From 1169ce111c90508c515902889dd552bcea4e2b5c Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Wed, 11 Oct 2017 16:23:30 +0000
Subject: [PATCH 1/4] Install ncclient python package for junos switches on
 ansible 2.3+

This package is required on the ansible control host, and is used by the
ansible-connection process to access the switches via a persistent SSH
connection. It must be installed in the kayobe virtual environment.
---
 ansible/roles/junos-switch/tasks/main.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/ansible/roles/junos-switch/tasks/main.yml b/ansible/roles/junos-switch/tasks/main.yml
index 7506f89c4..8f5ce0153 100644
--- a/ansible/roles/junos-switch/tasks/main.yml
+++ b/ansible/roles/junos-switch/tasks/main.yml
@@ -3,6 +3,8 @@
 # not seem to be possible to use ansible_python_interpreter in combination with
 # delegate_to. This should be investigated in future as modification of system
 # packages via pip is not ideal.
+
+# For ansible 2.2, Juniper specific python packages are required.
 - name: Ensure python dependencies are installed
   pip:
     name: "{{ item }}"
@@ -10,8 +12,20 @@
   with_items:
     - junos-eznc
     - jxmlease
+  when: ansible_version | version_compare('2.3', 'lt')
   become: True
 
+# For ansible 2.3+, only the NETCONF client ncclient is required. This must be
+# installed on the ansible control host where the ansible-connection subprocess
+# is executed.
+- name: Ensure python dependencies are installed
+  local_action:
+    module: pip
+    name: ncclient
+    virtualenv: "{{ lookup('env', 'VIRTUAL_ENV') | default(omit, true) }}"
+  when: ansible_version | version_compare('2.3', 'ge')
+  become: "{{ lookup('env', 'VIRTUAL_ENV') == None }}"
+
 - name: Ensure Juniper switches are configured
   junos_config:
     provider: "{{ junos_switch_provider }}"

From c7bcdf2cf94db99c0805e7a4ea8bdd7650dbcf3c Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Wed, 11 Oct 2017 16:25:34 +0000
Subject: [PATCH 2/4] Remove default filter from junos switch timeout

In ansible 2.3, the default filter appears to make the timeout be interpreted as a
string rather than a number, which causes the netconf client ncclient to barf.
As we always define a timeout, this default seems unnecessary anyway so let's
remove it.
---
 ansible/group_vars/switches/junos | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/group_vars/switches/junos b/ansible/group_vars/switches/junos
index c18185494..d833c2937 100644
--- a/ansible/group_vars/switches/junos
+++ b/ansible/group_vars/switches/junos
@@ -11,7 +11,7 @@ switch_junos_provider:
   username: "{{ ansible_user }}"
   password: "{{ ansible_ssh_pass|default(omit) }}"
   ssh_keyfile: "{{ ansible_ssh_private_key_file|default(omit) }}"
-  timeout: "{{ switch_junos_timeout|default(omit) }}"
+  timeout: "{{ switch_junos_timeout }}"
 
 ###############################################################################
 # Configuration format.

From 887f06106d3c92c244972c88ad696e9faf544ad9 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Wed, 11 Oct 2017 16:26:33 +0000
Subject: [PATCH 3/4] Remove stale variable from junos role invocation

We didn't end up using a virtualenv in the junos role, so this is not required.
---
 ansible/physical-network.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ansible/physical-network.yml b/ansible/physical-network.yml
index d5eb86a36..c4a5923a5 100644
--- a/ansible/physical-network.yml
+++ b/ansible/physical-network.yml
@@ -40,7 +40,6 @@
 
     - role: junos-switch
       junos_switch_delegate_to: localhost
-      junos_switch_venv: "{{ lookup('env', 'VIRTUAL_ENV') }}"
       junos_switch_type: "{{ switch_type }}"
       junos_switch_provider: "{{ switch_junos_provider }}"
       junos_switch_config_format: "{{ switch_junos_config_format }}"

From da75d6b734fa0451738993d4d6c9beab9b4640b2 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Thu, 12 Oct 2017 10:49:13 +0000
Subject: [PATCH 4/4] Use local_action instead of delegate_to in switch config
 tasks

As of ansible 2.3, it is no longer possible to use delegate_to with a host other
than localhost. Use of a jump host can be enabled via setting ProxyCommand in
ansible_ssh_common_args as for other hosts.
---
 ansible/physical-network.yml                 | 2 --
 ansible/roles/dell-switch/defaults/main.yml  | 3 ---
 ansible/roles/dell-switch/tasks/main.yml     | 8 ++++----
 ansible/roles/junos-switch/defaults/main.yml | 3 ---
 ansible/roles/junos-switch/tasks/main.yml    | 4 ++--
 5 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/ansible/physical-network.yml b/ansible/physical-network.yml
index c4a5923a5..565ecbd71 100644
--- a/ansible/physical-network.yml
+++ b/ansible/physical-network.yml
@@ -26,7 +26,6 @@
     - role: ssh-known-host
 
     - role: dell-switch
-      dell_switch_delegate_to: localhost
       dell_switch_type: "{{ switch_type }}"
       dell_switch_provider: "{{ switch_dellos_provider }}"
       dell_switch_config: "{{ switch_config }}"
@@ -39,7 +38,6 @@
     - role: ssh-known-host
 
     - role: junos-switch
-      junos_switch_delegate_to: localhost
       junos_switch_type: "{{ switch_type }}"
       junos_switch_provider: "{{ switch_junos_provider }}"
       junos_switch_config_format: "{{ switch_junos_config_format }}"
diff --git a/ansible/roles/dell-switch/defaults/main.yml b/ansible/roles/dell-switch/defaults/main.yml
index c36b4915f..07bec1a39 100644
--- a/ansible/roles/dell-switch/defaults/main.yml
+++ b/ansible/roles/dell-switch/defaults/main.yml
@@ -1,7 +1,4 @@
 ---
-# Host on which to execute DellOS Ansible modules.
-dell_switch_delegate_to:
-
 # Type of Dell switch. One of dellos6, dellos9.
 dell_switch_type:
 
diff --git a/ansible/roles/dell-switch/tasks/main.yml b/ansible/roles/dell-switch/tasks/main.yml
index c48450b94..45ee2a079 100644
--- a/ansible/roles/dell-switch/tasks/main.yml
+++ b/ansible/roles/dell-switch/tasks/main.yml
@@ -1,14 +1,14 @@
 ---
 - name: Ensure DellOS6 switches are configured
-  dellos6_config:
+  local_action:
+    module: dellos6_config
     provider: "{{ dell_switch_provider }}"
     src: dellos6-config.j2
-  delegate_to: "{{ dell_switch_delegate_to }}"
   when: "{{ dell_switch_type == 'dellos6' }}"
 
 - name: Ensure DellOS9 switches are configured
-  dellos9_config:
+  local_action:
+    module: dellos9_config
     provider: "{{ dell_switch_provider }}"
     src: dellos9-config.j2
-  delegate_to: "{{ dell_switch_delegate_to }}"
   when: "{{ dell_switch_type == 'dellos9' }}"
diff --git a/ansible/roles/junos-switch/defaults/main.yml b/ansible/roles/junos-switch/defaults/main.yml
index 33f0674ed..09da1a600 100644
--- a/ansible/roles/junos-switch/defaults/main.yml
+++ b/ansible/roles/junos-switch/defaults/main.yml
@@ -1,7 +1,4 @@
 ---
-# Host on which to execute Junos Ansible modules.
-junos_switch_delegate_to:
-
 # Authentication provider information.
 junos_switch_provider:
 
diff --git a/ansible/roles/junos-switch/tasks/main.yml b/ansible/roles/junos-switch/tasks/main.yml
index 8f5ce0153..63b4b7009 100644
--- a/ansible/roles/junos-switch/tasks/main.yml
+++ b/ansible/roles/junos-switch/tasks/main.yml
@@ -27,11 +27,11 @@
   become: "{{ lookup('env', 'VIRTUAL_ENV') == None }}"
 
 - name: Ensure Juniper switches are configured
-  junos_config:
+  local_action:
+    module: junos_config
     provider: "{{ junos_switch_provider }}"
     src: "{{ junos_switch_src }}"
     src_format: "{{ junos_switch_config_format }}"
-  delegate_to: "{{ junos_switch_delegate_to }}"
   vars:
     junos_switch_config_format_to_src:
       set: junos-config-set.j2