EOS Platform Options¶
Arista EOS supports multiple connections. This page offers details on how each connection works in Ansible and how to use it.
Topics
Connections Available¶
For legacy playbooks, EOS still supports ansible_connection: local. We recommend modernizing to use ansible_connection: network_cli or ansible_connection: httpapi as soon as possible.
Using CLI in Ansible¶
Example CLI group_vars/eos.yml¶
ansible_connection: network_cli
ansible_network_os: eos
ansible_user: myuser
ansible_password: !vault...
ansible_become: yes
ansible_become_method: enable
ansible_become_password: !vault...
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
- If you are using SSH keys (including an ssh-agent) you can remove the ansible_passwordconfiguration.
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ansible_ssh_common_argsconfiguration.
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ProxyCommanddirective. To prevent secrets from leaking out (for example inpsoutput), SSH does not support providing passwords via environment variables.
Example CLI Task¶
- name: Backup current switch config (eos)
  eos_config:
    backup: yes
  register: backup_eos_location
  when: ansible_network_os == 'eos'
Using eAPI in Ansible¶
Enabling eAPI¶
Before you can use eAPI to connect to a switch, you must enable eAPI. To enable eAPI on a new switch via Ansible, use the eos_eapi module via the CLI connection. Set up group_vars/eos.yml just like in the CLI example above, then run a playbook task like this:
- name: Enable eAPI
   eos_eapi:
       enable_http: yes
       enable_https: yes
   become: true
   become_method: enable
   when: ansible_network_os == 'eos'
You can find more options for enabling HTTP/HTTPS connections in the eos_eapi module documentation.
Once eAPI is enabled, change your group_vars/eos.yml to use the eAPI connection.
Example eAPI group_vars/eos.yml¶
ansible_connection: httpapi
ansible_network_os: eos
ansible_user: myuser
ansible_password: !vault...
ansible_become: yes
ansible_become_method: enable
proxy_env:
  http_proxy: http://proxy.example.com:8080
- If you are accessing your host directly (not through a web proxy) you can remove the proxy_envconfiguration.
- If you are accessing your host through a web proxy using https, changehttp_proxytohttps_proxy.
Example eAPI Task¶
- name: Backup current switch config (eos)
  eos_config:
    backup: yes
  register: backup_eos_location
  environment: "{{ proxy_env }}"
  when: ansible_network_os == 'eos'
In this example the proxy_env variable defined in group_vars gets passed to the environment option of the module in the task.
eAPI examples with connection: local¶
group_vars/eos.yml:
ansible_connection: local
ansible_network_os: eos
ansible_user: myuser
ansible_password: !vault...
eapi:
  host: "{{ inventory_hostname }}"
  transport: eapi
  authorize: yes
  auth_pass: !vault...
proxy_env:
  http_proxy: http://proxy.example.com:8080
eAPI task:
- name: Backup current switch config (eos)
  eos_config:
    backup: yes
    provider: "{{ eapi }}"
  register: backup_eos_location
  environment: "{{ proxy_env }}"
  when: ansible_network_os == 'eos'
In this example two variables defined in group_vars get passed to the module of the task:
- the eapivariable gets passed to theprovideroption of the module
- the proxy_envvariable gets passed to theenvironmentoption of the module
Warning
Never store passwords in plain text. We recommend using SSH keys to authenticate SSH connections. Ansible supports ssh-agent to manage your SSH keys. If you must use passwords to authenticate SSH connections, we recommend encrypting them with Ansible Vault.
