Cisco 3750 + Ansible IOS commands

AvidPontoon1 · ‎01-24-2021

Hi,

I have a site using 3750 switches and am trying to integrate these with ansible. However the C3750’s can only run IOS 12.2 due to their amount of flash.

Ansible tries to run the command ‘show run | section ^interfaces’ however the 3750 does not

support the ‘section’ modifier. Is there any IOS versions for the 3750 that support this command or is IOS 15 required?

Francesco Molino · ‎01-24-2021

Hi

Section output modifier isn’t in any version 12.2.x and even on 15.0. I checked on old 3750 running version 15.0.2 and section isn’t an available option.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

AvidPontoon1 · ‎01-25-2021

Hi Francesco,

I just checked this on a 3750G with c3750-ipservicesk9-mz.150-2.SE11 and the section modifier worked?
Is this related to the non G models do you think?

Thanks
Nick

Sergey Lisitsin · ‎01-25-2021

Hello,

What is it you are trying to achieve? May be we can come up with an alternative.

AvidPontoon1 · ‎01-25-2021

I am using the ansible cisco l2 interfaces module to get information about interfaces and configure them with access VLAN's/trunked vlans.

However ansible runs the 'show run | section ^interfaces' during the playbook so fails immediately.

Sergey Lisitsin · ‎01-25-2021

Well, if that fails, can you not use ios_config module instead? You can achieve the same configuration using that module.

AvidPontoon1 · ‎01-25-2021

That doesn't allow me to use the aspects of l2 interfaces like merge and replace does it? I would have to know what was already configured on the interface to be able to change it.

Let me know if that is not the case.

imad.hsissou · ‎01-25-2021

Hi AvidPontoon,

You can use more than one ansible module in the same playbook, the cisco.ios.ios_command module will allow you to run a show command and get the current configuration as the output, you can also use the match and wait_for arguments to evaluate against the output of the command.

Here is an example using both cisco.ios.ios_command and cisco.ios.ios_l2_interfaces modules:

- name: Run show command
  cisco.ios.ios_command:
    commands:
    - show running-config | section ^interface
    wait_for:
    - result[1] contains GigabitEthernet0/1

- name: Merge provided configuration with device configuration
  cisco.ios.ios_l2_interfaces:
    config:
    - name: GigabitEthernet0/1
      mode: trunk
      trunk:
        allowed_vlans: 10-20,40
        native_vlan: 20
        pruning_vlans: 10,20
        encapsulation: dot1q
    state: merged

You can play with the output received from the show commands to achieve your desired logic.

More examples :

cisco.ios.ios_command = https://docs.ansible.com/ansible/latest/collections/cisco/ios/ios_command_module.html cisco.ios.ios_l2_interfaces = https://docs.ansible.com/ansible/latest/collections/cisco/ios/ios_l2_interfaces_module.html

I hope this will help,

--

BR,

Imad HSISSOU

Network Consulting Engineer

AvidPontoon1 · ‎01-25-2021

Hi Imad,

The problem is that the 'show running-config | section ^interface' command doesn't work on the switches we have. They are 3750's

Sergiu.Daniluk · ‎01-25-2021

Hi @AvidPontoon1

I am looking at the ios l2 interfaces and I do not see any "show running-config | section ^interface" command.

Which ansible version do you have?

/venv/lib/python3.8/site-packages/ansible_collections/cisco/ios/plugins/modules# cat ios_l2_interface.py | grep show
            module, ["show interface {0} switchport".format(name)]
        config = run_commands(module, ["show run interface {0}".format(name)])[
        module, ["show interface {0} switchport".format(name)]
    config = run_commands(module, ["show vlan"])[0]

I have 2.10.2 in my venv.

Stay safe,

Sergiu

AvidPontoon1 · ‎01-25-2021

Hi,

Playbook example:

- name: "PLAY 1: 3750 Test"
  connection: network_cli
  hosts: 3750-1
  tasks:
    - name: Merge provided configuration with device configuration
      cisco.ios.ios_l2_interfaces:
        config:
        - name: FastEthernet1/0/1
          mode: access
          access:
            vlan: 10
        state: replaced

I get this output:

TASK [Merge provided configuration with device configuration] *******************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: 3750-1#
fatal: [3750-1]: FAILED! => changed=false 
  module_stderr: |-
    Traceback (most recent call last):
      File "/home/nick/.ansible/tmp/ansible-local-12273a_8t0rsc/ansible-tmp-1611596081.725229-12303-74380870219898/AnsiballZ_ios_l2_interfaces.py", line 102, in <module>
        _ansiballz_main()
      File "/home/nick/.ansible/tmp/ansible-local-12273a_8t0rsc/ansible-tmp-1611596081.725229-12303-74380870219898/AnsiballZ_ios_l2_interfaces.py", line 94, in _ansiballz_main
        invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
      File "/home/nick/.ansible/tmp/ansible-local-12273a_8t0rsc/ansible-tmp-1611596081.725229-12303-74380870219898/AnsiballZ_ios_l2_interfaces.py", line 40, in invoke_module
        runpy.run_module(mod_name='ansible_collections.cisco.ios.plugins.modules.ios_l2_interfaces', init_globals=None, run_name='__main__', alter_sys=True)
      File "/usr/lib/python3.6/runpy.py", line 205, in run_module
        return _run_module_code(code, init_globals, run_name, mod_spec)
      File "/usr/lib/python3.6/runpy.py", line 96, in _run_module_code
        mod_name, mod_spec, pkg_name, script_name)
      File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
        exec(code, run_globals)
      File "/tmp/ansible_cisco.ios.ios_l2_interfaces_payload_xhxwt6_c/ansible_cisco.ios.ios_l2_interfaces_payload.zip/ansible_collections/cisco/ios/plugins/modules/ios_l2_interfaces.py", line 560, in <module>
      File "/tmp/ansible_cisco.ios.ios_l2_interfaces_payload_xhxwt6_c/ansible_cisco.ios.ios_l2_interfaces_payload.zip/ansible_collections/cisco/ios/plugins/modules/ios_l2_interfaces.py", line 555, in main
      File "/tmp/ansible_cisco.ios.ios_l2_interfaces_payload_xhxwt6_c/ansible_cisco.ios.ios_l2_interfaces_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/config/l2_interfaces/l2_interfaces.py", line 86, in execute_module
      File "/tmp/ansible_cisco.ios.ios_l2_interfaces_payload_xhxwt6_c/ansible_cisco.ios.ios_l2_interfaces_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/config/l2_interfaces/l2_interfaces.py", line 67, in get_l2_interfaces_facts
      File "/tmp/ansible_cisco.ios.ios_l2_interfaces_payload_xhxwt6_c/ansible_cisco.ios.ios_l2_interfaces_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/facts/facts.py", line 118, in get_facts
      File "/tmp/ansible_cisco.ios.ios_l2_interfaces_payload_xhxwt6_c/ansible_cisco.ios.ios_l2_interfaces_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/facts/facts.py", line 131, in get_network_resources_facts
      File "/tmp/ansible_cisco.ios.ios_l2_interfaces_payload_xhxwt6_c/ansible_cisco.ios.ios_l2_interfaces_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/facts/l2_interfaces/l2_interfaces.py", line 62, in populate_facts
      File "/tmp/ansible_cisco.ios.ios_l2_interfaces_payload_xhxwt6_c/ansible_cisco.ios.ios_l2_interfaces_payload.zip/ansible_collections/cisco/ios/plugins/module_utils/network/ios/facts/l2_interfaces/l2_interfaces.py", line 50, in get_l2_interfaces_data
      File "/tmp/ansible_cisco.ios.ios_l2_interfaces_payload_xhxwt6_c/ansible_cisco.ios.ios_l2_interfaces_payload.zip/ansible/module_utils/connection.py", line 195, in __rpc__
    ansible.module_utils.connection.ConnectionError: show running-config | section ^interface
    show running-config | section ^interface
                          ^
    % Invalid input detected at '^' marker.
  
    3750-1#
  module_stdout: ''
  msg: |-
    MODULE FAILURE
    See stdout/stderr for the exact error
  rc: 1

Its failing on the command 'show running-config | section ^interface'

My ansible version is:

ansible 2.9.16
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/etc/ansible/library']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.17 (default, Sep 30 2020, 13:38:04) [GCC 7.5.0]

Hope this helps.

imad.hsissou · ‎01-25-2021

Hello,

As I understand it, many cisco ansible modules call the get_config() function to fetch and filter the running configuration, this function returns an exeption if the device doesn't support the "| section" command, maybe that's the source of the error you get.

Please refer to following source code :

https://github.com/ansible-collections/cisco.ios/blob/main/plugins/module_utils/network/ios/ios.py#L108

def get_config(module, flags=None):
    flags = to_list(flags)

    section_filter = False
    if flags and "section" in flags[-1]:
        section_filter = True

    flag_str = " ".join(flags)

    try:
        return _DEVICE_CONFIGS[flag_str]
    except KeyError:
        connection = get_connection(module)
        try:
            out = connection.get_config(flags=flags)
        except ConnectionError as exc:
            if section_filter:
                # Some ios devices don't understand `| section foo`
                out = get_config(module, flags=flags[:-1])
            else:
                module.fail_json(
                    msg=to_text(exc, errors="surrogate_then_replace")
                )
        cfg = to_text(out, errors="surrogate_then_replace").strip()
        _DEVICE_CONFIGS[flag_str] = cfg
        return cfg

You can try a combination of modules that do not implement this function to avoid this error.

I hope that this will help,

--

BR,

Imad HSISSOU

Network Consulting Engineer

Sergey Lisitsin · ‎01-25-2021

What kind of merge? Can yo give an example?

AvidPontoon1 · ‎01-25-2021

The state can be changed dependent on how you want the interface changed:

- name: "PLAY 1: 3750 Test"
  connection: network_cli
  hosts: 3750-1
  tasks:
    - name: Merge provided configuration with device configuration
      cisco.ios.ios_l2_interfaces:
        config:
        - name: FastEthernet1/0/1
          mode: access
          access:
            vlan: 10
        state: replaced

Sergey Lisitsin · ‎01-26-2021

Avid,

But the configuration like port type (trunk/access) and access VLAN is rewritten anyway. You can't have multiple access VLANs, so the effect of using the ios_config module will be the same.