diff --git a/geant/gap_ansible/plugins/ansible.cfg b/geant/gap_ansible/plugins/ansible.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..60c4147e6be6004d04509dc06e1ace1ccfb59ef2
--- /dev/null
+++ b/geant/gap_ansible/plugins/ansible.cfg
@@ -0,0 +1,7 @@
+[defaults]
+host_key_checking = False
+collections_paths = ~/.ansible/collections:/usr/share/ansible/collections
+plugin_paths     = ./modules:./connection:./module_utils:./netconf:./plugin_utils
+
+[netconf_connection]
+ssh_config = False
diff --git a/geant/gap_ansible/plugins/connection/netconf.py b/geant/gap_ansible/plugins/connection/netconf.py
index 97e679c5ec097329a22edb08a9143e914bec0537..9275f5dc2687c62c53db5fa5b7d367239cff1cbb 100644
--- a/geant/gap_ansible/plugins/connection/netconf.py
+++ b/geant/gap_ansible/plugins/connection/netconf.py
@@ -403,6 +403,18 @@ class Connection(NetworkConnectionBase):
             self._manager = manager.connect(**params)
 
             self._manager._timeout = self.get_option("persistent_command_timeout")
+            if self._config_mode == "private" and "junos" in self._network_os.lower():
+                open_rpc = (
+                    '<open-configuration '
+                    'xmlns="http://xml.juniper.net/xnm/1.1/xnm" '
+                    'private="true"/>'
+                )
+                try:
+                    # exec_command() will wrap to_ele(...) + manager.rpc(...)
+                    self.exec_command(open_rpc)
+                    self.queue_message("log", "opened Junos private candidate")
+                except Exception as e:
+                    raise AnsibleError(f"Failed to open private candidate: {to_text(e)}")
         except SSHUnknownHostError as exc:
             raise AnsibleConnectionFailure(to_native(exc))
         except AuthenticationError as exc:
@@ -438,6 +450,16 @@ class Connection(NetworkConnectionBase):
             self._manager.close_session()
         super(Connection, self).close()
 
+        # if self._config_mode == "private" and "junos" in self._network_os.lower():
+        #     close_rpc = (
+        #         '<close-configuration '
+        #         'xmlns="http://xml.juniper.net/xnm/1.1/xnm"/>'
+        #     )
+        #     try:
+        #         self.exec_command(close_rpc)
+        #     except Exception:
+        #         pass
+
     def set_config_mode(self, config_mode):
         """Set the config_mode passed from the module."""
         if config_mode:
diff --git a/geant/gap_ansible/plugins/inventory.ini b/geant/gap_ansible/plugins/inventory.ini
new file mode 100644
index 0000000000000000000000000000000000000000..2007d5f89fc4b7b50ccff55e2d3228ef2252e3d5
--- /dev/null
+++ b/geant/gap_ansible/plugins/inventory.ini
@@ -0,0 +1,2 @@
+[junos]
+my-junos ansible_host=62.40.119.4 ansible_user=gap-test ansible_password=concept_gear_ESSENTIAL93 ansible_connection=geant.gap_ansible.netconf ansible_network_os=geant.gap_ansible.junos
diff --git a/geant/gap_ansible/plugins/modules/junos_config.py b/geant/gap_ansible/plugins/modules/junos_config.py
index 0b48e45df4128528ecf1971a788319022096f751..7b21ad7bf446dfed73089a19e91a50e492b62aaa 100644
--- a/geant/gap_ansible/plugins/modules/junos_config.py
+++ b/geant/gap_ansible/plugins/modules/junos_config.py
@@ -437,18 +437,18 @@ def main():
         supports_check_mode=True,
     )
 
-    # if the user asked for private config mode, tell the connection
-    cfg_mode = module.params.get("config_mode")
-    if cfg_mode:
-        open_rpc = (
-            '<open-configuration '
-            'xmlns="http://xml.juniper.net/xnm/1.1/xnm" '
-            'private="true"/>'
-        )
-        try:
-            module._connection.exec_command(open_rpc)
-        except Exception as e:
-            module.fail_json(msg=f"Failed to open private candidate: {to_text(e)}")
+    # # if the user asked for private config mode, tell the connection
+    # cfg_mode = module.params.get("config_mode")
+    # if cfg_mode:
+    #     open_rpc = (
+    #         '<open-configuration '
+    #         'xmlns="http://xml.juniper.net/xnm/1.1/xnm" '
+    #         'private="true"/>'
+    #     )
+    #     try:
+    #         module._connection.exec_command(open_rpc)
+    #     except Exception as e:
+    #         module.fail_json(msg=f"Failed to open private candidate: {to_text(e)}")
 
     warnings = list()
     check_args(module, warnings)
@@ -540,15 +540,15 @@ def main():
 
             result["changed"] = True
 
-    if cfg_mode == 'private':
-        close_rpc = (
-            '<close-configuration '
-            'xmlns="http://xml.juniper.net/xnm/1.1/xnm"/>'
-        )
-        try:
-            module._connection.exec_command(close_rpc)
-        except Exception:
-            pass  # session teardown will close it anyway
+    # if cfg_mode == 'private':
+    #     close_rpc = (
+    #         '<close-configuration '
+    #         'xmlns="http://xml.juniper.net/xnm/1.1/xnm"/>'
+    #     )
+    #     try:
+    #         module._connection.exec_command(close_rpc)
+    #     except Exception:
+    #         pass  # session teardown will close it anyway
 
     module.exit_json(**result)
 
diff --git a/geant/gap_ansible/plugins/test-junos-private.yml b/geant/gap_ansible/plugins/test-junos-private.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c6987085af5ff43630041e523677ec48ccb40bd4
--- /dev/null
+++ b/geant/gap_ansible/plugins/test-junos-private.yml
@@ -0,0 +1,16 @@
+- name: Test private-candidate junos_config
+  hosts: junos
+  gather_facts: no
+  collections:
+    - geant.gap_ansible      # <-- your locally installed collection
+
+  tasks:
+    - name: Open private candidate, push a change and commit
+      geant.gap_ansible.junos_config:          # <-- module from geant.gap_ansible
+        lines:
+          - set system services ssh root-login allow
+        config_mode: private
+      register: result
+
+    - debug:
+        var: result