W3cubDocs

FRR Platform Options

This page offers details on connection options to manage FRR using Ansible.

Connections Available
Using CLI in Ansible
- Example CLI group_vars/frr.yml
- Example CLI Task

Connections Available

	CLI
Protocol	SSH
Credentials	uses SSH keys / SSH-agent if present accepts `-u myuser -k` if using password
Indirect Access	via a bastion (jump host)
Connection Settings	`ansible_connection: network_cli`
Enable Mode (Privilege Escalation)	not supported
Returned Data Format	`stdout[0].`

Using CLI in Ansible

Example CLI `group_vars/frr.yml`

ansible_connection: network_cli
ansible_network_os: frr
ansible_user: frruser
ansible_password: !vault...
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'

The ansible_user should be a part of the frrvty group and should have the default shell set to /bin/vtysh.
If you are using SSH keys (including an ssh-agent) you can remove the ansible_password configuration.
If you are accessing your host directly (not through a bastion/jump host) you can remove the ansible_ssh_common_args configuration.
If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ProxyCommand directive. To prevent secrets from leaking out (for example in ps output), SSH does not support providing passwords via environment variables.

Example CLI Task

- name: Gather FRR facts
  frr_facts:
    gather_subset:
     - config
     - hardware

Warning

Never store passwords in plain text. We recommend using SSH keys to authenticate SSH connections. Ansible supports ssh-agent to manage your SSH keys. If you must use passwords to authenticate SSH connections, we recommend encrypting them with Ansible Vault.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/network/user_guide/platform_frr.html