eos_config – Manage Arista EOS configuration sections¶
Synopsis¶
- Arista EOS configurations use a simple block indent file syntax for segmenting configuration into sections. This module provides an implementation for working with EOS configuration sections in a deterministic way. This module works with either CLI or eAPI transports.
Parameters¶
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| after 
                    -
                                                                 | The ordered set of commands to append to the end of the command stack if a change needs to be made.  Just like with before this allows the playbook designer to append a set of commands to be executed after the command set. | ||
| auth_pass 
                    string
                                                                 | Deprecated Starting with Ansible 2.5 we recommend using  connection: network_cliandbecome: yeswithbecome_pass.This option is only required if you are using eAPI. For more information please see the EOS Platform Options guide. Specifies the password to use if required to enter privileged mode on the remote device.  If authorize is false, then this argument does nothing. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTH_PASSwill be used instead. | ||
| authorize 
                    boolean
                                                                 | 
 | Deprecated Starting with Ansible 2.5 we recommend using  connection: network_cliandbecome: yes.This option is only required if you are using eAPI. For more information please see the EOS Platform Options guide. Instructs the module to enter privileged mode on the remote device before sending any commands.  If not specified, the device will attempt to execute all commands in non-privileged mode. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTHORIZEwill be used instead. | |
| backup 
                    boolean
                                                                 | 
 | This argument will cause the module to create a full backup of the current  running-configfrom the remote device before any changes are made. If thebackup_optionsvalue is not given, the backup file is written to thebackupfolder in the playbook root directory or role root directory, if playbook is part of an ansible role. If the directory does not exist, it is created. | |
| backup_options 
                    dictionary
                                                                 added in 2.8 | This is a dict object containing configurable options related to backup file path. The value of this option is read only when  backupis set to yes, ifbackupis set to no this option will be silently ignored. | ||
| dir_path 
                    path
                                                                 | This option provides the path ending with directory name in which the backup configuration file will be stored. If the directory does not exist it will be first created and the filename is either the value of  filenameor default filename as described infilenameoptions description. If the path value is not given in that case a backup directory will be created in the current working directory and backup configuration will be copied infilenamewithin backup directory. | ||
| filename 
                    -
                                                                 | The filename to be used to store the backup configuration. If the the filename is not given it will be generated based on the hostname, current time and date in format defined by <hostname>_config.<current-date>@<current-time> | ||
| before 
                    -
                                                                 | The ordered set of commands to push on to the command stack if a change needs to be made.  This allows the playbook designer the opportunity to perform configuration commands prior to pushing any changes without affecting how the set of commands are matched against the system. | ||
| defaults 
                    boolean
                                                                 | 
 | The defaults argument will influence how the running-config is collected from the device.  When the value is set to true, the command used to collect the running-config is append with the all keyword.  When the value is set to false, the command is issued without the all keyword | |
| diff_against 
                    -
                                                                 added in 2.4 | 
 | When using the  ansible-playbook --diffcommand line argument the module can generate diffs against different sources.When this option is configure as startup, the module will return the diff of the running-config against the startup-config. When this option is configured as intended, the module will return the diff of the running-config against the configuration provided in the  intended_configargument.When this option is configured as running, the module will return the before and after diff of the running-config with respect to any changes made to the device configuration. When this option is configured as  session, the diff returned will be based on the configuration session. | |
| diff_ignore_lines 
                    -
                                                                 added in 2.4 | Use this argument to specify one or more lines that should be ignored during the diff.  This is used for lines in the configuration that are automatically updated by the system.  This argument takes a list of regular expressions or exact line matches. | ||
| intended_config 
                    string
                                                                 added in 2.4 | The  intended_configprovides the master configuration that the node should conform to and is used to check the final running-config against.   This argument will not modify any settings on the remote device and is strictly used to check the compliance of the current device's configuration against.  When specifying this argument, the task should also modify thediff_againstvalue and set it to intended. | ||
| lines 
                    -
                                                                 | The ordered set of commands that should be configured in the section.  The commands must be the exact same commands as found in the device running-config.  Be sure to note the configuration command syntax as some commands are automatically modified by the device config parser. aliases: commands | ||
| match 
                    -
                                                                 | 
 | Instructs the module on the way to perform the matching of the set of commands against the current device config.  If match is set to line, commands are matched line by line.  If match is set to strict, command lines are matched with respect to position.  If match is set to exact, command lines must be an equal match.  Finally, if match is set to none, the module will not attempt to compare the source configuration with the running configuration on the remote device. | |
| parents 
                    -
                                                                 | The ordered set of parents that uniquely identify the section or hierarchy the commands should be checked against.  If the parents argument is omitted, the commands are checked against the set of top level or global commands. | ||
| provider 
                    dictionary
                                                                 | Deprecated Starting with Ansible 2.5 we recommend using  connection: network_cli.This option is only required if you are using eAPI. For more information please see the EOS Platform Options guide. A dict object containing connection details. | ||
| auth_pass 
                    string
                                                                 | Specifies the password to use if required to enter privileged mode on the remote device.  If authorize is false, then this argument does nothing. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTH_PASSwill be used instead. | ||
| authorize 
                    boolean
                                                                 | 
 | Instructs the module to enter privileged mode on the remote device before sending any commands.  If not specified, the device will attempt to execute all commands in non-privileged mode. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTHORIZEwill be used instead. | |
| host 
                    string
                                             / required                     | Specifies the DNS host name or address for connecting to the remote device over the specified transport.  The value of host is used as the destination address for the transport. | ||
| password 
                    string
                                                                 | Specifies the password to use to authenticate the connection to the remote device.  This is a common argument used for either cli or eapi transports. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_PASSWORDwill be used instead. | ||
| port 
                    integer
                                                                 | Default: 0 | Specifies the port to use when building the connection to the remote device.  This value applies to either cli or eapi. The port value will default to the appropriate transport common port if none is provided in the task (cli=22, http=80, https=443). | |
| ssh_keyfile 
                    path
                                                                 | Specifies the SSH keyfile to use to authenticate the connection to the remote device.  This argument is only used for cli transports. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_SSH_KEYFILEwill be used instead. | ||
| timeout 
                    integer
                                                                 | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands.  If the timeout is exceeded before the operation is completed, the module will error. | ||
| transport 
                    string
                                             / required                     | 
 | Configures the transport connection to use when connecting to the remote device. | |
| use_proxy 
                    boolean
                                                                 added in 2.5 | 
 | If  no, the environment variableshttp_proxyandhttps_proxywill be ignored. | |
| use_ssl 
                    boolean
                                                                 | 
 | Configures the transport to use SSL if set to  yesonly when thetransport=eapi.  If the transport argument is not eapi, this value is ignored. | |
| username 
                    string
                                                                 | Configures the username to use to authenticate the connection to the remote device.  This value is used to authenticate either the CLI login or the eAPI authentication depending on which transport is used. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_USERNAMEwill be used instead. | ||
| validate_certs 
                    boolean
                                                                 | 
 | If  no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.  If the transport argument is not eapi, this value is ignored. | |
| replace 
                    -
                                                                 | 
 | Instructs the module on the way to perform the configuration on the device.  If the replace argument is set to line then the modified lines are pushed to the device in configuration mode.  If the replace argument is set to block then the entire command block is pushed to the device in configuration mode if any line is not correct. | |
| running_config 
                    string
                                                                 added in 2.4 | The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source.  There are times when it is not desirable to have the task get the current running-config for every task in a playbook.  The running_config argument allows the implementer to pass in the configuration to use as the base config for this module. aliases: config | ||
| save_when 
                    -
                                                                 added in 2.4 | 
 | When changes are made to the device running-configuration, the changes are not copied to non-volatile storage by default.  Using this argument will change that before.  If the argument is set to always, then the running-config will always be copied to the startup-config and the modified flag will always be set to True.  If the argument is set to modified, then the running-config will only be copied to the startup-config if it has changed since the last save to startup-config.  If the argument is set to never, the running-config will never be copied to the startup-config. If the argument is set to changed, then the running-config will only be copied to the startup-config if the task has made a change. changed was added in Ansible 2.5. | |
| src 
                    -
                                                                 | The src argument provides a path to the configuration file to load into the remote system.  The path can either be a full system path to the configuration file if the value starts with / or relative to the root of the implemented role or playbook. This argument is mutually exclusive with the lines and parents arguments. It can be a Jinja2 template as well. src file must have same indentation as a live switch config. Arista EOS device config has 3 spaces indentation. | ||
Notes¶
Note
- Tested against EOS 4.15
- Abbreviated commands are NOT idempotent, see Network FAQ.
- For information on using CLI, eAPI and privileged mode see the EOS Platform Options guide
- For more information on using Ansible to manage network devices see the Ansible Network Guide
- For more information on using Ansible to manage Arista EOS devices see the Arista integration page.
Examples¶
- name: configure top level settings
  eos_config:
    lines: hostname {{ inventory_hostname }}
- name: load an acl into the device
  eos_config:
    lines:
      - 10 permit ip host 192.0.2.1 any log
      - 20 permit ip host 192.0.2.2 any log
      - 30 permit ip host 192.0.2.3 any log
      - 40 permit ip host 192.0.2.4 any log
    parents: ip access-list test
    before: no ip access-list test
    replace: block
- name: load configuration from file
  eos_config:
    src: eos.cfg
- name: render a Jinja2 template onto an Arista switch
  eos_config:
    backup: yes
    src: eos_template.j2
- name: diff the running config against a master config
  eos_config:
    diff_against: intended
    intended_config: "{{ lookup('file', 'master.cfg') }}"
- name: for idempotency, use full-form commands
  eos_config:
    lines:
      # - shut
      - shutdown
    # parents: int eth1
    parents: interface Ethernet1
- name: configurable backup path
  eos_config:
    src: eos_template.j2
    backup: yes
    backup_options:
      filename: backup.cfg
      dir_path: /home/user
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Network Team. [network]
Red Hat Support¶
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Authors¶
- Peter Sprygada (@privateip)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
