all 6 comments

[–]OhMyInternetPoliticsI drink and I route things 3 points4 points  (0 children)

No. I would never trust Junos Space to configure ANY device on my network. It's useful for metrics... and that's about it.

The problem with space is that it'll push out tons of garbage config along with what you want, and there's not a real good way to verify if the push failed and why it failed. Plus if it's a brownfield deployment there's a major risk it'll blow away large chunks of your configuration causing outages.

You're better off using something as simple as a parallel rancid jlogin script, or ansiblehttps://www.reddit.com/jsnapy.

[–]passw0rd_ 1 point2 points  (1 child)

I've never used Space, but I was tasked with using another application for pushing configs to all of our Juniper devices. Since I couldn't test it in the lab, I found a device in production that wouldn't cause any issues with customer traffic if I messed with it. I configured it to log interactive commands, and ran a monitor of the log file so that I can watch what the application is actually doing when I push configs. This helped me tune the application to get it working the way I wanted.

To log interactive commands:

set system syslog file interactive-commands interactive-commands any
commit and-quit

Then, when you're getting ready to test, issue "monitor start interactive-commands"

To stop it, issue "monitor stop".

[–]tpfannes[S] 0 points1 point  (0 children)

Doesn't seem anyone is a big fan of space. This is an extremely useful troubleshooting tool, thank you. Ive been meaning to get my feet wet with Python so I think I'll script it and use "monitor start interactive-commands" to help troubleshoot/deploy. Thank you.

[–]vlan-whisperer 1 point2 points  (0 children)

It'd honestly just be easier to write a simple python script that logs into every switch one at a time and pastes the config you want to push and then commit it.

Juniper makes it easy, they have their own library tailored towards interacting with JUNOS it's called PyEZ.

[–]0x2142comCCNP/CCDP 0 points1 point  (0 children)

I pretty much use space only for Security Director - We have dozens of distributed firewalls and it's easier to manage ruleset configs. For something like this I would try using Ansible to push out a config template.

[–]cg_infradata 0 points1 point  (0 children)

"SkyEnterprise" is a Juniper-branded version of cloud-based OneConfig. Seems it does a fine job and can manage all types of devices. Else the OneConfig tool in general can push out to all Juniper devices last I knew.