search

ansible-collections / cisco.ios

Ansible Network Collection for Cisco IOS
GNU General Public License v3.0
283 stars 169 forks source link

Allow ios_config backup to run "show running-config view full" #709

Open KSBolton opened 1 year ago

KSBolton commented 1 year ago
SUMMARY

Hello all. I'm currently trying to move away from imperative Python to declarative and idempotent Ansible for network management, starting with simple tasks such as automated configuration backup. I've got an account on each switch with has the bare minimum access, principle of least privilege and all. When I use ios_config to get a backup on my devices (a mix of IOS 15.2.2(9) and IOS-XE 16.12.x), I get:

Building configuration...

Current configuration : 157 bytes ! ! Last configuration change at 14:03:37 EST Wed Dec 7 2022 by xxx ! NVRAM config last updated at 19:53:49 EST Mon Dec 5 2022 by xxx ! ! ! ! ! end

I'm hoping it would be possible to add a parameter to backup_options that allows the command "show running-config view full" to be run, instead of just "show running-config". That way, my account made only for backups doesn't need to have privilege 15 for such low level activity.

ISSUE TYPE
COMPONENT NAME

cisco.ios.ios_config

ADDITIONAL INFORMATION

How? Additional parameter under backup_options tells what "flavor" of show running-config to run. Why? Because low privilege accounts made for backup procedures shouldn't need privilege 15 to see the running config. What it would solve? It would allow low privilege account to copy the running-config as expected in a backup operation

- name: configurable backup path
  cisco.ios.ios_config:
    src: ios_template.j2
    backup: yes
    backup_options:
      filename: backup.cfg
      dir_path: /home/user
      config_cmd: view-full #or something like that
siemsen commented 1 month ago

Good idea. I have exactly the same problem.