netconf – Provides a persistent connection using the netconf protocol

From Get docs
< Connection PluginsAnsible/docs/2.8/plugins/connection/netconf


netconf – Provides a persistent connection using the netconf protocol

New in version 2.3.


Synopsis

  • This connection plugin provides a connection to remote devices over the SSH NETCONF subsystem. This connection plugin is typically used by network devices for sending and receiving RPC calls over NETCONF.
  • Note this connection plugin requires ncclient to be installed on the local Ansible controller.

Requirements

The below requirements are needed on the local master node that executes this connection.

  • ncclient

Parameters

Parameter Choices/Defaults Configuration Comments

host

-

Default:

"inventory_hostname"

var: ansible_host

Specifies the remote device FQDN or IP address to establish the SSH connection to.

host_key_auto_add

boolean

Default:

"no"

ini entries: [paramiko_connection]host_key_auto_add = no


env:ANSIBLE_HOST_KEY_AUTO_ADD

By default, Ansible will prompt the user before adding SSH keys to the known hosts file. By enabling this option, unknown host keys will automatically be added to the known hosts file.

Be sure to fully understand the security implications of enabling this option on production systems as it could create a security vulnerability.

host_key_checking

boolean

Default:

"yes"

ini entries: [defaults]host_key_checking = yes

[paramiko_connection]host_key_checking = yes


env:ANSIBLE_HOST_KEY_CHECKING

env:ANSIBLE_SSH_HOST_KEY_CHECKING

env:ANSIBLE_NETCONF_HOST_KEY_CHECKING

var: ansible_host_key_checking

var: ansible_ssh_host_key_checking

var: ansible_netconf_host_key_checking

Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host

look_for_keys

boolean

Default:

"yes"

ini entries: [paramiko_connection]look_for_keys = yes


env:ANSIBLE_PARAMIKO_LOOK_FOR_KEYS

Enables looking for ssh keys in the usual locations for ssh keys (e.g. :file:`~/.ssh/id_*`).

netconf_ssh_config

-

ini entries: [netconf_connection]ssh_config = VALUE


env:ANSIBLE_NETCONF_SSH_CONFIG

var: ansible_netconf_ssh_config

This variable is used to enable bastion/jump host with netconf connection. If set to True the bastion/jump host ssh settings should be present in ~/.ssh/config file, alternatively it can be set to custom ssh configuration file path to read the bastion/jump host settings.

network_os

-

var: ansible_network_os

Configures the device platform network operating system. This value is used to load a device specific netconf plugin. If this option is not configured, then the default netconf plugin will be used.

password

-

var: ansible_password

var: ansible_ssh_pass

var: ansible_ssh_password

var: ansible_netconf_password

Configures the user password used to authenticate to the remote device when first establishing the SSH connection.

persistent_command_timeout

integer

Default:

30

ini entries: [persistent_connection]command_timeout = 30


env:ANSIBLE_PERSISTENT_COMMAND_TIMEOUT

var: ansible_command_timeout

Configures, in seconds, the amount of time to wait for a command to return from the remote device. If this timer is exceeded before the command returns, the connection plugin will raise an exception and close.

persistent_connect_timeout

integer

Default:

30

ini entries: [persistent_connection]connect_timeout = 30


env:ANSIBLE_PERSISTENT_CONNECT_TIMEOUT

var: ansible_connect_timeout

Configures, in seconds, the amount of time to wait when trying to initially establish a persistent connection. If this value expires before the connection to the remote device is completed, the connection will fail.

persistent_log_messages

boolean

Default:

"no"

ini entries: [persistent_connection]log_messages = no


env:ANSIBLE_PERSISTENT_LOG_MESSAGES

var: ansible_persistent_log_messages

This flag will enable logging the command executed and response received from target device in the ansible log file. For this option to work 'log_path' ansible configuration option is required to be set to a file path with write access.

Be sure to fully understand the security implications of enabling this option as it could create a security vulnerability by logging sensitive information in log file.

port

integer

Default:

830

ini entries: [defaults]remote_port = 830


env:ANSIBLE_REMOTE_PORT

var: ansible_port

Specifies the port on the remote device that listens for connections when establishing the SSH connection.

private_key_file

-

ini entries: [defaults]private_key_file = VALUE


env:ANSIBLE_PRIVATE_KEY_FILE

var: ansible_private_key_file

The private SSH key or certificate file used to authenticate to the remote device when first establishing the SSH connection.

remote_user

-

ini entries: [defaults]remote_user = VALUE


env:ANSIBLE_REMOTE_USER

var: ansible_user

The username used to authenticate to the remote device when the SSH connection is first established. If the remote_user is not specified, the connection will use the username of the logged in user.

Can be configured from the CLI via the --user or -u options.

timeout

integer

Default:

120

Sets the connection time, in seconds, for communicating with the remote device. This timeout is used as the default timeout value when awaiting a response after issuing a call to a RPC. If the RPC does not return in timeout seconds, an error is generated.



Status

Authors

  • Ansible Networking Team

Hint

If you notice any issues in this documentation, you can edit this document to improve it.


Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/plugins/connection/netconf.html