Hello all. I'm currently trying to move away from imperative Python to declarative and idempotent Ansible for network management, starting with simple tasks such as automated configuration backup. I've got an account on each switch with has the bare minimum access, principle of least privilege and all. When I use ios_config to get a backup on my devices (a mix of IOS 15.2.2(9) and IOS-XE 16.12.x), I get:
Building configuration...
Current configuration : 157 bytes
!
! Last configuration change at 14:03:37 EST Wed Dec 7 2022 by xxx
! NVRAM config last updated at 19:53:49 EST Mon Dec 5 2022 by xxx
!
!
!
!
!
end
I'm hoping it would be possible to add a parameter to backup_options that allows the command "show running-config view full" to be run, instead of just "show running-config". That way, my account made only for backups doesn't need to have privilege 15 for such low level activity.
ISSUE TYPE
Feature Idea
COMPONENT NAME
cisco.ios.ios_config
ADDITIONAL INFORMATION
How?
Additional parameter under backup_options tells what "flavor" of show running-config to run.
Why?
Because low privilege accounts made for backup procedures shouldn't need privilege 15 to see the running config.
What it would solve?
It would allow low privilege account to copy the running-config as expected in a backup operation
SUMMARY
Hello all. I'm currently trying to move away from imperative Python to declarative and idempotent Ansible for network management, starting with simple tasks such as automated configuration backup. I've got an account on each switch with has the bare minimum access, principle of least privilege and all. When I use ios_config to get a backup on my devices (a mix of IOS 15.2.2(9) and IOS-XE 16.12.x), I get:
Building configuration...
Current configuration : 157 bytes ! ! Last configuration change at 14:03:37 EST Wed Dec 7 2022 by xxx ! NVRAM config last updated at 19:53:49 EST Mon Dec 5 2022 by xxx ! ! ! ! ! end
I'm hoping it would be possible to add a parameter to backup_options that allows the command "show running-config view full" to be run, instead of just "show running-config". That way, my account made only for backups doesn't need to have privilege 15 for such low level activity.
ISSUE TYPE
COMPONENT NAME
cisco.ios.ios_config
ADDITIONAL INFORMATION
How? Additional parameter under backup_options tells what "flavor" of show running-config to run. Why? Because low privilege accounts made for backup procedures shouldn't need privilege 15 to see the running config. What it would solve? It would allow low privilege account to copy the running-config as expected in a backup operation