particular task is logged. The log file must be writeable. If the file already exists, it is appended. It is the users responsibility to delete/rotate log files. The level of information logged in this file is controlled by Ansible's verbosity, debug options and level option in task 1) By default, messages at level `WARNING` or higher are logged. 2) If the `-v` or `--verbose` command-line options to the `ansible-playbook` command are specified, messages at level `INFO` or higher are logged. 3) If the `-vv` (or more verbose) command-line option to the `ansible-playbook` command is specified, or the `ANSIBLE_DEBUG` environment variable is set, then messages at level `DEBUG` or higher are logged. 4) If `level` is mentioned then messages at level `level` or more are logged. When tasks are executed against more than one target host, one process is forked for each target host. (Up to the maximum specified by the forks configuration. See forks for details.) This means that the value of this option must be unique per target host. This is usually accomplished by including `{{ inventory_hostname }}` in the logfile value. It is the user's responsibility to ensure this value is unique per target host. For this reason, this option is deprecated. It is maintained for backwards compatibility. Use the logdir option in new playbooks. The logfile and logdir options are mutually exclusive. aliases: log_file

.. _juniper_junos_software-examples-label: Examples -------- :: --- - name: Examples of juniper_junos_software hosts: junos-all connection: local gather_facts: no roles: - Juniper.junos tasks: - name: Execute a basic Junos software upgrade. juniper_junos_software: local_package: "./images/" register: response - name: Print the complete response. debug: var: response ###### OLD EXAMPLES ########## - junos_install_os: host={{ inventory_hostname }} version=12.1X46-D10.2 package=/usr/local/junos/images/junos-vsrx-12.1X46-D10.2-domestic.tgz logfile=/usr/local/junos/log/software.log ###### OLD EXAMPLES ########## Return Values ------------- .. raw:: html

name	description	returned	type
changed	Indicates if the device's state has changed, or if the state would have changed when executing in check mode. This value is set to `true` when the version of software currently running on the target Junos device does not match the desired version of software specified by the version option. If the current and desired software versions match, the value of this key is set to `false`.	success	bool
check_mode	Indicates whether or not the module ran in check mode.	success	bool
failed	Indicates if the task failed.	always	bool
msg	A human-readable message indicating the result of the software installation.	always	str

Notes ----- .. note:: - This module does support connecting to the console of a Junos device, but does not support copying the software package from the local Ansible control machine to the target Junos device while connected via the console. In this situation, the *remote_package* option must be specified, and the specified software package must already exist on the target Junos device. - This module returns after installing the software and, optionally, initiating a reboot of the target Junos device. It does not wait for the reboot to complete, and it does not verify that the desired version of software specified by the *version* option is actually activated on the target Junos device. It is the user's responsibility to confirm the software installation using additional follow on tasks in their playbook. - The NETCONF system service must be enabled on the target Junos device. Author ~~~~~~ * Jeremy Schulman * Juniper Networks - Stacy Smith (@stacywsmith) Status ~~~~~~ This module is flagged as **stableinterface** which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.