mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-28 15:41:22 -07:00
standardize connection variable names (#51776)
* standardize user/password connection vars * docs: use ansible_user and ansible_password * docs: var precedence for connection vars * docs: ansible_become_pass -> ansible_become_password etc
This commit is contained in:
parent
51061f8a5f
commit
953058d025
35 changed files with 120 additions and 93 deletions
|
@ -179,13 +179,13 @@ Create the encrypted ssh password for your VyOS network devices, pulling your an
|
|||
|
||||
.. code-block:: console
|
||||
|
||||
ansible-vault encrypt_string --vault-id my_user@~/my-ansible-vault-pw-file 'VyOS_SSH_password' --name 'ansible_ssh_pass'
|
||||
ansible-vault encrypt_string --vault-id my_user@~/my-ansible-vault-pw-file 'VyOS_SSH_password' --name 'ansible_password'
|
||||
|
||||
If you prefer to type your ansible-vault password rather than store it in a file, you can request a prompt:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
ansible-vault encrypt_string --vault-id my_user@prompt 'VyOS_SSH_password' --name 'ansible_ssh_pass'
|
||||
ansible-vault encrypt_string --vault-id my_user@prompt 'VyOS_SSH_password' --name 'ansible_password'
|
||||
|
||||
and type in the vault password for ``my_user``.
|
||||
|
||||
|
@ -193,7 +193,7 @@ The :option:`--vault-id <ansible-playbook --vault-id>` flag allows different vau
|
|||
|
||||
.. code-block:: yaml
|
||||
|
||||
ansible_ssh_pass: !vault |
|
||||
ansible_password: !vault |
|
||||
$ANSIBLE_VAULT;1.2;AES256;my_user
|
||||
66386134653765386232383236303063623663343437643766386435663632343266393064373933
|
||||
3661666132363339303639353538316662616638356631650a316338316663666439383138353032
|
||||
|
@ -213,7 +213,7 @@ This is an example using an extract from a YAML inventory, as the INI format do
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: vyos
|
||||
ansible_user: my_vyos_user
|
||||
ansible_ssh_pass: !vault |
|
||||
ansible_password: !vault |
|
||||
$ANSIBLE_VAULT;1.2;AES256;my_user
|
||||
66386134653765386232383236303063623663343437643766386435663632343266393064373933
|
||||
3661666132363339303639353538316662616638356631650a316338316663666439383138353032
|
||||
|
@ -244,11 +244,11 @@ To see the original value, you can use the debug module. Please note if your YAM
|
|||
|
||||
cat vyos.yml | grep -v ansible_connection >> vyos_no_connection.yml
|
||||
|
||||
ansible localhost -m debug -a var="ansible_ssh_pass" -e "@vyos_no_connection.yml" --ask-vault-pass
|
||||
ansible localhost -m debug -a var="ansible_password" -e "@vyos_no_connection.yml" --ask-vault-pass
|
||||
Vault password:
|
||||
|
||||
localhost | SUCCESS => {
|
||||
"ansible_ssh_pass": "VyOS_SSH_password"
|
||||
"ansible_password": "VyOS_SSH_password"
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -80,7 +80,7 @@ Because Ansible is a flexible tool, there are a number of ways to specify connec
|
|||
ansible_become_method=enable
|
||||
ansible_network_os=eos
|
||||
ansible_user=my_eos_user
|
||||
ansible_ssh_pass= !vault |
|
||||
ansible_password= !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
37373735393636643261383066383235363664386633386432343236663533343730353361653735
|
||||
6131363539383931353931653533356337353539373165320a316465383138636532343463633236
|
||||
|
@ -98,7 +98,7 @@ Because Ansible is a flexible tool, there are a number of ways to specify connec
|
|||
ansible_become_method=enable
|
||||
ansible_network_os=ios
|
||||
ansible_user=my_ios_user
|
||||
ansible_ssh_pass= !vault |
|
||||
ansible_password= !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
34623431313336343132373235313066376238386138316466636437653938623965383732373130
|
||||
3466363834613161386538393463663861636437653866620a373136356366623765373530633735
|
||||
|
@ -114,7 +114,7 @@ Because Ansible is a flexible tool, there are a number of ways to specify connec
|
|||
[vyos:vars]
|
||||
ansible_network_os=vyos
|
||||
ansible_user=my_vyos_user
|
||||
ansible_ssh_pass= !vault |
|
||||
ansible_password= !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
39336231636137663964343966653162353431333566633762393034646462353062633264303765
|
||||
6331643066663534383564343537343334633031656538370a333737656236393835383863306466
|
||||
|
@ -122,7 +122,7 @@ Because Ansible is a flexible tool, there are a number of ways to specify connec
|
|||
3665626431626532630a353564323566316162613432373738333064366130303637616239396438
|
||||
9853
|
||||
|
||||
If you use ssh-agent, you do not need the ``ansible_ssh_pass`` lines. If you use ssh keys, but not ssh-agent, and you have multiple keys, specify the key to use for each connection in the ``[group:vars]`` section with ``ansible_ssh_private_key_file=/path/to/correct/key``. For more information on ``ansible_ssh_`` options see the :ref:`behavioral_parameters`.
|
||||
If you use ssh-agent, you do not need the ``ansible_password`` lines. If you use ssh keys, but not ssh-agent, and you have multiple keys, specify the key to use for each connection in the ``[group:vars]`` section with ``ansible_ssh_private_key_file=/path/to/correct/key``. For more information on ``ansible_ssh_`` options see the :ref:`behavioral_parameters`.
|
||||
|
||||
.. FIXME FUTURE Gundalow - Link to network auth & proxy page (to be written)
|
||||
|
||||
|
@ -137,7 +137,7 @@ The "Vault" feature of Ansible allows you to keep sensitive data such as passwor
|
|||
Informs Ansible which Network platform this hosts corresponds to. This is required when using ``network_cli`` or ``netconf``.
|
||||
:ansible_user: The user to connect to the remote device (switch) as. Without this the user that is running ``ansible-playbook`` would be used.
|
||||
Specifies which user on the network device the connection
|
||||
:ansible_ssh_pass:
|
||||
:ansible_password:
|
||||
The corresponding password for ``ansible_user`` to log in as. If not specified SSH key will be used.
|
||||
:ansible_become:
|
||||
If enable mode (privilege mode) should be used, see the next section.
|
||||
|
|
|
@ -703,7 +703,7 @@ Example Ansible inventory file
|
|||
ansible_connection=netconf
|
||||
ansible_network_os=junos
|
||||
ansible_user=myuser
|
||||
ansible_ssh_pass=!vault...
|
||||
ansible_password=!vault...
|
||||
|
||||
|
||||
.. note:: Using ``ProxyCommand`` with passwords via variables
|
||||
|
|
|
@ -27,7 +27,7 @@ Connections Available
|
|||
+---------------------------+-----------------------------------------------+
|
||||
| | **Enable Mode** | | supported - use ``ansible_become: yes`` |
|
||||
| | (Privilege Escalation) | | with ``ansible_become_method: enable`` |
|
||||
| | | | and ``ansible_become_pass:`` |
|
||||
| | | | and ``ansible_become_password:`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
| **Returned Data Format** | ``stdout[0].`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
|
@ -45,14 +45,14 @@ Example CLI ``group_vars/cnos.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: cnos
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
ansible_become_pass: !vault...
|
||||
ansible_become_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Connections Available
|
|||
+---------------------------+-----------------------------------------------+
|
||||
| | **Enable Mode** | | supported - use ``ansible_become: yes`` |
|
||||
| | (Privilege Escalation) | | with ``ansible_become_method: enable`` |
|
||||
| | | | and ``ansible_become_pass:`` |
|
||||
| | | | and ``ansible_become_password:`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
| **Returned Data Format** | ``stdout[0].`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
|
@ -45,14 +45,14 @@ Example CLI ``group_vars/dellos10.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: dellos10
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
ansible_become_pass: !vault...
|
||||
ansible_become_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Connections Available
|
|||
+---------------------------+-----------------------------------------------+
|
||||
| | **Enable Mode** | | supported - use ``ansible_become: yes`` |
|
||||
| | (Privilege Escalation) | | with ``ansible_become_method: enable`` |
|
||||
| | | | and ``ansible_become_pass:`` |
|
||||
| | | | and ``ansible_become_password:`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
| **Returned Data Format** | ``stdout[0].`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
|
@ -45,14 +45,14 @@ Example CLI ``group_vars/dellos6.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: dellos6
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
ansible_become_pass: !vault...
|
||||
ansible_become_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Connections Available
|
|||
+---------------------------+-----------------------------------------------+
|
||||
| | **Enable Mode** | | supported - use ``ansible_become: yes`` |
|
||||
| | (Privilege Escalation) | | with ``ansible_become_method: enable`` |
|
||||
| | | | and ``ansible_become_pass:`` |
|
||||
| | | | and ``ansible_become_password:`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
| **Returned Data Format** | ``stdout[0].`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
|
@ -45,14 +45,14 @@ Example CLI ``group_vars/dellos9.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: dellos9
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
ansible_become_pass: !vault...
|
||||
ansible_become_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Connections Available
|
|||
+---------------------------+-----------------------------------------------+
|
||||
| | **Enable Mode** | | supported - use ``ansible_become: yes`` |
|
||||
| | (Privilege Escalation) | | with ``ansible_become_method: enable`` |
|
||||
| | | | and ``ansible_become_pass:`` |
|
||||
| | | | and ``ansible_become_password:`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
| **Returned Data Format** | ``stdout[0].`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
|
@ -45,14 +45,14 @@ Example CLI ``group_vars/enos.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: enos
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
ansible_become_pass: !vault...
|
||||
ansible_become_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
|
@ -52,14 +52,14 @@ Example CLI ``group_vars/eos.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: eos
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
ansible_become_pass: !vault...
|
||||
ansible_become_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
@ -106,7 +106,7 @@ Example eAPI ``group_vars/eos.yml``
|
|||
ansible_connection: httpapi
|
||||
ansible_network_os: eos
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
proxy_env:
|
||||
|
@ -140,7 +140,7 @@ eAPI examples with ``connection: local``
|
|||
ansible_connection: local
|
||||
ansible_network_os: eos
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
eapi:
|
||||
host: "{{ inventory_hostname }}"
|
||||
transport: eapi
|
||||
|
|
|
@ -47,11 +47,11 @@ Example CLI ``group_vars/exos.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: exos
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Connections Available
|
|||
+---------------------------+-----------------------------------------------+
|
||||
| | **Enable Mode** | | supported - use ``ansible_become: yes`` |
|
||||
| | (Privilege Escalation) | | with ``ansible_become_method: enable`` |
|
||||
| | | | and ``ansible_become_pass:`` |
|
||||
| | | | and ``ansible_become_password:`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
| **Returned Data Format** | ``stdout[0].`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
|
@ -45,14 +45,14 @@ Example CLI ``group_vars/ios.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: ios
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
ansible_become_pass: !vault...
|
||||
ansible_become_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Connections Available
|
|||
+---------------------------+-----------------------------------------------+
|
||||
| | **Enable Mode** | | supported - use ``ansible_become: yes`` |
|
||||
| | (Privilege Escalation) | | with ``ansible_become_method: enable`` |
|
||||
| | | | and ``ansible_become_pass:`` |
|
||||
| | | | and ``ansible_become_password:`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
| **Returned Data Format** | ``stdout[0].`` |
|
||||
+---------------------------+-----------------------------------------------+
|
||||
|
@ -45,14 +45,14 @@ Example CLI ``group_vars/mlx.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: ironware
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
ansible_become_pass: !vault...
|
||||
ansible_become_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
|
@ -46,11 +46,11 @@ Example CLI inventory ``[junos:vars]``
|
|||
ansible_connection=network_cli
|
||||
ansible_network_os=junos
|
||||
ansible_user=myuser
|
||||
ansible_ssh_pass=!vault...
|
||||
ansible_password=!vault...
|
||||
ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
@ -96,7 +96,7 @@ Example NETCONF inventory ``[junos:vars]``
|
|||
ansible_connection=netconf
|
||||
ansible_network_os=junos
|
||||
ansible_user=myuser
|
||||
ansible_ssh_pass=!vault |
|
||||
ansible_password=!vault |
|
||||
ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
|
|
|
@ -59,7 +59,7 @@ Example NETCONF inventory ``[junos:vars]``
|
|||
ansible_connection=netconf
|
||||
ansible_network_os=junos
|
||||
ansible_user=myuser
|
||||
ansible_ssh_pass=!vault |
|
||||
ansible_password=!vault |
|
||||
|
||||
|
||||
Example NETCONF Task
|
||||
|
|
|
@ -47,11 +47,11 @@ Example CLI ``group_vars/nos.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: nos
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ Connections Available
|
|||
+---------------------------+-----------------------------------------------+-----------------------------------------+
|
||||
| | **Enable Mode** | | supported - use ``ansible_become: yes`` | | not supported by NX-API |
|
||||
| | (Privilege Escalation) | | with ``ansible_become_method: enable`` | | |
|
||||
| | supported as of 2.5.3 | | and ``ansible_become_pass:`` | | |
|
||||
| | supported as of 2.5.3 | | and ``ansible_become_password:`` | | |
|
||||
+---------------------------+-----------------------------------------------+-----------------------------------------+
|
||||
| **Returned Data Format** | ``stdout[0].`` | ``stdout[0].messages[0].`` |
|
||||
+---------------------------+-----------------------------------------------+-----------------------------------------+
|
||||
|
@ -47,14 +47,14 @@ Example CLI ``group_vars/nxos.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: nxos
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
ansible_become_pass: !vault...
|
||||
ansible_become_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
@ -99,7 +99,7 @@ Example NX-API ``group_vars/nxos.yml``
|
|||
ansible_connection: httpapi
|
||||
ansible_network_os: nxos
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
proxy_env:
|
||||
http_proxy: http://proxy.example.com:8080
|
||||
|
||||
|
|
|
@ -40,14 +40,14 @@ Example CLI ``group_vars/routeros.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: routeros
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
ansible_become_pass: !vault...
|
||||
ansible_become_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
|
@ -47,11 +47,11 @@ Example CLI ``group_vars/slxos.yml``
|
|||
ansible_connection: network_cli
|
||||
ansible_network_os: slxos
|
||||
ansible_user: myuser
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
|
@ -49,11 +49,11 @@ Example CLI ``group_vars/voss.yml``
|
|||
ansible_user: myuser
|
||||
ansible_become: yes
|
||||
ansible_become_method: enable
|
||||
ansible_ssh_pass: !vault...
|
||||
ansible_password: !vault...
|
||||
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
|
||||
|
||||
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_ssh_pass`` configuration.
|
||||
- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
|
||||
- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
|
||||
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords via environment variables.
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue