CNOS Platform Options
CNOS is part of the community.network collection and supports Enable Mode (Privilege Escalation). This page offers details on how to use Enable Mode on CNOS in Ansible.
Connections available
CLI | |
---|---|
Protocol | SSH |
Credentials |
uses SSH keys / SSH-agent if present accepts |
Indirect Access | via a bastion (jump host) |
Connection Settings |
|
Enable Mode | supported: use |
Returned Data Format |
|
The ansible_connection: local
has been deprecated. Please use ansible_connection: ansible.netcommon.network_cli
instead.
Using CLI in Ansible
Example CLI group_vars/cnos.yml
ansible_connection: ansible.netcommon.network_cli ansible_network_os: community.network.cnos ansible_user: myuser ansible_password: !vault... ansible_become: yes ansible_become_method: enable ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
- If you are using SSH keys (including an ssh-agent) you can remove the
ansible_password
configuration. - If you are accessing your host directly (not through a bastion/jump host) you can remove the
ansible_ssh_common_args
configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the
ProxyCommand
directive. To prevent secrets from leaking out (for example inps
output), SSH does not support providing passwords via environment variables.
Example CLI task
- name: Retrieve CNOS OS version community.network.cnos_command: commands: show version when: ansible_network_os == 'community.network.cnos'
Warning
Never store passwords in plain text. We recommend using SSH keys to authenticate SSH connections. Ansible supports ssh-agent to manage your SSH keys. If you must use passwords to authenticate SSH connections, we recommend encrypting them with Ansible Vault.
See also
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/network/user_guide/platform_cnos.html