networklore / ansible-cisco-snmp Goto Github PK

Ansible modules using SNMP to manage Cisco devices

License: Other

Python 100.00%

ansible-cisco-snmp's Introduction

About

This repo contains Ansible modules which use SNMP to change configuration on Cisco devices. The repo is currently in a proof of concept stage to see how you can manage older devices (which doesn't have a fancy api) with modern IT automation tools. Over at Networklore there's more information about the Ansible for Cisco IOS SNMP modules.

Goal

The goal of this project is to provide idempotent modules for older Cisco devices.

Alpha code

Currently this is only a test and there's a good chance that a lot of the code will change.

Dependencies

These modules requires:

nelsnmp version 0.2.5 or later
A good old Cisco switch/router

Installation of Ansible module

pip install nelsnmp

As new modules are added you will need to update nelsnmp to support newer MIBs.

pip install nelsnmp --upgrade

If you are running Ansible through a Python virtualenv you might need to change the ansible_python_interpreter variable. Check the hosts file in this repo for an example. You can clone this repo and copy the modules to your Ansible library path. If you are unsure, check out the quick start guide

Configuration of Cisco device

Testing: SNMPv2

snmp-server community [write-community-string] rw [acl]

Production: SNMPv3

ip access-list standard ACL-ANSIBLE-HOST
 permit host 172.29.50.50

snmp-server view V3ISO iso included
snmp-server group ANSIBLEGRP v3 priv write V3ISO
snmp-server user ansible ANSIBLEGRP v3 auth sha AuthPassword123 priv aes 128 PrivPassword123 access ACL-ANSIBLE-HOST

Demo

Running the playbook the first time:

$ ansible-playbook -i hosts example-playbooks/how-to/examples-vlan.yml

PLAY [all] ********************************************************************

TASK: [Ensure VLAN 10 is present and has the name INTERNAL] *******************
ok: [172.29.50.5]

TASK: [Ensure VLAN 12 is present and has the name GUESTS] *********************
changed: [172.29.50.5]

TASK: [Ensure that VLAN 40 is created] ****************************************
ok: [172.29.50.5]

TASK: [Remove VLAN 80 if it is present] ***************************************
ok: [172.29.50.5]

TASK: [Create vlan 100 with SNMPv3] *******************************************
ok: [172.29.50.5]

TASK: [Create vlan from variable] *********************************************
changed: [172.29.50.5] => (item={'vlan_id': 30, 'vlan_name': 'red'})
ok: [172.29.50.5] => (item={'vlan_id': 31, 'vlan_name': 'green'})
changed: [172.29.50.5] => (item={'vlan_id': 32, 'vlan_name': 'blue'})

NOTIFIED: [save config] *******************************************************
changed: [172.29.50.5]

PLAY RECAP ********************************************************************
172.29.50.5                : ok=7    changed=3    unreachable=0    failed=0

Running the playbook a second time:

$ ansible-playbook -i hosts example-playbooks/how-to/examples-vlan.yml

PLAY [all] ********************************************************************

TASK: [Ensure VLAN 10 is present and has the name INTERNAL] *******************
ok: [172.29.50.5]

TASK: [Ensure VLAN 12 is present and has the name GUESTS] *********************
ok: [172.29.50.5]

TASK: [Ensure that VLAN 40 is created] ****************************************
ok: [172.29.50.5]

TASK: [Remove VLAN 80 if it is present] ***************************************
ok: [172.29.50.5]

TASK: [Create vlan 100 with SNMPv3] *******************************************
ok: [172.29.50.5]

TASK: [Create vlan from variable] *********************************************
ok: [172.29.50.5] => (item={'vlan_id': 30, 'vlan_name': 'red'})
ok: [172.29.50.5] => (item={'vlan_id': 31, 'vlan_name': 'green'})
ok: [172.29.50.5] => (item={'vlan_id': 32, 'vlan_name': 'blue'})

PLAY RECAP ********************************************************************
172.29.50.5                : ok=6    changed=0    unreachable=0    failed=0

Todo

Error handling (the module assumes that the SNMPv3 user/SNMPv2 community has write access to the device)
Ability to save running configuration to startup configuration
cisco_snmp_switchport module - Add ability to set allowed VLANs on a trunk

Known issues

Naming conflicts: If you try to add a vlan using a name which already exists the module won't pick this up. The vlan will keep it's old name or be created without a name
No checking if the provided vlan_id is a valid number. I.e. the module won't complain if you try to create a vlan with id 37812942

Potential roadmap

Change interfaces i.e. access/trunk port, vlan assignments, description, admin up/down
Handle configuraion backups
All other things which might be possible through SNMP

Feedback

If you have any questions or feedback. Please send me a note over at my blog or submit an issue here at Github.

ansible-cisco-snmp's People

Contributors

Stargazers

Watchers

ansible-cisco-snmp's Issues

Syntax Error

Hi Patrick,
I am first time using this module. Getting this error:

Unable to import cisco_snmp_portsecurity due to invalid syntax

installed nelsnmp
cloned ansible-cisco-snmp
ansible.cfg - pointing library to ansible-cisco-snmp/library

$ cat ansible.cfg

[defaults]

library = /tmp/certs/ansible-cisco-snmp/librar

running following code:

cat test-snmp.yml

---
 - hosts: all
   connection: local
   gather_facts: no
    
   tasks:
           #    - name: test 
           # cisco_snmp_interface: 
           #host={{ inventory_hostname }}
           #version=2c 
           #community=private
        - cisco_snmp_portsecurity: host={{ inventory_hostname }} version=v3 community=private interface_name=FastEthernet0/2 portsecurity=enabled max=5

Error:

PLAYBOOK: test_snmp.yml ********************************************************
1 plays in test_snmp.yml

PLAY [all] *********************************************************************
META: ran handlers

TASK [cisco_snmp_portsecurity] *************************************************
task path: /tmp/certs/test_snmp.yml:12
fatal: [wayzataoclab729-swt.XXXX.com]: FAILED! => {"msg": "Unable to import cisco_snmp_portsecurity due to invalid syntax"}

Same Syntax error came when I tried to use interface module

ZTP help

Hey, I try to use your code with my projet but I don't know how to put multiple final config, how the switch will know to take his config based on mac address or serial number if its possible.

Also use option 125 for ios_version.bin.

Can i contact you by email or slack for exemple?

tank you.
Nicolas

How to Backup the Running Configuration into the Host

Hello Friend,

Is There any way to backup the running configuration into the host that runs ansible?

I looked at cisco_snmp_save_config, but looks like is just "Save the running configuration to startup".

Error creating Vlans

First of all, these modules are AWESOME!

I'm trying to figure out how to solve this error:

failed: [x.x.x.x] => {"failed": true, "parsed": false}
Traceback (most recent call last):
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1446051069.8-34119550336394/cisco_snmp_vlan", line >1914, in <module>
    main()
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1446051069.8-34119550336394/cisco_snmp_vlan", line >1898, in main
    vartable = dev.getnext(o.vtpVlanEditTable)
  File "/usr/local/lib/python2.7/dist-packages/nelsnmp/snmp.py", line 278, in getnext
    lookupMib=False
  File "/usr/local/lib/python2.7/dist-packages/pysnmp/entity/rfc3413/oneliner/cmdgen.py", line 222, in nextCmd
    return errorIndication, errorStatus, errorIndex, varBindTable
 UnboundLocalError: local variable 'errorIndication' referenced before assignment

 FATAL: all hosts have already failed -- aborting

It just happens when I try to create a Vlan on the device, I'm testing using a Catalyst 2960. This error occurs for both SNMP v2c and v3.

Everything else works fine!

Thanks

Create module to retrieve cdp neighbors

Extend cisco_snmp_interface.py for setup portAdminSpeed and portDuplex

It is possible to extend the script for setup portAdminSpeed and portDuplex on interface?
The problem is Cisoco use in this case a seperate CISCO-STACK-MIB

From CISCO-STACK-MIB

self.portAdminSpeed = "1.3.6.1.4.1.9.5.1.4.1.1.9"
self.portDuplex = "1.3.6.1.4.1.9.5.1.4.1.1.10"
self.portIfIndex = "1.3.6.1.4.1.9.5.1.4.1.1.11"

And works with portIfIndex mapping to ifIndex here:
| -- portIfIndex (11)
1.3.6.1.4.1.9.5.1.4.1.1.11.1.1 = INTEGER: 10101
1.3.6.1.4.1.9.5.1.4.1.1.11.1.2 = INTEGER: 10102
1.3.6.1.4.1.9.5.1.4.1.1.11.1.3 = INTEGER: 10001
1.3.6.1.4.1.9.5.1.4.1.1.11.1.4 = INTEGER: 10002
1.3.6.1.4.1.9.5.1.4.1.1.11.1.5 = INTEGER: 10003
1.3.6.1.4.1.9.5.1.4.1.1.11.1.6 = INTEGER: 10004
1.3.6.1.4.1.9.5.1.4.1.1.11.1.7 = INTEGER: 10005

The ifIndex are the following interfaces:
IF-MIB::ifDescr.10101 = STRING: GigabitEthernet1/0/1
IF-MIB::ifDescr.10102 = STRING: GigabitEthernet1/0/2
IF-MIB::ifDescr.10001 = STRING: FastEthernet1/0/1
IF-MIB::ifDescr.10002 = STRING: FastEthernet1/0/2
IF-MIB::ifDescr.10003 = STRING: FastEthernet1/0/3
IF-MIB::ifDescr.10004 = STRING: FastEthernet1/0/4
IF-MIB::ifDescr.10005 = STRING: FastEthernet1/0/5

This are the possible values:
portAdminSpeed
Values
1 : autoDetect
2 : autoDetect10100
10 : s10G
64000 : s64000
1544000 : s1544000
2000000 : s2000000
2048000 : s2048000
4000000 : s4000000
10000000 : s10000000
16000000 : s16000000
45000000 : s45000000
64000000 : s64000000
100000000 : s100000000
155000000 : s155000000
400000000 : s400000000
622000000 : s622000000
1000000000 : s1000000000

portDuplex
Values
1 : half
2 : full
3 : disagree
4 : auto

Could you added this or give me a hint how can I write the mapping find function of ifIndex to portIfIndex in python script?