CNOS Platform Options

CNOS supports Enable Mode (Privilege Escalation). This page offers details on how to use Enable Mode on CNOS in Ansible.

Connections Available

CLI
Protocol SSH
Credentials

uses SSH keys / SSH-agent if present
accepts -u myuser -k if using password
Indirect Access via a bastion (jump host)
Connection Settings


ansible_connection: network_cli


Enable Mode
(Privilege Escalation)

supported - use ansible_become: yes
with ansible_become_method: enable
and ansible_become_pass:
Returned Data Format stdout[0].

For legacy playbooks, CNOS still supports ansible_connection: local. We recommend modernizing to use ansible_connection: network_cli as soon as possible.

Using CLI in Ansible

Example CLI group_vars/cnos.yml

ansible_connection: network_cli
ansible_network_os: cnos
ansible_user: myuser
ansible_ssh_pass: !vault...
ansible_become: yes
ansible_become_method: enable
ansible_become_pass: !vault...
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
  • If you are using SSH keys (including an ssh-agent) you can remove the ansible_ssh_pass configuration.
  • If you are accessing your host directly (not through a bastion/jump host) you can remove the ansible_ssh_common_args configuration.
  • If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ProxyCommand directive. To prevent secrets from leaking out (for example in ps output), SSH does not support providing passwords via environment variables.

Example CLI Task

- name: Retreive CNOS OS version
  cnos_command:
    commands: show version
  when: ansible_network_os == 'cnos'

Warning

Never store passwords in plain text. We recommend using SSH keys to authenticate SSH connections. Ansible supports ssh-agent to manage your SSH keys. If you must use passwords to authenticate SSH connections, we recommend encrypting them with Ansible Vault.