Junos Automation (Scripting)
Junos Automation (Scripting)

Cloud-init issue on vSRX on AWS

‎05-04-2019 08:39 PM

Hi, I'm trying to automate the configuration of vSRX on AWS using cloud-init.

 

So here is the new config I'm providing as a file to include in the user-data section.

 

#junos-config
version 18.4R1.8;
groups {
    global {
        system {
            root-authentication {
                encrypted-password "$6$42W2orBm$cJjLPIgeFVdyjqlXjfzcDKU8P341JMxG5F9lesP/2lK0exogI4IT0v9gFfnfXDELtBHlbIpVvZM8bV.8ivkIV/"; ## SECRET-DATA
            }
            services {
                ssh {
                    root-login allow;
                }
                web-management {
                    https {
                        system-generated-certificate;
                    }
                }
            }
            license {
                autoupdate {
                    url https://ae1.juniper.net/junos/key_retrieval;
                }
            }
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        dhcp;
                    }
                }
            }
        }
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 172.31.16.1;
            }
        }
    }
}
apply-groups global;

The cloud-init function is getting executed, but the new config gets appended to the existing config on the device.

 

So I end up having a config like this:

 

#junos-config
version 18.4R1.8;
groups {
    global {
        ### OMITTED TO SAVE SPACE
    }
    aws-default {
        ### OMITTED TO SAVE SPACE   
    }
}
apply-groups [ global aws-default ];

As you can see above, it now has two groups "aws-default" and "global".

 

What am I doing wrong? How can the old config be replaced with the new one, instead of it getting appended?

 

I followed this documentation: https://www.juniper.net/documentation/en_US/vsrx/topics/task/configuration/security-vsrx-aws-cloud-i...

 

Thanks in advance.