Arista EOS supports multiple connections. This page offers details on how each connection works in Ansible and how to use it.
The `Arista EOS<https://galaxy.ansible.com/arista/eos>`_ collection supports multiple connections. This page offers details on how each connection works in Ansible and how to use it.
For legacy playbooks, EOS still supports ``ansible_connection: local``. We recommend modernizing to use ``ansible_connection: network_cli`` or ``ansible_connection: httpapi`` as soon as possible.
The ``ansible_connection: local`` has been deprecated. Please use ``ansible_connection: ansible.netcommon.network_cli`` or ``ansible_connection: ansible.netcommon.httpapi`` instead.
Using CLI in Ansible
====================
@ -60,8 +52,8 @@ Example CLI ``group_vars/eos.yml``
..code-block:: yaml
ansible_connection: network_cli
ansible_network_os: eos
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: arista.eos.eos
ansible_user: myuser
ansible_password: !vault...
ansible_become: yes
@ -74,16 +66,16 @@ Example CLI ``group_vars/eos.yml``
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
Example CLI Task
Example CLI task
----------------
..code-block:: yaml
- name: Backup current switch config (eos)
eos_config:
arista.eos.eos_config:
backup: yes
register: backup_eos_location
when: ansible_network_os == 'eos'
when: ansible_network_os == 'arista.eos.eos'
@ -93,19 +85,19 @@ Using eAPI in Ansible
Enabling eAPI
-------------
Before you can use eAPI to connect to a switch, you must enable eAPI. To enable eAPI on a new switch via Ansible, use the ``eos_eapi`` module via the CLI connection. Set up group_vars/eos.yml just like in the CLI example above, then run a playbook task like this:
Before you can use eAPI to connect to a switch, you must enable eAPI. To enable eAPI on a new switch with Ansible, use the ``arista.eos.eos_eapi`` module through the CLI connection. Set up ``group_vars/eos.yml`` just like in the CLI example above, then run a playbook task like this:
..code-block:: yaml
- name: Enable eAPI
eos_eapi:
arista.eos.eos_eapi:
enable_http: yes
enable_https: yes
become: true
become_method: enable
when: ansible_network_os == 'eos'
when: ansible_network_os == 'arista.eos.eos'
You can find more options for enabling HTTP/HTTPS connections in the :ref:`eos_eapi <eos_eapi_module>` module documentation.
You can find more options for enabling HTTP/HTTPS connections in the :ref:`arista.eos.eos_eapi <ansible_collections.arista.eos.eos_eapi_module>` module documentation.
Once eAPI is enabled, change your ``group_vars/eos.yml`` to use the eAPI connection.
@ -114,8 +106,8 @@ Example eAPI ``group_vars/eos.yml``
..code-block:: yaml
ansible_connection: httpapi
ansible_network_os: eos
ansible_connection: ansible.netcommon.httpapi
ansible_network_os: arista.eos.eos
ansible_user: myuser
ansible_password: !vault...
ansible_become: yes
@ -127,56 +119,20 @@ Example eAPI ``group_vars/eos.yml``
- If you are accessing your host through a web proxy using ``https``, change ``http_proxy`` to ``https_proxy``.
Example eAPI Task
Example eAPI task
-----------------
..code-block:: yaml
- name: Backup current switch config (eos)
eos_config:
arista.eos.eos_config:
backup: yes
register: backup_eos_location
environment: "{{ proxy_env }}"
when: ansible_network_os == 'eos'
when: ansible_network_os == 'arista.eos.eos'
In this example the ``proxy_env`` variable defined in ``group_vars`` gets passed to the ``environment`` option of the module in the task.
eAPI examples with ``connection: local``
-----------------------------------------
``group_vars/eos.yml``:
..code-block:: yaml
ansible_connection: local
ansible_network_os: eos
ansible_user: myuser
ansible_password: !vault...
eapi:
host: "{{ inventory_hostname }}"
transport: eapi
authorize: yes
auth_pass: !vault...
proxy_env:
http_proxy: http://proxy.example.com:8080
eAPI task:
..code-block:: yaml
- name: Backup current switch config (eos)
eos_config:
backup: yes
provider: "{{ eapi }}"
register: backup_eos_location
environment: "{{ proxy_env }}"
when: ansible_network_os == 'eos'
In this example two variables defined in ``group_vars`` get passed to the module of the task:
- the ``eapi`` variable gets passed to the ``provider`` option of the module
- the ``proxy_env`` variable gets passed to the ``environment`` option of the module
This page offers details on connection options to manage FRR using Ansible.
The `FRR <https://galaxy.ansible.com/frr/frr>`_ collection supports the ``ansible.netcommon.network_cli`` connection. This section provides details on how to use this connection for Free Range Routing (FRR).
- The `ansible_user` should be a part of the `frrvty` group and should have the default shell set to `/bin/vtysh`.
- The ``ansible_user`` should be a part of the ``frrvty`` group and should have the default shell set to ``/bin/vtysh``.
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
IOS supports Enable Mode (Privilege Escalation). This page offers details on how to use Enable Mode on IOS in Ansible.
The `Cisco IOS<https://galaxy.ansible.com/cisco/ios>`_ collection supports Enable Mode (Privilege Escalation). This page offers details on how to use Enable Mode on IOS in Ansible.
For legacy playbooks, IOS still supports ``ansible_connection: local``. We recommend modernizing to use ``ansible_connection: network_cli`` as soon as possible.
The ``ansible_connection: local`` has been deprecated. Please use ``ansible_connection: ansible.netcommon.network_cli`` instead.
Using CLI in Ansible
====================
@ -46,8 +47,8 @@ Example CLI ``group_vars/ios.yml``
..code-block:: yaml
ansible_connection: network_cli
ansible_network_os: ios
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: cisco.ios.ios
ansible_user: myuser
ansible_password: !vault...
ansible_become: yes
@ -60,16 +61,16 @@ Example CLI ``group_vars/ios.yml``
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
IOS-XR supports multiple connections. This page offers details on how each connection works in Ansible and how to use it.
The `Cisco IOS-XR collection <https://galaxy.ansible.com/cisco/iosxr>`_ supports multiple connections. This page offers details on how each connection works in Ansible and how to use it.
For legacy playbooks, Ansible still supports ``ansible_connection=local`` on all IOS-XR modules. We recommend modernizing to use ``ansible_connection=netconf`` or ``ansible_connection=network_cli`` as soon as possible.
The ``ansible_connection: local`` has been deprecated. Please use ``ansible_connection: ansible.netcommon.network_cli`` or ``ansible_connection: ansible.netcommon.netconf`` instead.
Using CLI in Ansible
====================
@ -50,8 +52,8 @@ Example CLI inventory ``[iosxr:vars]``
@ -61,15 +63,15 @@ Example CLI inventory ``[iosxr:vars]``
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
Example CLI Task
Example CLI task
----------------
..code-block:: yaml
- name: Retrieve IOS-XR version
iosxr_command:
cisco.iosxr.iosxr_command:
commands: show version
when: ansible_network_os == 'iosxr'
when: ansible_network_os == 'cisco.iosxr.iosxr'
Using NETCONF in Ansible
@ -83,14 +85,14 @@ Before you can use NETCONF to connect to a switch, you must:
- install the ``ncclient`` python package on your control node(s) with ``pip install ncclient``
- enable NETCONF on the Cisco IOS-XR device(s)
To enable NETCONF on a new switch via Ansible, use the ``iosxr_netconf`` module via the CLI connection. Set up your platform-level variables just like in the CLI example above, then run a playbook task like this:
To enable NETCONF on a new switch via Ansible, use the ``cisco.iosxr.iosxr_netconf`` module through the CLI connection. Set up your platform-level variables just like in the CLI example above, then run a playbook task like this:
..code-block:: yaml
- name: Enable NETCONF
connection: network_cli
iosxr_netconf:
when: ansible_network_os == 'iosxr'
connection: ansible.netcommon.network_cli
cisco.iosxr.iosxr_netconf:
when: ansible_network_os == 'cisco.iosxr.iosxr'
Once NETCONF is enabled, change your variables to use the NETCONF connection.
@ -100,20 +102,20 @@ Example NETCONF inventory ``[iosxr:vars]``
Juniper Junos OS supports multiple connections. This page offers details on how each connection works in Ansible and how to use it.
The `Juniper Junos OS<https://galaxy.ansible.com/junipernetworks/junos>`_ supports multiple connections. This page offers details on how each connection works in Ansible and how to use it.
For legacy playbooks, Ansible still supports ``ansible_connection=local`` on all JUNOS modules. We recommend modernizing to use ``ansible_connection=netconf`` or ``ansible_connection=network_cli`` as soon as possible.
The ``ansible_connection: local`` has been deprecated. Please use ``ansible_connection: ansible.netcommon.network_cli`` or ``ansible_connection: ansible.netcommon.netconf`` instead.
Using CLI in Ansible
====================
@ -51,8 +53,8 @@ Example CLI inventory ``[junos:vars]``
@ -62,15 +64,15 @@ Example CLI inventory ``[junos:vars]``
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
@ -84,14 +86,14 @@ Before you can use NETCONF to connect to a switch, you must:
- install the ``ncclient`` python package on your control node(s) with ``pip install ncclient``
- enable NETCONF on the Junos OS device(s)
To enable NETCONF on a new switch via Ansible, use the ``junos_netconf`` module via the CLI connection. Set up your platform-level variables just like in the CLI example above, then run a playbook task like this:
To enable NETCONF on a new switch via Ansible, use the ``junipernetworks.junos.junos_netconf`` module through the CLI connection. Set up your platform-level variables just like in the CLI example above, then run a playbook task like this:
For legacy playbooks, Ansible still supports ``ansible_connection=local`` for the netconf_config module only. We recommend modernizing to use ``ansible_connection=netconf`` as soon as possible.
The ``ansible_connection: local`` has been deprecated. Please use ``ansible_connection: ansible.netcommon.netconf`` instead.
Using NETCONF in Ansible
========================
@ -50,9 +51,9 @@ For example set up your platform-level variables just like in the CLI example ab
Note: For netconf connection plugin configurable variables see :ref:`netconf <netconf_connection>`.
Note: For netconf connection plugin configurable variables see :ref:`ansible.netcommon.netconf <ansible_collections.ansible.netcommon.netconf_connection>`.
Bastion/Jumphost Configuration
Bastion/Jumphost configuration
------------------------------
To use a jump host to connect to a NETCONF enabled device you must set the ``ANSIBLE_NETCONF_SSH_CONFIG`` environment variable.
Cisco NXOS supports multiple connections. This page offers details on how each connection works in Ansible and how to use it.
The `Cisco NXOS<https://galaxy.ansible.com/cisco/nxos>`_ supports multiple connections. This page offers details on how each connection works in Ansible and how to use it.
|enable_mode| supported: use ``ansible_become: yes`` not supported by NX-API
with ``ansible_become_method: enable``
@ -43,7 +39,7 @@ Connections Available
..|enable_mode|replace:: Enable Mode |br| (Privilege Escalation) |br| supported as of 2.5.3
For legacy playbooks, NXOS still supports ``ansible_connection: local``. We recommend modernizing to use ``ansible_connection: network_cli`` or ``ansible_connection: httpapi`` as soon as possible.
The ``ansible_connection: local`` has been deprecated. Please use ``ansible_connection: ansible.netcommon.network_cli`` or ``ansible_connection: ansible.netcommon.httpapi`` instead.
Using CLI in Ansible
====================
@ -53,8 +49,8 @@ Example CLI ``group_vars/nxos.yml``
..code-block:: yaml
ansible_connection: network_cli
ansible_network_os: nxos
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: cisco.nxos.nxos
ansible_user: myuser
ansible_password: !vault...
ansible_become: yes
@ -67,16 +63,16 @@ Example CLI ``group_vars/nxos.yml``
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
Example CLI Task
Example CLI task
----------------
..code-block:: yaml
- name: Backup current switch config (nxos)
nxos_config:
cisco.nxos.nxos_config:
backup: yes
register: backup_nxos_location
when: ansible_network_os == 'nxos'
when: ansible_network_os == 'cisco.nxos.nxos'
@ -91,10 +87,10 @@ Before you can use NX-API to connect to a switch, you must enable NX-API. To ena
..code-block:: yaml
- name: Enable NX-API
nxos_nxapi:
cisco.nxos.nxos_nxapi:
enable_http: yes
enable_https: yes
when: ansible_network_os == 'nxos'
when: ansible_network_os == 'cisco.nxos.nxos'
To find out more about the options for enabling HTTP/HTTPS and local http see the :ref:`nxos_nxapi <nxos_nxapi_module>` module documentation.
@ -105,8 +101,8 @@ Example NX-API ``group_vars/nxos.yml``
..code-block:: yaml
ansible_connection: httpapi
ansible_network_os: nxos
ansible_connection: ansible.netcommon.httpapi
ansible_network_os: cisco.nxos.nxos
ansible_user: myuser
ansible_password: !vault...
proxy_env:
@ -116,23 +112,23 @@ Example NX-API ``group_vars/nxos.yml``
- If you are accessing your host through a web proxy using ``https``, change ``http_proxy`` to ``https_proxy``.
Example NX-API Task
Example NX-API task
-------------------
..code-block:: yaml
- name: Backup current switch config (nxos)
nxos_config:
cisco.nxos.nxos_config:
backup: yes
register: backup_nxos_location
environment: "{{ proxy_env }}"
when: ansible_network_os == 'nxos'
when: ansible_network_os == 'cisco.nxos.nxos'
In this example the ``proxy_env`` variable defined in ``group_vars`` gets passed to the ``environment`` option of the module used in the task.
..include:: shared_snippets/SSH_warning.txt
Cisco Nexus Platform Support Matrix
Cisco Nexus platform support matrix
===================================
The following platforms and software versions have been certified by Cisco to work with this version of Ansible.
This page offers details on connection options to manage VyOS using Ansible.
The `VyOS <https://galaxy.ansible.com/vyos/vyos>`_ collection supports the ``ansible.netcommon.network_cli`` connection type. This page offers details on connection options to manage VyOS using Ansible.
For legacy playbooks, VyOS still supports ``ansible_connection: local``. We recommend modernizing to use ``ansible_connection: network_cli`` as soon as possible.
The ``ansible_connection: local`` has been deprecated. Please use ``ansible_connection: ansible.netcommon.network_cli`` instead.
Using CLI in Ansible
====================
@ -45,8 +46,8 @@ Example CLI ``group_vars/vyos.yml``
@ -56,15 +57,15 @@ Example CLI ``group_vars/vyos.yml``
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.