Skip to content
David Gee edited this page Dec 7, 2021 · 5 revisions

How does Junos integrate with Terraform?

The answer is with a project called JTAF - the Juniper Terraform Automation Framework!

JTAF is not a provider, but it's a set of tools used to create a provider for your specific platform, software version and configuration requirements. If you're interested, continue reading! Providers are plugins for Terraform and Hashicorp now has a registry with which you can download officially verified providers.

Refer to the provider docs for more details.

JTAF creates Terraform providers and automatically writes Go code which is then compiled into a static binary, aka, the provider. The Terraform providers generated by JTAF in turn, create configuration groups on Junos and apply them with the apply-group configuration stanza. These groups are then treated as Terraform resources.

Starting with JTAF

Start simple and build knowledge. JTAF works at the intersection between network programmability, more importantly YANG and NETCONF and Terraform with HCL. Whilst JTAF makes it easier for you to build providers, it isn't foolproof and you will need to understand a bit of everything before you'll make the most of JTAF.

Videos Introduction: https://youtu.be/eH24eCZc7pE

Installation: https://youtu.be/aTF7_Uscd9Q

Generate: https://youtu.be/UgsFU7UplRE

Execution: https://youtu.be/Lfkc38wzhNg

Interface Configuration: https://youtu.be/iCnnkDodUgQ

BGP Configuration: https://youtu.be/nQVNCNCJZRc

Technical Knowledge Requirements ​

Here is a laundry list of pre-requisite knowledge:

  1. You can read YANG and understand the basic semantics.
  2. You know what a simple XPath expression is.
  3. You know your way around Junos operationally.

Can the provider modules be generated for the end-element(leaf level in yang file) at same hierarchy?

Yes, The modules can be generated at any hierarchy. It is recommended to keep the hierarchy smaller in size. One can refer the Samples directory for a similar example. Refer link .

Can the provider modules be generated for the end-element(leaf level in yang file) at parent hierarchy?

Yes, The modules can be generated at any hierarchy. It is recommended to keep the hierarchy smaller in size. If the parent has large number of elements having multiple sub-hierarchies and you only need few elements in them then generate multiple module with different hierarchies. One can refer the Samples directory for a similar example. Refer link.

Can mulitple modules be generated as part of single provider?

Yes, multiple xpath or modules can be generated together as a single provider and can be set on the device using a single test file. One can refer the Samples directory for a similar example. Refer link.

Install Requirements

  1. Install Golang
  2. Install Python, virtual environments and Pyang (3.x of Python)
  3. You will need a IDE. Most of us use [Visual Code]( Visual Studio Code - Code Editing. Redefinedhttps://code.visualstudio.com) from Microsoft

Config Right-Sizing

The providers do not contain every configuration item by design. When JTAF writes Go code, it does so in the most simple fashion possible and thus flattens the internal data structures to a key/value data map. So what's in a provider? The short answer is whatever you put in it. XPath expressions control the content of the provider and those expressions are passed into JTAF, referenced in the configuration file.

JTAF is based on a Goldilocks approach of 'right-sizing' and focusses on the smallest units of concern. These units are:

  1. Platform specificity
  2. Correct software version
  3. A blob of configuration required as part of deterministic IaC (Infrastructure-as-Code)
  4. Single resource approach

Platform and software right-sizing is based purely on using the correct YANG models. For the configuration aspect, it's assumed that as you're working with IaC, you know ahead of time what configuration is required on your physical or virtual network element.

With regards to the single resource approach, it's important that in your .tf files that each resource name, contains the smallest blob of configuration possible. This is a complex topic and it will be explained in greater detail in these docs, but for now, ensure the rule is followed.

YANG Questions

Is choice-ident and choice-value supported?

Yes. As of JTAF 0.1.1 (Nov 25th 2021).

Can modules be generated for a list having multiple keys?

Yes, The modules can be generated at any hierarchy and multiple keys is supported. There may be a scenario when some keys are optional and that is still supported. You can refer to the Samples directory for a similar example.

How are modules generated for elements which have choices in their hierarchy?

Choice is also supported. You can refer to the samples directory for a similar example.