nxos_config – Manage Cisco NXOS configuration sections¶
Synopsis¶
- Cisco NXOS configurations use a simple block indent file syntax for segmenting configuration into sections. This module provides an implementation for working with NXOS configuration sections in a deterministic way. This module works with either CLI or NXAPI transports.
Parameters¶
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| after 
                    -
                                                                 | The ordered set of commands to append to the end of the command stack if a change needs to be made.  Just like with before this allows the playbook designer to append a set of commands to be executed after the command set. | ||
| backup 
                    boolean
                                                                 | 
 | This argument will cause the module to create a full backup of the current  running-configfrom the remote device before any changes are made. If thebackup_optionsvalue is not given, the backup file is written to thebackupfolder in the playbook root directory or role root directory, if playbook is part of an ansible role. If the directory does not exist, it is created. | |
| backup_options 
                    dictionary
                                                                 added in 2.8 | This is a dict object containing configurable options related to backup file path. The value of this option is read only when  backupis set to True, ifbackupis set to false this option will be silently ignored. | ||
| dir_path 
                    path
                                                                 | This option provides the path ending with directory name in which the backup configuration file will be stored. If the directory does not exist it will be created and the filename is either the value of  filenameor default filename as described infilenameoptions description. If the path value is not given in that case a backup directory will be created in the current working directory and backup configuration will be copied infilenamewithin backup directory. | ||
| filename 
                    -
                                                                 | The filename to be used to store the backup configuration. If the the filename is not given it will be generated based on the hostname, current time and date in format defined by <hostname>_config.<current-date>@<current-time> | ||
| before 
                    -
                                                                 | The ordered set of commands to push on to the command stack if a change needs to be made.  This allows the playbook designer the opportunity to perform configuration commands prior to pushing any changes without affecting how the set of commands are matched against the system. | ||
| defaults 
                    boolean
                                                                 | 
 | The defaults argument will influence how the running-config is collected from the device.  When the value is set to true, the command used to collect the running-config is append with the all keyword.  When the value is set to false, the command is issued without the all keyword | |
| diff_against 
                    -
                                                                 added in 2.4 | 
 | When using the  ansible-playbook --diffcommand line argument the module can generate diffs against different sources.When this option is configure as startup, the module will return the diff of the running-config against the startup-config. When this option is configured as intended, the module will return the diff of the running-config against the configuration provided in the  intended_configargument.When this option is configured as running, the module will return the before and after diff of the running-config with respect to any changes made to the device configuration. | |
| diff_ignore_lines 
                    -
                                                                 added in 2.4 | Use this argument to specify one or more lines that should be ignored during the diff.  This is used for lines in the configuration that are automatically updated by the system.  This argument takes a list of regular expressions or exact line matches. | ||
| intended_config 
                    -
                                                                 added in 2.4 | The  intended_configprovides the master configuration that the node should conform to and is used to check the final running-config against.   This argument will not modify any settings on the remote device and is strictly used to check the compliance of the current device's configuration against.  When specifying this argument, the task should also modify thediff_againstvalue and set it to intended. | ||
| lines 
                    -
                                                                 | The ordered set of commands that should be configured in the section.  The commands must be the exact same commands as found in the device running-config.  Be sure to note the configuration command syntax as some commands are automatically modified by the device config parser. aliases: commands | ||
| match 
                    -
                                                                 | 
 | Instructs the module on the way to perform the matching of the set of commands against the current device config.  If match is set to line, commands are matched line by line.  If match is set to strict, command lines are matched with respect to position.  If match is set to exact, command lines must be an equal match.  Finally, if match is set to none, the module will not attempt to compare the source configuration with the running configuration on the remote device. | |
| parents 
                    -
                                                                 | The ordered set of parents that uniquely identify the section or hierarchy the commands should be checked against.  If the parents argument is omitted, the commands are checked against the set of top level or global commands. | ||
| provider 
                    dictionary
                                                                 | Deprecated Starting with Ansible 2.5 we recommend using  connection: network_cli.This option is only required if you are using NX-API. For more information please see the NXOS Platform Options guide. A dict object containing connection details. | ||
| auth_pass 
                    string
                                                                 added in 2.5.3 | Specifies the password to use if required to enter privileged mode on the remote device.  If authorize is false, then this argument does nothing. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTH_PASSwill be used instead. | ||
| authorize 
                    boolean
                                                                 added in 2.5.3 | 
 | Instructs the module to enter privileged mode on the remote device before sending any commands.  If not specified, the device will attempt to execute all commands in non-privileged mode. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTHORIZEwill be used instead. | |
| host 
                    string
                                             / required                     | Specifies the DNS host name or address for connecting to the remote device over the specified transport.  The value of host is used as the destination address for the transport. | ||
| password 
                    string
                                                                 | Specifies the password to use to authenticate the connection to the remote device.  This is a common argument used for either cli or nxapi transports. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_PASSWORDwill be used instead. | ||
| port 
                    integer
                                                                 | Default: "0 (use common port)" | Specifies the port to use when building the connection to the remote device.  This value applies to either cli or nxapi.  The port value will default to the appropriate transport common port if none is provided in the task.  (cli=22, http=80, https=443). | |
| ssh_keyfile 
                    string
                                                                 | Specifies the SSH key to use to authenticate the connection to the remote device.  This argument is only used for the cli transport. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_SSH_KEYFILEwill be used instead. | ||
| timeout 
                    integer
                                                                 | Default: 10 | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands.  If the timeout is exceeded before the operation is completed, the module will error. NX-API can be slow to return on long-running commands (sh mac, sh bgp, etc). | |
| transport 
                    string
                                             / required                     | 
 | Configures the transport connection to use when connecting to the remote device.  The transport argument supports connectivity to the device over cli (ssh) or nxapi. | |
| use_proxy 
                    boolean
                                                                 added in 2.5 | 
 | If  no, the environment variableshttp_proxyandhttps_proxywill be ignored. | |
| use_ssl 
                    boolean
                                                                 | 
 | Configures the transport to use SSL if set to  yesonly when thetransport=nxapi, otherwise this value is ignored. | |
| username 
                    string
                                                                 | Configures the username to use to authenticate the connection to the remote device.  This value is used to authenticate either the CLI login or the nxapi authentication depending on which transport is used. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_USERNAMEwill be used instead. | ||
| validate_certs 
                    boolean
                                                                 | 
 | If  no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.  If the transport argument is not nxapi, this value is ignored. | |
| replace 
                    -
                                                                 | 
 | Instructs the module on the way to perform the configuration on the device.  If the replace argument is set to line then the modified lines are pushed to the device in configuration mode.  If the replace argument is set to block then the entire command block is pushed to the device in configuration mode if any line is not correct. replace config is supported only on Nexus 9K device. | |
| replace_src 
                    -
                                                                 added in 2.5 | The replace_src argument provides path to the configuration file to load into the remote system. This argument is used to replace the entire config with a flat-file. This is used with argument replace with value config. This is mutually exclusive with the lines and src arguments. This argument is supported on Nexus 9K device. Use nxos_file_copy module to copy the flat file to remote device and then use the path with this argument. | ||
| running_config 
                    -
                                                                 added in 2.4 | The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source.  There are times when it is not desirable to have the task get the current running-config for every task in a playbook.  The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. aliases: config | ||
| save_when 
                    -
                                                                 added in 2.4 | 
 | When changes are made to the device running-configuration, the changes are not copied to non-volatile storage by default.  Using this argument will change that before.  If the argument is set to always, then the running-config will always be copied to the startup-config and the modified flag will always be set to True.  If the argument is set to modified, then the running-config will only be copied to the startup-config if it has changed since the last save to startup-config.  If the argument is set to never, the running-config will never be copied to the startup-config.  If the argument is set to changed, then the running-config will only be copied to the startup-config if the task has made a change. changed was added in Ansible 2.6. | |
| src 
                    -
                                                                 | The src argument provides a path to the configuration file to load into the remote system.  The path can either be a full system path to the configuration file if the value starts with / or relative to the root of the implemented role or playbook. This argument is mutually exclusive with the lines and parents arguments. | ||
Notes¶
Note
- Abbreviated commands are NOT idempotent, see Network FAQ.
- For information on using CLI and NX-API see the NXOS Platform Options guide
- For more information on using Ansible to manage network devices see the Ansible Network Guide
- For more information on using Ansible to manage Cisco devices see the Cisco integration page.
Examples¶
---
- name: configure top level configuration and save it
  nxos_config:
    lines: hostname {{ inventory_hostname }}
    save_when: modified
- name: diff the running-config against a provided config
  nxos_config:
    diff_against: intended
    intended_config: "{{ lookup('file', 'master.cfg') }}"
- nxos_config:
    lines:
      - 10 permit ip 192.0.2.1/32 any log
      - 20 permit ip 192.0.2.2/32 any log
      - 30 permit ip 192.0.2.3/32 any log
      - 40 permit ip 192.0.2.4/32 any log
      - 50 permit ip 192.0.2.5/32 any log
    parents: ip access-list test
    before: no ip access-list test
    match: exact
- nxos_config:
    lines:
      - 10 permit ip 192.0.2.1/32 any log
      - 20 permit ip 192.0.2.2/32 any log
      - 30 permit ip 192.0.2.3/32 any log
      - 40 permit ip 192.0.2.4/32 any log
    parents: ip access-list test
    before: no ip access-list test
    replace: block
- name: replace config with flat file
  nxos_config:
    replace_src: config.txt
    replace: config
- name: for idempotency, use full-form commands
  nxos_config:
    lines:
      # - shut
      - shutdown
    # parents: int eth1/1
    parents: interface Ethernet1/1
- name: configurable backup path
  nxos_config:
    backup: yes
    backup_options:
      filename: backup.cfg
      dir_path: /home/user
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Network Team. [network]
Red Hat Support¶
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Authors¶
- Peter Sprygada (@privateip)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
