cisco.dnac.swim_workflow_manager module – Module to manage SWIM (Software Image Management) operations in Cisco Catalyst Center
Note
This module is part of the cisco.dnac collection (version 6.24.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.dnac
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.dnac.swim_workflow_manager
.
New in cisco.dnac 6.6.0
Synopsis
Manages operations for image importation, distribution, activation, and tagging images as golden.
Provides an API to fetch a software image from a remote file system via HTTP/FTP and upload it to Catalyst Center. Supported file extensions - bin, img, tar, smu, pie, aes, iso, ova, tar.gz, qcow2.
Provides an API to fetch a software image from a local file system and upload it to Catalyst Center. Supported file extensions - bin, img, tar, smu, pie, aes, iso, ova, tar.gz, qcow2.
Provides an API to fetch a software image from Cisco Connection Online (CCO) and upload it to Catalyst Center. Refer to https://software.cisco.com/download/home for suggested images in Cisco Catalyst Center. CCO functionality is available starting from Cisco Catalyst version 2.3.7.6.
Provides an API to tag or untag an image as golden for a given family of devices.
Provides an API to distribute a software image to a device. The software image must be imported into Catalyst Center before it can be distributed.
Requirements
The below requirements are needed on the host that executes this module.
dnacentersdk == 2.7.3
python >= 3.9
Parameters
Parameter |
Comments |
---|---|
List of details of SWIM image being managed |
|
Parameters for specifying the target device(s) for SWIM image activation. The device can be identified using one of the following options: - device_serial_number - device_ip_address - device_hostname - device_mac_address - site_name (if specified, the image will be activated on all devices within the site) At least one of these parameters must be provided. If ‘site_name’ is provided, additional filters such as ‘device_role’, ‘device_family_name’, and ‘device_series_name’ can be used to further narrow down the devices within the site. |
|
ActivateLowerImageVersion flag. Choices:
|
|
Specify the name of the device family such as Switches and Hubs, etc. |
|
Device hostname where the image needs to be activated |
|
Device IP address where the image needs to be activated |
|
Device MAC address where the image needs to be activated |
|
Defines the device role, with permissible values including ALL, UNKNOWN, ACCESS, BORDER ROUTER, DISTRIBUTION, and CORE. |
|
Device serial number where the image needs to be activated |
|
This parameter specifies the name of the device series. It is used to identify a specific series of devices, such as Cisco Catalyst 9300 Series Switches, within the Cisco Catalyst Center. |
|
It specifies the mode of upgrade to be applied to the devices having the following values - ‘install’, ‘bundle’, and ‘currentlyExists’. install - This mode instructs Cisco Catalyst Center to perform a clean installation of the new image on the target devices. When this mode is selected, the existing image on the device is completely replaced with the new image during the upgrade process. This ensures that the device runs only the new image version after the upgrade is completed. bundle - This mode instructs Cisco Catalyst Center bundles the new image with the existing image on the device before initiating the upgrade process. This mode allows for a more efficient upgrade process by preserving the existing image on the device while adding the new image as an additional bundle. After the upgrade, the device can run either the existing image or the new bundled image, depending on the configuration. currentlyExists - This mode instructs Cisco Catalyst Center to checks if the target devices already have the desired image version installed. If image already present on devices, no action is taken and upgrade process is skipped for those devices. This mode is useful for avoiding unnecessary upgrades on devices that already have the correct image version installed, thereby saving time. |
|
Enable the distribute_if_needed option when activating the SWIM image. Choices:
|
|
SWIM image’s name |
|
ScheduleValidate query parameter. ScheduleValidate, validates data before schedule (optional). Choices:
|
|
Used to get device details associated to this site. |
|
Parameters for specifying the target device(s) for SWIM image distribution. The device can be identified using one of the following options: - device_serial_number - device_ip_address - device_hostname - device_mac_address - site_name (if specified, the image will be distributed to all devices within the site) At least one of these parameters must be provided. If ‘site_name’ is provided, additional filters such as ‘device_role’, ‘device_family_name’, and ‘device_series_name’ can be used to further narrow down the devices within the site. |
|
Specify the name of the device family such as Switches and Hubs, etc. |
|
Device hostname where the image needs to be distributed |
|
Device IP address where the image needs to be distributed |
|
Device MAC address where the image needs to be distributed |
|
Device Role and permissible Values are ALL, UNKNOWN, ACCESS, BORDER ROUTER, DISTRIBUTION and CORE. ALL - This role typically represents all devices within the network, regardless of their specific roles or functions. UNKNOWN - This role is assigned to devices whose roles or functions have not been identified or classified within Cisco Catalsyt Center. This could happen if the platform is unable to determine the device’s role based on available information. ACCESS - This role typically represents switches or access points that serve as access points for end-user devices to connect to the network. These devices are often located at the edge of the network and provide connectivity to end-user devices. BORDER ROUTER - These are devices that connect different network domains or segments together. They often serve as gateways between different networks, such as connecting an enterprise network to the internet or connecting multiple branch offices. DISTRIBUTION - This role represents function as distribution switches or routers in hierarchical network designs. They aggregate traffic from access switches and route it toward the core of the network or toward other distribution switches. CORE - This role typically represents high-capacity switches or routers that form the backbone of the network. They handle large volumes of traffic and provide connectivity between different parts of network, such as connecting distribution switches or providing interconnection between different network segments. |
|
Device serial number where the image needs to be distributed |
|
This parameter specifies the name of the device series. It is used to identify a specific series of devices, such as Cisco Catalyst 9300 Series Switches, within the Cisco Catalyst Center. |
|
SWIM image’s name |
|
Used to get device details associated to this site. |
|
Details of image being imported |
|
Parameters related to importing a software image from Cisco Connection Online (CCO) into Catalyst Center. This API fetches the specified image from CCO and uploads it to Catalyst Center. Supported from Cisco Catalyst Center version 2.3.7.6 onward. Refer to the Cisco software download portal (https://software.cisco.com/download/home) for recommended images. |
|
The name of the software image to be imported from Cisco.com. This is a mandatory parameter and must be provided to initiate the download from CCO. |
|
Details of the local path of the image to be imported. |
|
Provide the absolute file path needed to import an image from your local system (Eg “/path/to/your/file”). Accepted files formats are - .gz,.bin,.img,.tar,.smu,.pie,.aes,.iso,.ova,.tar_gz,.qcow2,.nfvispkg,.zip,.spa,.rpm. |
|
Query parameter to determine if the image is from a third party (optional). Choices:
|
|
Specify the ThirdPartyApplicationType query parameter to indicate the type of third-party application. Allowed values include WLC, LINUX, FIREWALL, WINDOWS, LOADBALANCER, THIRDPARTY, etc.(optional). WLC (Wireless LAN Controller) - It’s a network device that manages and controls multiple wireless access points (APs) in a centralized manner. LINUX - It’s an open-source operating system that provides a complete set of software packages and utilities. FIREWALL - It’s a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules.It acts as a barrier between a trusted internal network and untrusted external networks (such as the internet), preventing unauthorized access. WINDOWS - It’s an operating system known for its graphical user interface (GUI) support, extensive compatibility with hardware and software, and widespread use across various applications. LOADBALANCER - It’s a network device or software application that distributes incoming network traffic across multiple servers or resources. THIRDPARTY - It refers to third-party images or applications that are not part of the core system. NAM (Network Access Manager) - It’s a network management tool or software application that provides centralized control and monitoring of network access policies, user authentication, and device compliance. WAN Optimization - It refers to techniques and technologies used to improve the performance and efficiency of WANs. It includes various optimization techniques such as data compression, caching, protocol optimization, and traffic prioritization to reduce latency, increase throughput, and improve user experience over WAN connections. Unknown - It refers to an unspecified or unrecognized application type. Router - It’s a network device that forwards data packets between computer networks. They are essential for connecting multiple networks together and directing traffic between them. |
|
Provide the ThirdPartyImageFamily query parameter to identify the family of the third-party image. Image Family name like PALOALTO, RIVERBED, FORTINET, CHECKPOINT, SILVERPEAK etc. (optional). |
|
Include the ThirdPartyVendor query parameter to specify the vendor of the third party. |
|
Specifies the source of the image import. Supported values are ‘local’ for local file import, ‘remote’ for remote URL import, or ‘CCO’ for import from Cisco Connection Online. |
|
URL details for SWIM import |
|
Swim Import Via Url’s payload. |
|
An optional parameter that specifies the type of application. Allowed values include WLC, LINUX, FIREWALL, WINDOWS, LOADBALANCER, THIRDPARTY, etc. This is only applicable for third-party image types(optional). WLC (Wireless LAN Controller) - It’s network device that manages and controls multiple wireless access points (APs) in a centralized manner. LINUX - It’s an open source which provide complete operating system with a wide range of software packages and utilities. FIREWALL - It’s a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules.It acts as a barrier between a trusted internal network and untrusted external networks (such as the internet), preventing unauthorized access. WINDOWS - It’s an OS which provides GUI support for various applications, and extensive compatibility with hardware and software. LOADBALANCER - It’s a network device or software application that distributes incoming network traffic across multiple servers or resources. THIRDPARTY - It refers to third-party images or applications that are not part of the core system. NAM (Network Access Manager) - It’s a network management tool or software application that provides centralized control and monitoring of network access policies, user authentication, and device compliance. WAN Optimization - It refers to techniques and technologies used to improve the performance and efficiency of WANs. It includes various optimization techniques such as data compression, caching, protocol optimization, and traffic prioritization to reduce latency, increase throughput, and improve user experience over WAN connections. Unknown - It refers to an unspecified or unrecognized application type. Router - It’s a network device that forwards data packets between computer networks. They are essential for connecting multiple networks together and directing traffic between them. |
|
Represents the name of the image family and is applicable only when uploading third-party images. Image Family name like PALOALTO, RIVERBED, FORTINET, CHECKPOINT, SILVERPEAK etc. (optional). |
|
Flag indicates whether the image is uploaded from a third party (optional). Choices:
|
|
A mandatory parameter for importing a SWIM image via a remote URL. This parameter is required when using a URL to import an image..(For example, http://{host}/swim/cat9k_isoxe.16.12.10s.SPA.bin, ftp://user:password@{host}/swim/cat9k_isoxe.16.12.10s.SPA.iso) |
|
The name of the vendor, that applies only to third-party image types when importing via URL (optional). |
|
ScheduleAt query parameter. Epoch Time (The number of milli-seconds since January 1 1970 UTC) at which the distribution should be scheduled (optional). |
|
ScheduleDesc query parameter. Custom Description (optional). |
|
ScheduleOrigin query parameter. Originator of this call (optional). |
|
Details for tagging or untagging an image as golden |
|
Device Image family name(Eg Cisco Catalyst 9300 Switch) |
|
Specifies the device role(s) for tagging or untagging the image as golden. Permissible values: - ‘ALL’: Applies the golden tag to all devices, regardless of role. - ‘UNKNOWN’: Tags devices without a specified classification. - ‘ACCESS’: Tags devices that connect end-user devices (e.g., access switches). - ‘BORDER ROUTER’: Tags devices linking different network segments or domains. - ‘DISTRIBUTION’: Tags devices aggregating traffic toward the core. - ‘CORE’: Tags backbone devices handling high-volume network traffic. Behavior: - If ‘device_role’ is a single string (e.g., `”ACCESS”`), only that role is tagged as golden. - If ‘device_role’ contains multiple roles (e.g., `”ACCESS,CORE”`), all specified roles are tagged as golden. Examples: - device_role: “ACCESS” tags only the `ACCESS` role as golden. - device_role: “ACCESS,CORE” tags both `ACCESS` and `CORE` roles as golden. |
|
SWIM image name which will be tagged or untagged as golden. |
|
Site name for which SWIM image will be tagged/untagged as golden. If not provided, SWIM image will be mapped to global site. |
|
Booelan value to tag/untag SWIM image as golden If True then the given image will be tagged as golden. If False then the given image will be un-tagged as golden. Choices:
|
|
Set to True to verify the Cisco Catalyst Center config after applying the playbook config. Choices:
|
|
Defines the timeout in seconds for API calls to retrieve task details. If the task details are not received within this period, the process will end, and a timeout notification will be logged. Default: |
|
Indicates whether debugging is enabled in the Cisco Catalyst Center SDK. Choices:
|
|
The hostname of the Cisco Catalyst Center. |
|
Flag to enable/disable playbook execution logging. When true and dnac_log_file_path is provided, - Create the log file at the execution location with the specified name. When true and dnac_log_file_path is not provided, - Create the log file at the execution location with the name ‘dnac.log’. When false, - Logging is disabled. If the log file doesn’t exist, - It is created in append or write mode based on the “dnac_log_append” flag. If the log file exists, - It is overwritten or appended based on the “dnac_log_append” flag. Choices:
|
|
Determines the mode of the file. Set to True for ‘append’ mode. Set to False for ‘write’ mode. Choices:
|
|
Governs logging. Logs are recorded if dnac_log is True. If path is not specified, - When ‘dnac_log_append’ is True, ‘dnac.log’ is generated in the current Ansible directory; logs are appended. - When ‘dnac_log_append’ is False, ‘dnac.log’ is generated; logs are overwritten. If path is specified, - When ‘dnac_log_append’ is True, the file opens in append mode. - When ‘dnac_log_append’ is False, the file opens in write (w) mode. - In shared file scenarios, without append mode, content is overwritten after each module execution. - For a shared log file, set append to False for the 1st module (to overwrite); for subsequent modules, set append to True. Default: |
|
Sets the threshold for log level. Messages with a level equal to or higher than this will be logged. Levels are listed in order of severity [CRITICAL, ERROR, WARNING, INFO, DEBUG]. CRITICAL indicates serious errors halting the program. Displays only CRITICAL messages. ERROR indicates problems preventing a function. Displays ERROR and CRITICAL messages. WARNING indicates potential future issues. Displays WARNING, ERROR, CRITICAL messages. INFO tracks normal operation. Displays INFO, WARNING, ERROR, CRITICAL messages. DEBUG provides detailed diagnostic info. Displays all log messages. Default: |
|
The password for authentication at the Cisco Catalyst Center. |
|
Specifies the port number associated with the Cisco Catalyst Center. Default: |
|
Specifies the interval in seconds between successive calls to the API to retrieve task details. Default: |
|
The username for authentication at the Cisco Catalyst Center. Default: |
|
Flag to enable or disable SSL certificate verification. Choices:
|
|
Specifies the version of the Cisco Catalyst Center that the SDK should use. Default: |
|
The state of Catalyst Center after module completion. Choices:
|
|
Flag for Cisco Catalyst Center SDK to enable the validation of request bodies against a JSON schema. Choices:
|
Notes
Note
SDK Method used are software_image_management_swim.SoftwareImageManagementSwim.import_software_image_via_url, software_image_management_swim.SoftwareImageManagementSwim.tag_as_golden_image, software_image_management_swim.SoftwareImageManagementSwim.trigger_software_image_distribution, software_image_management_swim.SoftwareImageManagementSwim.trigger_software_image_activation,
Paths used are post /dna/intent/api/v1/image/importation/source/url, post /dna/intent/api/v1/image/importation/golden, post /dna/intent/api/v1/image/distribution, post /dna/intent/api/v1/image/activation/device,
Added the parameter ‘dnac_api_task_timeout’, ‘dnac_task_poll_interval’ options in v6.13.2.
Does not support
check_mode
The plugin runs on the control node and does not use any ansible connection plugins instead embedded connection manager from Cisco Catalyst Center SDK
The parameters starting with dnac_ are used by the Cisco Catalyst Center Python SDK to establish the connection
Examples
- name: Import an image from a URL, tag it as golden and load it on device
cisco.dnac.swim_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: True
config:
- import_image_details:
type: remote
url_details:
payload:
- source_url:
- "http://10.10.10.10/stda/cat9k_iosxe.17.12.01.SPA.bin"
is_third_party: False
tagging_details:
image_name: cat9k_iosxe.17.12.01.SPA.bin
device_role: ACCESS
device_image_family_name: Cisco Catalyst 9300 Switch
site_name: Global/USA/San Francisco/BGL_18
tagging: True
image_distribution_details:
image_name: cat9k_iosxe.17.12.01.SPA.bin
device_serial_number: FJC2327U0S2
image_activation_details:
image_name: cat9k_iosxe.17.12.01.SPA.bin
schedule_validate: False
activate_lower_image_version: False
distribute_if_needed: True
device_serial_number: FJC2327U0S2
- name: Import an image from local, tag it as golden.
cisco.dnac.swim_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: True
config:
- import_image_details:
type: local
local_image_details:
file_path: /Users/Downloads/cat9k_iosxe.17.12.01.SPA.bin
is_third_party: False
tagging_details:
image_name: cat9k_iosxe.17.12.01.SPA.bin
device_role: ACCESS
device_image_family_name: Cisco Catalyst 9300 Switch
site_name: Global/USA/San Francisco/BGL_18
tagging: True
- name: Import bulk images from URL
cisco.dnac.swim_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: True
config:
- import_image_details:
type: remote
url_details:
payload:
- source_url:
- "http://10.10.10.10/stda/cat9k_iosxe.17.12.01.SPA.bin"
- "http://10.10.10.10/stda/cat9k_iosxe.17.12.02.SPA.bin"
third_party: False
- name: Import images from CCO (cisco.com)
cisco.dnac.swim_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: True
config:
- import_image_details:
type: CCO
cco_image_details:
image_name: cat9k_iosxe.17.06.06a.SPA.bin
- name: Tag the given image as golden and load it on device
cisco.dnac.swim_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: True
config:
- tagging_details:
image_name: cat9k_iosxe.17.12.01.SPA.bin
device_role: ACCESS
device_image_family_name: Cisco Catalyst 9300 Switch
site_name: Global/USA/San Francisco/BGL_18
tagging: True
- name: Tag the specified image as golden for multiple device roles and load it into the device
cisco.dnac.swim_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: True
config:
- tagging_details:
image_name: cat9k_iosxe.17.12.01.SPA.bin
device_role: ACCESS,CORE
device_image_family_name: Cisco Catalyst 9300 Switch
site_name: Global/USA/San Francisco/BGL_18
tagging: True
- name: Un-tagged the given image as golden and load it on device
cisco.dnac.swim_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: True
config:
- tagging_details:
image_name: cat9k_iosxe.17.12.01.SPA.bin
device_role: ACCESS
device_image_family_name: Cisco Catalyst 9300 Switch
site_name: Global/USA/San Francisco/BGL_18
tagging: False
- name: Distribute the given image on devices associated to that site with specified role.
cisco.dnac.swim_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: True
config:
- image_distribution_details:
image_name: cat9k_iosxe.17.12.01.SPA.bin
site_name: Global/USA/San Francisco/BGL_18
device_role: ALL
device_family_name: Switches and Hubs
device_series_name: Cisco Catalyst 9300 Series Switches
- name: Activate the given image on devices associated to that site with specified role.
cisco.dnac.swim_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: True
config:
- image_activation_details:
image_name: cat9k_iosxe.17.12.01.SPA.bin
site_name: Global/USA/San Francisco/BGL_18
device_role: ALL
device_family_name: Switches and Hubs
device_series_name: Cisco Catalyst 9300 Series Switches
scehdule_validate: False
activate_lower_image_version: True
distribute_if_needed: True
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A dictionary with activation details as returned by the Catalyst Center Python SDK Returned: always Sample: |