internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-07 22:02:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

HTTP(S) API connection plugin (#39224)

Browse Source 
* HTTPAPI connection

* Punt run_commands to cliconf or httpapi

* Fake enable_mode on eapi

* Pull changes to nxos

* Move load_config to edit_config for future-preparedness

* Don't fail on lldp disabled

* Re-enable check_rc on nxos' run_commands

* Reorganize nxos httpapi plugin for compatibility

* draft docs for connection: httpapi

* restores docs for connection:local for eapi

* Add _remote_is_local to httpapi
This commit is contained in:
Nathaniel Case
2018-05-17 18:47:15 -04:00
committed by GitHub
parent cc61c86049
commit e9d7fa0418
277 changed files with 1325 additions and 1676 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
docs/docsite/rst/network/user_guide/platform_eos.rst
View File

@@ -11,27 +11,35 @@ Arista EOS supports multiple connections. This page offers details on how each c
Connections Available
================================================================================
+---------------------------+-----------------------------------------------+-----------------------------------------+
|.. | CLI | eAPI |
+===========================+===============================================+=========================================+
| **Protocol** | SSH | HTTP(S) |
+---------------------------+-----------------------------------------------+-----------------------------------------+
| | **Credentials** | | uses SSH keys / SSH-agent if present | | uses HTTPS certificates if present |
| | | | accepts ``-u myuser -k`` if using password | | |
+---------------------------+-----------------------------------------------+-----------------------------------------+
| **Indirect Access** | via a bastion (jump host) | via a web proxy |
+---------------------------+-----------------------------------------------+-----------------------------------------+
| | **Connection Settings** | | ``ansible_connection: network_cli`` | | ``ansible_connection: local`` |
| | | | | | Requires ``transport: eapi`` |
| | | | | | in the ``provider`` dictionary |
+---------------------------+-----------------------------------------------+-----------------------------------------+
| | **Enable Mode** | | supported - use ``ansible_become: yes`` | | supported - use ``authorize: yes`` |
| | (Privilege Escalation) | | with ``ansible_become_method: enable`` | | and ``auth_pass:`` in the |
| | | | and ``ansible_become_pass:`` | | ``provider`` dictionary |
+---------------------------+-----------------------------------------------+-----------------------------------------+
| **Returned Data Format** | ``stdout[0].`` | ``stdout[0].messages[0].`` |
+---------------------------+-----------------------------------------------+-----------------------------------------+
+---------------------------+-----------------------------------------------+---------------------------------------------+
|.. | CLI | eAPI |
+===========================+===============================================+=============================================+
| **Protocol** | SSH | HTTP(S) |
+---------------------------+-----------------------------------------------+---------------------------------------------+
| | **Credentials** | | uses SSH keys / SSH-agent if present | | uses HTTPS certificates if present |
| | | | accepts ``-u myuser -k`` if using password | | |
+---------------------------+-----------------------------------------------+---------------------------------------------+
| **Indirect Access** | via a bastion (jump host) | via a web proxy |
+---------------------------+-----------------------------------------------+---------------------------------------------+
| | **Connection Settings** | | ``ansible_connection: network_cli`` | | ``ansible_connection: httpapi`` |
| | | | | | OR |
| | | | | | ``ansible_connection: local`` |
| | | | | | with ``transport: eapi`` |
| | | | | | in the ``provider`` dictionary |
+---------------------------+-----------------------------------------------+---------------------------------------------+
| | **Enable Mode** | | supported - use ``ansible_become: yes`` | | supported: |
| | (Privilege Escalation) | | with ``ansible_become_method: enable`` | | ``httpapi`` |
| | | | | | uses ``ansible_become: yes`` |
| | | | | | with ``ansible_become_method: enable`` |
| | | | | | ``local`` |
| | | | | | uses ``authorize: yes`` |
| | | | | | and ``auth_pass:`` |
| | | | | | in the ``provider`` dictionary |
+---------------------------+-----------------------------------------------+---------------------------------------------+
| **Returned Data Format** | ``stdout[0].`` | ``stdout[0].messages[0].`` |
+---------------------------+-----------------------------------------------+---------------------------------------------+
For legacy playbooks, EOS still supports ``ansible_connection: local``. We recommend modernizing to use ``ansible_connection: network_cli`` or ``ansible_connection: httpapi`` as soon as possible.
Using CLI in Ansible 2.5
================================================================================
@@ -86,13 +94,47 @@ Before you can use eAPI to connect to a switch, you must enable eAPI. To enable
become_method: enable
when: ansible_network_os == 'eos'
You can find more options for enabling HTTP/HTTPS and local http in the :ref:`eos_eapi <eos_eapi_module>` module documentation.
You can find more options for enabling HTTP/HTTPS connections in the :ref:`eos_eapi <eos_eapi_module>` module documentation.
Once eAPI is enabled, change your ``group_vars/eos.yml`` to use the eAPI connection.
Example eAPI ``group_vars/eos.yml``
-----------------------------------
.. code-block:: yaml
ansible_connection: httpapi
ansible_network_os: eos
ansible_user: myuser
ansible_ssh_pass: !vault...
become: yes
become_method: enable
proxy_env:
http_proxy: http://proxy.example.com:8080
- If you are accessing your host directly (not through a web proxy) you can remove the ``proxy_env`` configuration.
- If you are accessing your host through a web proxy using ``https``, change ``http_proxy`` to ``https_proxy``.
Example eAPI Task
-----------------
.. code-block:: yaml
- name: Backup current switch config (eos)
eos_config:
backup: yes
register: backup_eos_location
environment: "{{ proxy_env }}"
when: ansible_network_os == 'eos'
In this example the ``proxy_env`` variable defined in ``group_vars`` gets passed to the ``environment`` option of the module in the task.
eAPI examples with ``connection: local``
-----------------------------------------
``group_vars/eos.yml``:
.. code-block:: yaml
ansible_connection: local
@@ -107,12 +149,7 @@ Example eAPI ``group_vars/eos.yml``
proxy_env:
http_proxy: http://proxy.example.com:8080
- If you are accessing your host directly (not through a web proxy) you can remove the ``proxy_env`` configuration.
- If you are accessing your host through a web proxy using ``https``, change ``http_proxy`` to ``https_proxy``.
Example eAPI Task
-----------------
eAPI task:
.. code-block:: yaml
@@ -129,5 +166,4 @@ In this example two variables defined in ``group_vars`` get passed to the module
- the ``eapi`` variable gets passed to the ``provider`` option of the module
- the ``proxy_env`` variable gets passed to the ``environment`` option of the module
.. include:: shared_snippets/SSH_warning.rst

2
docs/docsite/rst/network/user_guide/platform_index.rst
View File

@@ -4,7 +4,7 @@
Platform Options
****************
Some Ansible Network platforms support multiple connection types, privilege escalation, or other options. The pages in this section offer standardized guides to understanding available options on each network platform. We welcome contributions from community-maintained platforms to this section.
Some Ansible Network platforms support multiple connection types, privilege escalation (``enable`` mode), or other options. The pages in this section offer standardized guides to understanding available options on each network platform. We welcome contributions from community-maintained platforms to this section.
.. toctree::
:maxdepth: 2

17
docs/docsite/rst/network/user_guide/platform_nxos.rst
View File

@@ -21,9 +21,7 @@ Connections Available
+---------------------------+-----------------------------------------------+-----------------------------------------+
| **Indirect Access** | via a bastion (jump host) | via a web proxy |
+---------------------------+-----------------------------------------------+-----------------------------------------+
| | **Connection Settings** | | ``ansible_connection: network_cli`` | | ``ansible_connection: local`` |
| | | | | | Requires ``transport: nxapi`` |
| | | | | | in the ``provider`` dictionary |
| | **Connection Settings** | | ``ansible_connection: network_cli`` | | ``ansible_connection: httpapi`` |
+---------------------------+-----------------------------------------------+-----------------------------------------+
| | **Enable Mode** | | supported - use ``ansible_become: yes`` | | not supported by NX-API |
| | (Privilege Escalation) | | with ``ansible_become_method: enable`` | | |
@@ -32,6 +30,7 @@ Connections Available
| **Returned Data Format** | ``stdout[0].`` | ``stdout[0].messages[0].`` |
+---------------------------+-----------------------------------------------+-----------------------------------------+
For legacy playbooks, NXOS still supports ``ansible_connection: local``. We recommend modernizing to use ``ansible_connection: network_cli`` or ``ansible_connection: httpapi`` as soon as possible.
Using CLI in Ansible 2.5
================================================================================
@@ -93,13 +92,10 @@ Example NX-API ``group_vars/nxos.yml``
.. code-block:: yaml
ansible_connection: local
ansible_connection: httpapi
ansible_network_os: nxos
ansible_user: myuser
ansible_ssh_pass: !vault...
nxapi:
host: "{{ inventory_hostname }}"
transport: nxapi
proxy_env:
http_proxy: http://proxy.example.com:8080
@@ -115,15 +111,10 @@ Example NX-API Task
- name: Backup current switch config (nxos)
nxos_config:
backup: yes
provider: "{{ nxapi }}"
register: backup_nxos_location
environment: "{{ proxy_env }}"
when: ansible_network_os == 'nxos'
In this example two variables defined in ``group_vars`` get passed to the module of the task:
- the ``nxapi`` variable gets passed to the ``provider`` option of the module
- the ``proxy_env`` variable gets passed to the ``environment`` option of the module
In this example the ``proxy_env`` variable defined in ``group_vars`` gets passed to the ``environment`` option of the module used in the task.
.. include:: shared_snippets/SSH_warning.rst