cisco.radkit.network_cli connection – DEPRECATED: Use ssh_proxy module with ansible.netcommon.network_cli instead

Note

This connection plugin is part of the cisco.radkit collection (version 2.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install git+https://wwwin-github.cisco.com/scdozier/cisco.radkit-ansible.git. You need further requirements to be able to use this connection plugin, see Requirements for details.

To use it in a playbook, specify: cisco.radkit.network_cli.

New in cisco.radkit 0.1.0

DEPRECATED

Removed in:

version 2.0.0

Why:

Replaced by ssh_proxy module for better compatibility and security

Alternative:

Use ssh_proxy module with ansible.netcommon.network_cli

Synopsis

• 🚨 DEPRECATED as of v2.0.0: This connection plugin is deprecated.

• Use ssh_proxy module with standard ansible.netcommon.network_cli connection instead.

• This provides better compatibility, security, and easier configuration.

• See ssh_proxy module documentation for migration instructions.

• This connection plugin provides a connection to remote devices over the SSH through RADKit to implement a CLI shell. This connection plugin is typically used by network devices for sending and receiving CLI commands to network devices. Note that ansible_host must be set in the inventory and match the host/ip in RADKit for the device.

Requirements

The below requirements are needed on the local controller node that executes this connection.

• radkit-client

Parameters

Parameter	Comments
become boolean	The become option will instruct the CLI session to attempt privilege escalation on platforms that support it. Normally this means transitioning from user mode to enable mode in the CLI session. If become is set to True and the remote device does not support privilege escalation or the privilege has already been elevated, then this option is silently ignored. Can be configured from the CLI via the --become or -b options. Choices: false ← (default) true Configuration: INI entry: [privilege_escalation] become = false Environment variable: ANSIBLE_BECOME Variable: ansible_become
become_errors string	This option determines how privilege escalation failures are handled when become is enabled. When set to ignore, the errors are silently ignored. When set to warn, a warning message is displayed. The default option fail, triggers a failure and halts execution. Choices: "ignore" "warn" "fail" ← (default) Configuration: Variable: ansible_network_become_errors
become_method string	This option allows the become method to be specified in for handling privilege escalation. Typically the become_method value is set to enable but could be defined as other values. Default: "sudo" Configuration: INI entry: [privilege_escalation] become_method = sudo Environment variable: ANSIBLE_BECOME_METHOD Variable: ansible_become_method
device_addr string / required	Hostname/Address of the remote target. This must match the host on RADKit. This option will be used when ansible_host or ansible_ssh_host is specified Configuration: Variable: ansible_host Variable: ansible_ssh_host
device_name string / required	Device name of the remote target. This must match the device name in RADKit if ansible_host not set. Configuration: Variable: inventory_hostname
import_modules boolean	Reduce CPU usage and network module execution time by enabling direct execution. Instead of the module being packaged and executed by the shell, it will be directly executed by the Ansible control node using the same python interpreter as the Ansible process. Note- Incompatible with asynchronous mode. Note- Python 3 and Ansible 2.9.16 or greater required. Note- With Ansible 2.9.x fully qualified modules names are required in tasks. Choices: false true ← (default) Configuration: INI entry: [ansible_network] import_modules = true Environment variable: ANSIBLE_NETWORK_IMPORT_MODULES Variable: ansible_network_import_modules
network_cli_retries integer	Number of attempts to connect to remote host. The delay time between the retires increases after every attempt by power of 2 in seconds till either the maximum attempts are exhausted or any of the persistent_command_timeout or persistent_connect_timeout timers are triggered. Default: 3 Configuration: INI entry: [persistent_connection] network_cli_retries = 3 Environment variable: ANSIBLE_NETWORK_CLI_RETRIES Variable: ansible_network_cli_retries
network_os string	Configures the device platform network operating system. This value is used to load the correct terminal and cliconf plugins to communicate with the remote device. Configuration: Variable: ansible_network_os
persistent_buffer_read_timeout float	Configures, in seconds, the amount of time to wait for the data to be read from Radkit interactive session after the command prompt is matched. This timeout value ensures that command prompt matched is correct and there is no more data left to be received from remote host. Default: 0.5 Configuration: INI entry: [persistent_connection] buffer_read_timeout = 0.5 Environment variable: ANSIBLE_PERSISTENT_BUFFER_READ_TIMEOUT Variable: ansible_buffer_read_timeout
persistent_command_timeout integer	Configures, in seconds, the amount of time to wait for a command to return from the remote device. If this timer is exceeded before the command returns, the connection plugin will raise an exception and close. Default: 30 Configuration: INI entry: [persistent_connection] command_timeout = 30 Environment variable: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT Variable: ansible_command_timeout
persistent_connect_timeout integer	Configures, in seconds, the amount of time to wait when trying to initially establish a persistent connection. If this value expires before the connection to the remote device is completed, the connection will fail. Default: 30 Configuration: INI entry: [persistent_connection] connect_timeout = 30 Environment variable: ANSIBLE_PERSISTENT_CONNECT_TIMEOUT Variable: ansible_connect_timeout
persistent_log_messages boolean	This flag will enable logging the command executed and response received from target device in the ansible log file. For this option to work ‘log_path’ ansible configuration option is required to be set to a file path with write access. Be sure to fully understand the security implications of enabling this option as it could create a security vulnerability by logging sensitive information in log file. Choices: false ← (default) true Configuration: INI entry: [persistent_connection] log_messages = false Environment variable: ANSIBLE_PERSISTENT_LOG_MESSAGES Variable: ansible_persistent_log_messages
radkit_client_ca_path string	The path to the issuer chain for the identity certificate Configuration: Environment variable: RADKIT_ANSIBLE_CLIENT_CA_PATH Variable: radkit_client_ca_path
radkit_client_cert_path string	The path to the identity certificate Configuration: Environment variable: RADKIT_ANSIBLE_CLIENT_CERT_PATH Variable: radkit_client_cert_path
radkit_client_key_path string	The path to the private key for the identity certificate Configuration: Environment variable: RADKIT_ANSIBLE_CLIENT_KEY_PATH Variable: radkit_client_key_path
radkit_client_private_key_password_base64 string / required	The private key password in base64 for radkit client Configuration: Environment variable: RADKIT_ANSIBLE_CLIENT_PRIVATE_KEY_PASSWORD_BASE64 Variable: radkit_client_private_key_password_base64
radkit_identity string / required	The Client ID (owner email address) present in the RADKit client certificate. Configuration: Environment variable: RADKIT_ANSIBLE_IDENTITY Variable: radkit_identity
radkit_service_serial string / required	The serial of the RADKit service you wish to connect through Configuration: Environment variable: RADKIT_ANSIBLE_SERVICE_SERIAL Variable: radkit_service_serial
single_user_mode boolean added in cisco.radkit 2.0.0	This option enables caching of data fetched from the target for re-use. The cache is invalidated when the target device enters configuration mode. Applicable only for platforms where this has been implemented. Choices: false ← (default) true Configuration: Environment variable: ANSIBLE_NETWORK_SINGLE_USER_MODE Variable: ansible_network_single_user_mode
terminal_errors string added in cisco.radkit 3.1.0	This option determines how failures while setting terminal parameters are handled. When set to ignore, the errors are silently ignored. When set to warn, a warning message is displayed. The default option fail, triggers a failure and halts execution. Choices: "ignore" "warn" "fail" ← (default) Configuration: Variable: ansible_network_terminal_errors
terminal_inital_prompt_newline boolean	This boolean flag, that when set to True will send newline in the response if any of values in terminal_initial_prompt is matched. Choices: false true ← (default) Configuration: Variable: ansible_terminal_initial_prompt_newline
terminal_initial_answer list / elements=string	The answer to reply with if the terminal_initial_prompt is matched. The value can be a single answer or a list of answers for multiple terminal_initial_prompt. In case the login menu has multiple prompts the sequence of the prompt and excepted answer should be in same order and the value of terminal_prompt_checkall should be set to True if all the values in terminal_initial_prompt are expected to be matched and set to False if any one login prompt is to be matched. Configuration: Variable: ansible_terminal_initial_answer
terminal_initial_prompt list / elements=string	A single regex pattern or a sequence of patterns to evaluate the expected prompt at the time of initial login to the remote host. Configuration: Variable: ansible_terminal_initial_prompt
terminal_initial_prompt_checkall boolean	By default the value is set to False and any one of the prompts mentioned in terminal_initial_prompt option is matched it won’t check for other prompts. When set to True it will check for all the prompts mentioned in terminal_initial_prompt option in the given order and all the prompts should be received from remote host if not it will result in timeout. Choices: false ← (default) true Configuration: Variable: ansible_terminal_initial_prompt_checkall
terminal_stderr_re list / elements=dictionary	This option provides the regex pattern and optional flags to match the error string from the received response chunk. This option accepts pattern and flags keys. The value of pattern is a python regex pattern to match the response and the value of flags is the value accepted by flags argument of re.compile python method to control the way regex is matched with the response, for example ‘re.I’. Configuration: Variable: ansible_terminal_stderr_re
terminal_stdout_re list / elements=dictionary	A single regex pattern or a sequence of patterns along with optional flags to match the command prompt from the received response chunk. This option accepts pattern and flags keys. The value of pattern is a python regex pattern to match the response and the value of flags is the value accepted by flags argument of re.compile python method to control the way regex is matched with the response, for example ‘re.I’. Configuration: Variable: ansible_terminal_stdout_re

Examples

- hosts: all
  connection: cisco.radkit.network_cli
  vars:
    radkit_service_serial: xxxx-xxxx-xxxx
    radkit_identity: user@cisco.com
    ansible_network_os: ios
  become: yes
  tasks:
    - name: Gather all ios facts
      cisco.ios.ios_facts:
        gather_subset: all

    - debug:
        msg: "{{ ansible_facts }}"

    - name: Run show version
      cisco.ios.ios_command:
        commands: show version

Status

• This connection will be removed in version 2.0.0. [deprecated]

• For more information see DEPRECATED.

Authors

• Ansible Networking Team (@ansible-network)

• Scott Dozier (@scdozier)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.

Collection links

• Issue Tracker
• Repository (Sources)