| Parameter |
Choices/Defaults |
Configuration |
Comments |
|
become
boolean
|
Default:
"no"
|
ini entries:
[privilege_escalation]
become = no
env:ANSIBLE_BECOME
var: ansible_become
|
The become option will instruct the CLI session to attempt privilege escalation on platforms that support it. Normally this means transitioning from user mode to enable mode in the CLI session. If become is set to True and the remote device does not support privilege escalation or the privilege has already been elevated, then this option is silently ignored.
Can be configured from the CLI via the --become or -b options.
|
|
become_errors
string
|
Choices:
- ignore
- warn
fail ←
|
var: ansible_network_become_errors
|
This option determines how privilege escalation failures are handled when become is enabled.
When set to ignore, the errors are silently ignored. When set to warn, a warning message is displayed. The default option fail, triggers a failure and halts execution.
|
|
become_method
string
|
Default:
"sudo"
|
ini entries:
[privilege_escalation]
become_method = sudo
env:ANSIBLE_BECOME_METHOD
var: ansible_become_method
|
This option allows the become method to be specified in for handling privilege escalation. Typically the become_method value is set to enable but could be defined as other values.
|
|
host
string
|
Default:
"inventory_hostname"
|
var: inventory_hostname
var: ansible_host
|
Specifies the remote device FQDN or IP address to establish the SSH connection to.
|
|
host_key_auto_add
boolean
|
Default:
"no"
|
ini entries:
[paramiko_connection]
host_key_auto_add = no
env:ANSIBLE_HOST_KEY_AUTO_ADD
|
By default, Ansible will prompt the user before adding SSH keys to the known hosts file. Since persistent connections such as network_cli run in background processes, the user will never be prompted. By enabling this option, unknown host keys will automatically be added to the known hosts file.
Be sure to fully understand the security implications of enabling this option on production systems as it could create a security vulnerability.
|
|
host_key_checking
boolean
|
Default:
"yes"
|
ini entries:
[defaults]
host_key_checking = yes
[persistent_connection]
host_key_checking = yes
env:ANSIBLE_HOST_KEY_CHECKING
env:ANSIBLE_SSH_HOST_KEY_CHECKING
var: ansible_host_key_checking
var: ansible_ssh_host_key_checking
|
Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host
|
|
import_modules
boolean
|
Default:
"yes"
|
ini entries:
[ansible_network]
import_modules = yes
env:ANSIBLE_NETWORK_IMPORT_MODULES
var: ansible_network_import_modules
|
Reduce CPU usage and network module execution time by enabling direct execution. Instead of the module being packaged and executed by the shell, it will be directly executed by the Ansible control node using the same python interpreter as the Ansible process. Note- Incompatible with asynchronous mode. Note- Python 3 and Ansible 2.9.16 or greater required. Note- With Ansible 2.9.x fully qualified modules names are required in tasks.
|
|
network_cli_retries
integer
|
Default:
3
|
ini entries:
[persistent_connection]
network_cli_retries = 3
env:ANSIBLE_NETWORK_CLI_RETRIES
var: ansible_network_cli_retries
|
Number of attempts to connect to remote host. The delay time between the retires increases after every attempt by power of 2 in seconds till either the maximum attempts are exhausted or any of the persistent_command_timeout or persistent_connect_timeout timers are triggered.
|
|
network_os
string
|
|
var: ansible_network_os
|
Configures the device platform network operating system. This value is used to load the correct terminal and cliconf plugins to communicate with the remote device.
|
|
password
string
|
|
var: ansible_password
var: ansible_ssh_pass
var: ansible_ssh_password
|
Configures the user password used to authenticate to the remote device when first establishing the SSH connection.
|
|
persistent_buffer_read_timeout
float
|
Default:
0.1
|
ini entries:
[persistent_connection]
buffer_read_timeout = 0.1
env:ANSIBLE_PERSISTENT_BUFFER_READ_TIMEOUT
var: ansible_buffer_read_timeout
|
Configures, in seconds, the amount of time to wait for the data to be read from Paramiko channel after the command prompt is matched. This timeout value ensures that command prompt matched is correct and there is no more data left to be received from remote host.
|
|
persistent_command_timeout
integer
|
Default:
30
|
ini entries:
[persistent_connection]
command_timeout = 30
env:ANSIBLE_PERSISTENT_COMMAND_TIMEOUT
var: ansible_command_timeout
|
Configures, in seconds, the amount of time to wait for a command to return from the remote device. If this timer is exceeded before the command returns, the connection plugin will raise an exception and close.
|
|
persistent_connect_timeout
integer
|
Default:
30
|
ini entries:
[persistent_connection]
connect_timeout = 30
env:ANSIBLE_PERSISTENT_CONNECT_TIMEOUT
var: ansible_connect_timeout
|
Configures, in seconds, the amount of time to wait when trying to initially establish a persistent connection. If this value expires before the connection to the remote device is completed, the connection will fail.
|
|
persistent_log_messages
boolean
|
Default:
"no"
|
ini entries:
[persistent_connection]
log_messages = no
env:ANSIBLE_PERSISTENT_LOG_MESSAGES
var: ansible_persistent_log_messages
|
This flag will enable logging the command executed and response received from target device in the ansible log file. For this option to work 'log_path' ansible configuration option is required to be set to a file path with write access.
Be sure to fully understand the security implications of enabling this option as it could create a security vulnerability by logging sensitive information in log file.
|
|
port
integer
|
Default:
22
|
ini entries:
[defaults]
remote_port = 22
env:ANSIBLE_REMOTE_PORT
var: ansible_port
|
Specifies the port on the remote device that listens for connections when establishing the SSH connection.
|
|
private_key_file
string
|
|
ini entries:
[defaults]
private_key_file = VALUE
env:ANSIBLE_PRIVATE_KEY_FILE
var: ansible_private_key_file
|
The private SSH key or certificate file used to authenticate to the remote device when first establishing the SSH connection.
|
|
remote_user
string
|
|
ini entries:
[defaults]
remote_user = VALUE
env:ANSIBLE_REMOTE_USER
var: ansible_user
|
The username used to authenticate to the remote device when the SSH connection is first established. If the remote_user is not specified, the connection will use the username of the logged in user.
Can be configured from the CLI via the --user or -u options.
|
|
single_user_mode
boolean
added in 2.0.0
|
Default:
"no"
|
env:ANSIBLE_NETWORK_SINGLE_USER_MODE
var: ansible_network_single_user_mode
|
This option enables caching of data fetched from the target for re-use. The cache is invalidated when the target device enters configuration mode.
Applicable only for platforms where this has been implemented.
|
|
ssh_type
string
|
Choices:
- libssh
- paramiko
auto ←
|
ini entries:
[persistent_connection]
ssh_type = auto
env:ANSIBLE_NETWORK_CLI_SSH_TYPE
var: ansible_network_cli_ssh_type
|
The python package that will be used by the network_cli connection plugin to create a SSH connection to remote host.
libssh will use the ansible-pylibssh package, which needs to be installed in order to work.
paramiko will instead use the paramiko package to manage the SSH connection.
auto will use ansible-pylibssh if that package is installed, otherwise will fallback to paramiko.
|
|
terminal_errors
string
added in 3.1.0
|
Choices:
- ignore
- warn
fail ←
|
var: ansible_network_terminal_errors
|
This option determines how failures while setting terminal parameters are handled.
When set to ignore, the errors are silently ignored. When set to warn, a warning message is displayed. The default option fail, triggers a failure and halts execution.
|
|
terminal_inital_prompt_newline
boolean
|
Default:
"yes"
|
var: ansible_terminal_initial_prompt_newline
|
This boolean flag, that when set to True will send newline in the response if any of values in terminal_initial_prompt is matched.
|
|
terminal_initial_answer
list
/ elements=string
|
|
var: ansible_terminal_initial_answer
|
The answer to reply with if the terminal_initial_prompt is matched. The value can be a single answer or a list of answers for multiple terminal_initial_prompt. In case the login menu has multiple prompts the sequence of the prompt and excepted answer should be in same order and the value of terminal_prompt_checkall should be set to True if all the values in terminal_initial_prompt are expected to be matched and set to False if any one login prompt is to be matched.
|
|
terminal_initial_prompt
list
/ elements=string
|
|
var: ansible_terminal_initial_prompt
|
A single regex pattern or a sequence of patterns to evaluate the expected prompt at the time of initial login to the remote host.
|
|
terminal_initial_prompt_checkall
boolean
|
Default:
"no"
|
var: ansible_terminal_initial_prompt_checkall
|
By default the value is set to False and any one of the prompts mentioned in terminal_initial_prompt option is matched it won't check for other prompts. When set to True it will check for all the prompts mentioned in terminal_initial_prompt option in the given order and all the prompts should be received from remote host if not it will result in timeout.
|
|
terminal_stderr_re
list
/ elements=dictionary
|
|
var: ansible_terminal_stderr_re
|
This option provides the regex pattern and optional flags to match the error string from the received response chunk. This option accepts pattern and flags keys. The value of pattern is a python regex pattern to match the response and the value of flags is the value accepted by flags argument of re.compile python method to control the way regex is matched with the response, for example 're.I'.
|
|
terminal_stdout_re
list
/ elements=dictionary
|
|
var: ansible_terminal_stdout_re
|
A single regex pattern or a sequence of patterns along with optional flags to match the command prompt from the received response chunk. This option accepts pattern and flags keys. The value of pattern is a python regex pattern to match the response and the value of flags is the value accepted by flags argument of re.compile python method to control the way regex is matched with the response, for example 're.I'.
|