nxos_nxapi - Manage NXAPI configuration on an NXOS device.¶
New in version 2.1.
Synopsis¶
- Configures the NXAPI feature on devices running Cisco NXOS. The NXAPI feature is absent from the configuration by default. Since this module manages the NXAPI feature it only supports the use of the
Cli
transport.
Parameters¶
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
http
bool |
|
Controls the operating state of the HTTP protocol as one of the underlying transports for NXAPI. By default, NXAPI will enable the HTTP transport when the feature is first configured. To disable the use of the HTTP transport, set the value of this argument to False.
aliases: enable_http |
|
http_port |
Default: 80
|
Configure the port with which the HTTP server will listen on for requests. By default, NXAPI will bind the HTTP service to the standard HTTP port 80. This argument accepts valid port values in the range of 1 to 65535.
|
|
https
bool |
|
Controls the operating state of the HTTPS protocol as one of the underlying transports for NXAPI. By default, NXAPI will disable the HTTPS transport when the feature is first configured. To enable the use of the HTTPS transport, set the value of this argument to True.
aliases: enable_https |
|
https_port |
Default: 443
|
Configure the port with which the HTTPS server will listen on for requests. By default, NXAPI will bind the HTTPS service to the standard HTTPS port 443. This argument accepts valid port values in the range of 1 to 65535.
|
|
provider |
Deprecated
Starting with Ansible 2.5 we recommend using
connection: network_cli .This option is only required if you are using NX-API.
For more information please see the NXOS Platform Options guide.
A dict object containing connection details.
|
||
username |
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate either the CLI login or the nxapi authentication depending on which transport is used. If the value is not specified in the task, the value of environment variable
ANSIBLE_NET_USERNAME will be used instead. |
||
authorize
bool (added in 2.5.3) |
|
Instructs the module to enter privileged mode on the remote device before sending any commands. If not specified, the device will attempt to execute all commands in non-privileged mode. If the value is not specified in the task, the value of environment variable
ANSIBLE_NET_AUTHORIZE will be used instead. |
|
ssh_keyfile |
Specifies the SSH key to use to authenticate the connection to the remote device. This argument is only used for the cli transport. If the value is not specified in the task, the value of environment variable
ANSIBLE_NET_SSH_KEYFILE will be used instead. |
||
use_proxy
bool (added in 2.5) |
|
If
no , the environment variables http_proxy and https_proxy will be ignored. |
|
auth_pass
(added in 2.5.3) |
Default: none
|
Specifies the password to use if required to enter privileged mode on the remote device. If authorize is false, then this argument does nothing. If the value is not specified in the task, the value of environment variable
ANSIBLE_NET_AUTH_PASS will be used instead. |
|
host
required |
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
|
||
timeout
(added in 2.3) |
Default: 10
|
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. NX-API can be slow to return on long-running commands (sh mac, sh bgp, etc).
|
|
use_ssl
bool |
|
Configures the transport to use SSL if set to true only when the
transport=nxapi , otherwise this value is ignored. |
|
password |
Specifies the password to use to authenticate the connection to the remote device. This is a common argument used for either cli or nxapi transports. If the value is not specified in the task, the value of environment variable
ANSIBLE_NET_PASSWORD will be used instead. |
||
validate_certs
bool |
|
If
no , SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. If the transport argument is not nxapi, this value is ignored. |
|
port |
Default: 0 (use common port)
|
Specifies the port to use when building the connection to the remote device. This value applies to either cli or nxapi. The port value will default to the appropriate transport common port if none is provided in the task. (cli=22, http=80, https=443).
|
|
transport
required |
Default: cli
|
Configures the transport connection to use when connecting to the remote device. The transport argument supports connectivity to the device over cli (ssh) or nxapi.
|
|
sandbox
bool |
|
The NXAPI feature provides a web base UI for developers for entering commands. This feature is initially disabled when the NXAPI feature is configured for the first time. When the
sandbox argument is set to True, the developer sandbox URL will accept requests and when the value is set to False, the sandbox URL is unavailable. This is supported on NX-OS 7K series.aliases: enable_sandbox |
|
ssl_strong_ciphers
bool (added in 2.7) |
|
Controls the use of whether strong or weak ciphers are configured. By default, this feature is disabled and weak ciphers are configured. To enable the use of strong ciphers, set the value of this argument to True.
|
|
state |
|
The
state argument controls whether or not the NXAPI feature is configured on the remote device. When the value is present the NXAPI feature configuration is present in the device running-config. When the values is absent the feature configuration is removed from the running-config. |
|
tlsv1_0
bool (added in 2.7) |
|
Controls the use of the Transport Layer Security version 1.0 is configured. By default, this feature is enabled. To disable the use of TLSV1.0, set the value of this argument to True.
|
|
tlsv1_1
bool (added in 2.7) |
|
Controls the use of the Transport Layer Security version 1.1 is configured. By default, this feature is disabled. To enable the use of TLSV1.1, set the value of this argument to True.
|
|
tlsv1_2
bool (added in 2.7) |
|
Controls the use of the Transport Layer Security version 1.2 is configured. By default, this feature is disabled. To enable the use of TLSV1.2, set the value of this argument to True.
|
Notes¶
Note
- For information on using CLI and NX-API see the NXOS Platform Options guide
- For more information on using Ansible to manage network devices see the Ansible Network Guide
- For more information on using Ansible to manage Cisco devices see the Cisco integration page.
Examples¶
- name: Enable NXAPI access with default configuration
nxos_nxapi:
state: present
- name: Enable NXAPI with no HTTP, HTTPS at port 9443 and sandbox disabled
nxos_nxapi:
enable_http: false
https_port: 9443
https: yes
enable_sandbox: no
- name: remove NXAPI configuration
nxos_nxapi:
state: absent
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
updates
list
|
always |
Returns the list of commands that need to be pushed into the remote device to satisfy the arguments
Sample:
['no feature nxapi']
|
Status¶
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance¶
This module is flagged as network which means that it is maintained by the Ansible Network Team. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Network Team, see here.
Support¶
For more information about Red Hat’s support of this module, please refer to this Knowledge Base article
Author¶
- Peter Sprygada (@privateip)
Hint
If you notice any issues in this documentation you can edit this document to improve it.