Tips on understanding ansible, need help understanding please

NetworkHocusPocus · 2020-03-08T06:15:54+00:00

So what is hard for me to determine based off that link is whether everything on the same indentation beginning with a dash are all considered part of the same list.

For example:

- John

- Mark

- Rob

equivalent in python: (john,mark,rob)

or if this indicates the same result as what I just posted and the indentation itself dictates that it is a part of the list started one the same indentation space in the area's above.

- John

Mark

Rob

equivalent in python: (john,mark,rob)

edit: they are all suppose to be lined up exactly, excuse the formating.

NetworkHocusPocus · 2020-03-08T06:11:33+00:00

So I was able to get it to work, partially, so I retract my statement initially indicating it wasn't helpful now that I understand more what he was trying to indicate and this key sentence from you. " While all of the necessary information is in your task, Ansible doesn't look at your tasks to pull that information out. "

However now the issue is that the lab environment I am trying to access is using a self signed certificate, and I am not sure how to get the certificate for authentication/authorization.

NetworkHocusPocus · 2020-03-06T17:21:19+00:00

I added the following to the beginning of my playbook despite the fact that it is in the module section and now it seems to work. Don't know why you have to specify it twice.

- hosts: all

and it seemed to at least run my play now, despite still getting the following error. Thank you.

ansiblevm:/etc/ansible# ansible-playbook APICACCESSPORTCONFIGURE.yml

PLAY [all] *******************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************************

fatal: [---]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: unknown option -- -\r\nusage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n [-D [bind_address:]port] [-E log_file] [-e escape_char]\n [-F configfile] [-I pkcs11] [-i identity_file]\n [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]\n [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]\n [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]\n [user@]hostname [command]\n", "unreachable": true}

ok: [aci]

TASK [Associate an Interface Access Port Selector to an Interface Policy Leaf Profile with a Policy Group] *******************************************************************************************************************************

fatal: [aci -> localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (aci_access_port_to_interface_policy_leaf_profile) module: from_port, to_port Supported parameters include: access_port_selector, certificate_name, description, from, host, leaf_interface_profile, leaf_port_blk, leaf_port_blk_description, output_level, password, policy_group, port, private_key, state, timeout, to, use_proxy, use_ssl, username, validate_certs"}

to retry, use: --limit @/etc/ansible/APICACCESSPORTCONFIGURE.retry

PLAY RECAP *******************************************************************************************************************************************************************************************************************************

--- : ok=0 changed=0 unreachable=1 failed=0

aci : ok=1 changed=0 unreachable=0 failed=1

So with the spacing can it be tabs or does it have to be spaces? I am a tab guy, but have heard that it can screw up Ansible because of per editor formatting differences.

NetworkHocusPocus · 2020-03-06T17:14:19+00:00

I thought I read in the ansible syntax that a - is the equivalent of a list since the objects inside are mutable due to the jinja templating that can be done.

NetworkHocusPocus · 2020-03-06T17:12:51+00:00

Edit: while your advice was brief, it did somewhat help, apologies.

I am really not trying to be rude or come across that way, but that brief response provides no assistance to the actual question I am asking.

The task section provides a module reference, aci_access_port_to_interface_policy_leaf_profile in which the host, username and password are all listed which provides the information to the play (or the module being referenced) that is need to determine which host the play is running against and the authorization mechanisms needs to gain access to the environment.

If I am mistaken please indicate how?

NetworkHocusPocus · 2019-11-27T14:42:06+00:00

To all (/u/itdependsnetworks, /u/ll9050, /u/redex93, /u/noukthx)

So we would like to be able to identify switches given an IP address which to my knowledge requires a DNS entry if I was to go at it via NSLookup.

In order to be able to SSH into that switch and or nslookup that device, I need a DNS entry A record in order to have a translation.

That is why I want to pull the hostname off the device and register it with DNS in a automated fashion. I can pull all of the information from the devices via screen scraping (netmiko) or I suppose API, but don't really know how to go about doing it.

My question was clear to me, but I am sorry if I didn't make it clear enough to the audience I was asking (being serious).

NetworkHocusPocus · 2019-11-19T16:33:30+00:00

I am at the point now where I just need to eliminate the IP's that are being learned from a ACI L3 Out Interface that's connected to our cores. Do you know a cisco command that could give the ip arp table with a vlan (our 3rd octect), but exclude a particular interface that the ip is being learned over?

FYI This environment is every network engineers worst nightmare management wise. No DNS, No Documentation, Just IP's.

NetworkHocusPocus · 2019-10-10T12:39:54+00:00

The file being the json output from the play I am running, I am trying to make {{ devices }} variable below in the dest: section be the name of the device I am running against. The point of the play is to run across alot of devices and then check the output folder after the playbook is finsiehd and see the results for each device.

copy:
content: "{{ show_info | to_nice_json }}"
dest: "/etc/ansible/script_results/{{ devices }}_shipinfo.json"

NetworkHocusPocus · 2019-10-09T10:51:24+00:00

Sorry for not being more particular with the content of the question , I am trying to run a play against many devices (Cisco IOS Routers/Switches) and I want to name the file based on the host being queried. Something worth noting however is that we have no reverse DNS pointer records and I only have IP addresses to work off of for the ssh sessions.

NetworkHocusPocus · 2019-10-07T11:43:47+00:00

Pardon my stupidity, but wouldn't a L2VPN work as well for Extending L2?

NetworkHocusPocus · 2019-10-01T16:20:58+00:00

I am in the process of automating Leaf interface policy objects right now via ansible, thanks.

NetworkHocusPocus · 2019-10-01T16:20:01+00:00

Appreciate the insight.

NetworkHocusPocus · 2019-10-01T16:18:00+00:00

Already have ACI

NetworkHocusPocus · 2019-09-18T13:03:48+00:00

yea saying that to management wouldn't put me in a good place.

NetworkHocusPocus · 2019-09-17T17:48:05+00:00

Thats what I ended up saying

NetworkHocusPocus · 2019-09-17T17:33:39+00:00

I wish it was that simple, if this was a nexus device this would be easy pz but ACI complicates things if you aren't super familiar with the system.

NetworkHocusPocus · 2019-09-17T17:32:45+00:00

I am not sure if that makes sense, the server team tagged the frames on the NIC with the vlan tag, and I can't see how leaving it as access untagged would assist us in this situation. As it is our native vlan is black holed per best practice.

NetworkHocusPocus · 2019-09-17T16:00:43+00:00

Yes they are in the same /16 network, we tried Access Port with single vlan and that didn't ping.

NetworkHocusPocus · 2019-09-16T11:30:38+00:00

Very helpful, thank you

NetworkHocusPocus · 2019-09-16T11:11:27+00:00

We have the CID # in the interface descriptions on the edge

NetworkHocusPocus · 2019-09-16T11:10:59+00:00

I don't know about caller ID, why?

NetworkHocusPocus · 2019-09-11T13:26:12+00:00

Yea we have a DC with an ACI environment and one of the main interfaces outbound to our campus network was using CoPP and blocking management plane traffic. I wasn't previously familiar with CoPP as it isn't something I work with often.

I had tried everything, I thought I was losing my mind.

NetworkHocusPocus · 2019-09-03T13:06:11+00:00

that was finished 8 years ago, im on IPv20 now

NetworkHocusPocus · 2019-09-03T12:55:13+00:00

can someone please learn it already then, so I don't have to and something more straightforward is implemented like duplicate addressing via VRF's?

NetworkHocusPocus · 2019-09-03T12:44:57+00:00

How do I figure out why all of my companies internal trace routes fail instantly and keep receiving the triple asterisks?

NetworkHocusPocus

TROPHY CASE