I am trying to automate changes across our infrastructure. In this case we have 3 variations of switches that do or do not need to be configured:
The first variation are switches that contain legacy configs leading to outdated RADIUS servers.
The second variation are switches that have the modern configs leading to new RADIUS servers.
The final variation are aggregate switches that do not require any changes and do not have AAA configured whatsoever.
My current goal is to get Ansible to understand if a device has the wrong IP address it needs to configure it to have the correct information. Or if it has the correct IP address then to leave it as is.
The first two are easy. The problem I run into is to have Ansible understand that if neither is found then to do nothing.
My host file
[test:vars]
ansible_user=Username
ansible_password=Password
ansible_become_pass=Password
[test]
Manseau-E5 ansible_port=30005 ansible_host=67.53.178.51
Manseau-E6 ansible_port=30006 ansible_host=67.53.178.51
Manseau-E7 ansible_port=30006 ansible_host=67.53.178.51
Manseau-E8 ansible_port=30006 ansible_host=67.53.178.51
My playbook which can perform the first two tasks that I mentioned but I can't seem to work out how to create a check. One way I can think of is to use the running_config command on three separate tasks with three separate flags leading to 3 separate handlers.
---
- hosts: icx
#gather_facts: no
vars:
ansible_network_os: icx
ansible_connection: network_cli
ansible_become: True
ansible_become_method: enable
ansible_command_timeout: 60
tasks:
- name: Check for legacy AAA if found Change to modern AAA
icx_config:
lines:
- radius-client coa host 52.39.117.1 key 2 $Zl5ucm5nUGlebi0=
- radius-server host 52.41.63.155 auth-port 1812 acct-port 1813 default key 2 $Zl5ucm5nUGlebi0= dot1x mac-auth web-auth
before:
- no radius-client coa host 66.45.82.108 key 2 $Zl5ucm5nUGlebi0=
- no radius-server host 69.48.211.170 auth-port 1812 acct-port 1813 default key 2 $Zl5ucm5nUGlebi0= dot1x mac-auth web-auth
notify: "save icx"
handlers:
- name: save icx
icx_command:
commands:
- command: "wr mem"
One example that I thought of but certainly didn't give the correct output is as follows:
---
- hosts: test
#gather_facts: no
vars:
ansible_network_os: icx
ansible_connection: network_cli
ansible_become: True
ansible_become_method: enable
ansible_command_timeout: 60
tasks:
- name: Check for Legacy AAA
icx_config:
running_config: |
radius-client coa host 66.45.82.108 key 2 $Zl5ucm5nUGlebi0=
radius-server host 69.48.211.170 auth-port 1812 acct-port 1813 default key 2 $Zl5ucm5nUGlebi0= dot1x mac-auth web-auth
lines:
- radius-client coa host 52.39.117.1 key 2 $Zl5ucm5nUGlebi0=
- radius-server host 52.41.63.155 auth-port 1812 acct-port 1813 default key 2 $Zl5ucm5nUGlebi0= dot1x mac-auth web-auth
check_mode: True
My goal in the above script was to get ansible to read that line across different switches and match accordingly... Granted I more or less have no clue what I'm doing in Ansible as of yet.
The modules icx_config and icx_command have nearly identical functionality to ios_config and ios_command. If anyone has a similar case they solved on ios vs icx then please post! Anything helps.
