Extreme EXOS Ansible modules support multiple connections. This page offers details on how each connection works in Ansible and how to use it.
Topics
CLI |
EXOS-API |
|
---|---|---|
Protocol |
SSH |
HTTP(S) |
Credentials
|
uses SSH keys / SSH-agent if present
accepts
-u myuser -k if using password |
uses HTTPS certificates if present
|
Indirect Access |
via a bastion (jump host) |
via a web proxy |
Connection Settings
|
ansible_connection: network_cli |
ansible_connection: httpapi |
Enable Mode
(Privilege Escalation)
|
not supported by EXOS
|
not supported by EXOS
|
Returned Data Format |
|
|
EXOS does not support ansible_connection: local
. You must use ansible_connection: network_cli
or ansible_connection: httpapi
group_vars/exos.yml
¶ansible_connection: network_cli
ansible_network_os: exos
ansible_user: myuser
ansible_password: !vault...
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
If you are using SSH keys (including an ssh-agent) you can remove the ansible_password
configuration.
If you are accessing your host directly (not through a bastion/jump host) you can remove the ansible_ssh_common_args
configuration.
If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ProxyCommand
directive. To prevent secrets from leaking out (for example in ps
output), SSH does not support providing passwords via environment variables.
- name: Retrieve EXOS OS version
exos_command:
commands: show version
when: ansible_network_os == 'exos'
group_vars/exos.yml
¶ansible_connection: httpapi
ansible_network_os: exos
ansible_user: myuser
ansible_password: !vault...
proxy_env:
http_proxy: http://proxy.example.com:8080
If you are accessing your host directly (not through a web proxy) you can remove the proxy_env
configuration.
If you are accessing your host through a web proxy using https
, change http_proxy
to https_proxy
.
- name: Retrieve EXOS OS version
exos_command:
commands: show version
when: ansible_network_os == 'exos'
In this example the proxy_env
variable defined in group_vars
gets passed to the environment
option of the module used in the task.
Warning
Never store passwords in plain text. We recommend using SSH keys to authenticate SSH connections. Ansible supports ssh-agent to manage your SSH keys. If you must use passwords to authenticate SSH connections, we recommend encrypting them with Ansible Vault.