てくなべ (tekunabe)

ansible / network / automation

[Ansible] 「つまずき Ansible 【Part9】Ansible Tower か AWX」ふりかえり

はじめに

2020/07/04 に、YouTube Live で「つまずき Ansible 【Part9】Ansible Tower か AWX」という配信をしました。 実際に作業しながらエラーと戦って進めるシリーズです。

tekunabe.connpass.com

今回は、こまで作ったインベントリファイルやPlaybookなどを AWX に載せて実行しました。

やったことや、つまずいたエラーと原因、対処をふりかえります。

動画

youtu.be


■ やったこと

インベントリの作成

以下のインベントリファイル相当の設定を AWX のインベントリとして定義。

[ios]
rt01 ansible_host=192.168.1.11

f:id:akira6592:20200704211459p:plain
インベントリの作成

認証情報の作成

以下のグループ変数ファイルのうち、認証情報に当たる部分を定義。

---
# 一般的な変数
ansible_network_os: ios
ansible_connection: network_cli

# 認証情報ここから
ansible_user: ansible
ansible_password: p@ssword

ansible_become_method: enable
ansible_become_password: secret 
# 認証情報こここまで

ansible_become: true

f:id:akira6592:20200704211536p:plain
認証情報の作成

プロジェクトの作成

サンプル用に用意した githubリポジトリを指定したプロジェクトを作成。

Playbookの内容は以下。

---
- hosts: rt01
  gather_facts: false

  tasks:
    - name: no shut  Gi0/3
      ios_interfaces:
        config:
          - name: GigabitEthernet0/3
            description: test desc
            enabled: True

    - name: set ip address
      ios_l3_interfaces:
        config:
          - name: GigabitEthernet0/3
            ipv4:
              - address: 10.0.0.1/24

    - name: enalbe ospf
      ios_config:
        parents:
          - router ospf 1
        lines:
          - network 10.0.0.0 0.0.0.255 area 0
      tags:
        - ospf

    - name: save
      ios_config:
        save_when: modified
      tags:
        - save

f:id:akira6592:20200704211623p:plain
プロジェクトの作成

ジョブテンプレートの作成、実行

ここまで作成した、インベントリ、認証情報、プロジェクト、Playbook の組み合わせを定義。

f:id:akira6592:20200704211703p:plain
ジョブテンプレートの作成

ジョブテンプレートの改善

Playoobk 内で、インターフェース設定がベタ書きだった箇所を

            description: "{{ desc }}"

のように変数化。

これに伴い、AWX の Survey 機能で、ジョブテンプレート実行時に対話的に変数を設定できるようにした。

f:id:akira6592:20200704211418p:plain
Survery化

f:id:akira6592:20200704211736p:plain
実行結果


■ ジョブテンプレート実行時のつまずき

Playbook を更新したのに反映されない

原因

プロジェクトの SCM更新プション起動時のリビジョン更新 のチェックを入れ忘れた。

f:id:akira6592:20200704211945p:plain
チェック入れ忘れた

対処

プロジェクトの SCM更新プションの 起動時のリビジョン更新 のチェックを入れて再実行した。

Part10 にむけて

AWX の続きか、インベントリ関連を検討中です。

[Ansible] eos_command モジュールで show コマンドの結果を JSON で取得する

はじめに

Arista EOS のネットワーク機器向けに、主に show コマンドを実行する eos_command というモジュールがあります。

このモジュールでは、コマンドの実行結果を JSON 形式でも取得できます。

簡単なサンプルでご紹介します。

試した限り コネクションプラグインnetwork_cli でのみ有効な技でした。eAPI を利用する httpapi ではエラーとなったのでご注意ください。

(なお、EOS で show hoge | jsonのようにすると JSON で取得できることは、Network Automation Cookbook という本で偶然知りました。)

Playbook

show version を実行して結果を JSON で取得して、表示する Plyabook です。

---
- hosts: eos
  gather_facts: false
  
  tasks:
    - name: showversion
      eos_command: 
        commands:
          - command: show version
            output: json             # ポイント
      register: result_version
    
    - name: debug
      debug:
        msg: "{{ result_version.stdout_lines[0] }}"

commands オプションに commandoutput: json を指定する点がポイントです。

手動で実行する場合の show version | json 相当です。

なので、

        commands:
          - show version
        output: json             # NG

ではないことにご注意ください。

実行結果

このように JSON になります。

TASK [debug] ********************************************************
ok: [eos1] => {
    "msg": {
        "architecture": "i386",
        "bootupTimestamp": 1593489252.0,
        "cEosToolsVersion": "1.1",
        "hardwareRevision": "",
        "internalBuildId": "9d960dea-a6da-424b-b373-2958c07c48c3",
        "internalVersion": "4.21.10M-15347597.42110M",
        "isIntlVersion": false,
        "memFree": 1169184,
        "memTotal": 2039264,
        "mfgName": "",
        "modelName": "cEOSLab",
        "serialNumber": "",
        "systemMacAddress": "02:42:ac:2a:8f:7d",
        "uptime": 19298.83,
        "version": "4.21.10M"
    }
}

JSON は キーをたどると値を絞れます。例えば、version だけ欲しいときは result_version.stdout_lines[0]`result_version.stdout_lines[0].version にすると

TASK [debug] *********
ok: [eos1] => {
    "msg": "4.21.10M"
}

となります。

通常は・・

output: json を指定しない場合は、以下のように通常の show コマンドの実行結果形式になります。

TASK [debug] ****************************************************************
ok: [eos1] => {
    "msg": [
        "cEOSLab",
        "Hardware version:    ",
        "Serial number:       ",
        "System MAC address:  0242.ac2a.8f7d",
        "",
        "Software image version: 4.21.10M",
        "Architecture:           i386",
        "Internal build version: 4.21.10M-15347597.42110M",
        "Internal build ID:      9d960dea-a6da-424b-b373-2958c07c48c3",
        "",
        "cEOS tools version: 1.1",
        "",
        "Uptime:                 0 weeks, 0 days, 5 hours and 23 minutes",
        "Total memory:           2039264 kB",
        "Free memory:            1169228 kB"
    ]
}

おわりに

JSON のように構造化データを OS の機能で取得できるのはとても便利だと思いました。

assert がはかどります。

[Ansible] 明示的なグループに所属しないホストが暗黙的に所属する ungrouped グループ

はじめに

Ansible には、allungrouped というデフォルトで定義されたグループがあります。

all はすべてのホストが所属するグループです。

一方で、 ungrouped は、明示的なグループに所属さないホストが暗黙的に所属するグループです。

言葉では少しわかりにくいかもしれませんので、例で説明します。

  • 動作確認環境
    • Ansible 2.9.10

インベントリファイル

以下のようなインベントリファイルを想定します。

rt01
rt02

[ios]
ios01
ios02

[eos]
eos01
eos02

上記のうち、rt01rt02 はどの明示的なグループ(ioseos)にも所属していません。

この rt01rt02ungrouped に所属することになります。

確認

グループの所属関係は、ansible-inventoy コマンド--graph オプションを利用すると視覚的にわかりやすいです。(参考

$ ansible-inventory -i inventory.ini --graph

@all:
  |--@eos:
  |  |--eos01
  |  |--eos02
  |--@ios:
  |  |--ios01
  |  |--ios02
  |--@ungrouped:
  |  |--rt01
  |  |--rt02

ungrouped グループに、rt01rt02 が所属していることが分かります。また、ungrouped グループは all グループに所属しています。

Playbook 内でも ungrouped グループをターゲットにできます。

---
- hosts: ungrouped
  gather_facts: false

  tasks:
    - name: debug
      debug:
        msg: "{{ inventory_hostname }} in ungrouped"

実行すると、rt01rt02 を対象に実行されます。

$ ansible-playbook -i inventory.ini ungrouped.yml 

PLAY [ungrouped] *************************************************************************************************

TASK [debug] *****************************************************************************************************
ok: [rt02] => {
    "msg": "rt02 in ungrouped"
}
ok: [rt01] => {
    "msg": "rt01 in ungrouped"
}

PLAY RECAP *******************************************************************************************************
rt01                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
rt02                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

GitLab の WebIDE が開かないときの対処(external_url の修正)

はじめに

GitLab には、Web ブラウザ上でファイルの修正などができる WebIDE という機能があります。

先日、WebIDE を開くためのボタンを押してもガワだけ表示されて、中身が表示されないような現象で出くわしました。

この記事では、現象と対処を簡単にまとめます。

(セルフホスト版が前提です)

現象

こんな感じです。正常であれば、左側にファイル一覧が表示されます。

f:id:akira6592:20200628125618p:plain
ローディング中のような画面のまま

原因

Developer tool を開いたら、GitLab サーバーと異なる IPアドレスリポジトリの内容を取得しようとしてる様子が見えました。

f:id:akira6592:20200628125802p:plain
それらしい内容を別の IP アドレスにリクエス

ここで思い出したのですが、このサーバーは GitLab インストールの IP アドレスから変更されてたのでした。 そのため、/etc/gitlab/gitlab.rbexternal_url が GitLab インストール時の IP アドレスのままで、その IPアドレスにアクセスしようとしてる様子でした。

リポジトリ画面で、Clone 時のURLを表示するときに external_url のアドレスが利用されるのと同じ事情のようです。

f:id:akira6592:20200628125855p:plain
こうなる事情と同じ

対処

EIP をつけないままの場合の暫定対処ですが、external_url を現在の IP アドレスに修正することにしました。

/etc/gitlab/gitlab.rb

external_url 'http://y.y.y.151'

設定を反映するために reconfigure します。

$ sudo gitlab-ctl reconfigure

[Ansible] 通常時は実行せず、タグが指定されたときのみタスクを実行する

はじめに

Playbook には タグ機能があり、ansible-playbook コマンドから特定のタグを持ったタスクのみ実行できます。

タグの中には、いくつか特別なものがあります。

never タグをつけたタスクは、通常時は無視されます。他のタグをあわせて付けると、そのタグが指定されると実行されます。

この性質を利用すると「普段は実行したくないが、特定のタグをしていたときのみ実行する」といったこごができます。

この記事では簡単なサンプルをご紹介します。

  • 動作確認環境
    • Ansible 2.9.10

これの詳細です。

サンプル Playbook

---
- hosts: localhost
  gather_facts: false


  tasks:
    - name: special task 
      debug:
        msg: special task
      tags:
        - never    # このタグにより通常時はこのタスクは実行されない
        - special

    - name:
      debug:
        msg: normal task

タグ指定なしで実行

ansible-playbook コマンドで特にタグの指定をせずに実行する場合です。

$ ansible-playbook -i localhost, tagtest.yml 

PLAY [localhost] *************************************************************************

TASK [normal task] *****************************************************************************
ok: [localhost] => {
    "msg": "normal task"
}

PLAY RECAP *******************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  

never タグが付いた special task が実行されなかったことが分かります。

タグ指定で実行

今度は -t special でタグを指定して実行します。

$ ansible-playbook -i localhost, tagtest.yml -t special

PLAY [localhost] *************************************************************************

TASK [special task] **********************************************************************
ok: [localhost] => {
    "msg": "special task"
}

PLAY RECAP *******************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

special タグがついたタスクが実行されました。

normarl taskspecial タグが指定されていないため実行されませんでした。

おわりに

never のような特別なタグの挙動が知られていない可能性もありますので、コメントで説明を書きておくと親切だと思います。

[Ansible] 「つまずき Ansible 【Part8】Collection を使う」ふりかえり

はじめに

2020/06/27 に、YouTube Live で「つまずき Ansible 【Part8】Collection を使う」という配信をしました。 実際に作業しながらエラーと戦って進めるシリーズです。

tekunabe.connpass.com

今回は、Collectionのインストールと、Collection のモジュールを利用した Plaubook の実行をためしました。 つまずいたエラーと原因、対処をふりかえります。

ただし今回は Collection とは直接関係ないものであり、かつ明確な原因もわかりませんでした。

動画

youtu.be


■ その前に: Collection とは? (一部 Part7 と重複)

Collection とは

  • モジュール、プラグイン、ロールなどを含む新しい配布形式
  • Ansible 本体とは別に開発が進められる
  • コミュニティとしては Ansible Galaxy 経由で配布される
  • Ansible 2.10 では、今まで標準で含まれていた多くのモジュールが Collection に移行
    • pip install ansible-base では、標準の68個のモジュールのみ
    • pip install ansible では、上記に加え、今までのモジュールが Collection 経由で一緒にインストール

名前空間

参考情報


やったこと

pip install ansible-base==2.10.0b0 でインストール済み

準備

  • cisco.ios をインストール
    • ansible-galaxy collection install コレクション名
  • どこにインストールされた?
    • ~/.ansible/collections/
      • 設定 COLLECTIONS_PATHS のデフォルト
  • インストールされた一覧の確認方法
    • ansible-galaxy collection list (Ansible 2.10)
  • いっぺんにいろいろインストールする
    • requirements.yml を利用
  • ansilbe-doc で確認

Playbook

cisco.ios.ios_acls を利用した ACL の設定 Playbook。

一応、FQCN で指定。

---
  - hosts: rt01
    gather_facts: false
  
    tasks:
      - name: set acl
        cisco.ios.ios_acls:
          config:
            - afi: ipv4
              acls:
                - name: test_acl
                  acl_type: extended
                  aces:
                    - grant: permit
                      sequence: 10
                      protocol: tcp
                      protocol_options:
                        tcp:
                          ack: true
                      source:
                        address: 10.0.0.0
                        wildcard_bits: 0.0.0.255
                      destination:
                        address: 172.16.1.0
                        wildcard_bits: 0.0.0.255
                        port_protocol:
                          eq: www
                    - grant: deny
                      sequence: 90
                      protocol: ip
                      source:
                        any: true
                      destination:
                        any: true
          state: merged
        register: res
  
      - name: debug
        debug:
          msg: "{{ res }}"


■ debug でのエラー

ios_acls モジュール実行結果の変数を debug モジュールで表示時に connection 系のエラー

debug タスクで、以下のエラー。

fatal: [rt01]: FAILED! => {"msg": "Traceback (most recent call last):\n File \"/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/module_utils/connection.py\", line 202, in send\n response = recv_data(sf)\n File \"/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/module_utils/connection.py\", line 76, in recv_data\n d = s.recv(header_len - len(data))\nConnectionResetError: [Errno 104] Connection reset by peer\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/home/vagrant/envs/a210/bin/ansible-connection\", line 342, in \n main()\n File \"/home/vagrant/envs/a210/bin/ansible-connection\", line 305, in main\n conn.set_options(var_options=variables)\n File \"/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/module_utils/connection.py\", line 186, in rpc\n response = self.exec_jsonrpc(name, *args, **kwargs)\n File \"/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/module_utils/connection.py\", line 152, in exec_jsonrpc\n out = self.send(data)\n File \"/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/module_utils/connection.py\", line 209, in send\n err=to_text(e, errors='surrogate_then_replace'), exception=traceback.format_exc()\nansible.module_utils.connection.ConnectionError: unable to connect to socket /home/vagrant/.ansible/pc/e0f315e513. See the socket path issue category in Network Debug and Troubleshooting Guide\n"}

原因

不明。 PCが重く、処理に時間がかかっていたが、debug モジュールはネットワーク機器に接続しにいかないはずなので、ConnectionResetError になるのは解せず。

対処

(なすすべ無し・・。再度実行したら正常となった。)


おまけ

閲覧したサイト

全実行ログ

クリックして開く(長いです)

(a210) [vagrant@stumble stumble]$ ansible-galaxy collection instal cisco.ios
usage: ansible-galaxy collection [-h] COLLECTION_ACTION ...
ansible-galaxy collection: error: argument COLLECTION_ACTION: invalid choice: 'instal' (choose from 'download', 'init', 'build', 'publish', 'install', 'list', 'verify')
 
usage: ansible-galaxy [-h] [--version] [-v] TYPE ...

Perform various Role and Collection related operations.

positional arguments:
  TYPE
    collection   Manage an Ansible Galaxy collection.
    role         Manage an Ansible Galaxy role.

optional arguments:
  --version      show program's version number, config file location,
                 configured module search path, module location, executable
                 location and exit
  -h, --help     show this help message and exit
  -v, --verbose  verbose mode (-vvv for more, -vvvv to enable connection
                 debugging)
 (a210) [vagrant@stumble stumble]$ ansible-galaxy collection install cisco.ios
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Installing 'cisco.ios:1.0.0' to '/home/vagrant/.ansible/collections/ansible_collections/cisco/ios'
Installing 'ansible.netcommon:1.0.0' to '/home/vagrant/.ansible/collections/ansible_collections/ansible/netcommon'
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ ansible-doc cisco.ios
^C [ERROR]: User interrupted execution
(a210) [vagrant@stumble stumble]$ ansible-doc ios_config
> IOS_CONFIG    (/home/vagrant/.ansible/collections/ansible_collections/cisco/ios/plugins/modules/ios_config.py)

        Cisco IOS configurations use a simple block indent file syntax for segmenting configuration into sections.  This module provides an implementation
        for working with IOS configuration sections in a deterministic way.

OPTIONS (= is mandatory):

- after
        The ordered set of commands to append to the end of the command stack if a change needs to be made.  Just like with `before' this allows the
        playbook designer to append a set of commands to be executed after the command set.
        [Default: (null)]

- backup
        This argument will cause the module to create a full backup of the current `running-config' from the remote device before any changes are made. If
        the `backup_options' value is not given, the backup file is written to the `backup' folder in the playbook root directory or role root directory,
        if playbook is part of an ansible role. If the directory does not exist, it is created.
        [Default: False]
        type: bool

- backup_options
        This is a dict object containing configurable options related to backup file path. The value of this option is read only when `backup' is set to
        `yes', if `backup' is set to `no' this option will be silently ignored.
        [Default: (null)]
        type: dict

(a210) [vagrant@stumble stumble]$ ansible-doc ios_acls
> IOS_ACLS    (/home/vagrant/.ansible/collections/ansible_collections/cisco/ios/plugins/modules/ios_acls.py)

        This module configures and manages the named or numbered ACLs on IOS platforms.

OPTIONS (= is mandatory):

- config
        A dictionary of ACL options.
        [Default: (null)]
        elements: dict
        type: list

        SUBOPTIONS:

        - acls
            A list of Access Control Lists (ACL).
            [Default: (null)]
            elements: dict
            type: list

            SUBOPTIONS:

            - aces
                The entries within the ACL.
                [Default: (null)]
                elements: dict
                type: list

                SUBOPTIONS:

                - destination
                    Specify the packet destination.
                    [Default: (null)]
                    type: dict

                    SUBOPTIONS:

                    - address
                        Host address to match, or any single host address.
                        [Default: (null)]
                        type: str

                    - any
                        Match any source address.
                        [Default: (null)]
                        type: bool

                    - host
                        A single destination host
                        [Default: (null)]
                        type: str

                    - port_protocol
                        Specify the destination port along with protocol.
                        Note, Valid with TCP/UDP protocol_options
                        [Default: (null)]
                        type: dict

                        SUBOPTIONS:

                        - eq
                            Match only packets on a given port number.
                            [Default: (null)]
                            type: str

                        - gt
                            Match only packets with a greater port number.
                            [Default: (null)]
                            type: str

                        - lt
                            Match only packets with a lower port number.
                            [Default: (null)]
                            type: str

                        - neq
                            Match only packets not on a given port number.
                            [Default: (null)]
                            type: str

                        - range
                            Port group.
                            [Default: (null)]
                            type: dict

                            SUBOPTIONS:

                            - end
                                Specify the end of the port range.
                                [Default: (null)]
                                type: int

                            - start
                                Specify the start of the port range.
                                [Default: (null)]
                                type: int

                    - wildcard_bits
                        Destination wildcard bits, valid with IPV4 address.
                        [Default: (null)]
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ deactivate 
[vagrant@stumble stumble]$ 
[vagrant@stumble stumble]$ 
(reverse-i-search)`sou': ^Curce ~/envs/a210/bin/activate
[vagrant@stumble stumble]$ 
[vagrant@stumble stumble]$ 
[vagrant@stumble stumble]$ python -m venv ~/a29
/usr/bin/python: No module named venv
[vagrant@stumble stumble]$ python3 -m venv ~/a29
[vagrant@stumble stumble]$ source ~/a29/bin/activate
(a29) [vagrant@stumble stumble]$ 
(a29) [vagrant@stumble stumble]$ pip install ansible
Collecting ansible
  Downloading https://files.pythonhosted.org/packages/03/4f/cccab1ec2e0ecb05120184088e00404b38854809cf35aa76889406fbcbad/ansible-2.9.10.tar.gz (14.2MB)
    100% |████████████████████████████████| 14.2MB 101kB/s 
Collecting jinja2 (from ansible)
  Using cached https://files.pythonhosted.org/packages/30/9e/f663a2aa66a09d838042ae1a2c5659828bb9b41ea3a6efa20a20fd92b121/Jinja2-2.11.2-py2.py3-none-any.whl
Collecting PyYAML (from ansible)
  Using cached https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz
Collecting cryptography (from ansible)
  Using cached https://files.pythonhosted.org/packages/58/95/f1282ca55649b60afcf617e1e2ca384a2a3e7a5cf91f724cf83c8fbe76a1/cryptography-2.9.2-cp35-abi3-manylinux1_x86_64.whl
Collecting MarkupSafe>=0.23 (from jinja2->ansible)
  Using cached https://files.pythonhosted.org/packages/b2/5f/23e0023be6bb885d00ffbefad2942bc51a620328ee910f64abe5a8d18dd1/MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl
Collecting six>=1.4.1 (from cryptography->ansible)
  Using cached https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl
Collecting cffi!=1.11.3,>=1.8 (from cryptography->ansible)
  Using cached https://files.pythonhosted.org/packages/f1/c7/72abda280893609e1ddfff90f8064568bd8bcb2c1770a9d5bb5edb2d1fea/cffi-1.14.0-cp36-cp36m-manylinux1_x86_64.whl
Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->ansible)
  Using cached https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl
Installing collected packages: MarkupSafe, jinja2, PyYAML, six, pycparser, cffi, cryptography, ansible
  Running setup.py install for PyYAML ... done
  Running setup.py install for ansible ... done
Successfully installed MarkupSafe-1.1.1 PyYAML-5.3.1 ansible-2.9.10 cffi-1.14.0 cryptography-2.9.2 jinja2-2.11.2 pycparser-2.20 six-1.15.0
You are using pip version 9.0.3, however version 20.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
(a29) [vagrant@stumble stumble]$ pip install paramiko
Collecting paramiko
  Using cached https://files.pythonhosted.org/packages/06/1e/1e08baaaf6c3d3df1459fd85f0e7d2d6aa916f33958f151ee1ecc9800971/paramiko-2.7.1-py2.py3-none-any.whl
Collecting bcrypt>=3.1.3 (from paramiko)
  Using cached https://files.pythonhosted.org/packages/8b/1d/82826443777dd4a624e38a08957b975e75df859b381ae302cfd7a30783ed/bcrypt-3.1.7-cp34-abi3-manylinux1_x86_64.whl
Requirement already satisfied: cryptography>=2.5 in /home/vagrant/a29/lib/python3.6/site-packages (from paramiko)
Collecting pynacl>=1.0.1 (from paramiko)
  Using cached https://files.pythonhosted.org/packages/9d/57/2f5e6226a674b2bcb6db531e8b383079b678df5b10cdaa610d6cf20d77ba/PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl
Requirement already satisfied: cffi>=1.1 in /home/vagrant/a29/lib/python3.6/site-packages (from bcrypt>=3.1.3->paramiko)
Requirement already satisfied: six>=1.4.1 in /home/vagrant/a29/lib/python3.6/site-packages (from bcrypt>=3.1.3->paramiko)
Requirement already satisfied: pycparser in /home/vagrant/a29/lib/python3.6/site-packages (from cffi>=1.1->bcrypt>=3.1.3->paramiko)
Installing collected packages: bcrypt, pynacl, paramiko
Successfully installed bcrypt-3.1.7 paramiko-2.7.1 pynacl-1.4.0
You are using pip version 9.0.3, however version 20.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
(a29) [vagrant@stumble stumble]$ 
(a29) [vagrant@stumble stumble]$ 
(a29) [vagrant@stumble stumble]$ 
(a29) [vagrant@stumble stumble]$ ansible-doc ios_config
> IOS_CONFIG    (/home/vagrant/a29/lib64/python3.6/site-packages/ansible/modules/network/ios/ios_config.py)

        Cisco IOS configurations use a simple block indent file syntax for segmenting configuration into sections.  This module provides an implementation
        for working with IOS configuration sections in a deterministic way.

  * This module is maintained by The Ansible Network Team
OPTIONS (= is mandatory):

- after
        The ordered set of commands to append to the end of the command stack if a change needs to be made.  Just like with `before' this allows the
        playbook designer to append a set of commands to be executed after the command set.
        [Default: (null)]

- auth_pass
        *Deprecated*
        Starting with Ansible 2.5 we recommend using `connection: network_cli' and `become: yes' with `become_pass'.
        For more information please see the L(IOS Platform Options guide, ../network/user_guide/platform_ios.html).
        HORIZONTALLINE
        Specifies the password to use if required to enter privileged mode on the remote device.  If `authorize' is false, then this argument does
        nothing. If the value is not specified in the task, the value of environment variable `ANSIBLE_NET_AUTH_PASS' will be used instead.
        [Default: (null)]
        type: str

- authorize
        *Deprecated*
(a29) [vagrant@stumble stumble]$ ansible-doc ios_acls
[WARNING]: module ios_acls not found in: /home/vagrant/.ansible/plugins/modules:/usr/share/ansible/plugins/modules:/home/vagrant/a29/lib64/python3.6/site-packages/ansible/modules
(a29) [vagrant@stumble stumble]$ 
(a29) [vagrant@stumble stumble]$ 
(a29) [vagrant@stumble stumble]$ 
(a29) [vagrant@stumble stumble]$ 
(a29) [vagrant@stumble stumble]$ 
(a29) [vagrant@stumble stumble]$ 
(a29) [vagrant@stumble stumble]$ ansible-playbook -i 
ansible.cfg     eos_set.yml     export/         inventory.ini   ios_set.yml     junos_set.yml   memo/           
collections/    eos_show.yml    group_vars/     ios_acls.yml    ios_show.yml    junos_show.yml  server.yml      
(a29) [vagrant@stumble stumble]$ ansible-playbook -i 
ansible.cfg     eos_set.yml     export/         inventory.ini   ios_set.yml     junos_set.yml   memo/           
collections/    eos_show.yml    group_vars/     ios_acls.yml    ios_show.yml    junos_show.yml  server.yml      
(a29) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_acls.yml 

PLAY [rt01] *************************************************************************************************************************************************************************************

TASK [merge acl] ********************************************************************************************************************************************************************************
changed: [rt01]

TASK [gather acl] *******************************************************************************************************************************************************************************
ok: [rt01]

PLAY RECAP **************************************************************************************************************************************************************************************
rt01                       : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

(a29) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_acls
ERROR! the playbook: ios_acls could not be found
(a29) [vagrant@stumble stumble]$ ^C
(a29) [vagrant@stumble stumble]$ ansible-doc ios_acls
[WARNING]: module ios_acls not found in: /home/vagrant/.ansible/plugins/modules:/usr/share/ansible/plugins/modules:/home/vagrant/a29/lib64/python3.6/site-packages/ansible/modules
(reverse-i-search)`': ^C
(a29) [vagrant@stumble stumble]$ deactivate 
[vagrant@stumble stumble]$ 
[vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ ansible --version
ansible 2.10.0b1
  config file = /vagrant/stumble/ansible.cfg
  configured module search path = ['/home/vagrant/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible
  executable location = /home/vagrant/envs/a210/bin/ansible
  python version = 3.6.8 (default, Apr  2 2020, 13:34:55) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
(a210) [vagrant@stumble stumble]$ ansible-doc -l | wc -l
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ ansible-galaxy collections list
usage: ansible-galaxy role [-h] ROLE_ACTION ...
ansible-galaxy role: error: argument ROLE_ACTION: invalid choice: 'collections' (choose from 'init', 'remove', 'delete', 'list', 'search', 'import', 'setup', 'login', 'info', 'install')
 
usage: ansible-galaxy [-h] [--version] [-v] TYPE ...

Perform various Role and Collection related operations.

positional arguments:
  TYPE
    collection   Manage an Ansible Galaxy collection.
    role         Manage an Ansible Galaxy role.

optional arguments:
  --version      show program's version number, config file location,
                 configured module search path, module location, executable
                 location and exit
  -h, --help     show this help message and exit
  -v, --verbose  verbose mode (-vvv for more, -vvvv to enable connection
                 debugging)
 (a210) [vagrant@stumble stumble]$ ansible-galaxy colleciton list
usage: ansible-galaxy role [-h] ROLE_ACTION ...
ansible-galaxy role: error: argument ROLE_ACTION: invalid choice: 'colleciton' (choose from 'init', 'remove', 'delete', 'list', 'search', 'import', 'setup', 'login', 'info', 'install')
 
usage: ansible-galaxy [-h] [--version] [-v] TYPE ...

Perform various Role and Collection related operations.

positional arguments:
  TYPE
    collection   Manage an Ansible Galaxy collection.
    role         Manage an Ansible Galaxy role.

optional arguments:
  --version      show program's version number, config file location,
                 configured module search path, module location, executable
                 location and exit
  -h, --help     show this help message and exit
  -v, --verbose  verbose mode (-vvv for more, -vvvv to enable connection
                 debugging)
 (a210) [vagrant@stumble stumble]$ ansible-galaxy collection list

# /home/vagrant/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
ansible.netcommon 1.0.0  
cisco.ios         1.0.0  
(a210) [vagrant@stumble stumble]$ vi requirements.yml
(a210) [vagrant@stumble stumble]$ ansible-galaxy collection -r requirements.yml 
usage: ansible-galaxy collection [-h] COLLECTION_ACTION ...
ansible-galaxy collection: error: argument COLLECTION_ACTION: invalid choice: 'requirements.yml' (choose from 'download', 'init', 'build', 'publish', 'install', 'list', 'verify')
 
usage: ansible-galaxy [-h] [--version] [-v] TYPE ...

Perform various Role and Collection related operations.

positional arguments:
  TYPE
    collection   Manage an Ansible Galaxy collection.
    role         Manage an Ansible Galaxy role.
(a210) [vagrant@stumble stumble]$ ansible-galaxy collection list

# /home/vagrant/.ansible/collections/ansible_collections
Collection            Version
--------------------- -------
ansible.netcommon     1.0.0  
arista.eos            1.0.0  
cisco.ios             1.0.0  
junipernetworks.junos 1.0.0  
(a210) [vagrant@stumble stumble]$ ansible-doc ios_acls
> IOS_ACLS    (/home/vagrant/.ansible/collections/ansible_collections/cisco/ios/plugins/modules/ios_acls.py)

        This module configures and manages the named or numbered ACLs on IOS
        platforms.

OPTIONS (= is mandatory):

- config
        A dictionary of ACL options.
        [Default: (null)]
        elements: dict
        type: list

        SUBOPTIONS:

        - acls
            A list of Access Control Lists (ACL).
            [Default: (null)]
            elements: dict
            type: list

            SUBOPTIONS:

            - aces
                The entries within the ACL.
                [Default: (null)]
                elements: dict
                type: list

                SUBOPTIONS:

                - destination
                    Specify the packet destination.
                    [Default: (null)]
                    type: dict

                    SUBOPTIONS:

                    - address
                        Host address to match, or any single host address.
                        [Default: (null)]
                        type: str

                    - any
                        Match any source address.
                        [Default: (null)]
                        type: bool

                    - host
                        A single destination host
                        [Default: (null)]
                        type: str

                    - port_protocol
                        Specify the destination port along with protocol.
                        Note, Valid with TCP/UDP protocol_options
                        [Default: (null)]
                        type: dict

                        SUBOPTIONS:

                        - eq
                            Match only packets on a given port number.
                            [Default: (null)]
                            type: str

                        - gt
                            Match only packets with a greater port number.
                            [Default: (null)]
                            type: str

                        - lt
                            Match only packets with a lower port number.
                            [Default: (null)]
                            type: str

                        - neq
                            Match only packets not on a given port number.
                            [Default: (null)]
                            type: str

                        - range
                            Port group.
                            [Default: (null)]
                            type: dict

                            SUBOPTIONS:

                            - end
                                Specify the end of the port range.
                                [Default: (null)]
                                type: int

                            - start
                                Specify the start of the port range.
                                [Default: (null)]
                                type: int

                    - wildcard_bits
                        Destination wildcard bits, valid with IPV4 address.
                        [Default: (null)]
                        type: str

                - dscp
                    Match packets with given dscp value.
                    [Default: (null)]
                    type: str

                - fragments
                    Check non-initial fragments.
                    [Default: (null)]
                    type: str

                - grant
                    Specify the action.
                    (Choices: permit, deny)[Default: (null)]
                    type: str

                - log
                    Log matches against this entry.
                    [Default: (null)]
                    type: str

                - log_input
                    Log matches against this entry, including input interface.
                    [Default: (null)]
                    type: str

                - option
                    Match packets with given IP Options value.
                    Valid only for named acls.
                    [Default: (null)]
                    type: dict

                    SUBOPTIONS:

                    - add_ext
                        Match packets with Address Extension Option (147).
                        [Default: (null)]
                        type: bool

                    - any_options
                        Match packets with ANY Option.
                        [Default: (null)]
                        type: bool

                    - com_security
                        Match packets with Commercial Security Option (134).
                        [Default: (null)]
                        type: bool

                    - dps
                        Match packets with Dynamic Packet State Option (151).
                        [Default: (null)]
                        type: bool

                    - encode
                        Match packets with Encode Option (15).
                        [Default: (null)]
                        type: bool

                    - eool
                        Match packets with End of Options (0).
                        [Default: (null)]
                        type: bool

                    - ext_ip
                        Match packets with Extended IP Option (145).
                        [Default: (null)]
                        type: bool

                    - ext_security
                        Match packets with Extended Security Option (133).
                        [Default: (null)]
                        type: bool

                    - finn
                        Match packets with Experimental Flow Control Option
                        (205).
                        [Default: (null)]
                        type: bool

                    - imitd
                        Match packets with IMI Traffic Desriptor Option (144).
                        [Default: (null)]
                        type: bool

                    - lsr
                        Match packets with Loose Source Route Option (131).
                        [Default: (null)]
                        type: bool

                    - mtup
                        Match packets with MTU Probe Option (11).
                        [Default: (null)]
                        type: bool

                    - mtur
                        Match packets with MTU Reply Option (12).
                        [Default: (null)]
                        type: bool

                    - no_op
                        Match packets with No Operation Option (1).
                        [Default: (null)]
                        type: bool

                    - nsapa
                        Match packets with NSAP Addresses Option (150).
                        [Default: (null)]
                        type: bool

                    - record_route
                        Match packets with Record Route Option (7).
                        [Default: (null)]
                        type: bool

                    - router_alert
                        Match packets with Router Alert Option (148).
                        [Default: (null)]
                        type: bool

                    - sdb
                        Match packets with Selective Directed Broadcast Option
                        (149).
                        [Default: (null)]
                        type: bool

                    - security
                        Match packets with Basic Security Option (130).
                        [Default: (null)]
                        type: bool

                    - ssr
                        Match packets with Strict Source Routing Option (137).
                        [Default: (null)]
                        type: bool

                    - stream_id
                        Match packets with Stream ID Option (136).
                        [Default: (null)]
                        type: bool

                    - timestamp
                        Match packets with Time Stamp Option (68).
                        [Default: (null)]
                        type: bool

                    - traceroute
                        Match packets with Trace Route Option (82).
                        [Default: (null)]
                        type: bool

                    - ump
                        Match packets with Upstream Multicast Packet Option
                        (152).
                        [Default: (null)]
                        type: bool

                    - visa
                        Match packets with Experimental Access Control Option
                        (142).
                        [Default: (null)]
                        type: bool

                    - zsu
                        Match packets with Experimental Measurement Option (10).
                        [Default: (null)]
                        type: bool

                - precedence
                    Match packets with given precedence value.
                    [Default: (null)]
                    type: int

                - protocol
                    Specify the protocol to match.
                    Refer to vendor documentation for valid values.
                    [Default: (null)]
                    type: str

                - protocol_options
                    protocol type.
                    [Default: (null)]
                    type: dict

                    SUBOPTIONS:

                    - ahp
                        Authentication Header Protocol.
                        [Default: (null)]
                        type: bool

                    - eigrp
                        Cisco's EIGRP routing protocol.
                        [Default: (null)]
                        type: bool

                    - esp
                        Encapsulation Security Payload.
                        [Default: (null)]
                        type: bool

                    - gre
                        Cisco's GRE tunneling.
                        [Default: (null)]
                        type: bool

                    - hbh
                        Hop by Hop options header. Valid for IPV6
                        [Default: (null)]
                        type: bool

                    - icmp
                        Internet Control Message Protocol.
                        [Default: (null)]
                        type: dict

                        SUBOPTIONS:

                        - administratively_prohibited
                            Administratively prohibited
                            [Default: (null)]
                            type: bool

                        - alternate_address
                            Alternate address
                            [Default: (null)]
                            type: bool

                        - conversion_error
                            Datagram conversion
                            [Default: (null)]
                            type: bool

                        - dod_host_prohibited
                            Host prohibited
                            [Default: (null)]
                            type: bool

                        - dod_net_prohibited
                            Net prohibited
                            [Default: (null)]
                            type: bool

                        - echo
                            Echo (ping)
                            [Default: (null)]
                            type: bool

                        - echo_reply
                            Echo reply
                            [Default: (null)]
                            type: bool

                        - general_parameter_problem
                            Parameter problem
                            [Default: (null)]
                            type: bool

                        - host_isolated
                            Host isolated
                            [Default: (null)]
                            type: bool

                        - host_precedence_unreachable
                            Host unreachable for precedence
                            [Default: (null)]
                            type: bool

                        - host_redirect
                            Host redirect
                            [Default: (null)]
                            type: bool

                        - host_tos_redirect
                            Host redirect for TOS
                            [Default: (null)]
                            type: bool

                        - host_tos_unreachable
                            Host unreachable for TOS
                            [Default: (null)]
                            type: bool

                        - host_unknown
                            Host unknown
                            [Default: (null)]
                            type: bool

                        - host_unreachable
                            Host unreachable
                            [Default: (null)]
                            type: bool

                        - information_reply
                            Information replies
                            [Default: (null)]
                            type: bool

                        - information_request
                            Information requests
                            [Default: (null)]
                            type: bool

                        - mask_reply
                            Mask replies
                            [Default: (null)]
                            type: bool

                        - mask_request
                            mask_request
                            [Default: (null)]
                            type: bool

                        - mobile_redirect
                            Mobile host redirect
                            [Default: (null)]
                            type: bool

                        - net_redirect
                            Network redirect
                            [Default: (null)]
                            type: bool

                        - net_tos_redirect
                            Net redirect for TOS
                            [Default: (null)]
                            type: bool

                        - net_tos_unreachable
                            Network unreachable for TOS
                            [Default: (null)]
                            type: bool

                        - net_unreachable
                            Net unreachable
                            [Default: (null)]
                            type: bool

                        - network_unknown
                            Network unknown
                            [Default: (null)]
                            type: bool

                        - no_room_for_option
                            Parameter required but no room
                            [Default: (null)]
                            type: bool

                        - option_missing
                            Parameter required but not present
                            [Default: (null)]
                            type: bool

                        - packet_too_big
                            Fragmentation needed and DF set
                            [Default: (null)]
                            type: bool

                        - parameter_problem
                            All parameter problems
                            [Default: (null)]
                            type: bool

                        - port_unreachable
                            Port unreachable
                            [Default: (null)]
                            type: bool

                        - precedence_unreachable
                            Precedence cutoff
                            [Default: (null)]
                            type: bool

                        - protocol_unreachable
                            Protocol unreachable
                            [Default: (null)]
                            type: bool

                        - reassembly_timeout
                            Reassembly timeout
                            [Default: (null)]
                            type: bool

                        - redirect
                            All redirects
                            [Default: (null)]
                            type: bool

                        - router_advertisement
                            Router discovery advertisements
                            [Default: (null)]
                            type: bool

                        - router_solicitation
                            Router discovery solicitations
                            [Default: (null)]
                            type: bool

                        - source_quench
                            Source quenches
                            [Default: (null)]
                            type: bool

                        - source_route_failed
                            Source route failed
                            [Default: (null)]
                            type: bool

                        - time_exceeded
                            All time exceededs
                            [Default: (null)]
                            type: bool

                        - timestamp_reply
                            Timestamp replies
                            [Default: (null)]
                            type: bool

                        - timestamp_request
                            Timestamp requests
                            [Default: (null)]
                            type: bool

                        - traceroute
                            Traceroute
                            [Default: (null)]
                            type: bool

                        - ttl_exceeded
                            TTL exceeded
                            [Default: (null)]
                            type: bool

                        - unreachable
                            All unreachables
                            [Default: (null)]
                            type: bool

                    - igmp
                        Internet Gateway Message Protocol.
                        [Default: (null)]
                        type: dict

                        SUBOPTIONS:

                        - dvmrp
                            Distance Vector Multicast Routing Protocol(2)
                            [Default: (null)]
                            type: bool

                        - host_query
                            IGMP Membership Query(0)
                            [Default: (null)]
                            type: bool

                        - mtrace_resp
                            Multicast Traceroute Response(7)
                            [Default: (null)]
                            type: bool

                        - mtrace_route
                            Multicast Traceroute(8)
                            [Default: (null)]
                            type: bool

                        - pim
                            Protocol Independent Multicast(3)
                            [Default: (null)]
                            type: bool

                        - trace
                            Multicast trace(4)
                            [Default: (null)]
                            type: bool

                        - v1host_report
                            IGMPv1 Membership Report(1)
                            [Default: (null)]
                            type: bool

                        - v2host_report
                            IGMPv2 Membership Report(5)
                            [Default: (null)]
                            type: bool

                        - v2leave_group
                            IGMPv2 Leave Group(6)
                            [Default: (null)]
                            type: bool

                        - v3host_report
                            IGMPv3 Membership Report(9)
                            [Default: (null)]
                            type: bool

                    - ip
                        Any Internet Protocol.
                        [Default: (null)]
                        type: bool

                    - ipinip
                        IP in IP tunneling.
                        [Default: (null)]
                        type: bool

                    - ipv6
                        Any IPv6.
                        [Default: (null)]
                        type: bool

                    - nos
                        KA9Q NOS compatible IP over IP tunneling.
                        [Default: (null)]
                        type: bool

                    - ospf
                        OSPF routing protocol.
                        [Default: (null)]
                        type: bool

                    - pcp
                        Payload Compression Protocol.
                        [Default: (null)]
                        type: bool

                    - pim
                        Protocol Independent Multicast.
                        [Default: (null)]
                        type: bool

                    - protocol_number
                        An IP protocol number
                        [Default: (null)]
                        type: int

                    - sctp
                        Stream Control Transmission Protocol.
                        [Default: (null)]
                        type: bool

                    - tcp
                        Match TCP packet flags
                        [Default: (null)]
                        type: dict

                        SUBOPTIONS:

                        - ack
                            Match on the ACK bit
                            [Default: (null)]
                            type: bool

                        - established
                            Match established connections
                            [Default: (null)]
                            type: bool

                        - fin
                            Match on the FIN bit
                            [Default: (null)]
                            type: bool

                        - psh
                            Match on the PSH bit
                            [Default: (null)]
                            type: bool

                        - rst
                            Match on the RST bit
                            [Default: (null)]
                            type: bool

                        - syn
                            Match on the SYN bit
                            [Default: (null)]
                            type: bool

                        - urg
                            Match on the URG bit
                            [Default: (null)]
                            type: bool

                    - udp
                        User Datagram Protocol.
                        [Default: (null)]
                        type: bool

                - sequence
                    Sequence Number for the Access Control Entry(ACE).
                    Refer to vendor documentation for valid values.
                    [Default: (null)]
                    type: int

                - source
                    Specify the packet source.
                    [Default: (null)]
                    type: dict

                    SUBOPTIONS:

                    - address
                        Source network address.
                        [Default: (null)]
                        type: str

                    - any
                        Match any source address.
                        [Default: (null)]
                        type: bool

                    - host
                        A single source host
                        [Default: (null)]
                        type: str

                    - port_protocol
                        Specify the destination port along with protocol.
                        Note, Valid with TCP/UDP protocol_options
                        [Default: (null)]
                        type: dict

                        SUBOPTIONS:

                        - eq
                            Match only packets on a given port number.
                            [Default: (null)]
                            type: str

                        - gt
                            Match only packets with a greater port number.
                            [Default: (null)]
                            type: str

                        - lt
                            Match only packets with a lower port number.
                            [Default: (null)]
                            type: str

                        - neq
                            Match only packets not on a given port number.
                            [Default: (null)]
                            type: str

                        - range
                            Port group.
                            [Default: (null)]
                            type: dict

                            SUBOPTIONS:

                            - end
                                Specify the end of the port range.
                                [Default: (null)]
                                type: int

                            - start
                                Specify the start of the port range.
                                [Default: (null)]
                                type: int

                    - wildcard_bits
                        Destination wildcard bits, valid with IPV4 address.
                        [Default: (null)]
                        type: str

                - time_range
                    Specify a time-range.
                    [Default: (null)]
                    type: str

                - tos
                    Match packets with given TOS value.
                    Note, DSCP and TOS are mutually exclusive
                    [Default: (null)]
                    type: dict

                    SUBOPTIONS:

                    - max_reliability
                        Match packets with max reliable TOS (2).
                        [Default: (null)]
                        type: bool

                    - max_throughput
                        Match packets with max throughput TOS (4).
                        [Default: (null)]
                        type: bool

                    - min_delay
                        Match packets with min delay TOS (8).
                        [Default: (null)]
                        type: bool

                    - min_monetary_cost
                        Match packets with min monetary cost TOS (1).
                        [Default: (null)]
                        type: bool

                    - normal
                        Match packets with normal TOS (0).
                        [Default: (null)]
                        type: bool

                    - service_value
                        Type of service value
                        [Default: (null)]
                        type: int

                - ttl
                    Match packets with given TTL value.
                    [Default: (null)]
                    type: dict

                    SUBOPTIONS:

                    - eq
                        Match only packets on a given TTL number.
                        [Default: (null)]
                        type: int

                    - gt
                        Match only packets with a greater TTL number.
                        [Default: (null)]
                        type: int

                    - lt
                        Match only packets with a lower TTL number.
                        [Default: (null)]
                        type: int

                    - neq
                        Match only packets not on a given TTL number.
                        [Default: (null)]
                        type: int

                    - range
                        Match only packets in the range of TTLs.
                        [Default: (null)]
                        type: dict

                        SUBOPTIONS:

                        - end
                            Specify the end of the port range.
                            [Default: (null)]
                            type: int

                        - start
                            Specify the start of the port range.
                            [Default: (null)]
                            type: int

            - acl_type
                ACL type
                Note, it's mandatory and required for Named ACL, but for
                Numbered ACL it's not mandatory.
                (Choices: extended, standard)[Default: (null)]
                type: str

            = name
                The name or the number of the ACL.

                type: str

        = afi
            The Address Family Indicator (AFI) for the Access Control Lists
            (ACL).
            (Choices: ipv4, ipv6)
            type: str

- running_config
        The module, by default, will connect to the remote device and retrieve
        the current running-config to use as a base for comparing against the
        contents of source. There are times when it is not desirable to have the
        task get the current running-config for every task in a playbook.  The
        `running_config' argument allows the implementer to pass in the
        configuration to use as the base config for comparison.
        [Default: (null)]
        type: str

- state
        The state the configuration should be left in
        The states `rendered', `gathered' and `parsed' does not perform any
        change on the device.
        The state `rendered' will transform the configuration in `config' option
        to platform specific CLI commands which will be returned in the
        `rendered' key within the result. For state `rendered' active connection
        to remote host is not required.
        The state `gathered' will fetch the running configuration from device
        and transform it into structured data in the format as per the resource
        module argspec and the value is returned in the `gathered' key within
        the result.
        The state `parsed' reads the configuration from `running_config' option
        and transforms it into JSON format as per the resource module parameters
        and the value is returned in the `parsed' key within the result. The
        value of `running_config' option should be the same format as the output
        of command `show running-config | include ip route|ipv6 route' executed
        on device. For state `parsed' active connection to remote host is not
        required.
        (Choices: merged, replaced, overridden, deleted, gathered, rendered,
        parsed)[Default: merged]
        type: str


NOTES:
      * Tested against Cisco IOSv Version 15.2 on VIRL


AUTHOR: Sumit Jaiswal (@justjais)

VERSION_ADDED_COLLECTION: cisco.ios

EXAMPLES:

# Using merged

# Before state:
# -------------
#
# vios#sh access-lists
# Extended IP access list 110
#    10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10

- name: Merge provided configuration with device configuration
  cisco.ios.ios_acls:
    config:
    - afi: ipv4
      acls:
      - name: std_acl
        acl_type: standard
        aces:
        - grant: deny
          source:
            address: 192.168.1.200
        - grant: deny
          source:
            address: 192.168.2.0
            wildcard_bits: 0.0.0.255
      - name: 110
        aces:
        - sequence: 10
          protocol_options:
            icmp:
              traceroute: true
        - grant: deny
          protocol_options:
            tcp:
              ack: true
          source:
            host: 198.51.100.0
          destination:
            host: 198.51.110.0
            port_protocol:
              eq: telnet
      - name: test
        acl_type: extended
        aces:
        - grant: deny
          protocol_options:
            tcp:
              fin: true
          source:
            address: 192.0.2.0
            wildcard_bits: 0.0.0.255
          destination:
            address: 192.0.3.0
            wildcard_bits: 0.0.0.255
            port_protocol:
              eq: www
          option:
            traceroute: true
          ttl:
            eq: 10
      - name: 123
        aces:
        - grant: deny
          protocol_options:
            tcp:
              ack: true
          source:
            address: 198.51.100.0
            wildcard_bits: 0.0.0.255
          destination:
            address: 198.51.101.0
            wildcard_bits: 0.0.0.255
            port_protocol:
              eq: telnet
          tos:
            service_value: 12
        - grant: deny
          protocol_options:
            tcp:
              ack: true
          source:
            address: 192.0.3.0
            wildcard_bits: 0.0.0.255
          destination:
            address: 192.0.4.0
            wildcard_bits: 0.0.0.255
            port_protocol:
              eq: www
          dscp: ef
          ttl:
            lt: 20
    - afi: ipv6
      acls:
      - name: R1_TRAFFIC
        aces:
        - grant: deny
          protocol_options:
            tcp:
              ack: true
          source:
            any: true
            port_protocol:
              eq: www
          destination:
            any: true
            port_protocol:
              eq: telnet
          dscp: af11
    state: merged

# Commands fired:
# ---------------
#
# - ip access-list standard std_acl
# - deny 192.168.1.200
# - deny 192.168.2.0 0.0.0.255
# - ip access-list extended 110
# - no 10
# - 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10
# - deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack
# - ip access-list extended test
# - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10
# - ip access-list extended 123
# - deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12
# - deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20
# - ipv6 access-list R1_TRAFFIC
# - deny tcp any eq www any eq telnet ack dscp af11

# After state:
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_acls.yml 

PLAY [rt01] ********************************************************************

TASK [set acl] *****************************************************************
fatal: [rt01]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "msg": "value of state must be one of: merged, replaced, overridden, deleted, gathered, rendered, parsed, got: merge"}

PLAY RECAP *********************************************************************
rt01                       : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

(a210) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_acls.yml 

PLAY [rt01] ********************************************************************

TASK [set acl] *****************************************************************
changed: [rt01]

TASK [debug] *******************************************************************
fatal: [rt01]: FAILED! => {"msg": "Traceback (most recent call last):\n  File \"/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/module_utils/connection.py\", line 202, in send\n    response = recv_data(sf)\n  File \"/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/module_utils/connection.py\", line 76, in recv_data\n    d = s.recv(header_len - len(data))\nConnectionResetError: [Errno 104] Connection reset by peer\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"/home/vagrant/envs/a210/bin/ansible-connection\", line 342, in <module>\n    main()\n  File \"/home/vagrant/envs/a210/bin/ansible-connection\", line 305, in main\n    conn.set_options(var_options=variables)\n  File \"/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/module_utils/connection.py\", line 186, in __rpc__\n    response = self._exec_jsonrpc(name, *args, **kwargs)\n  File \"/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/module_utils/connection.py\", line 152, in _exec_jsonrpc\n    out = self.send(data)\n  File \"/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/module_utils/connection.py\", line 209, in send\n    err=to_text(e, errors='surrogate_then_replace'), exception=traceback.format_exc()\nansible.module_utils.connection.ConnectionError: unable to connect to socket /home/vagrant/.ansible/pc/e0f315e513. See the socket path issue category in Network Debug and Troubleshooting Guide\n"}

PLAY RECAP *********************************************************************
rt01                       : ok=1    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

(a210) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_acls.yml 

PLAY [rt01] ******************************************************************************

TASK [set acl] ***************************************************************************
ok: [rt01]

TASK [debug] *****************************************************************************
ok: [rt01] => {
    "msg": {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        },
        "before": [
            {
                "acls": [
                    {
                        "aces": [
                            {
                                "destination": {
                                    "address": "172.16.1.0",
                                    "port_protocol": {
                                        "eq": "www"
                                    },
                                    "wildcard_bits": "0.0.0.255"
                                },
                                "grant": "permit",
                                "protocol": "tcp",
                                "protocol_options": {
                                    "tcp": {
                                        "ack": true
                                    }
                                },
                                "sequence": 10,
                                "source": {
                                    "address": "10.0.0.0",
                                    "wildcard_bits": "0.0.0.255"
                                }
                            },
                            {
                                "destination": {
                                    "any": true
                                },
                                "grant": "deny",
                                "protocol": "ip",
                                "protocol_options": {
                                    "ip": true
                                },
                                "sequence": 90,
                                "source": {
                                    "any": true
                                }
                            }
                        ],
                        "acl_type": "extended",
                        "name": "test_acl"
                    }
                ],
                "afi": "ipv4"
            }
        ],
        "changed": false,
        "commands": [],
        "failed": false
    }
}

PLAY RECAP *******************************************************************************
rt01                       : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Part9 にむけて

企画中です。ちょっと気分転換に Ansible Tower や AWX も良いかもしれません。

[Ansible] 「つまずき Ansible 【Part7】Ansible 2.10.0b1 でずっこける」ふりかえり

はじめに

2020/06/21 に、YouTube Live で「つまずき Ansible 【Part7】Ansible 2.10.0b1 でずっこける」という配信をしました。 実際に作業しながらエラーと戦って進めるシリーズです。

tekunabe.connpass.com

今回は、前日リリースされた Ansible 2.10.0b1 をインストールして、既存の Playbook が動くかどうか試しました。

※ 現時点で私が分かっている範囲での情報です。特に Collection に関しては Ansible Collections Overviewをウォッチされることをお勧めします。

つまずいたエラーと原因、対処をふりかえります。

動画

www.youtube.com


■ その前に: Ansible 2.10 とは?

次の Ansible のリリースバージョン

多くのモジュールが Collection へ移行

Collection とは

[2020/06/22 追記] pip install ansible==2.10.0a1 でインストールしたら、ansible 2.10.0b1 とともに、今までのモジュールがセットはいってきました。 正式リリース時は、単に pip install ansible で ansible 2.10.0 と今までのモジュールがインストールされるかもしれません。 今回配信の内容は、あくまでこの時点にこの手順でやったらこうなった、という程度に留めていただければと思います。


■ インストール

pip install ansible==2.10.0b0 でインストールできない

以下のエラー。

(a210) [vagrant@stumble ~]$ pip install ansible==2.10.0b1
Collecting ansible==2.10.0b1
  Could not find a version that satisfies the requirement ansible==2.10.0b1 (from versions: 1.0, 1.1, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.6, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.7, 1.7.1, 1.7.2, 1.8, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.9.0.1, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 2.0.0.0, 2.0.0.1, 2.0.0.2, 2.0.1.0, 2.0.2.0, 2.1.0.0, 2.1.1.0, 2.1.2.0, 2.1.3.0, 2.1.4.0, 2.1.5.0, 2.1.6.0, 2.2.0.0, 2.2.1.0, 2.2.2.0, 2.2.3.0, 2.3.0.0, 2.3.1.0, 2.3.2.0, 2.3.3.0, 2.4.0.0, 2.4.1.0, 2.4.2.0, 2.4.3.0, 2.4.4.0, 2.4.5.0, 2.4.6.0, 2.5.0a1, 2.5.0b1, 2.5.0b2, 2.5.0rc1, 2.5.0rc2, 2.5.0rc3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 2.5.12, 2.5.13, 2.5.14, 2.5.15, 2.6.0a1, 2.6.0a2, 2.6.0rc1, 2.6.0rc2, 2.6.0rc3, 2.6.0rc4, 2.6.0rc5, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.7.0.dev0, 2.7.0a1, 2.7.0b1, 2.7.0rc1, 2.7.0rc2, 2.7.0rc3, 2.7.0rc4, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9, 2.7.10, 2.7.11, 2.7.12, 2.7.13, 2.7.14, 2.7.15, 2.7.16, 2.7.17, 2.7.18, 2.8.0a1, 2.8.0b1, 2.8.0rc1, 2.8.0rc2, 2.8.0rc3, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.8.12, 2.9.0b1, 2.9.0rc1, 2.9.0rc2, 2.9.0rc3, 2.9.0rc4, 2.9.0rc5, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.9.9, 2.9.10, 2.10.0a1)
No matching distribution found for ansible==2.10.0b1
You are using pip version 9.0.3, however version 20.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

原因

(少なくとも現状は)ansible ではなく ansible-base をパッケージ名で指定する必要がある。

対処

以下のコマンドで ansible-base をインストール。

(a210) [vagrant@stumble ~]$ pip install ansible-base==2.10.0b1
Collecting ansible-base==2.10.0b1
  Downloading https://files.pythonhosted.org/packages/14/40/8c71ee17f6568b831463fd0de02c8ff87227776bda688def4de4da30747e/ansible-base-2.10.0b1.tar.gz (5.7MB)
    100% |████████████████████████████████| 5.7MB 76kB/s 
...(略)...
(a210) [vagrant@stumble ~]$ ansible --version
ansible 2.10.0b1
  config file = None
  configured module search path = ['/home/vagrant/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible
  executable location = /home/vagrant/envs/a210/bin/ansible
  python version = 3.6.8 (default, Apr  2 2020, 13:34:55) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]


ios_command モジュールの使用

ios_command が見つからないエラーが発生

以下のエラー。

(a210) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_show.yml
ERROR! couldn't resolve module/action 'ios_command'. This often indicates a misspelling, missing collection, or incorrect module path.

The error appears to be in '/vagrant/stumble/ios_show.yml': line 7, column 7, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  tasks:
    - name: show version
      ^ here                    : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

原因

ios_command モジュールは、標準では入らなくなり、cisco.ios collection に移行したため。

対処

cisco.ios collection をインストールする。

(a210) [vagrant@stumble stumble]$ ansible-galaxy collection install cisco.ios
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Installing 'cisco.ios:0.0.3' to '/home/vagrant/.ansible/collections/ansible_collections/cisco/ios'
Installing 'ansible.netcommon:0.0.3' to '/home/vagrant/.ansible/collections/ansible_collections/ansible/netcommon'

yaml コールバックプラグインがないエラーが発生

ansible-doc yaml -t plugin

でヘルプが表示されない。

原因

yaml コールバックプラグインは、標準では入らなくなり community.genal collection へ移行したため。

対処

community.genal collection をインストールする。

(a210) [vagrant@stumble stumble]$ ansible-galaxy collection install community.general
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Installing 'community.general:0.2.0' to '/home/vagrant/.ansible/collections/ansible_collections/community/general'
Installing 'google.cloud:0.0.9' to '/home/vagrant/.ansible/collections/ansible_collections/google/cloud'
Installing 'ansible.posix:0.1.3' to '/home/vagrant/.ansible/collections/ansible_collections/ansible/posix'
Skipping 'ansible.netcommon' as it is already installed
Installing 'community.kubernetes:0.11.0' to '/home/vagrant/.ansible/collections/ansible_collections/community/kubernetes'

インストールした collection 一覧の確認

(a210) [vagrant@stumble stumble]$ ansible-galaxy collection list

# /home/vagrant/.ansible/collections/ansible_collections
Collection           Version
-------------------- -------
ansible.netcommon    0.0.3  
ansible.posix        0.1.3  
cisco.ios            0.0.3  
community.general    0.2.0  
community.kubernetes 0.11.0 
google.cloud         0.0.9  


yum モジュールの使用

You need to be root to perform this command.というエラーが発生。(Ansiible 2.10 とは無関係)

以下のエラー。

TASK [yum] ******************************************************************************************************************
fatal: [localhost]: FAILED! => changed=false 
  ansible_facts:
    discovered_interpreter_python: /usr/bin/python
  changes:
    installed:
    - httpd
  msg: |-
    You need to be root to perform this command.
  rc: 1
  results:
  - |-
    Loaded plugins: fastestmirror

原因

特権が必要なタスクに対して、become: true の指定がない。

対処

become: true を追加


おまけ

閲覧したサイト

全実行ログ

クリックして開く

bash: ansible: command not found
(a210) [vagrant@stumble ~]$ 
(a210) [vagrant@stumble ~]$ pip instal ansible==2.10.0b1
ERROR: unknown command "instal" - maybe you meant "install"
(a210) [vagrant@stumble ~]$ pip install ansible==2.10.0b1
Collecting ansible==2.10.0b1
  Could not find a version that satisfies the requirement ansible==2.10.0b1 (from versions: 1.0, 1.1, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.6, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.7, 1.7.1, 1.7.2, 1.8, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.9.0.1, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 2.0.0.0, 2.0.0.1, 2.0.0.2, 2.0.1.0, 2.0.2.0, 2.1.0.0, 2.1.1.0, 2.1.2.0, 2.1.3.0, 2.1.4.0, 2.1.5.0, 2.1.6.0, 2.2.0.0, 2.2.1.0, 2.2.2.0, 2.2.3.0, 2.3.0.0, 2.3.1.0, 2.3.2.0, 2.3.3.0, 2.4.0.0, 2.4.1.0, 2.4.2.0, 2.4.3.0, 2.4.4.0, 2.4.5.0, 2.4.6.0, 2.5.0a1, 2.5.0b1, 2.5.0b2, 2.5.0rc1, 2.5.0rc2, 2.5.0rc3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 2.5.12, 2.5.13, 2.5.14, 2.5.15, 2.6.0a1, 2.6.0a2, 2.6.0rc1, 2.6.0rc2, 2.6.0rc3, 2.6.0rc4, 2.6.0rc5, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.7.0.dev0, 2.7.0a1, 2.7.0b1, 2.7.0rc1, 2.7.0rc2, 2.7.0rc3, 2.7.0rc4, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9, 2.7.10, 2.7.11, 2.7.12, 2.7.13, 2.7.14, 2.7.15, 2.7.16, 2.7.17, 2.7.18, 2.8.0a1, 2.8.0b1, 2.8.0rc1, 2.8.0rc2, 2.8.0rc3, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.8.12, 2.9.0b1, 2.9.0rc1, 2.9.0rc2, 2.9.0rc3, 2.9.0rc4, 2.9.0rc5, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.9.9, 2.9.10, 2.10.0a1)
No matching distribution found for ansible==2.10.0b1
You are using pip version 9.0.3, however version 20.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
(a210) [vagrant@stumble ~]$ pip install ansible-base==2.10.0b1
Collecting ansible-base==2.10.0b1
  Downloading https://files.pythonhosted.org/packages/14/40/8c71ee17f6568b831463fd0de02c8ff87227776bda688def4de4da30747e/ansible-base-2.10.0b1.tar.gz (5.7MB)
    100% |████████████████████████████████| 5.7MB 76kB/s 
Collecting jinja2 (from ansible-base==2.10.0b1)
  Using cached https://files.pythonhosted.org/packages/30/9e/f663a2aa66a09d838042ae1a2c5659828bb9b41ea3a6efa20a20fd92b121/Jinja2-2.11.2-py2.py3-none-any.whl
Collecting PyYAML (from ansible-base==2.10.0b1)
  Using cached https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz
Collecting cryptography (from ansible-base==2.10.0b1)
  Using cached https://files.pythonhosted.org/packages/58/95/f1282ca55649b60afcf617e1e2ca384a2a3e7a5cf91f724cf83c8fbe76a1/cryptography-2.9.2-cp35-abi3-manylinux1_x86_64.whl
Collecting packaging (from ansible-base==2.10.0b1)
  Downloading https://files.pythonhosted.org/packages/46/19/c5ab91b1b05cfe63cccd5cfc971db9214c6dd6ced54e33c30d5af1d2bc43/packaging-20.4-py2.py3-none-any.whl
Collecting MarkupSafe>=0.23 (from jinja2->ansible-base==2.10.0b1)
  Using cached https://files.pythonhosted.org/packages/b2/5f/23e0023be6bb885d00ffbefad2942bc51a620328ee910f64abe5a8d18dd1/MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl
Collecting six>=1.4.1 (from cryptography->ansible-base==2.10.0b1)
  Using cached https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl
Collecting cffi!=1.11.3,>=1.8 (from cryptography->ansible-base==2.10.0b1)
(a210) [vagrant@stumble ~]$ ansible --version
ansible 2.10.0b1
  config file = None
  configured module search path = ['/home/vagrant/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible
  executable location = /home/vagrant/envs/a210/bin/ansible
  python version = 3.6.8 (default, Apr  2 2020, 13:34:55) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
(a210) [vagrant@stumble ~]$ ansible-doc junos_config
[WARNING]: module junos_config not found in:
/home/vagrant/.ansible/plugins/modules:/usr/share/ansible/plugins/modules:/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/modules
(a210) [vagrant@stumble ~]$ 
(a210) [vagrant@stumble ~]$ 
(a210) [vagrant@stumble ~]$ pwd
/home/vagrant
(a210) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_show.yml ^C
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ rm -fr ~/.ansible/
pc/  tmp/ 
(a210) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_show.yml
ERROR! couldn't resolve module/action 'ios_command'. This often indicates a misspelling, missing collection, or incorrect module path.

The error appears to be in '/vagrant/stumble/ios_show.yml': line 7, column 7, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  tasks:
    - name: show version
      ^ here
(a210) [vagrant@stumble stumble]$ ansible-galaxy collection install cisco.ios
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Installing 'cisco.ios:0.0.3' to '/home/vagrant/.ansible/collections/ansible_collections/cisco/ios'
Installing 'ansible.netcommon:0.0.3' to '/home/vagrant/.ansible/collections/ansible_collections/ansible/netcommon'
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ ansible-doc ios_command
> IOS_COMMAND    (/home/vagrant/.ansible/collections/ansible_collections/cisco/ios/plugins/modules/ios_command.py)

        Sends arbitrary commands to an ios node and returns the results read from the device. This module includes an
        argument that will cause the module to wait for a specific condition before returning or timing out if the
        condition is not met. This module does not support running commands in configuration mode. Please use
        [ios_config] to configure IOS devices.

OPTIONS (= is mandatory):

= commands
        List of commands to send to the remote ios device over the configured provider. The resulting output from the
        command is returned. If the `wait_for' argument is provided, the module is not returned until the condition
        is satisfied or the number of retries has expired. If a command sent to the device requires answering a
        prompt, it is possible to pass a dict containing `command', `answer' and `prompt'. Common answers are 'y' or
        "\r" (carriage return, must be double quotes). See examples.


- interval
        Configures the interval in seconds to wait between retries of the command. If the command does not pass the
        specified conditions, the interval indicates how long to wait before trying the command again.
        [Default: 1]

- match
        The `match' argument is used in conjunction with the `wait_for' argument to specify the match policy.  Valid
        values are `all' or `any'.  If the value is set to `all' then all conditionals in the wait_for must be
        satisfied.  If the value is set to `any' then only one of the values must be satisfied.
        (Choices: any, all)[Default: all]

- provider
        *Deprecated*
        Starting with Ansible 2.5 we recommend using `connection: network_cli'.
        For more information please see the L(IOS Platform Options guide, ../network/user_guide/platform_ios.html).
        HORIZONTALLINE
        A dict object containing connection details.
        [Default: (null)]
        type: dict

        SUBOPTIONS:

        - auth_pass
            Specifies the password to use if required to enter privileged mode on the remote device.  If `authorize'
            is false, then this argument does nothing. If the value is not specified in the task, the value of
            environment variable `ANSIBLE_NET_AUTH_PASS' will be used instead.
            [Default: (null)]
            type: str

        - authorize
            Instructs the module to enter privileged mode on the remote device before sending any commands.  If not
            specified, the device will attempt to execute all commands in non-privileged mode. If the value is not
            specified in the task, the value of environment variable `ANSIBLE_NET_AUTHORIZE' will be used instead.
            [Default: False]
            type: bool

        = host
            Specifies the DNS host name or address for connecting to the remote device over the specified transport.
            The value of host is used as the destination address for the transport.

            type: str

        - password
(a210) [vagrant@stumble stumble]$ ansible-doc debug
> DEBUG    (/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/modules/debug.py)

        This module prints statements during execution and can be useful for debugging variables or expressions
        without necessarily halting the playbook. Useful for debugging together with the 'when:' directive. This
        module is also supported for Windows targets.

  * note: This module has a corresponding action plugin.

OPTIONS (= is mandatory):

- msg
        The customized message that is printed. If omitted, prints a generic message.
        [Default: Hello world!]
        type: str

(a210) [vagrant@stumble stumble]$ ansible-doc cisco.ios.ios_command
(a210) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_show.yml

PLAY [rt01] ***************************************************************************************************************************************

TASK [show version] *******************************************************************************************************************************
fatal: [rt01]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "msg": "paramiko is not installed: No module named 'paramiko'"}

PLAY RECAP ****************************************************************************************************************************************
rt01                       : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

(a210) [vagrant@stumble stumble]$ pip install paramiko
Collecting paramiko
  Using cached https://files.pythonhosted.org/packages/06/1e/1e08baaaf6c3d3df1459fd85f0e7d2d6aa916f33958f151ee1ecc9800971/paramiko-2.7.1-py2.py3-none-any.whl
Collecting pynacl>=1.0.1 (from paramiko)
  Using cached https://files.pythonhosted.org/packages/9d/57/2f5e6226a674b2bcb6db531e8b383079b678df5b10cdaa610d6cf20d77ba/PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl
Collecting bcrypt>=3.1.3 (from paramiko)
  Using cached https://files.pythonhosted.org/packages/8b/1d/82826443777dd4a624e38a08957b975e75df859b381ae302cfd7a30783ed/bcrypt-3.1.7-cp34-abi3-manylinux1_x86_64.whl
Requirement already satisfied: cryptography>=2.5 in /home/vagrant/envs/a210/lib/python3.6/site-packages (from paramiko)
Requirement already satisfied: six in /home/vagrant/envs/a210/lib/python3.6/site-packages (from pynacl>=1.0.1->paramiko)
Requirement already satisfied: cffi>=1.4.1 in /home/vagrant/envs/a210/lib/python3.6/site-packages (from pynacl>=1.0.1->paramiko)
Requirement already satisfied: pycparser in /home/vagrant/envs/a210/lib/python3.6/site-packages (from cffi>=1.4.1->pynacl>=1.0.1->paramiko)
Installing collected packages: pynacl, bcrypt, paramiko
Successfully installed bcrypt-3.1.7 paramiko-2.7.1 pynacl-1.4.0
You are using pip version 9.0.3, however version 20.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
(a210) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_show.yml

PLAY [rt01] ***************************************************************************************************************************************

TASK [show version] *******************************************************************************************************************************
ok: [rt01]

TASK [debug] **************************************************************************************************************************************
ok: [rt01] => {
    "msg": [
        [
            "Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.8(3)M2, RELEASE SOFTWARE (fc2)",
            "Technical Support: http://www.cisco.com/techsupport",
            "Copyright (c) 1986-2019 by Cisco Systems, Inc.",
            "Compiled Thu 28-Mar-19 14:06 by prod_rel_team",
            "",
            "",
            "ROM: Bootstrap program is IOSv",
            "",
            "rt01 uptime is 44 minutes",
            "System returned to ROM by reload",
            "System image file is \"flash0:/vios-adventerprisek9-m\"",
            "Last reload reason: Unknown reason",
            "",
            "",
            "",
            "This product contains cryptographic features and is subject to United",
            "States and local country laws governing import, export, transfer and",
            "use. Delivery of Cisco cryptographic products does not imply",
            "third-party authority to import, export, distribute or use encryption.",
            "Importers, exporters, distributors and users are responsible for",
            "compliance with U.S. and local country laws. By using this product you",
            "agree to comply with applicable laws and regulations. If you are unable",
            "to comply with U.S. and local laws, return this product immediately.",
            "",
            "A summary of U.S. laws governing Cisco cryptographic products may be found at:",
            "http://www.cisco.com/wwl/export/crypto/tool/stqrg.html",
            "",
            "If you require further assistance please contact us by sending email to",
            "export@cisco.com.",
            "",
            "Cisco IOSv (revision 1.0) with  with 460137K/62464K bytes of memory.",
            "Processor board ID 9K3FGTY3R8XN9BUUOQPMP",
            "4 Gigabit Ethernet interfaces",
            "DRAM configuration is 72 bits wide with parity disabled.",
            "256K bytes of non-volatile configuration memory.",
            "2097152K bytes of ATA System CompactFlash 0 (Read/Write)",
            "0K bytes of ATA CompactFlash 1 (Read/Write)",
            "11217K bytes of ATA CompactFlash 2 (Read/Write)",
            "0K bytes of ATA CompactFlash 3 (Read/Write)",
            "",
            "",
            "",
            "Configuration register is 0x0"
        ]
    ]
}

PLAY RECAP ****************************************************************************************************************************************
rt01                       : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

(a210) [vagrant@stumble stumble]$ ansible-doc yaml
[WARNING]: module yaml not found in:
/home/vagrant/.ansible/plugins/modules:/usr/share/ansible/plugins/modules:/home/vagrant/envs/a210/lib64/python3.6/site-packages/ansible/modules
(a210) [vagrant@stumble stumble]$ ansible-doc yaml -t plugin
usage: ansible-doc [-h] [--version] [-v] [-M MODULE_PATH]
                   [--playbook-dir BASEDIR]
                   [-t {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,vars,module,strategy}]
                   [-j] [-F | -l | -s | --metadata-dump]
                   [plugin [plugin ...]]
ansible-doc: error: argument -t/--type: invalid choice: 'plugin' (choose from 'become', 'cache', 'callback', 'cliconf', 'connection', 'httpapi', 'inventory', 'lookup', 'netconf', 'shell', 'vars', 'module', 'strategy')
 
usage: ansible-doc [-h] [--version] [-v] [-M MODULE_PATH]
                   [--playbook-dir BASEDIR]
                   [-t {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,vars,module,strategy}]
                   [-j] [-F | -l | -s | --metadata-dump]
                   [plugin [plugin ...]]

plugin documentation tool

positional arguments:
  plugin                Plugin

optional arguments:
  --metadata-dump       **For internal testing only** Dump json metadata for
                        all plugins.
  --playbook-dir BASEDIR
                        Since this tool does not use playbooks, use this as a
                        substitute playbook directory.This sets the relative
                        path for many features including roles/ group_vars/
                        etc.
  --version             show program's version number, config file location,
                        configured module search path, module location,
                        executable location and exit
  -F, --list_files      Show plugin names and their source files without
                        summaries (implies --list). A supplied argument will
                        be used for filtering, can be a namespace or full
                        collection name.
  -M MODULE_PATH, --module-path MODULE_PATH
                        prepend colon-separated path(s) to module library (def
                        ault=~/.ansible/plugins/modules:/usr/share/ansible/plu
                        gins/modules)
  -h, --help            show this help message and exit
  -j, --json            Change output into json format.
  -l, --list            List available plugins. A supplied argument will be
                        used for filtering, can be a namespace or full
                        collection name.
  -s, --snippet         Show playbook snippet for specified plugin(s)
  -t {become,cache,callback,cliconf,connection,httpapi,inventory,lookup,netconf,shell,vars,module
(a210) [vagrant@stumble stumble]$ ansible-galaxy collection install community.general
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Installing 'community.general:0.2.0' to '/home/vagrant/.ansible/collections/ansible_collections/community/general'
Installing 'google.cloud:0.0.9' to '/home/vagrant/.ansible/collections/ansible_collections/google/cloud'
Installing 'ansible.posix:0.1.3' to '/home/vagrant/.ansible/collections/ansible_collections/ansible/posix'
Skipping 'ansible.netcommon' as it is already installed
Installing 'community.kubernetes:0.11.0' to '/home/vagrant/.ansible/collections/ansible_collections/community/kubernetes'
(a210) [vagrant@stumble stumble]$ pip install paramiko^C
(reverse-i-search)`c': ansible-galaxy collection install ^Cmmunity.general
(reverse-i-search)`c': ansible-galaxy collection install ^Cmmunity.general
(a210) [vagrant@stumble stumble]$ ansible-doc yaml -t callback                                                               > YAML    (/home/vagrant/.ansible/collections/ansible_collections/community/general/plugins/callback/yaml.py)

(a210) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_show.yml
[DEPRECATION WARNING]: 'ansible_collections.community.general.plugins.callback.yaml' is subclassing DefaultCallback without 
the corresponding doc_fragment. This feature will be removed from ansible-base in version 2.14. Deprecation warnings can be 
disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [rt01] *****************************************************************************************************************

TASK [show version] *********************************************************************************************************
ok: [rt01]

TASK [debug] ****************************************************************************************************************
ok: [rt01] => 
  msg:
  - - Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.8(3)M2, RELEASE SOFTWARE (fc2)
    - 'Technical Support: http://www.cisco.com/techsupport'
    - Copyright (c) 1986-2019 by Cisco Systems, Inc.
    - Compiled Thu 28-Mar-19 14:06 by prod_rel_team
    - ''
    - ''
    - 'ROM: Bootstrap program is IOSv'
    - ''
    - rt01 uptime is 55 minutes
    - System returned to ROM by reload
    - System image file is "flash0:/vios-adventerprisek9-m"
    - 'Last reload reason: Unknown reason'
    - ''
    - ''
    - ''
    - This product contains cryptographic features and is subject to United
    - States and local country laws governing import, export, transfer and
    - use. Delivery of Cisco cryptographic products does not imply
    - third-party authority to import, export, distribute or use encryption.
    - Importers, exporters, distributors and users are responsible for
    - compliance with U.S. and local country laws. By using this product you
    - agree to comply with applicable laws and regulations. If you are unable
    - to comply with U.S. and local laws, return this product immediately.
    - ''
    - 'A summary of U.S. laws governing Cisco cryptographic products may be found at:'
    - http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    - ''
    - If you require further assistance please contact us by sending email to
(a210) [vagrant@stumble stumble]$ cat /etc/redhat-release 
CentOS Linux release 7.8.2003 (Core)
(a210) [vagrant@stumble stumble]$ ansible-playbook -i localhost, server.yml 
[DEPRECATION WARNING]: 'ansible_collections.community.general.plugins.callback.yaml' is subclassing DefaultCallback without 
the corresponding doc_fragment. This feature will be removed from ansible-base in version 2.14. Deprecation warnings can be 
disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [localhost] ************************************************************************************************************

TASK [yum] ******************************************************************************************************************
fatal: [localhost]: FAILED! => changed=false 
  ansible_facts:
    discovered_interpreter_python: /usr/bin/python
  changes:
    installed:
    - httpd
  msg: |-
    You need to be root to perform this command.
  rc: 1
  results:
  - |-
    Loaded plugins: fastestmirror

PLAY RECAP ******************************************************************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

(a210) [vagrant@stumble stumble]$ ansible-playbook -i localhost, server.yml 
[DEPRECATION WARNING]: 'ansible_collections.community.general.plugins.callback.yaml' is subclassing DefaultCallback without 
the corresponding doc_fragment. This feature will be removed from ansible-base in version 2.14. Deprecation warnings can be 
disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [localhost] ************************************************************************************************************

TASK [yum] ******************************************************************************************************************
changed: [localhost]

PLAY RECAP ******************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ ansible-playbook -i localhost, server.yml  -t service
[DEPRECATION WARNING]: 'ansible_collections.community.general.plugins.callback.yaml' is subclassing DefaultCallback without 
the corresponding doc_fragment. This feature will be removed from ansible-base in version 2.14. Deprecation warnings can be 
disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [localhost] ************************************************************************************************************

TASK [service] **************************************************************************************************************
changed: [localhost]

PLAY RECAP ******************************************************************************************************************
localhost                  : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

(a210) [vagrant@stumble stumble]$ ansible-playbook -i inventory.ini ios_show.yml
[DEPRECATION WARNING]: 'ansible_collections.community.general.plugins.callback.yaml' is subclassing 
DefaultCallback without the corresponding doc_fragment. This feature will be removed from ansible-
base in version 2.14. Deprecation warnings can be disabled by setting deprecation_warnings=False in 
ansible.cfg.

PLAY [rt01] ******************************************************************************************

TASK [show version] **********************************************************************************
ok: [rt01]

TASK [debug] *****************************************************************************************
ok: [rt01] => 
  msg:
  - - Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.8(3)M2, RELEASE SOFTWARE (fc2)
    - 'Technical Support: http://www.cisco.com/techsupport'
    - Copyright (c) 1986-2019 by Cisco Systems, Inc.
    - Compiled Thu 28-Mar-19 14:06 by prod_rel_team
    - ''
    - ''
    - 'ROM: Bootstrap program is IOSv'
    - ''
    - rt01 uptime is 1 hour, 1 minute
    - System returned to ROM by reload
    - System image file is "flash0:/vios-adventerprisek9-m"
    - 'Last reload reason: Unknown reason'
    - ''
    - ''
    - ''
    - This product contains cryptographic features and is subject to United
    - States and local country laws governing import, export, transfer and
    - use. Delivery of Cisco cryptographic products does not imply
    - third-party authority to import, export, distribute or use encryption.
    - Importers, exporters, distributors and users are responsible for
    - compliance with U.S. and local country laws. By using this product you
    - agree to comply with applicable laws and regulations. If you are unable
    - to comply with U.S. and local laws, return this product immediately.
    - ''
    - 'A summary of U.S. laws governing Cisco cryptographic products may be found at:'
    - http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    - ''
    - If you require further assistance please contact us by sending email to
(a210) [vagrant@stumble stumble]$ 
(a210) [vagrant@stumble stumble]$ ansible-galaxy collection list

# /home/vagrant/.ansible/collections/ansible_collections
Collection           Version
-------------------- -------
ansible.netcommon    0.0.3  
ansible.posix        0.1.3  
cisco.ios            0.0.3  
community.general    0.2.0  
community.kubernetes 0.11.0 
google.cloud         0.0.9  
(a210) [vagrant@stumble stumble]$ 

耳寄り情報: オフライン環境へ適用するには

Part8 にむけて

企画中です。もう少しネットワークモジュール?