oliverl_21.ios_config

Panoramica Versioni Approfondimenti

ansible-role-ios_config

=========

Cisco IOS Config Ansible Role

Current Tasks:

  • Define RADIUS Server
  • Global Settings for ISE/802.1x
  • Configure Device Sensor
  • Partially set up 802.1x Interface Config (logic for choosing the interface is still needed)
  • Implement PnP ZTP workflow

Features:

  • Connect via Bastion/Jumphost using Inventory Variable
  • Transitioned from Paramiko to libssh

To-Do:

Requirements

RADIUS Server Definition:

  • IP Address
  • Hostname
  • RADIUS Key
  • RADIUS Source Interface

Interface Definition:

  • Access VLAN
  • Optional: Fallback VLAN
  • Optional: Voice VLAN
  • Optional: Low impact mode

Switch to LibSSH

Reference

To use the libssh Module (only on linux)

pip3 install ansible-pylibssh

To switch to libssh for this Role

# roles/ios_config/default.yml
ansible_network_cli_ssh_type: libssh

Add this to ansible.cfg for global use

# ansible.cfg
[persistent_connection]
ssh_type = libssh

Bastion/Jumphost Connection

To use a Bastion/Jumphost to connect to the Network Devices, create:

# inventory/group_vars/all/ansible_ssh.yml
ansible_ssh_proxy_command: >-
  {% if bastion_host is defined and bastion_host != '' %}
  ssh {{ hostvars[bastion_host]['ansible_user'] }}@{{ hostvars[bastion_host]['ansible_host'] }}
  -o Port={{ hostvars[bastion_host]['ansible_ssh_port'] | default(22) }}
  -W %h:%p
  {% endif %}

ansible_ssh_common_args: >-
  {% if bastion_host is defined and bastion_host != '' %}
  -o ProxyCommand="{{ ansible_ssh_proxy_command }}"
  {% endif %}

# Default bastion host for all hosts
bastion_host: ""

Add bastion_host: "your-host" to your Inventory host/group vars where the Jumphost should be used. The Jumphost must be defined in the Inventory.

Example

# inventory/group_vars/ios.yml
---
ansible_user: admin
ansible_network_os: ios
bastion_host: tux01

# inventory/<inventoryfile>
[debian]
tux01 ansible_host=tux01.example.org

[debian:vars]
ansible_user=tux
ansible_become_method=sudo

Role Variables

  • fact_gather_enabled
    • Defaults to true
  • push_config
    • Defines if configuration should be pushed to the Device or if the config diff should be stored locally
  • ios_int_config_enabled
    • Enables interface configuration
  • ios_sensor_config_enabled
    • Enables IOS Device Sensor Configuration
  • ios_1xglobal_config_enabled
    • Enables IOS ISE/802.1x Global Config
  • int_global_config_enabled
    • Enables 802.1x interface configuration
  • pnp_config_enabled
    • Enables generation of PnP config, should be used with fact_gather_enabled: false

Dependencies

Roles: None

Collection:

  • cisco.ios
  • ansible.netcommon

Example Playbook

To-Do

- name: example
  hosts: csw02
  gather_facts: false
  connection: network_cli
  roles:
    - { role: ios_config, ios_config_enabled: false, ios_sensor_config_enabled: true, ios_1xglobal_config_enabled: true }

License

GPL-3.0-or-later

Author Information

oliverl-21

Informazioni sul progetto

Cisco IOS Configuration role

role networking cisco ios iosxe
Installa
ansible-galaxy install oliverl_21.ios_config
GitHub repository
1 stelle
2 fork
1 problemi aperti
Licenza
Unknown
Download
103
Proprietario
Oliver L
nothing to tell