This test is designed to see if the VTY configuration is on the device. If there are any extra commands that are not part of the confirmed configuration, they will be removed. This is specifically for configuration items in the confirmed configuration. Anything outside this configuration scope will not have any changes made.
The desired outcome will be for only the VTY configuration below to be applied to each device. Any other VTY commands are to be removed.
As a note, only VTY line 0 4 are used as my GNS3 lab has older switches that do not have anymore. I decided to use a standard and not have a variation.
|
0 1 2 3 4 5 |
line vty 0 4 privilege level 15 password Stefan2020 transport input ssh |
All the commands in this post build upon my previous Ansible posts.
The playbook is available in my Github.
And the project for this can be found here.
For this set of testing, I have added another router that contains a switching module. The switching module is not important for this playbook, but will be used in the future.
Configure VTY Lines
Before any configuration I need to know what is already configured on the device. If Ansible is able to SSH to the device it is safe to assume that the VTY lines have some form of configuration already applied.
The first thing to do is declare what configuration is to be applied to the devices. The command “line vty 0 4” is not required as this will be in the playbook as a parent command. Without the parent command each command is entered into the global configuration resulting in errors for all the VTY configuration.
|
0 1 2 3 4 5 6 |
vars: vty_config: - privilege level 15 - password Stefan2020 - transport input ssh |
The next thing to do is to get the running config. I have used the command show run | b vty, although newer and all of my devices do support the section command.
|
0 1 2 3 4 5 6 7 |
tasks: - name: SHOW VTY ios_command: commands: - "show run | b line vty" register: pre_vty_output |
Next task is to apply only the configuration that is not in the show running output. Nothing is being removed right now.
This tasks logic is;
– For each item in the vty_config variable
– Check if it is in the show run | b line vty output
– If it is missing, apply it
|
0 1 2 3 4 5 6 7 8 9 10 11 |
# Configure Correct VTY Config # Only configure VTY if the vty_config is not in the pre_vty_output - name: Configure VTY ios_config: lines: - "{{ item }}" parents: line vty 0 4 loop: "{{ vty_config }}" when: 'item not in "{{ pre_vty_output.stdout_lines[0]|list }}"' register: vty_changed |
I have included a diagram and explanation with the logic as I don’t think it’s very readable.
1. Start when condition
2. Item in the vty_config list
3. Is not in
4. pre_vty_output list
5. Apply item as a configuration line
Remove Unwanted VTY Configuration
This next task is to remove any unwanted VTY configuration. The original VTY config must remain so we do not lose connectivity to the device. Any line that is not defined in the vty_config variable is to be removed.
There is a caveat to this, as I am running a “show run | begin” command to see the VTY configuration in the output there are extra lines such as “!” and “end”.
To filter these out I have used a second variable list.
Using “show run | section” would eliminate this, but old Cisco devices do not have the section command.
This can result in a big list of strings that are to be ignored. It’s ok for my lab.
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
vars: vty_config: - privilege level 15 - password Stefan2020 - transport input ssh # - width 250 vty_config_ignore: - "!" - end - line vty 0 4 - line vty 5 15 - line vty 0 15 |
The task is designed to compare the confirmed configuration against what is already on the device. If there is configuration applied to the VTY lines that is not in either vty_config or vty_config_ignore variable then it will be removed.
This tasks logic is;
– For each item in the show run | b line vty output
– Check if it is in the either vty_config or vty_config_ignore variables
– If it is not in either, remove the line
For this I have used “| trim” to remove the white space from the output from the show command. The Cisco output has a space at the start of each line except for “line vty”.
The white space was causing problems when comparing items of the show output to the config variables.
| trim removes white spaces from the start and end of the list item.
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# If show output line is in confg or in config_ignore, skip # If show output line is not in config or not in config_ignore, remove # Remove unwated VTY Config - name: Remove Unwanted VTY Config VTY ios_config: lines: - "no {{ item | trim }}" parents: line vty 0 4 loop: "{{ pre_vty_output.stdout_lines[0] }}" when: - item | trim not in {{ vty_config }} - item | trim not in {{ vty_config_ignore }} register: vty_fixed |
Printing Output When Changed
The last task is to print the new output, but only when there has been a configuration change.
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 |
- name: Show Fixed VTY Config ios_command: commands: - "show run | b line vty" when: - vty_changed.changed or vty_fixed.changed register: post_vty_output - name: New VTY debug: var: post_vty_output.stdout_lines[0] when: post_vty_output.stdout_lines is defined |
Testing
Test 1 – Add “Width 200”
This test will add in the “width 200” command to the VTY lines on a single router only. The current configuration is missing the width line.
|
0 1 2 3 4 5 6 |
R1(config)#do sh run | s vty line vty 0 4 privilege level 15 password Stefan2020 transport input ssh |
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
--- - name: VTY PLAY hosts: lab_core gather_facts: false connection: network_cli vars: vty_config: - privilege level 15 - password Stefan2020 - transport input ssh - width 250 vty_config_ignore: - "!" - end - line vty 0 4 - line vty 5 15 - line vty 0 15 tasks: - name: SHOW VTY ios_command: commands: - "show run | b line vty" register: pre_vty_output # Configure Correct VTY Config # Only configure VTY if the vty_config is not in the pre_vty_output - name: Configure VTY ios_config: lines: - "{{ item }}" parents: line vty 0 4 loop: "{{ vty_config }}" when: 'item not in "{{ pre_vty_output.stdout_lines[0]|list }}"' register: vty_changed # If show output line is in confg or in config_ignore, skip # If show output line is not in config or not in config_ignore, remove # Remove unwated VTY Config - name: Remove Unwanted VTY Config VTY ios_config: lines: - "no {{ item | trim }}" parents: line vty 0 4 loop: "{{ pre_vty_output.stdout_lines[0] }}" when: - item | trim not in {{ vty_config }} - item | trim not in {{ vty_config_ignore }} register: vty_fixed - name: Show Fixed VTY Config ios_command: commands: - "show run | b line vty" when: - vty_changed.changed or vty_fixed.changed register: post_vty_output - name: New VTY debug: var: post_vty_output.stdout_lines[0] when: post_vty_output.stdout_lines is defined |
The output of this task. Only the single width line has been added. The new running config is displayed at the end. If this playbook were to be rerun then everything would be skipped except the checking of the initial configuration.
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
stef@stef-VirtualBox:~/Ansible_projects$ ansible-playbook -c paramiko playbooks/pb4_securityaudit4.yml --ask-vault-pass Vault password: PLAY [VTY PLAY] ********************************************************************************************************************************************************************** TASK [SHOW VTY] ********************************************************************************************************************************************************************** [WARNING]: ansible-pylibssh not installed, falling back to paramiko ok: [172.16.1.104] TASK [Configure VTY] ***************************************************************************************************************************************************************** [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item not in "{{ pre_vty_output.stdout_lines[0]|list }}" skipping: [172.16.1.104] => (item=privilege level 15) skipping: [172.16.1.104] => (item=password Stefan2020) skipping: [172.16.1.104] => (item=transport input ssh) changed: [172.16.1.104] => (item=width 250) [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device TASK [Remove Unwanted VTY Config VTY] ************************************************************************************************************************************************ [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config }} [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config_ignore }} skipping: [172.16.1.104] => (item=line vty 0 4) skipping: [172.16.1.104] => (item= privilege level 15) skipping: [172.16.1.104] => (item= password Stefan2020) skipping: [172.16.1.104] => (item= transport input ssh) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.104] => (item=end) TASK [Show Fixed VTY Config] ********************************************************************************************************************************************************* ok: [172.16.1.104] TASK [New VTY] *********************************************************************************************************************************************************************** ok: [172.16.1.104] => { "post_vty_output.stdout_lines[0]": [ "line vty 0 4", " privilege level 15", " password Stefan2020", " width 250", " transport input ssh", "!", "!", "end" ] } PLAY RECAP *************************************************************************************************************************************************************************** 172.16.1.104 : ok=4 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 |
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
stef@stef-VirtualBox:~/Ansible_projects$ ansible-playbook -c paramiko playbooks/pb4_securityaudit4.yml --ask-vault-pass Vault password: PLAY [VTY PLAY] ********************************************************************************************************************************************************************** TASK [SHOW VTY] ********************************************************************************************************************************************************************** [WARNING]: ansible-pylibssh not installed, falling back to paramiko ok: [172.16.1.104] TASK [Configure VTY] ***************************************************************************************************************************************************************** [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item not in "{{ pre_vty_output.stdout_lines[0]|list }}" skipping: [172.16.1.104] => (item=privilege level 15) skipping: [172.16.1.104] => (item=password Stefan2020) skipping: [172.16.1.104] => (item=transport input ssh) skipping: [172.16.1.104] => (item=width 250) TASK [Remove Unwanted VTY Config VTY] ************************************************************************************************************************************************ [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config }} [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config_ignore }} skipping: [172.16.1.104] => (item=line vty 0 4) skipping: [172.16.1.104] => (item= privilege level 15) skipping: [172.16.1.104] => (item= password Stefan2020) skipping: [172.16.1.104] => (item= width 250) skipping: [172.16.1.104] => (item= transport input ssh) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.104] => (item=end) TASK [Show Fixed VTY Config] ********************************************************************************************************************************************************* skipping: [172.16.1.104] TASK [New VTY] *********************************************************************************************************************************************************************** skipping: [172.16.1.104] PLAY RECAP *************************************************************************************************************************************************************************** 172.16.1.104 : ok=1 changed=0 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 |
Test 2 – Remove “Width 200”
This task is the opposite to task 1. The configuration line “width 200″ will be removed”
|
0 1 2 3 4 5 6 7 |
R1(config)#do sh run | s vty line vty 0 4 privilege level 15 password Stefan2020 width 250 transport input ssh |
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
--- - name: VTY PLAY hosts: lab_core gather_facts: false connection: network_cli vars: vty_config: - privilege level 15 - password Stefan2020 - transport input ssh # - width 250 vty_config_ignore: - "!" - end - line vty 0 4 - line vty 5 15 - line vty 0 15 tasks: - name: SHOW VTY ios_command: commands: - "show run | b line vty" register: pre_vty_output # Configure Correct VTY Config # Only configure VTY if the vty_config is not in the pre_vty_output - name: Configure VTY ios_config: lines: - "{{ item }}" parents: line vty 0 4 loop: "{{ vty_config }}" when: 'item not in "{{ pre_vty_output.stdout_lines[0]|list }}"' register: vty_changed # If show output line is in confg or in config_ignore, skip # If show output line is not in config or not in config_ignore, remove # Remove unwated VTY Config - name: Remove Unwanted VTY Config VTY ios_config: lines: - "no {{ item | trim }}" parents: line vty 0 4 loop: "{{ pre_vty_output.stdout_lines[0] }}" when: - item | trim not in {{ vty_config }} - item | trim not in {{ vty_config_ignore }} register: vty_fixed - name: Show Fixed VTY Config ios_command: commands: - "show run | b line vty" when: - vty_changed.changed or vty_fixed.changed register: post_vty_output - name: New VTY debug: var: post_vty_output.stdout_lines[0] when: post_vty_output.stdout_lines is defined |
The output has removed the line “width 200” and printed the new running configuration output. If this task were to be rerun then there would be no changes, and all tasks skipped except the initial show output for the VTY lines.
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
stef@stef-VirtualBox:~/Ansible_projects$ ansible-playbook -c paramiko playbooks/pb4_securityaudit4.yml --ask-vault-pass Vault password: PLAY [VTY PLAY] ********************************************************************************************************************************************************************** TASK [SHOW VTY] ********************************************************************************************************************************************************************** [WARNING]: ansible-pylibssh not installed, falling back to paramiko ok: [172.16.1.104] TASK [Configure VTY] ***************************************************************************************************************************************************************** [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item not in "{{ pre_vty_output.stdout_lines[0]|list }}" skipping: [172.16.1.104] => (item=privilege level 15) skipping: [172.16.1.104] => (item=password Stefan2020) skipping: [172.16.1.104] => (item=transport input ssh) TASK [Remove Unwanted VTY Config VTY] ************************************************************************************************************************************************ [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config }} [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config_ignore }} skipping: [172.16.1.104] => (item=line vty 0 4) skipping: [172.16.1.104] => (item= privilege level 15) skipping: [172.16.1.104] => (item= password Stefan2020) changed: [172.16.1.104] => (item= width 250) skipping: [172.16.1.104] => (item= transport input ssh) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.104] => (item=end) [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device TASK [Show Fixed VTY Config] ********************************************************************************************************************************************************* ok: [172.16.1.104] TASK [New VTY] *********************************************************************************************************************************************************************** ok: [172.16.1.104] => { "post_vty_output.stdout_lines[0]": [ "line vty 0 4", " privilege level 15", " password Stefan2020", " transport input ssh", "!", "!", "end" ] } PLAY RECAP *************************************************************************************************************************************************************************** 172.16.1.104 : ok=4 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 |
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
stef@stef-VirtualBox:~/Ansible_projects$ ansible-playbook -c paramiko playbooks/pb4_securityaudit4.yml --ask-vault-pass Vault password: PLAY [VTY PLAY] ********************************************************************************************************************************************************************** TASK [SHOW VTY] ********************************************************************************************************************************************************************** [WARNING]: ansible-pylibssh not installed, falling back to paramiko ok: [172.16.1.104] TASK [Configure VTY] ***************************************************************************************************************************************************************** [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item not in "{{ pre_vty_output.stdout_lines[0]|list }}" skipping: [172.16.1.104] => (item=privilege level 15) skipping: [172.16.1.104] => (item=password Stefan2020) skipping: [172.16.1.104] => (item=transport input ssh) TASK [Remove Unwanted VTY Config VTY] ************************************************************************************************************************************************ [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config }} [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config_ignore }} skipping: [172.16.1.104] => (item=line vty 0 4) skipping: [172.16.1.104] => (item= privilege level 15) skipping: [172.16.1.104] => (item= password Stefan2020) skipping: [172.16.1.104] => (item= transport input ssh) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.104] => (item=end) TASK [Show Fixed VTY Config] ********************************************************************************************************************************************************* skipping: [172.16.1.104] TASK [New VTY] *********************************************************************************************************************************************************************** skipping: [172.16.1.104] PLAY RECAP *************************************************************************************************************************************************************************** 172.16.1.104 : ok=1 changed=0 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 |
Test 3 – Add/Remove “Width 200” – Multiple Devices
For this test I have added in a second router to test the play against. I have added the IP of R4 (172.16.1.125) to the inventory under [lab_core].
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
stef@stef-VirtualBox:~/Ansible_projects$ cat inventory/router_switch_inv.ini [all_devices] 172.16.1.104 172.16.1.102 172.16.1.103 172.16.1.124 172.16.1.125 [lab_core] 172.16.1.104 172.16.1.125 [lab_access] 172.16.1.102 172.16.1.103 172.16.1.124 |
This is basically a rerun of test1, but with a second router. The output is as expected, just more of it.
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
stef@stef-VirtualBox:~/Ansible_projects$ ansible-playbook -c paramiko playbooks/pb4_securityaudit4.yml --ask-vault-pass Vault password: PLAY [VTY PLAY] ********************************************************************************************************************************************************************** TASK [SHOW VTY] ********************************************************************************************************************************************************************** [WARNING]: ansible-pylibssh not installed, falling back to paramiko [WARNING]: ansible-pylibssh not installed, falling back to paramiko ok: [172.16.1.104] ok: [172.16.1.125] TASK [Configure VTY] ***************************************************************************************************************************************************************** [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item not in "{{ pre_vty_output.stdout_lines[0]|list }}" [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item not in "{{ pre_vty_output.stdout_lines[0]|list }}" skipping: [172.16.1.104] => (item=privilege level 15) skipping: [172.16.1.104] => (item=password Stefan2020) skipping: [172.16.1.104] => (item=transport input ssh) skipping: [172.16.1.125] => (item=privilege level 15) skipping: [172.16.1.125] => (item=password Stefan2020) skipping: [172.16.1.125] => (item=transport input ssh) changed: [172.16.1.104] => (item=width 250) [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device changed: [172.16.1.125] => (item=width 250) TASK [Remove Unwanted VTY Config VTY] ************************************************************************************************************************************************ [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config }} [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config }} [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config_ignore }} skipping: [172.16.1.104] => (item=line vty 0 4) [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config_ignore }} skipping: [172.16.1.104] => (item= privilege level 15) skipping: [172.16.1.125] => (item=line vty 0 4) skipping: [172.16.1.104] => (item= password Stefan2020) skipping: [172.16.1.104] => (item= transport input ssh) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.125] => (item= privilege level 15) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.104] => (item=end) skipping: [172.16.1.125] => (item= password Stefan2020) skipping: [172.16.1.125] => (item= transport input ssh) skipping: [172.16.1.125] => (item=line vty 5 15) skipping: [172.16.1.125] => (item= privilege level 15) skipping: [172.16.1.125] => (item= password Stefan2020) skipping: [172.16.1.125] => (item= transport input ssh) skipping: [172.16.1.125] => (item=!) skipping: [172.16.1.125] => (item=!) skipping: [172.16.1.125] => (item=end) TASK [Show Fixed VTY Config] ********************************************************************************************************************************************************* ok: [172.16.1.104] ok: [172.16.1.125] TASK [New VTY] *********************************************************************************************************************************************************************** ok: [172.16.1.125] => { "post_vty_output.stdout_lines[0]": [ "line vty 0 4", " privilege level 15", " password Stefan2020", " width 250", " transport input ssh", "line vty 5 15", " privilege level 15", " password Stefan2020", " transport input ssh", "!", "!", "end" ] } ok: [172.16.1.104] => { "post_vty_output.stdout_lines[0]": [ "line vty 0 4", " privilege level 15", " password Stefan2020", " width 250", " transport input ssh", "!", "!", "end" ] } PLAY RECAP *************************************************************************************************************************************************************************** 172.16.1.104 : ok=4 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 172.16.1.125 : ok=4 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 |
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
stef@stef-VirtualBox:~/Ansible_projects$ ansible-playbook -c paramiko playbooks/pb4_securityaudit4.yml --ask-vault-pass Vault password: PLAY [VTY PLAY] ********************************************************************************************************************************************************************** TASK [SHOW VTY] ********************************************************************************************************************************************************************** [WARNING]: ansible-pylibssh not installed, falling back to paramiko [WARNING]: ansible-pylibssh not installed, falling back to paramiko ok: [172.16.1.104] ok: [172.16.1.125] TASK [Configure VTY] ***************************************************************************************************************************************************************** [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item not in "{{ pre_vty_output.stdout_lines[0]|list }}" [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item not in "{{ pre_vty_output.stdout_lines[0]|list }}" skipping: [172.16.1.104] => (item=privilege level 15) skipping: [172.16.1.125] => (item=privilege level 15) skipping: [172.16.1.104] => (item=password Stefan2020) skipping: [172.16.1.104] => (item=transport input ssh) skipping: [172.16.1.125] => (item=password Stefan2020) skipping: [172.16.1.125] => (item=transport input ssh) TASK [Remove Unwanted VTY Config VTY] ************************************************************************************************************************************************ [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config }} [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config_ignore }} [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config }} skipping: [172.16.1.104] => (item=line vty 0 4) [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: item | trim not in {{ vty_config_ignore }} skipping: [172.16.1.104] => (item= privilege level 15) skipping: [172.16.1.104] => (item= password Stefan2020) skipping: [172.16.1.125] => (item=line vty 0 4) skipping: [172.16.1.125] => (item= privilege level 15) skipping: [172.16.1.125] => (item= password Stefan2020) changed: [172.16.1.104] => (item= width 250) skipping: [172.16.1.104] => (item= transport input ssh) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.104] => (item=!) skipping: [172.16.1.104] => (item=end) [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device changed: [172.16.1.125] => (item= width 250) skipping: [172.16.1.125] => (item= transport input ssh) skipping: [172.16.1.125] => (item=line vty 5 15) skipping: [172.16.1.125] => (item= privilege level 15) skipping: [172.16.1.125] => (item= password Stefan2020) skipping: [172.16.1.125] => (item= transport input ssh) skipping: [172.16.1.125] => (item=!) skipping: [172.16.1.125] => (item=!) skipping: [172.16.1.125] => (item=end) TASK [Show Fixed VTY Config] ********************************************************************************************************************************************************* ok: [172.16.1.104] ok: [172.16.1.125] TASK [New VTY] *********************************************************************************************************************************************************************** ok: [172.16.1.104] => { "post_vty_output.stdout_lines[0]": [ "line vty 0 4", " privilege level 15", " password Stefan2020", " transport input ssh", "!", "!", "end" ] } ok: [172.16.1.125] => { "post_vty_output.stdout_lines[0]": [ "line vty 0 4", " privilege level 15", " password Stefan2020", " transport input ssh", "line vty 5 15", " privilege level 15", " password Stefan2020", " transport input ssh", "!", "!", "end" ] } PLAY RECAP *************************************************************************************************************************************************************************** 172.16.1.104 : ok=4 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 172.16.1.125 : ok=4 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 |