Documentation

eos_eapi - Manage and configure Arista EOS eAPI.

New in version 2.1.

Synopsis

  • Use to enable or disable eAPI access, and set the port and state of http, https, local_http and unix-socket servers.
  • When enabling eAPI access the default is to enable HTTP on port 80, enable HTTPS on port 443, disable local HTTP, and disable Unix socket server. Use the options listed below to override the default configuration.
  • Requires EOS v4.12 or greater.

Options

parameter required default choices comments
auth_pass
no none
Specifies the password to use if required to enter privileged mode on the remote device. If authorize is false, then this argument does nothing. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_AUTH_PASS will be used instead.
authorize
no
  • yes
  • no
Instructs the module to enter privileged mode on the remote device before sending any commands. If not specified, the device will attempt to execute all commands in non-privileged mode. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_AUTHORIZE will be used instead.
config
(added in 2.2)
no nul
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The config argument allows the implementer to pass in the configuration to use as the base config for comparison.
http
no
  • yes
  • no
The http argument controls the operating state of the HTTP transport protocol when eAPI is present in the running-config. When the value is set to True, the HTTP protocol is enabled and when the value is set to False, the HTTP protocol is disabled. By default, when eAPI is first configured, the HTTP protocol is disabled.

aliases: enable_http
http_port
no 80
Configures the HTTP port that will listen for connections when the HTTP transport protocol is enabled. This argument accepts integer values in the valid range of 1 to 65535.
https
no True
  • yes
  • no
The https argument controls the operating state of the HTTPS transport protocol when eAPI is present in the running-config. When the value is set to True, the HTTPS protocol is enabled and when the value is set to False, the HTTPS protocol is disabled. By default, when eAPI is first configured, the HTTPS protocol is enabled.

aliases: enable_http
https_port
no 443
Configures the HTTP port that will listen for connections when the HTTP transport protocol is enabled. This argument accepts integer values in the valid range of 1 to 65535.
local_http
no
  • yes
  • no
The local_http argument controls the operating state of the local HTTP transport protocol when eAPI is present in the running-config. When the value is set to True, the HTTP protocol is enabled and restricted to connections from localhost only. When the value is set to False, the HTTP local protocol is disabled.
Note is value is independent of the http argument

aliases: enable_local_http
local_http_port
no 8080
Configures the HTTP port that will listen for connections when the HTTP transport protocol is enabled. This argument accepts integer values in the valid range of 1 to 65535.
provider
no
A dict object containing connection details.
Dictionary object provider
parameter required default choices comments
username
no
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate either the CLI login or the eAPI authentication depending on which transport is used. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
authorize
no
  • yes
  • no
Instructs the module to enter privileged mode on the remote device before sending any commands. If not specified, the device will attempt to execute all commands in non-privileged mode. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_AUTHORIZE will be used instead.
ssh_keyfile
no
Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
auth_pass
no none
Specifies the password to use if required to enter privileged mode on the remote device. If authorize is false, then this argument does nothing. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_AUTH_PASS will be used instead.
host
yes
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
timeout
no 10
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
use_ssl
no True
  • yes
  • no
Configures the transport to use SSL if set to true only when the transport=eapi. If the transport argument is not eapi, this value is ignored.
password
no
Specifies the password to use to authenticate the connection to the remote device. This is a common argument used for either cli or eapi transports. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
validate_certs
no
  • yes
  • no
If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. If the transport argument is not eapi, this value is ignored.
port
no 0 (use common port)
Specifies the port to use when building the connection to the remote device. This value applies to either cli or eapi. The port value will default to the appropriate transport common port if none is provided in the task. (cli=22, http=80, https=443).
transport
yes cli
  • eapi
  • cli
Configures the transport connection to use when connecting to the remote device.
socket
no
  • yes
  • no
The socket argument controls the operating state of the UNIX Domain Socket used to receive eAPI requests. When the value of this argument is set to True, the UDS will listen for eAPI requests. When the value is set to False, the UDS will not be available to handle requests. By default when eAPI is first configured, the UDS is disabled.

aliases: enable_socket
state
no started
  • started
  • stopped
The state argument controls the operational state of eAPI on the remote device. When this argument is set to started, eAPI is enabled to receive requests and when this argument is stopped, eAPI is disabled and will not receive requests.
vrf
(added in 2.2)
no default
The vrf argument will configure eAPI to listen for connections in the specified VRF. By default, eAPI transports will listen for connections in the global table. This value requires the VRF to already be created otherwise the task will fail.

Examples

- name: Enable eAPI access with default configuration
  eos_eapi:
    state: started

- name: Enable eAPI with no HTTP, HTTPS at port 9443, local HTTP at port 80, and socket enabled
  eos_eapi:
    state: started
    http: false
    https_port: 9443
    local_http: yes
    local_http_port: 80
    socket: yes

- name: Shutdown eAPI access
  eos_eapi:
    state: stopped

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
commands The list of configuration mode commands to send to the device always list ['management api http-commands', 'protocol http port 81', 'no protocol https']
session_name The EOS config session name used to load the configuration when changed is True str ansible_1479315771
urls Hash of URL endpoints eAPI is listening on per interface when eAPI is started dict {'Management1': ['http://172.26.10.1:80']}


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is maintained by those with core commit privileges

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.