■ansibleでCisco機器の情報(sh run)を取得してみる。
$ lsb_release -d
Description: Debian GNU/Linux 10 (buster)
$ sudo apt-get install sshpass
$ sudo pip --proxy=192.168.100.200:8080 install ansible
$ ansible --version
ansible 2.9.5
config file = None
configured module search path = [u'/home/labunix/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
executable location = /usr/local/bin/ansible
python version = 2.7.16 (default, Oct 10 2019, 22:02:15) [GCC 8.3.0]
■インベントリファイルの作成は公式サイトを参照する。
Ansible Network Examples
https://docs.ansible.com/ansible/latest/network/user_guide/network_best_practices_2.5.html
$ mkdir ansible
$ cd ansible/
$ cat inventory_file
[cisco]
IOS1 ansible_host=192.168.0.1
[cisco:vars]
ansible_become=yes
ansible_become_method=enable
ansible_become_pass=cisco
ansible_ssh_user=admin
ansible_ssh_pass=admin
ansible_connection=network_cli
ansible_network_os=ios
[all:vars]
ansible_python_interpreter=/usr/bin/python3
$ ansible cisco -i inventory_file -m ping
IOS1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
■モジュールも公式サイトを参考。
ios_command – Run commands on remote devices running Cisco IOS
https://docs.ansible.com/ansible/latest/modules/ios_command_module.html#ios-command-module
$ find /usr/local/lib/python2.7/dist-packages/ansible/modules/ -type f -name "*.py" | grep ios_command
/usr/local/lib/python2.7/dist-packages/ansible/modules/network/ios/ios_command.py
$ ansible cisco -i inventory_file -m ios_command -a "commands='show run | sec line'"
IOS1 | SUCCESS => {
"changed": false,
"stdout": [
"line con 0\n exec-timeout 0 0\n privilege level 15\n logging synchronous\nline aux 0\n exec-timeout 0 0\n privilege level 15\n logging synchronous\nline vty 0 4\n login local\n transport input ssh"
],
"stdout_lines": [
[
"line con 0",
" exec-timeout 0 0",
" privilege level 15",
" logging synchronous",
"line aux 0",
" exec-timeout 0 0",
" privilege level 15",
" logging synchronous",
"line vty 0 4",
" login local",
" transport input ssh"
]
]
}
$ cat get-run.yml
---
- hosts: cisco
gather_facts: no
tasks:
- name: show run
ios_command:
commands:
- show run
register: result
$ ansible-playbook -i inventory_file get-run.yml
PLAY [cisco] **************************************************************************************************************************
TASK [show run] ***********************************************************************************************************************
ok: [IOS1]
PLAY RECAP ****************************************************************************************************************************
IOS1 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
■sh runを取り出す
$ ansible-playbook -i inventory_file show-run.yml > show-run.yml.log
$ awk '/^ /' show-run.yml.log | xargs echo | sed 's/, /\n/g'
$ awk '/^ "/{gsub("^ \"|\",","",$0);print $0}' show-run.yml.log | lsec ^line vty
line vty 0 4
login local
transport input ssh
!
■lsecコマンド
[https://github.com/labunix/lsec/blob/master/lsec]
