netcopa is an engine which implements a template based state machine for parsing semi-formatted text and storing it as structured data in yaml.
Network device configurations can be converted from text to yaml:
Start with this:
!
interface GigabitEthernet1/3
switchport access vlan 267
switchport mode access
switchport voice vlan 867
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input company-user-access-450x
service-policy output company-user-access-dbl
!
Finish with this:
interfaces:
GigabitEthernet1/3:
name: GigabitEthernet1/3
service_policies:
- direction: input
name: company-user-access-450x
- direction: output
name: company-user-access-dbl
spanning-tree:
bpduguard: true
portfast: true
switchport:
access:
vlan: 267
mode:
- access
voice:
vlan: 867
The engine takes four inputs:
Upon running the engine:
./host_vars/device_name.yml
)Python 2.7+ will need to be installed.
git clone https://github.com/cidrblock/netcopa
cd netcopa
virtualenv venv
<...>
source venv/bin/activate
pip install -r requirements.txt
<...>
python runparse.py
***** Loading configurations
cisco_ios-00 [ok]
cisco_ios-xe-00 [ok]
***** Copy host_vars entry to temp directory
cisco_ios-00 [ok]
cisco_ios-xe-00 [ok]
***** Retrieving OS
cisco_ios-00 [ok]
cisco_ios-xe-00 [ok]
***** Loading OS removers
cisco_ios-00: cisco_ios [ok]
cisco_ios-xe-00: cisco_ios-xe [ok]
***** Loading OS parsers
cisco_ios-00: cisco_ios [ok]
cisco_ios-xe-00: cisco_ios-xe [ok]
***** Running parsers and comparing template output to actual
cisco_ios-00: cisco_ios/aaa accounting [ok]
cisco_ios-00: cisco_ios/aaa authentication [ok]
cisco_ios-00: cisco_ios/aaa authorization [ok]
cisco_ios-00: cisco_ios/aaa groups [ok]
cisco_ios-00: cisco_ios/aaa [ok]
cisco_ios-00: cisco_ios/access-list extended [ok]
cisco_ios-00: cisco_ios/access-list standard [ok]
cisco_ios-00: cisco_ios/alias [ok]
cisco_ios-00: cisco_ios/banner [ok]
cisco_ios-00: cisco_ios/clock [ok]
cisco_ios-00: cisco_ios/control-plane [ok]
cisco_ios-00: cisco_ios/enable secret [ok]
cisco_ios-00: cisco_ios/hostname [ok]
cisco_ios-00: cisco_ios/interface [ok]
cisco_ios-00: cisco_ios/ip access-list standard [ok]
cisco_ios-00: cisco_ios/ip [ok]
cisco_ios-00: cisco_ios/ip prefix-list [ok]
cisco_ios-00: cisco_ios/line con/aux [ok]
cisco_ios-00: cisco_ios/line vty [ok]
cisco_ios-00: cisco_ios/logging [ok]
cisco_ios-00: cisco_ios/ntp servers [ok]
cisco_ios-00: cisco_ios/route-map [ok]
cisco_ios-00: cisco_ios/router eigrp [ok]
cisco_ios-00: cisco_ios/router ospf [ok]
cisco_ios-00: cisco_ios/services [ok]
cisco_ios-00: cisco_ios/snmp-server [ok]
cisco_ios-00: cisco_ios/spanning-tree [ok]
cisco_ios-00: cisco_ios/tacacs-server [ok]
cisco_ios-00: cisco_ios/udld [ok]
cisco_ios-00: cisco_ios/username [ok]
cisco_ios-00: cisco_ios/version [ok]
cisco_ios-00: cisco_ios/vlan [ok]
cisco_ios-xe-00: cisco_ios-xe/aaa accounting [ok]
cisco_ios-xe-00: cisco_ios-xe/aaa authentication [ok]
cisco_ios-xe-00: cisco_ios-xe/aaa authorization [ok]
cisco_ios-xe-00: cisco_ios-xe/aaa groups [ok]
cisco_ios-xe-00: cisco_ios-xe/aaa [ok]
cisco_ios-xe-00: cisco_ios-xe/access-list extended [ok]
cisco_ios-xe-00: cisco_ios-xe/access-list standard [ok]
cisco_ios-xe-00: cisco_ios-xe/alias [ok]
cisco_ios-xe-00: cisco_ios-xe/banner [ok]
cisco_ios-xe-00: cisco_ios-xe/boot [ok]
cisco_ios-xe-00: cisco_ios-xe/class-map [ok]
cisco_ios-xe-00: cisco_ios-xe/clock [ok]
cisco_ios-xe-00: cisco_ios-xe/control-plane [ok]
cisco_ios-xe-00: cisco_ios-xe/enable secret [ok]
cisco_ios-xe-00: cisco_ios-xe/hostname [ok]
cisco_ios-xe-00: cisco_ios-xe/interface [ok]
cisco_ios-xe-00: cisco_ios-xe/ip access-list extended [ok]
cisco_ios-xe-00: cisco_ios-xe/ip access-list standard [ok]
cisco_ios-xe-00: cisco_ios-xe/ip flow [ok]
cisco_ios-xe-00: cisco_ios-xe/ip [ok]
cisco_ios-xe-00: cisco_ios-xe/ip prefix-list [ok]
cisco_ios-xe-00: cisco_ios-xe/line con/aux [ok]
cisco_ios-xe-00: cisco_ios-xe/line vty [ok]
cisco_ios-xe-00: cisco_ios-xe/logging [ok]
cisco_ios-xe-00: cisco_ios-xe/multilink [ok]
cisco_ios-xe-00: cisco_ios-xe/ntp servers [ok]
cisco_ios-xe-00: cisco_ios-xe/policy-map [ok]
cisco_ios-xe-00: cisco_ios-xe/redundancy [ok]
cisco_ios-xe-00: cisco_ios-xe/route-map [ok]
cisco_ios-xe-00: cisco_ios-xe/router bgp [ok]
cisco_ios-xe-00: cisco_ios-xe/router ospf [ok]
cisco_ios-xe-00: cisco_ios-xe/services [ok]
cisco_ios-xe-00: cisco_ios-xe/snmp [ok]
cisco_ios-xe-00: cisco_ios-xe/snmp-server [ok]
cisco_ios-xe-00: cisco_ios-xe/spanning-tree [ok]
cisco_ios-xe-00: cisco_ios-xe/tacacs-server [ok]
cisco_ios-xe-00: cisco_ios-xe/udld [ok]
cisco_ios-xe-00: cisco_ios-xe/username [ok]
cisco_ios-xe-00: cisco_ios-xe/version [ok]
cisco_ios-xe-00: cisco_ios-xe/vlan [ok]
cisco_ios-xe-00: cisco_ios-xe/vrf [ok]
***** Persist vars to temp directory
cisco_ios-00 [ok]
cisco_ios-xe-00 [ok]
***** Copy temp directory to host_vars entry
cisco_ios-00 [ok]
cisco_ios-xe-00 [ok]
***** Run removers
cisco_ios-00 [ok]
cisco_ios-xe-00 [ok]
***** Report extraction success
cisco_ios-00 [100.0000% 1169.0/0.0]
cisco_ios-xe-00 [100.0000% 2413.0/0.0]
***** Remove temp directory
localhost [ok]
The project has a specific directory layout outlined below:
./configurations
: The directory from which configurations are pulled
./host_vars
: The directory in which the extracted structured data is stored
./parsers
: The directory of parsers, organized by OS and global keyword family
./removers
: Lines that will be removed from the configuration after data extraction, organized by OS
./templates
: The templates used to recreate the original configuration and validate data integrity, organized by OS and global keywork family
./utilities
: additional scripts used during development
Each parser consists of a regular expression, keywords, and a structured data tree.
Formats:
Using the following configuration subset:
!
logging buffered informational
logging console informational
logging monitor informational
!
Using a parser located in ./parsers/cisco_ios-xe/logging/main.yml
:
- name: logging
tags:
- logging
matches:
- name: logging levels
template: logging/levels.j2
lines:
- regex: '^logging (buffered|console|monitor) (\w+)$'
examples:
- 'logging buffered informational'
captures:
- type
- level
path:
logging:
levels:
- type: "{{ type }}"
level: "{{ level }}"
Regular expression always match full lines. This regex captures two pieces of information, the logging type and logging level, stored as type
and level
respectively.
The path is treated as a jinja2 template, and the capture values are passed to the jinja2 rendering engine. The resulting text is:
logging:
levels:
- level: informational
type: buffered
- level: informational
type: console
- level: informational
type: monitor
The path is then converted from yaml to a python dictionary and stored as extracted data for the device.
After each extraction, the device's data is passed to the template
referenced in the parser. From ./templates/cisco_ios-xe/logging/levels.j2
:
{% for entry in vars['logging']['levels'] %}
- parents:
lines:
- 'logging {{ entry['type'] }} {{ entry['level'] }}'
{% endfor %}
The template produces yaml. Both parents and lines can be generated. Parents and lines are convenience keys to aid in the use of the template for later automation.
The template result would be as follows:
- parents:
lines:
- logging buffered informational
- logging console informational
- logging monitor informational
The engine combines the parents and lines into a single list of values:
logging buffered informational
logging console informational
logging monitor informational
The template result is first compared to the lines that were extracted from the configuration. If a match is found the initial full configuration is then walked to find an exact match for the text. If an exact match is not found, the device will be marked as failed for the remainder of the run.
If a match is found the lines are removed from the configuration and the next parser is run.
It will be necessary to add parsers to extract lines not covered by the included parsers. Please feel free to issue a pull request to have additional parsers added.
The following error is generated when parsing a configuration:
'######## JINJA RESULT YAML'
['interface GigabitEthernet7/9',
' switchport access vlan 267',
' switchport mode access',
' switchport voice vlan 867',
' spanning-tree portfast',
' service-policy input company-user-access-450x',
' service-policy output company-user-access-dbl']
'######## POSSIBLE MATCHES'
['interface GigabitEthernet7/9',
' switchport access vlan 267',
' switchport mode access',
' switchport voice vlan 867',
' spanning-tree portfast',
' spanning-tree bpduguard enable',
' service-policy input company-user-access-450x',
' service-policy output company-user-access-dbl',
'!',
'interface GigabitEthernet7/10']
The line spanning-tree bpduguard enable
is missing from the extraction. Since this is a cisco_ios-xe device, navigate to /parsers/cisco_ios-xe/interface
and open the main.yml
file.
Add the following parser near the bottom above the service-policy
parser.
- regex: '^ spanning-tree bpduguard enable'
examples:
- ' spanning-tree bpduguard enable'
path:
interfaces:
"{{ name }}":
spanning-tree:
bpduguard: True
The corresponding temple needs to be modified as well. Open ./templates/cisco_ios-xe/interface/default.j2
and add the following just above service_policies
:
Note: Sequence matters. The jinja template has to produce the exact syntax and sequence of lines found and extracted from the configuration. This validates the completeness and intergrity of the data.
{% if 'spanning-tree' in vars['interfaces'][interface] and 'bpduguard' in vars['interfaces'][interface]['spanning-tree'] and vars['interfaces'][interface]['spanning-tree']['bpduguard'] %}
- " spanning-tree bpduguard enable"
{% endif %}{# bpduguard #}
The process would be repeated until the errors are removed.
During the development of parsers or the extraction of data, it may be necessary to focus on subsections of the configuration. Each parser is assigned tags which can be used to either include or exclude the parser from the run.
For instance, to run only the extended ACL parser:
python runparse.py --tags ip access-list extended
The tags reference the tags found in the parser:
- name: ip access-list extended
tags:
- ip
- access-list
- extended
matches:
- name: ip access-list extended
template: ip/access-lists/extended.j2
lines:
- regex: '^ip access-list extended (\S+)$'
examples:
- 'ip access-list extended qo-global-core-voice-signal'
captures:
- name
path:
ip:
access_lists:
"{{ name }}":
name: "{{ name }}"
type: extended
To skip the boot and aaa parsers:
python runparse.py --skip-tags extended boot aaa
See this repo for an example of using the netcopa output in Ansible
https://github.com/cidrblock/ansible_and_netcopa
Note: Two changes needed to be made
vars
key was removed from the host_vars file.- parents
The example doesn't account for the removal of lines from the config, a default interface
could be added or addtional logic to compare the template output to the running configuration and prepend deltas with no
.
Since the templates exisit for each OS, the host_vars files can be played backwards through netcopa, recreating the configuration.
Note: The global keyword sequence will vary because the templates are processed in alphabetical order:
Using the rebuild.py python script:
python rebuild.py
***** Loading configurations
cisco_ios-00 [ok]
cisco_ios-xe-00 [ok]
***** Retrieving OS
cisco_ios-00 [ok]
cisco_ios-xe-00 [ok]
***** Rebuilding config
cisco_ios-00 cisco_ios/aaa/groups.j2 [ok]
cisco_ios-00 cisco_ios/aaa/new_model.j2 [ok]
cisco_ios-00 cisco_ios/aaa/session_id.j2 [ok]
cisco_ios-00 cisco_ios/aaa/accounting/connection.j2 [ok]
cisco_ios-00 cisco_ios/aaa/accounting/exec.j2 [ok]
cisco_ios-00 cisco_ios/aaa/accounting/system.j2 [ok]
cisco_ios-00 cisco_ios/aaa/authentication/login.j2 [ok]
cisco_ios-00 cisco_ios/aaa/authorization/commands.j2 [ok]
cisco_ios-00 cisco_ios/aaa/authorization/exec.j2 [ok]
cisco_ios-00 cisco_ios/access-list/extended.j2 [ok]
cisco_ios-00 cisco_ios/access-list/standard.j2 [ok]
cisco_ios-00 cisco_ios/alias/default.j2 [skipped]
cisco_ios-00 cisco_ios/banners/default.j2 [ok]
cisco_ios-00 cisco_ios/clock/timezone.j2 [ok]
cisco_ios-00 cisco_ios/control-plane/default.j2 [ok]
cisco_ios-00 cisco_ios/enable/secret.j2 [ok]
cisco_ios-00 cisco_ios/hostname/default.j2 [ok]
cisco_ios-00 cisco_ios/interface/default.j2 [ok]
cisco_ios-00 cisco_ios/ip/classless.j2 [ok]
cisco_ios-00 cisco_ios/ip/domain_list.j2 [ok]
cisco_ios-00 cisco_ios/ip/domain_name.j2 [ok]
cisco_ios-00 cisco_ios/ip/http_secure-server.j2 [ok]
cisco_ios-00 cisco_ios/ip/http_server.j2 [ok]
cisco_ios-00 cisco_ios/ip/name-server.j2 [ok]
cisco_ios-00 cisco_ios/ip/ospf_name-lookup.j2 [ok]
cisco_ios-00 cisco_ios/ip/prefix-lists.j2 [ok]
cisco_ios-00 cisco_ios/ip/routes.j2 [ok]
cisco_ios-00 cisco_ios/ip/routing.j2 [ok]
cisco_ios-00 cisco_ios/ip/source-route.j2 [ok]
cisco_ios-00 cisco_ios/ip/subnet-zero.j2 [ok]
cisco_ios-00 cisco_ios/ip/tacacs_source-interface.j2 [ok]
cisco_ios-00 cisco_ios/ip/access-lists/standard.j2 [ok]
cisco_ios-00 cisco_ios/line/con_aux.j2 [ok]
cisco_ios-00 cisco_ios/line/vty.j2 [ok]
cisco_ios-00 cisco_ios/logging/facility.j2 [ok]
cisco_ios-00 cisco_ios/logging/hosts.j2 [ok]
cisco_ios-00 cisco_ios/logging/levels.j2 [ok]
cisco_ios-00 cisco_ios/logging/source-interface.j2 [skipped]
cisco_ios-00 cisco_ios/ntp/servers.j2 [ok]
cisco_ios-00 cisco_ios/ntp/source.j2 [ok]
cisco_ios-00 cisco_ios/route-maps/default.j2 [ok]
cisco_ios-00 cisco_ios/router/eigrp.j2 [ok]
cisco_ios-00 cisco_ios/router/ospf.j2 [ok]
cisco_ios-00 cisco_ios/service/disabled.j2 [ok]
cisco_ios-00 cisco_ios/service/enabled.j2 [ok]
cisco_ios-00 cisco_ios/service/timestamps.j2 [ok]
cisco_ios-00 cisco_ios/snmp/default.j2 [skipped]
cisco_ios-00 cisco_ios/snmp/server/communities.j2 [ok]
cisco_ios-00 cisco_ios/snmp/server/contact.j2 [ok]
cisco_ios-00 cisco_ios/snmp/server/location.j2 [ok]
cisco_ios-00 cisco_ios/snmp/server/view.j2 [ok]
cisco_ios-00 cisco_ios/spanning-tree/extend_system-id.j2 [ok]
cisco_ios-00 cisco_ios/spanning-tree/mode.j2 [ok]
cisco_ios-00 cisco_ios/tacacs-server/directed-request.j2 [ok]
cisco_ios-00 cisco_ios/tacacs-server/hosts.j2 [ok]
cisco_ios-00 cisco_ios/tacacs-server/hosts_keyed.j2 [skipped]
cisco_ios-00 cisco_ios/tacacs-server/key.j2 [ok]
cisco_ios-00 cisco_ios/tacacs-server/timeout.j2 [ok]
cisco_ios-00 cisco_ios/udld/default.j2 [ok]
cisco_ios-00 cisco_ios/username/default.j2 [ok]
cisco_ios-00 cisco_ios/version/default.j2 [ok]
cisco_ios-00 cisco_ios/vlan/internal_allocation_policy.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/aaa/groups.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/aaa/new_model.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/aaa/session_id.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/aaa/accounting/connection.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/aaa/accounting/exec.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/aaa/accounting/system.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/aaa/authentication/login.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/aaa/authorization/commands.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/aaa/authorization/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/access-list/extended.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/access-list/standard.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/alias/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/banners/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/boot/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/class-maps/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/clock/timezone.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/control-plane/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/enable/secret.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/hostname/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/interface/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/classless.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/domain_list.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/domain_name.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/flow.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/http_secure-server.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/http_server.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/multicast_routing.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/name-server.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/ospf_name-lookup.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/pim.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/prefix-lists.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/routes.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/routing.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/ip/source-route.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/subnet-zero.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/tacacs_source-interface.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/access-lists/extended.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ip/access-lists/standard.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/line/con_aux.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/line/vty.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/logging/facility.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/logging/hosts.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/logging/levels.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/logging/source-interface.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/multilink/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ntp/servers.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/ntp/source.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/policy-maps/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/redundancy/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/route-maps/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/router/bgp.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/router/eigrp.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/router/ospf.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/service/disabled.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/service/enabled.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/service/timestamps.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/snmp/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/snmp/server/communities.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/snmp/server/contact.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/snmp/server/location.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/snmp/server/view.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/spanning-tree/extend_system-id.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/spanning-tree/mode.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/tacacs-server/directed-request.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/tacacs-server/hosts.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/tacacs-server/hosts_keyed.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/tacacs-server/key.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/tacacs-server/timeout.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/udld/default.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/username/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/version/default.j2 [ok]
cisco_ios-xe-00 cisco_ios-xe/vlan/internal_allocation_policy.j2 [skipped]
cisco_ios-xe-00 cisco_ios-xe/vrfs/default.j2 [ok]
***** Writing rebuilt config to file
cisco_ios-00 [ok]
cisco_ios-xe-00 [ok]
The restores configurations will be place in ./configurations.rebuilt
This is here as an example. See the utilities folder in the project for an example of how to extract the model from the parsers.
aaa:
accounting:
connection:
default:
events: '{{ events }}'
methods: '{{ groups.replace("group", "^group").split("^")[1:] + methods.split(''
'') }}'
exec:
default:
events: '{{ events }}'
methods: '{{ groups.replace("group", "^group").split("^")[1:] + methods.split(''
'') }}'
system:
default:
events: '{{ events }}'
methods: '{{ groups.replace("group", "^group").split("^")[1:] + methods.split(''
'') }}'
aaa:
authentication:
login:
activated:
methods:
- '{{ methods.split('' '') }}'
default:
methods: '{{ groups.replace("group", "^group").split("^")[1:] + methods.split(''
'') }}'
aaa:
authorization:
commands:
default:
methods: '{{ groups.replace("group", "^group").split("^")[1:] + methods.split(''
'') }}'
privilege_level: '{{ privilege_level }}'
'{{ aaa_kind }}':
activated:
methods: '{{ groups.replace("group ", "^group ").split("^")[1:] + methods.split(''
'') }}'
default:
methods: '{{ groups.replace("group", "^group").split("^")[1:] + methods.split(''
'') }}'
aaa:
groups:
'{{ group_name }}':
name: '{{ group_name }}'
servers:
- encryption_type: '{{ encryption_type }}'
ip: '{{ server_private_ip }}'
key: '{{ key }}'
private: true
tacacs_source_interface: '{{ source_interface }}'
type: '{{ group_type }}'
aaa:
new_model: true
session_id: '{{ session_id }}'
access_lists:
'{{ number }}':
entries:
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_wildcard: 0.0.0.0
protocol: '{{ protocol }}'
source_network: any
source_wildcard: any
whitespace: '"{{ whitespace }}"'
number: '{{ number }}'
type: extended
access_lists:
'{{ number }}':
entries:
- action: '{{ action }}'
source_network: '{{ source_network }}'
source_wildcard: 0.0.0.0
whitespace: '"{{ whitespace }}"'
- action: '{{ action }}'
source_network: '{{ source_network }}'
source_wildcard: any
whitespace: '"{{ whitespace }}"'
- action: '{{ action }}'
source_network: '{{ source_network }}'
source_wildcard: '{{ source_wildcard }}'
whitespace: '"{{ whitespace }}"'
- remark: '{{ remark }}'
number: '{{ number }}'
type: standard
aliases:
- alias: '{{ alias }}'
command: '{{ command }}'
mode: '{{ mode }}'
banner:
'{{ type }}':
delimeter: '{{ delimeter }}'
text:
- '"{{ text_line }}"'
boot:
system:
- filename: '{{ filename }}'
flash_fs: '{{ flash_fs }}'
from: flash
class_maps:
'{{ name }}':
entries:
- dscp_values: '{{ dscp_values.split() }}'
type: dscp
- name: '{{ access_group_name }}'
type: access-group
match_type: '{{ match_type }}'
name: '{{ name }}'
clock:
hours_offset: '{{ hours_offset }}'
minutes_offset: '{{ minutes_offset }}'
timezone: '{{ timezone }}'
control_plane: null
enable:
secret:
encryption_type: '{{ encryption_type }}'
secret: '{{ secret }}'
hostname: '{{ hostname }}'
interfaces:
'{{ name }}':
bandwidth: '{{ bandwidth }}'
channel_group: '{{ channel_group }}'
channel_group_mode: '{{ channel_group_mode.split() }}'
description: '"{{ description }}"'
encapsulation:
protocol: '{{ encapsulation_protocol }}'
tag: '{{ encapsulation_tag }}'
ip:
address:
ipv4_address: '{{ ipv4_address }}'
ipv4_netmask: '{{ ipv4_netmask }}'
negate: true
flow:
directions:
- '{{ flow_direction }}'
pim:
mode: '{{ pim_mode }}'
name: '{{ name }}'
negotiation:
negate: true
type: '{{ negotiation }}'
service_policies:
- direction: '{{ service_policy_direction }}'
name: '{{ service_policy_name }}'
shutdown: true
spanning-tree:
bpduguard: true
portfast: true
switchport:
access:
vlan: '{{ vlan }}'
mode: '{{ mode.split() }}'
negate: true
present: true
trunk:
allowed_vlans:
add: '"{{ vlans }}"'
vlans: '"{{ vlans }}"'
native_vlan: '{{ vlan }}'
voice:
vlan: '{{ voice_vlan }}'
vrf: '{{ vrf }}'
ip:
access_lists:
'{{ name }}':
entries:
- action: '{{ action }}'
destination_network: 0.0.0.0
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: 0.0.0.0
source_wildcard: 255.255.255.255
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_wildcard: 0.0.0.0
protocol: '{{ protocol }}'
source_network: 0.0.0.0
source_wildcard: 255.255.255.255
- action: '{{ action }}'
destination_network: 0.0.0.0
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_wildcard: 0.0.0.0
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_wildcard: 0.0.0.0
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_wildcard: '{{ source_wildcard }}'
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_wildcard: '{{ destination_wildcard }}'
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_wildcard: 0.0.0.0
- action: '{{ action }}'
destination_network: 0.0.0.0
destination_port: '{{ destination_port }}'
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: 0.0.0.0
source_wildcard: 255.255.255.255
- action: '{{ action }}'
destination_network: 0.0.0.0
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: 0.0.0.0
source_port: '{{ source_port }}'
source_wildcard: 255.255.255.255
- action: '{{ action }}'
destination_network: 0.0.0.0
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_port: '{{ source_port }}'
source_wildcard: 0.0.0.0
- action: '{{ action }}'
destination_network: 0.0.0.0
destination_port: '{{ destination_port }}'
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_wildcard: 0.0.0.0
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_port: '{{ destination_port }}'
destination_wildcard: 0.0.0.0
protocol: '{{ protocol }}'
source_network: 0.0.0.0
source_wildcard: 255.255.255.255
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_port: '{{ destination_port }}'
destination_wildcard: '{{ destination_wildcard }}'
protocol: '{{ protocol }}'
source_network: 0.0.0.0
source_wildcard: 255.255.255.255
- action: '{{ action }}'
destination_network: 0.0.0.0
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_port: '{{ source_port }}'
source_wildcard: '{{ source_wildcard }}'
- action: '{{ action }}'
destination_network: 0.0.0.0
destination_port: '{{ destination_port }}'
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_wildcard: '{{ source_wildcard }}'
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_port: '{{ destination_port }}'
destination_wildcard: 0.0.0.0
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_wildcard: '{{ source_wildcard }}'
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_wildcard: '{{ destination_wildcard }}'
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_port: '{{ source_port }}'
source_wildcard: 0.0.0.0
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_port: '{{ destination_port }}'
destination_wildcard: '{{ destination_wildcard }}'
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_wildcard: '{{ source_wildcard }}'
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_wildcard: '{{ destination_wildcard }}'
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_port: '{{ source_port }}'
source_wildcard: '{{ source_wildcard }}'
- action: '{{ action }}'
destination_end_port: '{{ destination_end_port }}'
destination_network: 0.0.0.0
destination_start_port: '{{ destination_start_port }}'
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: 0.0.0.0
source_wildcard: 255.255.255.255
- action: '{{ action }}'
destination_network: 0.0.0.0
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_end_port: '{{ source_end_port }}'
source_network: 0.0.0.0
source_start_port: '{{ source_start_port }}'
source_wildcard: 255.255.255.255
- action: '{{ action }}'
destination_network: 0.0.0.0
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_end_port: '{{ source_end_port }}'
source_network: '{{ source_network }}'
source_start_port: '{{ source_start_port }}'
source_wildcard: '{{ source_wildcard }}'
- action: '{{ action }}'
destination_network: 0.0.0.0
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_end_port: '{{ source_end_port }}'
source_network: '{{ source_network }}'
source_start_port: '{{ source_start_port }}'
source_wildcard: 0.0.0.0
- action: '{{ action }}'
destination_end_port: '{{ destination_end_port }}'
destination_network: 0.0.0.0
destination_start_port: '{{ destination_start_port }}'
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_wildcard: 0.0.0.0
- action: '{{ action }}'
destination_end_port: '{{ destination_end_port }}'
destination_network: '{{ destination_network }}'
destination_start_port: '{{ destination_start_port }}'
destination_wildcard: 0.0.0.0
protocol: '{{ protocol }}'
source_network: 0.0.0.0
source_wildcard: 255.255.255.255
- action: '{{ action }}'
destination_end_port: '{{ destination_end_port }}'
destination_network: 0.0.0.0
destination_start_port: '{{ destination_start_port }}'
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_wildcard: '{{ source_wildcard}}'
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_wildcard: '{{ destination_wildcard }}'
protocol: '{{ protocol }}'
source_end_port: '{{ source_end_port }}'
source_network: 0.0.0.0
source_start_port: '{{ source_start_port }}'
source_wildcard: 255.255.255.255
- action: '{{ action }}'
destination_end_port: '{{ destination_end_port }}'
destination_network: '{{ destination_network }}'
destination_start_port: '{{ destination_start_port }}'
destination_wildcard: '{{ destination_wildcard }}'
protocol: '{{ protocol }}'
source_network: 0.0.0.0
source_wildcard: 255.255.255.255
- action: '{{ action }}'
destination_network: '{{ destination_network }}'
destination_wildcard: '{{ destination_wildcard }}'
protocol: '{{ protocol }}'
source_end_port: '{{ source_end_port }}'
source_network: '{{ source_network }}'
source_start_port: '{{ source_start_port }}'
source_wildcard: '{{ source_wildcard }}'
- action: '{{ action }}'
destination_end_port: '{{ destination_end_port }}'
destination_network: '{{ destination_network }}'
destination_start_port: '{{ destination_start_port }}'
destination_wildcard: '{{ destination_wildcard }}'
protocol: '{{ protocol }}'
source_network: '{{ source_network }}'
source_wildcard: '{{ source_wildcard }}'
- action: '{{ action }}'
destination_dscp: '{{ destination_dscp }}'
destination_network: 0.0.0.0
destination_wildcard: 255.255.255.255
protocol: '{{ protocol }}'
source_network: 0.0.0.0
source_wildcard: 255.255.255.255
- remark: '"{{ remark }}"'
- remark: null
name: '{{ name }}'
type: extended
ip:
access_lists:
'{{ name }}':
entries:
- action: '{{ action }}'
source_network: '{{ source_network }}'
source_wildcard: 0.0.0.0
- action: '{{ action }}'
source_network: '{{ source_network }}'
source_wildcard: any
- action: '{{ action }}'
source_network: '{{ source_network }}'
source_wildcard: '{{ source_wildcard }}'
- remark: '"{{ remark }}"'
- remark: null
name: '{{ name }}'
type: standard
ip:
flow_cache:
timeout:
active:
minutes: '{{ active_timeout }}'
flow_export:
destinations:
- ipv4_address: '{{ destination }}'
port: '{{ destination_port }}'
source: '{{ source }}'
version: '{{ source }}'
ip:
classless: true
domain_lists:
- domain_name: '{{ domain_list }}'
domain_names:
- domain_name: '{{ domain_name }}'
http:
secure_server: false
server: false
multicast_routing:
distributed: true
enabled: true
name-servers:
- name_server: '{{ name_server_ip }}'
ospf_name-lookup: true
pim:
rp_address: '{{ rp_address }}'
routes:
- netmask: '{{ netmask }}'
network: '{{ network }}'
next_hop: '{{ next_hop }}'
source-route: true
subnet-zero: true
tacacs:
source_interface: '{{ source_interface }}'
ip:
prefix_lists:
'{{ name }}':
entries:
- action: '{{ action }}'
netmask: '{{ netmask }}'
network: '{{ network }}'
sequence: '{{ sequence }}'
- action: '{{ action }}'
le_bits: '{{ le_bits }}'
netmask: '{{ netmask }}'
network: '{{ network }}'
sequence: '{{ sequence }}'
name: '{{ name }}'
line:
'{{ type }}':
numbers:
'{{ number }}':
escape_character: '{{ escape_character }}'
exec_timeout:
minutes: '{{ minutes }}'
seconds: '{{ seconds }}'
login:
authentication: '{{ named_list }}'
number: '{{ number }}'
password:
encryption_type: '{{ encryption_type }}'
password: '{{ password }}'
stopbits: '{{ stopbits }}'
transport:
'{{ direction }}':
protocols: '{{ protocols.split() }}'
type: '{{ type }}'
line:
vty:
'{{ start }}to{{ finish }}':
escape_character: '{{ escape_character }}'
exec_timeout:
minutes: '{{ minutes }}'
seconds: '{{ seconds }}'
finish: '{{ finish }}'
password:
encryption_type: '{{ encryption_type }}'
password: '{{ password }}'
privilege_level: '{{ privilege_level }}'
start: '{{ start }}'
transport:
'{{ direction }}':
protocols: '{{ protocols.split() }}'
logging:
facility: '{{ facility }}'
hosts:
- host: '{{ host }}'
levels:
- level: '{{ level }}'
type: '{{ type }}'
source_interface: '{{ source_interface }}'
multilink:
bundle_name:
method: '{{ method }}'
ntp:
servers:
- server_ip: '{{ server_ip }}'
source:
interface: '{{ interface }}'
policy_maps:
'{{ policy_name }}':
classes:
'{{ class_name }}':
name: '{{ class_name }}'
description: '"{{ description }}"'
name: '{{ policy_name }}'
sequence:
- '{{ class_name }}'
redundancy:
enabled: true
mode: '{{ mode }}'
route_maps:
'{{ name }}':
name: '{{ name }}'
statements:
'{{ sequence }}':
action: '{{ action }}'
clauses:
- clause: '{{ clause }}'
value: '"{{ value }}"'
sequence: '{{ sequence }}'
router:
bgp:
'{{ parent_process_id }}':
address_families:
'"{{ ip_version }}"':
ip_version: '{{ ip_version }}'
vrfs:
'{{ vrf_name }}':
vrf_name: '{{ vrf_name }}'
address_family_delimeter: bang
address_family_exit_command: exit-address-family
aggregate_addresses:
- netmask: '{{ aggregate_netmask }}'
network: '{{ aggregate_address }}'
summary_only: true
auto_summary: false
log_neighbor_changes: true
neighbors:
'{{ ipv4_address }}':
default_originate:
enabled: true
route_map: '{{ default_originate_route_map }}'
description: '"{{ description }}"'
ipv4_address: '{{ ipv4_address }}'
next_hop_self: true
remote_as: '{{ remote_as }}'
route_map_in: '{{ route_map_in }}'
route_map_out: '{{ route_map_out }}'
soft_reconfiguration_inbound: true
process_id: '{{ parent_process_id }}'
redistribute:
ospf:
match:
- internal
- external 1
- external 2
process_id: '{{ process_id}}'
protocol: ospf
route_map: '{{ route_map }}'
'{{ protocol }}':
protocol: '{{ protocol }}'
router_id: '{{ router_id }}'
synchronization: false
router:
ospf:
'{{ parent_process_id }}':
auto_cost_reference_bandwidth: '{{ reference_bandwidth }}'
default_information:
metric: '{{ metric }}'
metric_type: '{{ metric_type }}'
originate: true
distance: '{{ distance }}'
distribute_lists:
- &id001
direction: '{{ direction }}'
route_map: '{{ distribute_list_route_map }}'
- *id001
log_adjacency_changes: true
network_statements:
- &id002
area: '{{ network_area }}'
netmask: '{{ network_netmask }}'
network: '{{ network_network }}'
- *id002
passive_interface_default: true
passive_interfaces:
- &id003
interface: '{{ no_passive_interface }}'
negate: true
- *id003
process_id: '{{ parent_process_id }}'
redistribute:
static:
protocol: static
subnets: true
'{{ protocol }}':
metric: '{{ metric }}'
metric_types: '{{ metric_types.replace("metric-type", "").split('' '') }}'
process_id: '{{ redist_process_id }}'
protocol: '{{ protocol }}'
route_map: '{{ route_map }}'
subnets: true
tag: '{{ tag }}'
router_id: '{{ router_id }}'
summary_addresses:
- &id004
netmask: '{{ summary_netmask }}'
network: '{{ summary_network }}'
- *id004
vrf: '{{ vrf }}'
services:
disabled:
- service_name: '{{ service_name }}'
enabled:
- service_name: '{{ service_name }}'
timestamps:
- modifiers: '{{ modifiers.split('' '') }}'
type: '{{ type }}'
snmp:
ifmib:
ifindex:
persist: true
snmp:
server:
communities:
- acl: '{{ acl }}'
community: '{{ community }}'
type: '{{ type }}'
contact: '"{{ contact }}"'
location: '"{{ location }}"'
spanning-tree:
extend_system-id: true
mode: '{{ mode }}'
tacacs_server:
directed_request: true
hosts:
- ip: '{{ host }}'
- encryption_type: '{{ encryption_type }}'
ip: '{{ host }}'
password: '{{ password }}'
key:
encryption_type: '{{ encryption_type }}'
password: '{{ password }}'
timeout: '{{ timeout }}'
udld:
enable: true
usernames:
- encryption_type: '{{ encryption_type }}'
password: '{{ password }}'
username: '{{ username }}'
- encryption_type: '{{ encryption_type }}'
secret: '{{ secret }}'
username: '{{ username }}'
version: '{{ version }}'
vlan:
internal_allocation_policy: '{{ direction }}'
vrfs:
'{{ name }}':
address_families:
'{{ address_family }}':
address_family: '{{ address_family }}'
address_family_delimeter: bang
address_family_exit_command: exit-address-family
description: '{{ description }}'
name: '{{ name }}'
route_distinguisher:
arbitrary_number: '{{ arbitrary_number }}'
as: '{{ as }}'