ansible-collections / ansible.network Goto Github PK
View Code? Open in Web Editor NEWAnsible Network Collection for network and IP utilities that are not specific to any platform or OS.
License: GNU General Public License v3.0
Ansible Network Collection for network and IP utilities that are not specific to any platform or OS.
License: GNU General Public License v3.0
Provide a single platform agnostics entry point to manage all the resources supported for given network os.
This will be achieved by implementing a platform-agnostic role ansible.network.network_resource
as part of ansible.network
collection.
Describe the reasons for this proposal.
Provide a single entry point to manage network resource and ease the usage of Ansible network resource modules.
host_vars
thus enabling the capability to get facts for all the host within the inventory and store facts in a structured format.ansible.netcommon.network_resource
(action plugin) that will provide a single entry point to higher-order roles to manage all the resource modules.Example usage:
- name: get list of resource modules for given ansible_network_os
ansible.netcommon.network_resource:
register: result
vars:
ansible_network_os: cisco.ios.ios
- name: fetch acl resource config
ansible.netcommon.network_resource:
name: acls
state: gathered
vars:
ansible_network_os: cisco.ios.ios
- name: manage acl config
ansible.netcommon.network_resource:
name: acls
config:
- afi: ipv4
acls:
- name: test_acl
acl_type: extended
aces:
- grant: deny
protocol_options:
tcp:
fin: true
source:
address: 192.0.2.0
wildcard_bits: 0.0.0.255
destination:
address: 192.0.3.0
wildcard_bits: 0.0.0.255
state: merged
vars:
ansible_network_os: cisco.ios.ios
The ansible.network. resource_manager
role will support the following functions
ansible_network_os
as input and will return a list of supported resource modules.ansible_network_os
, the name of the resources (optional) and path to the inventory (optional) as input. This function will fetch the resource facts from the remote host and build the inventory host_vars at runtime.ansible_network_os
, the name of the resources (optional) and path to the inventory (optional) as input. This function will then read the host_vars for the given resource from inventory and push it to the remote host. If the name of the resource is not provided in the input it pushes the entire inventory host_vars to the remote host.Example usage:
- hosts: ios
gather_facts: no
tasks:
- name: invoke list fuctnion
include_role:
name: ansible.network.resource_manager
tasks_from: list
vars:
ansible_network_os: cisco.ios.ios
- hosts: ios
gather_facts: no
tasks:
- name: invoke get function for all resources
include_role:
name: ansible.network.resource_manager
tasks_from: get
vars:
ansible_network_os: cisco.ios.ios
network_resource_include: [all] # default value
network_resource_exclude: [] # default value
network_resource_inventory_path: "./inventory/host_vars"
- hosts: ios
gather_facts: no
tasks:
- name: invoke configure function for given resources
include_role:
name: ansible.network.resource_manager
tasks_from: configure
vars:
ansible_network_os: cisco.ios.ios
network_resource_include: ["acls", "interfaces"]
network_resource_inventory_path: "./inventory/host_vars"
I would open the issue on the cisco.ios collection but I am thinking this will end up a documentation bug as we make the leap to libssh....
Basically we are now hitting a paramiko security issue
The issue is here: ansible/workshops#1604
I have tested with paramiko 2.10.1 and 2.10.3
➜ ~ pip3 show paramiko
Name: paramiko
Version: 2.10.3
Summary: SSH2 protocol library
Home-page: https://paramiko.org
Author: Jeff Forcier
Author-email: [email protected]
License: LGPL
Location: /usr/local/lib/python3.9/site-packages
Requires: bcrypt, cryptography, pynacl, six
Required-by:
➜ ~ ansible --version
ansible [core 2.11.2]
config file = /Users/sean/.ansible.cfg
configured module search path = ['/Users/sean/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
ansible collection location = /Users/sean/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.9.9 (main, Nov 21 2021, 03:23:42) [Clang 13.0.0 (clang-1300.0.29.3)]
jinja version = 3.0.1
libyaml = True
I am getting connection problems with Cisco IOS only... whereas paramiko 2.8.1 works fine. Arista EOS works on 2.8.1, 2.10.1 and 2.10.3
We either need to
A) figure out a workaround and a non-security bugged paramiko version that we can tell customers
or
B) move customers to libssh....
I think in either case... this is probably more documentation than bug? I am not sure... I did notice the network_ee is also pegged at 2.8.1 before I opened this issue...
connection: network_cli
with
ansible_network_os. cisco.ios.ios
2.11.2
# /Users/sean/.ansible/collections/ansible_collections
Collection Version
----------------------------------- -------
amazon.aws 3.1.1
ansible.netcommon 2.0.2
ansible.network 1.2.0
ansible.posix 1.3.0
ansible.product_demos 1.2.13
ansible.utils 2.5.2
ansible.windows 1.9.0
ansible.workshops 1.0.11
arista.eos 2.1.2
awx.awx 19.4.0
azure.azcollection 1.12.0
chocolatey.chocolatey 1.2.0
cisco.ios 2.0.1
cisco.iosxr 2.8.1
cisco.nxos 2.9.0
community.aws 3.1.0
community.crypto 2.2.3
community.general 4.5.0
community.mysql 3.1.1
community.windows 1.9.0
containers.podman 1.9.1
f5networks.f5_modules 1.15.0
frr.frr 1.0.3
junipernetworks.junos 2.1.0
openvswitch.openvswitch 2.1.0
redhat_cop.controller_configuration 2.1.1
redhat_cop.tower_utilities 2.0.1
vyos.vyos 2.8.0
DEFAULT_STDOUT_CALLBACK(/Users/sean/.ansible.cfg) = yaml
GALAXY_SERVER_LIST(/Users/sean/.ansible.cfg) = ['release_galaxy']
HOST_KEY_CHECKING(/Users/sean/.ansible.cfg) = False
Mac OS
just try to connect to a Cisco IOS box, the one I have is Cisco IOS Software [Fuji], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.9.2, RELEASE SOFTWARE (fc4)
connection occurs...
no connection
Author: Rohit Thakur (@rohitthakur2590)
Date: 2022/06/21
Describe the reasons for this proposal.
Provide Network BGP Vaidated Content to perform BGP health checks and manage BGP resources.
ansible.bgp.run
:*_bgp_global
and *_bgp_address_family
network resource module.The tasks offered by this role could be observed as below:---
- hosts: junos
tasks:
- name: BGP Manager
include_role:
name: ansible.bgp.run
vars:
actions:
- name: health_check
vars:
details: True
checks:
- name: all_neighbors_up
- name: all_neighbors_down
- name: min_neighbors_up
min_count:
---
- hosts: junos
tasks:
- name: BGP Manager
include_role:
name: ansible.bgp.run
vars:
actions:
- name: persist
---
- hosts: junos
tasks:
- name: BGP Manager
include_role:
name: ansible.bgp.run
vars:
actions:
- name: gather
---
- hosts: junos
tasks:
- name: BGP Manager
include_role:
name: ansible.bgp.run
vars:
actions:
- name: deploy
We need the description of the meta collection to be there on README
Also the title of the README should be just "Ansible Network Meta Collection" and not "Ansible Network Collection for network and IP utilities that are not specific to any platform or OS, or that interact with any platform os."
GRPC connection plugin to interact with network devices that support gRPC
Author: Gomathi Selvi Srinivasan (@GomathiselviS)
Date: 2021/05/20
Describe the reasons for this proposal.
Provide GRPC modules to interact with devices that have gRPC services enabled.
grpc_get
module:section
: This argument specifies the string which acts as a filter to restrict the portions of the data to be are retrieved from remote device. If this option is not specified the entire configuration or state data is returned in response provided it is supported by the target host.command
: The option specifies the command to be executed on the target host and returns the response in the result. This option is supported if the gRPC target host supports executing the CLI command over the gRPC connection.display
: This argument specifies an encoding scheme to use when serializing output from the device. The encoding scheme value depends on the capability of the gRPC server running on the target host. The values can be I(json), I(text) etc.data_type
: This argument specifies the type of data that should be fetched from the target host. The value depends on the capability of the gRPC server running on the target host. The values can be I(config), I(oper) etc. based on what is supported by the gRPC server. By default, it will return both configuration and operational state data in response.grpc_config
module:config
: This option specifies the string which acts as a filter to restrict the portions of the data to be retrieved from the target host device. If this option is not specified the entire configuration or state data is returned in response provided it is supported by the target host.state
: The operation that needs to be performed on the candidate datastore. Valid values are merged
, replaced
, and deleted
. The default value is merged
. merged: If the value is merged
the configuration data in the config
option is merged with the configuration at the corresponding level in the target datastore. If the value is replaced
the configuration data in the config
option completely replaces the configuration in the target datastore. If the value is deleted
the configuration data in the config
option is deleted.backup
: This argument will cause the module to create a full backup of the current C(running-config) from the remote device before any changes are made. If the C(backup_options) value is not given, the backup file is written to the C(backup) folder in the playbook root directory or role root directory, if playbook is part of an ansible role. If the directory does not exist, it is created. backup_options:
: This is a dict object containing configurable options related to backup file path. The value of this option is read only when C(backup) is set to I(yes), if C(backup) is set to I(no) this option will be silently ignored.- name: run cli command
grpc_get:
command: 'show version'
display: text
- name: Get bgp configuration data
grpc_get:
section: '{"Cisco-IOS-XR-ipv4-bgp-cfg:bgp": [null]}'
- name: Get configuration JSON format over secure TLS channel
grpc_get:
display: json
data: config
vars:
ansible_root_certificates_file: /home/username/ems.pem
ansible_grpc_channel_options:
'grpc.ssl_target_name_override': 'ems.cisco.com'
- name: Merge static route config
ansible.netcommon.grpc_config:
config:
Cisco-IOS-XR-ip-static-cfg:router-static:
default-vrf:
address-family:
vrfipv4:
vrf-unicast:
vrf-prefixes:
vrf-prefix:
- prefix: "1.2.3.6"
prefix-length: 32
vrf-route:
vrf-next-hop-table:
vrf-next-hop-next-hop-address:
- next-hop-address: "10.0.2.2"
state: merged
- name: Find diff
diff: True
ansible.netcommon.grpc_config:
config: "{{ lookup('file', 'bgp_start.yml') }}"
state: merged
- name: Backup running config
ansible.netcommon.grpc_config:
backup: yes
- name: Replace bgp config
ansible.netcommon.grpc_config:
config: "{{ lookup('file', 'bgp.yml') }}"
state: replaced
- name: Delete bgp config
ansible.netcommon.grpc_config:
config: "{{ lookup('file', 'bgp.yml') }}"
state: deleted
grpc_config
module.grpc_get
module.grpc_get
, grpc_config
network.base application acts as core for other validated content, as it provides the platform agnostic role called Resource Manager.This role provides a single platform-agnostics entry point to manage all the resources supported for a given network OS.
Author: Rohit Thakur (@rohitthakur2590)
Date: 2022/06/21
Describe the reasons for this proposal.
Provide Network Base Vaidated Content to act as core for other validated content to acheive platform agnostic resource management.
resource_manager
:---
- hosts: ios
tasks:
- name: invoke list function
include_role:
name: resource_manager
vars:
ansible_network_os: cisco.ios.ios
action: list
---
- hosts: ios
gather_facts: false
tasks:
- name: invoke gather function
include_role:
name: resource_manager
vars:
action: gather
ansible_network_os: cisco.ios.ios
resources:
- 'interfaces'
- 'l2_interfaces'
- 'l3_interfaces'
---
- hosts: ios
tasks:
- name: invoke persist function
include_role:
name: resource_manager
vars:
action: persist
ansible_network_os: cisco.ios.ios
resources:
- 'interfaces'
- 'l2_interfaces'
- 'l3_interfaces'
---
- hosts: ios
tasks:
- name: invoke persist function
include_role:
name: resource_manager
vars:
action: deploy
ansible_network_os: cisco.ios.ios
resources:
- 'all'
---
- hosts: ios
tasks:
- name: invoke persist function
include_role:
name: resource_manager
vars:
action: configure
ansible_network_os: cisco.ios.ios
config:
- name: "GigabitEthernet0/0"
description: "Edited with Configure operation"
state: merged
resource_manager
tasks.param_list_compare
filter plugin.betwork.base
and resource_manager
Dear maintainers,
This is important for your collections!
In accordance with the Community decision, we have created the news-for-maintainers repository for announcements of changes impacting collection maintainers (see the examples) instead of Issue 45 that will be closed soon.
Watch
button in the upper right corner on the repository's home page.Issues
.Also we would like to remind you about the Bullhorn contributor newsletter which has recently started to be released weekly. To learn what it looks like, see the past releases. Please subscribe and talk to the Community via Bullhorn!
Join us in #ansible-social (for news reporting & chat), #ansible-community (for discussing collection & maintainer topics), and other channels on Matrix/IRC.
Help the Community and the Steering Committee to make right decisions by taking part in discussing and voting on the Community Topics that impact the whole project and the collections in particular. Your opinion there will be much appreciated!
Thank you!
We are happy to announce that the registration for the Ansible Contributor Summit is open!
This is a great opportunity for interested people to meet, discuss related topics, share their stories and opinions, get the latest important updates and just to hang out together.
There will be different announcements & presentations by Community, Core, Cloud, Network, and other teams.
Current contributors will be happy to share their stories and experience with newcomers.
There will be links to interactive self-passed instruqt scenarios shared during the event that help newcomers learn different aspects of development.
Online on Matrix and Youtube. Tuesday, April 12, 2022, 12:00 - 20:00 UTC.
Add the event to your calendar. Use the ical URL (for example, in Google Calendar "Add other calendars" > "Import from URL") instead of importing the .ics file so that any updates to the event will be reflected in your calendar.
Check out the Summit page:
We are looking forward to seeing you!:)
I have been seeing this issue with nxos_config
module. I don't know what the cause is and how to solve it.
use case/example:
- name: Delete IP block
nxos_config:
lines: "no ip prefix-list PLIST-XX1"
save_when: always
register: ip_delete_result
until: ip_delete_result is succeeded
retries: 3
Error:
fatal: [clf01-r03]: FAILED! => {"attempts": 3, "changed": false, "msg": "Socket is closed"}
Originally posted by @ashish-k-panigrahy in ansible-collections/ansible.netcommon#202 (comment)
Add support for a config validation plugin that evaluates network configurations against a predefined set of rules and renders warnings/failures based on the outcome of the validation task. This is aimed to precede *_config
tasks in a playbook and would allow us to catch potential errors in the candidate config before the succeeding tasks make configuration changes on the target. The rule set(s) are expected to be implemented by the users based on their exact needs and target platforms.
Describe the reasons for this proposal.
Have the ability to determine the "correctness" of the configuration to be pushed and ensure a more predictable outcome from the *_config modules.
As a user of the *_config modules:
- hosts: sw01
gather_facts: no
tasks:
- name: Validate candidate config against a pre-defined set of rules
ansible.utils.validate_config:
config: "{{ lookup('file', 'candidate.cfg') }}"
rules: "{{ role_path }}/rules/rules.yaml"
interface Eth1/1
description test-description-too-long
no switchport
interface Ethernet1/2
description intf-2
interface port-channel1
description po-1
interface po2.1
description po2
interface Loopback 10
description lo10
---
- name: 1. Interface description should not be more than 8 chars
example: "Matches description this-is-a-long-description"
rule: 'description\s(.{9,})'
action: warn
- name: Ethernet interface names should be in format Ethernet[Slot/chassis number].[sub-intf number (optional)]
example: "Matches interface Eth1/1, interface Eth 1/1, interface Ethernet 1/1, interface Ethernet 1/1.100"
rule: 'interface\sE(?!\w{7}\d/\d(.\d+)?)'
action: fail
- name: Ethernet interface names should be in format Ethernet[Slot/chassis number].[sub-intf number (optional)]
example: "Matches interface eth1/1, interface eth 1/1, interface ethernet 1/1, interface ethernet 1/1.100"
rule: 'interface\se(?!\w{7}\d/\d(.\d+)?)'
action: fail
- name: Loopback interface names should be in format loopback[Virtual Interface Number]
example: "Matches interface Lo10, interface Loopback 10"
rule: 'interface\sl(?!\w{7}\d)'
action: fail
- name: Loopback interface names should be in format loopback[Virtual Interface Number]
example: "Matches interface lo10, interface loopback 10"
rule: 'interface\sL(?!\w{7}\d)'
action: fail
- name: Port Channel names should be in format port-channel[Port Channel number].[sub-intf number (optional)]
example: "Matches interface port-channel 10, interface po10, interface port-channel 10.1"
rule: 'interface\sp(?!\w{3}-\w{7}\d(.\d+)?)'
action: fail
- name: Port Channel names should be in format port-channel[Port Channel number].[sub-intf number (optional)]
example: "Matches interface Port-channel 10, interface Po10, interface Port-channel 10.1"
rule: 'interface\sP(?!\w{3}-\w{7}\d(.\d+)?)'
action: fail
result: {
failures: [
{
"name": Ethernet interface names should be in format Ethernet[Slot/chassis number].[sub-intf number (optional)],
"rule": 'interface\sE(?!\w{7}\d/\d(.\d+)?)',
"config_line": "interface Eth1/1",
},
{
"name": Port Channel names should be in format port-channel[Port Channel number].[sub-intf number (optional)],
"rule": 'interface\sp(?!\w{3}-\w{7}\d(.\d+)?)',
"config_line": "interface po2.1",
},
{
"name": Loopback interface names should be in format loopback[Virtual Interface Number],
"rule": 'interface\sL(?!\w{7}\d)',
"config_line": "interface Loopback 10",
},
],
warnings: [
{
"name": "Interface description should not be more than 8 chars",
"rule": "description\s(.{9,})",
"config_line": "description test-description-too-long",
},
]
}
The proposal is to add an Ansible collection for vendor agnostic plugins that allows interacting with SNMP-enabled devices for querying and setting values.
The initial work has already been added to this repository. Please have a look at the README for more details.
This collection leverages the netsnmp
package and it's corresponding Python bindings net-snmp-python
.
Steps to install and setup have been explained in this section of the README.
A sample playbook and inventory file has been added in https://github.com/ansible-network/ansible.snmp/tree/main/playbooks.
Need to update changlog/config.yaml title section, ref: title
To update title section of changlog/config.yaml. ref: Title
Update README and repo description to better clarify the ansible.network collection is primarily a meta collection, but the inclusion of very generic multi-platform content maybe be considered under some circumstances. Plugins should be located in different, dependent collections. Content inclusion will be at the discretion of the collection maintainers with ongoing operational
overhead and supportability both considered.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.