Error handling for updating IOS via Ansible

Question

beginner to using Ansible. More of a network engineer, less of a scripter / programmer, but trying to learn a new skill.

Attempting to write a playbook to automate updating of our fleet of Cisco switch stacks but I think I am both lost in syntax and if this is the 'right' way to go about what I am doing.

---

- name: Update Cisco switch stack
  hosts: Cisco2960

  vars: 
    upgrade_ios_version: "15.2(7)E5"

  tasks: 
    name: Check current IOS version / Determine if update is needed...
      ios_facts: 
      debug: 
        msg:
        - "Current image is {{  ansible_net_version }}"
        - "Current compliant image is {{  upgrade_ios_version }}"

    name: Fail if versions match. 
      ansible.builtin.fail: msg="IOS versions match. Stopping update."
      when: "{{  ansible_net_version  }} = {{  upgrade_ios_version  }}"

At first I thought each variable needed its own quotation, but that appears to be incorrect syntax as well, as below.

when: "{{  ansible_net_version  }}" = "{{  upgrade_ios_version  }}"

Couple questions:

Is there an easier way with a plain-English way of describing the type of error handling I am looking for? Ansible documentation is great on options, but light on practical applications / examples.
Why am I receiving this specific syntax error in this case?

I understand your question that you are looking for [Conditionals based on `ansible_facts`](https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html#conditionals-based-on-ansible-facts) and like to use `when: ansible_net_version == upgrade_ios_version`. — U880D, Jul 22 '22 at 12:11
According [Basic conditionals with `when`](https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html#basic-conditionals-with-when) "_the when clause is a raw Jinja2 expression without double curly braces_". — U880D, Jul 22 '22 at 12:14

score 1 · Answer 1 · answered Aug 14 '22 at 00:12

You can use the playbook below.

Ansible Playbook to upgrade Cisco IOS

- name: Upgrade CISCO IOS 
  hosts: SWITCHES

  vars: 
    upgrade_ios_version: 15.2(7)E5

  tasks:
    - name: CHECK CURRENT VERSION
      ios_facts:

    - debug: 
        msg: 
        - "Current version is {{ ansible_net_version }}"
        - "Current compliant image is {{  upgrade_ios_version }}"

    - debug: 
        msg: 
        - "Image is not compliant and will be upgraded"

      when: ansible_net_version != upgrade_ios_version

Create backup folder for today

- hosts: localhost

  tasks:
   - name: Get ansible date/time facts
     setup:
       filter: "ansible_date_time"
       gather_subset: "!all"

   - name: Store DTG as fact
     set_fact:
       DTG: "{{ ansible_date_time.date }}"

   - name: Create Directory {{hostvars.localhost.DTG}}
     file:
      path: ~/network-programmability/backups/{{hostvars.localhost.DTG}}
      state: directory
  run_once: true

Backup Running Config

- hosts: SWITCHES 

  tasks:
   - name: Backup Running Config  
     ios_command:
       commands: show run  
     register: config

   - name: Save output to ~/network-programmability/backups/
     copy:
       content: "{{config.stdout[0]}}"
       dest: "~/network-programmability/backups/{{hostvars.localhost.DTG}}/{{ inventory_hostname }}-{{hostvars.localhost.DTG}}-config.txt"

SAVE the Running Config

   - name: Save running config 
     ios_config:
       save_when: always

Copy software to target device

   - name: Copy Image // This could take up to 4 minutes
     net_put: 
       src: "~/network-programmability/images/c2960l-universalk9-mz.152-7.E5.bin"
       dest: "flash:/c2960l-universalk9-mz.152-7.E5.bin"
     vars: 
       ansible_command_timeout: 600

Change the Boot Variable to the new image

   - name: Change Boot Variable to new image 
     ios_config: 
       commands: 
         - "boot system flash:c2960l-universalk9-mz.152-7.E5.bin"
       save_when: always

Reload the device

   - name: Reload the Device 
     cli_command: 
       command: reload
       prompt: 
         - confirm
       answer: 
         - 'y'

Wait for Reachability to the device

   - name: Wait for device to come back online
     wait_for:
       host: "{{ inventory_hostname }}"
       port: 22
       delay: 90
     delegate_to: localhost

Check current image

   - name: Check Image Version      
     ios_facts:

   - debug: 
       msg: 
       - "Current version is {{ ansible_net_version }}"

   - name: ASSERT THAT THE IOS VERSION IS CORRECT
   
     vars: 
       upgrade_ios_version: 15.2(7)E5

     assert:
       that:
         - upgrade_ios_version == ansible_net_version
   - debug: 
       msg: 
       - "Software Upgrade has been completed"