CNOS Platform Options¶
CNOS supports Enable Mode (Privilege Escalation). This page offers details on how to use Enable Mode on CNOS in Ansible.
Topics
Connections Available¶
CLI | |
---|---|
Protocol | SSH |
Credentials | uses SSH keys / SSH-agent if present accepts |
Indirect Access | via a bastion (jump host) |
Connection Settings | ansible_connection: network_cli |
Enable Mode (Privilege Escalation) |
supported: use ansible_become: yes
with ansible_become_method: enable
and ansible_become_password: |
Returned Data Format | stdout[0]. |
For legacy playbooks, CNOS still supports ansible_connection: local
. We recommend modernizing to use ansible_connection: network_cli
as soon as possible.
Using CLI in Ansible¶
Example CLI group_vars/cnos.yml
¶
ansible_connection: network_cli
ansible_network_os: cnos
ansible_user: myuser
ansible_password: !vault...
ansible_become: yes
ansible_become_method: enable
ansible_become_password: !vault...
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
- If you are using SSH keys (including an ssh-agent) you can remove the
ansible_password
configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the
ansible_ssh_common_args
configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the
ProxyCommand
directive. To prevent secrets from leaking out (for example inps
output), SSH does not support providing passwords via environment variables.
Example CLI Task¶
- name: Retrieve CNOS OS version
cnos_command:
commands: show version
when: ansible_network_os == 'cnos'
Warning
Never store passwords in plain text. We recommend using SSH keys to authenticate SSH connections. Ansible supports ssh-agent to manage your SSH keys. If you must use passwords to authenticate SSH connections, we recommend encrypting them with Ansible Vault.