From 4ec317ceca948f35a05cd90eaa2112f2e32edf95 Mon Sep 17 00:00:00 2001 From: Anil Kumar Muraleedharan Date: Sat, 15 Sep 2018 00:53:57 +0530 Subject: [PATCH] Lenovo doc update (#45483) * Merge issue * Update cnos_rollback.py * Updating license for the refactored method * Update cnos_rollback.py * Removing the BSD License as suggested by Legal * To add Documentation for ENOS as well as CNOS * Merge issue * Revert "To add Documentation for ENOS as well as CNOS" This reverts commit 80e6e39054be0c3a8f95d16dc39ca9d93baf8c4b. * Adding Docs for ENOS and CNOS * Update cnos.py * Update cnos_rollback.py * Update cnos.py * Update platform_cnos.rst * Update platform_enos.rst * Removed version 2.7 * Removing 2.7 --- .../rst/network/user_guide/platform_cnos.rst | 69 +++++++++++++++++++ .../rst/network/user_guide/platform_enos.rst | 69 +++++++++++++++++++ .../rst/network/user_guide/platform_index.rst | 6 ++ lib/ansible/module_utils/network/cnos/cnos.py | 7 -- 4 files changed, 144 insertions(+), 7 deletions(-) create mode 100644 docs/docsite/rst/network/user_guide/platform_cnos.rst create mode 100644 docs/docsite/rst/network/user_guide/platform_enos.rst diff --git a/docs/docsite/rst/network/user_guide/platform_cnos.rst b/docs/docsite/rst/network/user_guide/platform_cnos.rst new file mode 100644 index 00000000000..f64d836de77 --- /dev/null +++ b/docs/docsite/rst/network/user_guide/platform_cnos.rst @@ -0,0 +1,69 @@ +.. _cnos_platform_options: + +*************************************** +CNOS Platform Options +*************************************** + +CNOS supports Enable Mode (Privilege Escalation). This page offers details on how to use Enable Mode on CNOS in Ansible. + +.. contents:: Topics + +Connections Available +================================================================================ + ++---------------------------+-----------------------------------------------+ +|.. | CLI | ++===========================+===============================================+ +| **Protocol** | SSH | ++---------------------------+-----------------------------------------------+ +| | **Credentials** | | uses SSH keys / SSH-agent if present | +| | | | accepts ``-u myuser -k`` if using password | ++---------------------------+-----------------------------------------------+ +| **Indirect Access** | via a bastion (jump host) | ++---------------------------+-----------------------------------------------+ +| | **Connection Settings** | | ``ansible_connection: network_cli`` | +| | | | | +| | | | | ++---------------------------+-----------------------------------------------+ +| | **Enable Mode** | | supported - use ``ansible_become: yes`` | +| | (Privilege Escalation) | | with ``ansible_become_method: enable`` | +| | | | and ``ansible_become_pass:`` | ++---------------------------+-----------------------------------------------+ +| **Returned Data Format** | ``stdout[0].`` | ++---------------------------+-----------------------------------------------+ + +For legacy playbooks, CNOS still supports ``ansible_connection: local``. We recommend modernizing to use ``ansible_connection: network_cli`` as soon as possible. + +Using CLI in Ansible +================================================================================ + +Example CLI ``group_vars/cnos.yml`` +-------------------------------------------------------------------------------- + +.. code-block:: yaml + + ansible_connection: network_cli + ansible_network_os: cnos + ansible_user: myuser + ansible_ssh_pass: !vault... + ansible_become: yes + ansible_become_method: enable + ansible_become_pass: !vault... + ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' + + +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. +- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. + +Example CLI Task +---------------- + +.. code-block:: yaml + + - name: Retreive CNOS OS version + cnos_command: + commands: show version + when: ansible_network_os == 'cnos' + +.. include:: shared_snippets/SSH_warning.txt diff --git a/docs/docsite/rst/network/user_guide/platform_enos.rst b/docs/docsite/rst/network/user_guide/platform_enos.rst new file mode 100644 index 00000000000..6d1aa06f277 --- /dev/null +++ b/docs/docsite/rst/network/user_guide/platform_enos.rst @@ -0,0 +1,69 @@ +.. _enos_platform_options: + +*************************************** +ENOS Platform Options +*************************************** + +ENOS supports Enable Mode (Privilege Escalation). This page offers details on how to use Enable Mode on ENOS in Ansible. + +.. contents:: Topics + +Connections Available +================================================================================ + ++---------------------------+-----------------------------------------------+ +|.. | CLI | ++===========================+===============================================+ +| **Protocol** | SSH | ++---------------------------+-----------------------------------------------+ +| | **Credentials** | | uses SSH keys / SSH-agent if present | +| | | | accepts ``-u myuser -k`` if using password | ++---------------------------+-----------------------------------------------+ +| **Indirect Access** | via a bastion (jump host) | ++---------------------------+-----------------------------------------------+ +| | **Connection Settings** | | ``ansible_connection: network_cli`` | +| | | | | +| | | | | ++---------------------------+-----------------------------------------------+ +| | **Enable Mode** | | supported - use ``ansible_become: yes`` | +| | (Privilege Escalation) | | with ``ansible_become_method: enable`` | +| | | | and ``ansible_become_pass:`` | ++---------------------------+-----------------------------------------------+ +| **Returned Data Format** | ``stdout[0].`` | ++---------------------------+-----------------------------------------------+ + +For legacy playbooks, ENOS still supports ``ansible_connection: local``. We recommend modernizing to use ``ansible_connection: network_cli`` as soon as possible. + +Using CLI in Ansible +================================================================================ + +Example CLI ``group_vars/enos.yml`` +-------------------------------------------------------------------------------- + +.. code-block:: yaml + + ansible_connection: network_cli + ansible_network_os: enos + ansible_user: myuser + ansible_ssh_pass: !vault... + ansible_become: yes + ansible_become_method: enable + ansible_become_pass: !vault... + ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"' + + +- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration. +- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. +- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables. + +Example CLI Task +---------------- + +.. code-block:: yaml + + - name: Retreive ENOS OS version + enos_command: + commands: show version + when: ansible_network_os == 'enos' + +.. include:: shared_snippets/SSH_warning.txt diff --git a/docs/docsite/rst/network/user_guide/platform_index.rst b/docs/docsite/rst/network/user_guide/platform_index.rst index 2827e9bc90c..4dfd385d5a5 100644 --- a/docs/docsite/rst/network/user_guide/platform_index.rst +++ b/docs/docsite/rst/network/user_guide/platform_index.rst @@ -10,6 +10,8 @@ Some Ansible Network platforms support multiple connection types, privilege esca :maxdepth: 2 :caption: Platform Options + platform_cnos + platform_enos platform_eos platform_exos platform_ios @@ -58,6 +60,10 @@ Settings by Platform +-------------------+-------------------------+----------------------+----------------------+------------------+------------------+ | Junos OS* | ``junos`` | in v. >=2.5 | in v. >=2.5 | N/A | in v. >=2.4 | +-------------------+-------------------------+----------------------+----------------------+------------------+------------------+ +| Lenovo CNOS | ``cnos`` | in v. >=2.5 | N/A | N/A | in v. >=2.3 | ++-------------------+-------------------------+----------------------+----------------------+------------------+------------------+ +| Lenovo ENOS | ``enos`` | in v. >=2.5 | N/A | N/A | in v. >=2.5 | ++-------------------+-------------------------+----------------------+----------------------+------------------+------------------+ | MikroTik RouterOS | ``routeros`` | in v. >=2.7 | N/A | N/A | N/A | +-------------------+-------------------------+----------------------+----------------------+------------------+------------------+ | Nokia SR OS | ``sros`` | in v. >=2.5 | N/A | N/A | in v. >=2.4 | diff --git a/lib/ansible/module_utils/network/cnos/cnos.py b/lib/ansible/module_utils/network/cnos/cnos.py index 96d4b2a70b9..ea104c8f942 100644 --- a/lib/ansible/module_utils/network/cnos/cnos.py +++ b/lib/ansible/module_utils/network/cnos/cnos.py @@ -1328,10 +1328,6 @@ def interfaceLevel2Config(module, cmd, prompt, answer): # EOM -# Method Method for enter enable mode -# - - def enterEnableModeForDevice(enablePassword, timeout, obj): command = "enable\n" pwdPrompt = "password:" @@ -1384,9 +1380,6 @@ def enterEnableModeForDevice(enablePassword, timeout, obj): return retVal # EOM -# Method for device response than time delay -# - def waitForDeviceResponse(command, prompt, timeout, obj): obj.settimeout(int(timeout))