ansible cisco

cisco 3560 switch에 ansible을 통해 clock 정보를 가져오는 command를 수행한 결과이다.

사전에 cisco switch의 ssh를 enable한다.

- http://mr100do.tistory.com/674

Playbook 생성

아래와 같이 playbook을 생성하고 switch로 부터 command 결과를 가져온다.

1. creds.yml

---

creds:

  username: admin

  password: password1234

2. iostest.yml

---

- name: ios test yaml

  hosts: cisco

  gather_facts: no

  connection: local

  tasks:

    - name: obtain login credentials

      include_vars: creds.yml

    - name: define provider

      set_fact:

        provider:

          host: "{{inventory_hostname}}"

          username: "{{creds['username']}}"

          password: "{{creds['password']}}"

          transport: cli

    - name: ios test

      ios_command:

        provider: "{{provider}}"

        commands: show clock

Playbook 실행

3. 실행결과

[user@localhost cisco_test]$ ansible-playbook iostest.yml -vvvv

Using /etc/ansible/ansible.cfg as config file

Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc

PLAYBOOK: iostest.yml ****************************************************************************************************************************************

1 plays in iostest.yml

PLAY [ios test yaml] *****************************************************************************************************************************************

META: ran handlers

TASK [obtain login credentials] ******************************************************************************************************************************

task path: /home/stack/playbooks/cisco_test/iostest.yml:8

ok: [172.16.50.106] => {

    "ansible_facts": {

        "creds": {

            "password": "naim4321",

            "username": "admin"

        }

    },

    "changed": false

}

TASK [define provider] ***************************************************************************************************************************************

task path: /home/stack/playbooks/cisco_test/iostest.yml:11

ok: [172.16.50.106] => {

    "ansible_facts": {

        "provider": {

            "host": "172.16.50.106",

            "password": "naim4321",

            "transport": "cli",

            "username": "admin"

        }

    },

    "changed": false

}

TASK [ios test] **********************************************************************************************************************************************

task path: /home/stack/playbooks/cisco_test/iostest.yml:19

<172.16.50.106> using connection plugin network_cli

<172.16.50.106> socket_path: /home/stack/.ansible/pc/7e932639bf

open_shell() returned 0 ok

Using module file /usr/lib/python2.7/site-packages/ansible/modules/network/ios/ios_command.py

<172.16.50.106> ESTABLISH LOCAL CONNECTION FOR USER: stack

<172.16.50.106> EXEC /bin/sh -c 'echo ~ && sleep 0'

<172.16.50.106> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/stack/.ansible/tmp/ansible-tmp-1506586907.29-252396804465773 `" && echo ansible-tmp-1506586907.29-252396804465773="` echo /home/stack/.ansible/tmp/ansible-tmp-1506586907.29-252396804465773 `" ) && sleep 0'

<172.16.50.106> PUT /tmp/tmpNKbiV1 TO /home/stack/.ansible/tmp/ansible-tmp-1506586907.29-252396804465773/ios_command.py

<172.16.50.106> EXEC /bin/sh -c 'chmod u+x /home/stack/.ansible/tmp/ansible-tmp-1506586907.29-252396804465773/ /home/stack/.ansible/tmp/ansible-tmp-1506586907.29-252396804465773/ios_command.py && sleep 0'

<172.16.50.106> EXEC /bin/sh -c '/usr/bin/python /home/stack/.ansible/tmp/ansible-tmp-1506586907.29-252396804465773/ios_command.py; rm -rf "/home/stack/.ansible/tmp/ansible-tmp-1506586907.29-252396804465773/" > /dev/null 2>&1 && sleep 0'

ok: [172.16.50.106] => {

    "changed": false,

    "invocation": {

        "module_args": {

            "auth_pass": null,

            "authorize": null,

            "commands": [

                "show version"

            ],

            "host": null,

            "interval": 1,

            "match": "all",

            "password": null,

            "port": null,

            "provider": {

                "auth_pass": null,

                "authorize": null,

                "host": "172.16.50.106",

                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",

                "port": null,

                "ssh_keyfile": null,

                "timeout": null,

                "transport": "cli",

                "username": "admin"

            },

            "retries": 10,

            "ssh_keyfile": null,

            "timeout": null,

            "username": null,

            "wait_for": null

        }

    },

    "stdout": [

        "Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(25)SEB2, RELEASE SOFTWARE (fc1)\nCopyright (c) 1986-2005 by Cisco Systems, Inc.\nCompiled Wed 08-Jun-05 03:58 by yenanh\n\nROM: Bootstrap program is C3560 boot loader\nBOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SE1, RELEASE SOFTWARE (fc)\n\n Tech-MGMT-F uptime is 35 weeks, 6 days, 22 hours, 55 minutes\nSystem returned to ROM by power-on\nSystem image file is \"flash:c3560-ipservicesk9-mz.122-25.SEB2.bin\"\n\n\nThis product contains cryptographic features and is subject to United\nStates and local country laws governing import, export, transfer and\nuse. Delivery of Cisco cryptographic products does not imply\nthird-party authority to import, export, distribute or use encryption.\nImporters, exporters, distributors and users are responsible for\ncompliance with U.S. and local country laws. By using this product you\nagree to comply with applicable laws and regulations. If you are unable\nto comply with U.S. and local laws, return this product immediately.\n\nA summary of U.S. laws governing Cisco cryptographic products may be found at:\nhttp://www.cisco.com/wwl/export/crypto/tool/stqrg.html\n\nIf you require further assistance please contact us by sending email to\nexport@cisco.com.\n\ncisco WS-C3560G-48TS (PowerPC405) processor (revision C0) with 118784K/12280K bytes of memory.\nProcessor board ID FOC0928U2AQ\nLast reset from power-on\n3 Virtual Ethernet interfaces\n52 Gigabit Ethernet interfaces\nThe password-recovery mechanism is enabled.\n\n512K bytes of flash-simulated non-volatile configuration memory.\nBase ethernet MAC Address       : 00:14:F2:BD:81:00\nMotherboard assembly number     : 73-9358-04\nPower supply part number        : 341-0107-01\nMotherboard serial number       : FOC0927561X\nPower supply serial number      : AZS0923013T\nModel revision number           : C0\nMotherboard revision number     : A0\nModel number                    : WS-C3560G-48TS-S\nSystem serial number            : FOC0928U2AQ\nSFP Module assembly part number : 73-7757-03\nSFP Module revision Number      : A0\nSFP Module serial number        : CAT09241M61\nTop Assembly Part Number        : 800-25428-02\nTop Assembly Revision Number    : A0\nVersion ID                      : 02\nCLEI Code Number                : CNMWY00ARB\nHardware Board Revision Number  : 0x05\n\n\nSwitch   Ports  Model              SW Version              SW Image            \n------   -----  -----              ----------              ----------          \n*    1   52     WS-C3560G-48TS     12.2(25)SEB2            C3560-IPSERVICESK9-M\n\n\nConfiguration register is 0xF"

    ],

    "stdout_lines": [

        [

            "Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(25)SEB2, RELEASE SOFTWARE (fc1)",

            "Copyright (c) 1986-2005 by Cisco Systems, Inc.",

            "Compiled Wed 08-Jun-05 03:58 by yenanh",

            "",

            "ROM: Bootstrap program is C3560 boot loader",

            "BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SE1, RELEASE SOFTWARE (fc)",

            "",

            " Tech-MGMT-F uptime is 35 weeks, 6 days, 22 hours, 55 minutes",

            "System returned to ROM by power-on",

            "System image file is \"flash:c3560-ipservicesk9-mz.122-25.SEB2.bin\"",

            "",

            "",

            "This product contains cryptographic features and is subject to United",

            "States and local country laws governing import, export, transfer and",

            "use. Delivery of Cisco cryptographic products does not imply",

            "third-party authority to import, export, distribute or use encryption.",

            "Importers, exporters, distributors and users are responsible for",

            "compliance with U.S. and local country laws. By using this product you",

            "agree to comply with applicable laws and regulations. If you are unable",

            "to comply with U.S. and local laws, return this product immediately.",

            "",

            "A summary of U.S. laws governing Cisco cryptographic products may be found at:",

            "http://www.cisco.com/wwl/export/crypto/tool/stqrg.html",

            "",

            "If you require further assistance please contact us by sending email to",

            "export@cisco.com.",

            "",

            "cisco WS-C3560G-48TS (PowerPC405) processor (revision C0) with 118784K/12280K bytes of memory.",

            "Processor board ID FOC0928U2AQ",

            "Last reset from power-on",

            "3 Virtual Ethernet interfaces",

            "52 Gigabit Ethernet interfaces",

            "The password-recovery mechanism is enabled.",

            "",

            "512K bytes of flash-simulated non-volatile configuration memory.",

            "Base ethernet MAC Address       : 00:14:F2:BD:81:00",

            "Motherboard assembly number     : 73-9358-04",

            "Power supply part number        : 341-0107-01",

            "Motherboard serial number       : FOC0927561X",

            "Power supply serial number      : AZS0923013T",

            "Model revision number           : C0",

            "Motherboard revision number     : A0",

            "Model number                    : WS-C3560G-48TS-S",

            "System serial number            : FOC0928U2AQ",

            "SFP Module assembly part number : 73-7757-03",

            "SFP Module revision Number      : A0",

            "SFP Module serial number        : CAT09241M61",

            "Top Assembly Part Number        : 800-25428-02",

            "Top Assembly Revision Number    : A0",

            "Version ID                      : 02",

            "CLEI Code Number                : CNMWY00ARB",

            "Hardware Board Revision Number  : 0x05",

            "",

            "",

            "Switch   Ports  Model              SW Version              SW Image            ",

            "------   -----  -----              ----------              ----------          ",

            "*    1   52     WS-C3560G-48TS     12.2(25)SEB2            C3560-IPSERVICESK9-M",

            "",

            "",

            "Configuration register is 0xF"

        ]

    ]

}

META: ran handlers

META: ran handlers

PLAY RECAP ***************************************************************************************************************************************************

172.16.50.106              : ok=3    changed=0    unreachable=0    failed=0

아래와 같이 "unable to open shell error"가 발생되는 경우가 있다. 이와 같은 경우는 Authentication 관련 문제일 가능성이 있다. 아래 링크를 참고한다.

- https://stackoverflow.com/questions/44981599/unable-to-open-shell-ansible-v2-3-1-0

참고로 ansible core 2.3부터 NETCONF 방식도 지원된다고 하니 확인해볼 필요가 있을듯하다.

- https://www.ansible.com/blog/network-device-authentication-with-ansible-2-3

참고사이트

- https://learningnetwork.cisco.com/blogs/vip-perspectives/2017/08/10/automating-cisco-using-ansible