Ansible on Juniper Junos OS 24 Automation Complete Guide
By Luca Berton · Published 2024-01-01 · Category: installation
Automate Juniper Junos 24 (MX, QFX, EX, SRX) with Ansible: junipernetworks.junos collection, NETCONF, OSPF/BGP, EVPN-VXLAN, security policies.
Juniper Junos OS 24 (24.x train, released 2024) runs on MX series routers, QFX/EX switches, and SRX firewalls. Ansible's junipernetworks.junos collection (≥ 8.0) plus NETCONF transport drive declarative configuration of OSPF/BGP, EVPN-VXLAN fabrics, security zones/policies, and BFD. This is the master Ansible guide for Junos 24.
Junos OS 24 release facts
| Item | Value | |---|---| | Release | 2024 (24.x EVO and classic) | | Platforms | MX, QFX, EX, SRX, ACX | | Programmability | NETCONF (default), gNMI, JET, YANG | | Variants | Junos OS Evolved (Linux-based) on QFX5K/PTX |
See also: Ansible on Cisco IOS XE 17.15 Automation Complete Guide
Ansible-core compatibility
Use ansible-core 2.18 LTS with junipernetworks.junos >= 8.0 and ansible.netcommon >= 6.1. Install junos-eznc (PyEZ) on the control node:
pip install junos-eznc>=2.7Inventory
[junos]
mx01 ansible_host=10.0.10.1
qfx01 ansible_host=10.0.10.2
srx01 ansible_host=10.0.10.3
[junos:vars]
ansible_network_os=junipernetworks.junos.junos
ansible_connection=ansible.netcommon.netconf
ansible_user=netadmin
ansible_password='{{ vault_junos_password }}'
ansible_port=830
See also: Ansible AWS: Complete Guide to Cloud Automation (2026)
Configuration backup
- name: Backup Junos configs
hosts: junos
gather_facts: false
tasks:
- name: Save running-config
junipernetworks.junos.junos_config:
backup: true
backup_options:
dir_path: ./backupsOSPF baseline
- name: OSPF on Junos 24
hosts: junos
gather_facts: false
tasks:
- name: Configure OSPF area 0
junipernetworks.junos.junos_ospf:
config:
- router_id: "{{ rid }}"
areas:
- area_id: '0.0.0.0'
interfaces:
- name: ge-0/0/0
- name: ge-0/0/1
state: mergedSee also: Ansible Become: Privilege Escalation with sudo, su & runas (Complete Guide)
EVPN-VXLAN on QFX
- name: EVPN-VXLAN on QFX
hosts: qfx01
gather_facts: false
tasks:
- name: Push EVPN config
junipernetworks.junos.junos_config:
src: templates/qfx-evpn.j2
comment: "EVPN-VXLAN baseline"
commit: truetemplates/qfx-evpn.j2:
set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list all
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher {{ rid }}:1
set switch-options vrf-target target:65001:1SRX security policies
- name: Manage SRX security policies
hosts: srx01
gather_facts: false
tasks:
- name: Allow trust -> untrust HTTPS
junipernetworks.junos.junos_security_policies:
config:
from_zones:
- name: trust
to_zones:
- name: untrust
policies:
- name: allow-https
match:
source_address: any
destination_address: any
application: junos-https
then:
permit: {}
state: mergedCommit confirmed (auto-rollback)
- name: Risky push with auto-rollback
hosts: junos
gather_facts: false
tasks:
- name: Commit confirmed 5
junipernetworks.junos.junos_config:
src: templates/{{ inventory_hostname }}.j2
confirm: 5
comment: "ansible run {{ ansible_date_time.iso8601 }}"
- name: Verify reachability
ansible.builtin.wait_for_connection:
delay: 10
timeout: 60
- name: Final commit
junipernetworks.junos.junos_config:
confirm_commit: true
Best practices
• Use commit confirmed with a 5-minute window for any change that could break management connectivity. • Prefer resource modules for declarative state; reservejunos_config for templated edge cases.
• Validate templates with commit check before push.
• Junos OS Evolved exposes Linux primitives — combine junos_config with ansible.builtin.shell only where required.
Conclusion
Junos 24 + junipernetworks.junos 8.x is the gold-standard automation surface in networking thanks to NETCONF, structured commits, and rollback semantics. Ansible plays cleanly to those strengths.
Category: installation