■ansibleでCisco機器の情報(sh run)を取得してみる。 $ lsb_release -d Description: Debian GNU/Linux 10 (buster) $ sudo apt-get install sshpass $ sudo pip --proxy=192.168.100.200:8080 install ansible $ ansible --version ansible 2.9.5 config file = None configured module search path = [u'/home/labunix/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible executable location = /usr/local/bin/ansible python version = 2.7.16 (default, Oct 10 2019, 22:02:15) [GCC 8.3.0] ■インベントリファイルの作成は公式サイトを参照する。 Ansible Network Examples https://docs.ansible.com/ansible/latest/network/user_guide/network_best_practices_2.5.html $ mkdir ansible $ cd ansible/ $ cat inventory_file [cisco] IOS1 ansible_host=192.168.0.1 [cisco:vars] ansible_become=yes ansible_become_method=enable ansible_become_pass=cisco ansible_ssh_user=admin ansible_ssh_pass=admin ansible_connection=network_cli ansible_network_os=ios [all:vars] ansible_python_interpreter=/usr/bin/python3 $ ansible cisco -i inventory_file -m ping IOS1 | SUCCESS => { "changed": false, "ping": "pong" } ■モジュールも公式サイトを参考。 ios_command – Run commands on remote devices running Cisco IOS https://docs.ansible.com/ansible/latest/modules/ios_command_module.html#ios-command-module $ find /usr/local/lib/python2.7/dist-packages/ansible/modules/ -type f -name "*.py" | grep ios_command /usr/local/lib/python2.7/dist-packages/ansible/modules/network/ios/ios_command.py $ ansible cisco -i inventory_file -m ios_command -a "commands='show run | sec line'" IOS1 | SUCCESS => { "changed": false, "stdout": [ "line con 0\n exec-timeout 0 0\n privilege level 15\n logging synchronous\nline aux 0\n exec-timeout 0 0\n privilege level 15\n logging synchronous\nline vty 0 4\n login local\n transport input ssh" ], "stdout_lines": [ [ "line con 0", " exec-timeout 0 0", " privilege level 15", " logging synchronous", "line aux 0", " exec-timeout 0 0", " privilege level 15", " logging synchronous", "line vty 0 4", " login local", " transport input ssh" ] ] } $ cat get-run.yml --- - hosts: cisco gather_facts: no tasks: - name: show run ios_command: commands: - show run register: result $ ansible-playbook -i inventory_file get-run.yml PLAY [cisco] ************************************************************************************************************************** TASK [show run] *********************************************************************************************************************** ok: [IOS1] PLAY RECAP **************************************************************************************************************************** IOS1 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ■sh runを取り出す $ ansible-playbook -i inventory_file show-run.yml > show-run.yml.log $ awk '/^ /' show-run.yml.log | xargs echo | sed 's/, /\n/g' $ awk '/^ "/{gsub("^ \"|\",","",$0);print $0}' show-run.yml.log | lsec ^line vty line vty 0 4 login local transport input ssh ! ■lsecコマンド [https://github.com/labunix/lsec/blob/master/lsec]
