Juniper Salt Quick Start Guide

Salt for Junos OS Quick Start Guide

Published

2020-10-26

Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.

Salt for Junos OS Quick Start Guide

Copyright © 2020 Juniper Networks, Inc. All rights reserved.

The information in this document is current as of the date on the title page.

ii

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.

Table of Contents

1

2

3

Disclaimer

Salt for Junos OS Disclaimer | 5

Learn About Salt for Junos OS

Salt for Junos OS Overview | 7

Get Started

How to Install Salt for Junos OS | 10

Configure the Device Running Junos OS | 11

Set Up the Salt Master | 12

iii

Set Up the Junos Proxy Minion Server | 15

Authorize the Proxy Minion Keys on the Salt Master | 17

Verify the Connection to the Managed Device | 18

(Optional) Configure the Junos Syslog Engine | 20

How to Authenticate Salt for Junos OS Users | 22

Salt for Junos OS User Authentication Overview | 22

Authenticating the Salt User By Using a Password | 25

Authenticating the Salt User By Using SSH Keys | 25

Generating and Configuring SSH Keys | 26

Referencing SSH Keys in the Salt Proxy Configuration File | 27

1

CHAPTER

Disclaimer

Salt for Junos OS Disclaimer | 5

Salt for Junos OS Disclaimer

Use of the Salt for Junos OS software implies acceptance of the terms of this disclaimer, in addition to any
other licenses and terms required by Juniper Networks.

Juniper Networks is willing to make the Salt for Junos OS software available to you only upon the condition
that you accept all of the terms contained in this disclaimer. Please read the terms and conditions of this
disclaimer carefully.

The Salt for Junos OS software is provided as is. Juniper Networks makes no warranties of any kind
whatsoever with respect to this software. All express or implied conditions, representations and warranties,
including any warranty of non-infringement or warranty of merchantability or fitness for a particular
purpose, are hereby disclaimed and excluded to the extent allowed by applicable law.

In no event will Juniper Networks be liable for any direct or indirect damages, including but not limited to
lost revenue, profit or data, or for direct, special, indirect, consequential, incidental or punitive damages
however caused and regardless of the theory of liability arising out of the use of or inability to use the
software, even if Juniper Networks has been advised of the possibility of such damages.

5

2

CHAPTER

Learn About Salt for Junos OS

Salt for Junos OS Overview | 7

Salt for Junos OS Overview

g300546

Device Running

Junos OS

NETCONF

Event Bus (ZeroMQ)

Syslog Messages

Same or Different Servers

Reactor-enabled

salt-master

process

Junos
syslog

engine

Junos

salt-proxy

process

Salt, or the SaltStack Platform, is a Python-based, open-source remote execution and configuration
management tool. You can use Salt to define and enforce the state of a system or execute ad hoc commands
on a device. Salt is highly scalable and can manage thousands of devices, including devices running Junos
OS.

The Salt master is the main control server that manages one or more nodes, or Salt minions. The Salt master
can manage devices running Junos OS through a Salt proxy minion. A proxy minion enables you to manage
a device that does not directly run a Salt minion but can be managed through another protocol, for example,
the Network Configuration Protocol (NETCONF).

The Salt installation includes the following components and modules, which enable you to use Salt to
manage devices running Junos OS:

Junos proxy—Translates Salt operations into Junos OS-specific instructions and enables the Salt system

•

to connect to and manage devices running Junos OS.

7

Junos execution module—Defines execution functions that enable you to perform ad hoc tasks on devices

•

running Junos OS from the Salt master command line.

Junos state module—Defines state functions that enable you to declare and enforce the desired state

•

of a device running Junos OS.

Junos syslog engine—Monitors system log messages sent from devices running Junos OS, extracts the

•

event information, and publishes it in Salt format on the Salt event bus.

The Junos proxy connects to the Salt master using the ZeroMQ event bus and uses the Juniper Junos

PyEZ library to establish a NETCONF session over SSH with the device running Junos OS. Junos PyEZ is

a microframework for Python that enables you to manage and automate devices running Junos OS.

Figure 1 on page 7 illustrates a typical Salt setup with devices running Junos OS.

Figure 1: Junos Syslog Engine

RELATED DOCUMENTATION

Understanding Salt for Junos OS

Understanding the Salt for Junos OS Components

Understanding the Junos Execution and State Salt Modules

8

3

CHAPTER

Get Started

How to Install Salt for Junos OS | 10

How to Authenticate Salt for Junos OS Users | 22