dellemc.enterprise_sonic.sonic_mgmt_servers module – Manage management servers configuration on SONiC

Note

This module is part of the dellemc.enterprise_sonic collection (version 3.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic.

To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_mgmt_servers.

New in dellemc.enterprise_sonic 2.5.0

Synopsis

  • This module provides configuration management of management servers for devices running SONiC

Parameters

Parameter

Comments

config

dictionary

Management servers configuration

rest

dictionary

REST server configuration

api_timeout

integer

Maximum time in seconds the REST server will wait for a REST API request-response cycle to complete

Range 0-4294967295

Default: 900

cipher_suite

string

added in dellemc.enterprise_sonic 3.1.0

Cipher suites used for TLS connection with the clients

Specify as a comma separated list. Options are ecdhe-ecdsa-with-aes-256-gcm-SHA384, ecdhe-ecdsa-with-chacha20-poly1305-SHA256 and ecdhe-ecdsa-with-aes-128-gcm-SHA256.

Default: "ecdhe-ecdsa-with-aes-256-gcm-SHA384,ecdhe-ecdsa-with-chacha20-poly1305-SHA256,ecdhe-ecdsa-with-aes-128-gcm-SHA256"

client_auth

string

Client authentication methods list

Specify as a comma separated list. Options for list are password, jwt, cert, and none.

Default: "password,jwt"

log_level

integer

Log level of REST server, range 0-255

Default: 0

port

integer

Port that the REST server listens on, range 0-65535

Default: 443

read_timeout

integer

Maximum time in seconds the REST server will wait for an HTTP request-response cycle to complete

Range 0-4294967295

Default: 15

req_limit

integer

Maximum number of concurrent requests that the client can make to the REST server

Range 0-4294967295

security_profile

string

Name of security profile

shutdown

boolean

Enables/disables REST server from listening on the port

Choices:

  • false

  • true

vrf

string

Name of VRF

Choices:

  • "mgmt"

telemetry

dictionary

Telemetry server configuration

api_timeout

integer

Maximum time in seconds the telemetry server will wait for a gNMI request-response cycle to complete

Range 0-4294967295

Default: 0

client_auth

string

Client authentication methods list

Specify as a comma separated list. Options for list are password, jwt, cert, and none.

Default: "password,jwt"

jwt_refresh

integer

Duration of time in seconds before JWT expires and can be refreshed

Range 0-4294967295

Default: 900

jwt_valid

integer

Duration of time in seconds for which JWT is valid on the telemetry server

Range 0-4294967295

Default: 3600

log_level

integer

Log level of telemetry server, range 0-255

Default: 0

port

integer

Port that the telemetry server listens on, range 0-65535

Default: 8080

security_profile

string

Name of security profile

vrf

string

Name of VRF

Choices:

  • "mgmt"

state

string

The state of the configuration after module completion.

Choices:

  • "merged" ← (default)

  • "deleted"

  • "overridden"

  • "replaced"

Notes

Note

  • Tested against Enterprise SONiC Distribution by Dell Technologies.

  • Supports check_mode.

Examples

# Using Merged
#
# Before state:
# -------------
#
# sonic# show ip rest
#
# Log level is 0
# Port is 443
# Request limit is not-set
# Read timeout is 15 seconds
# Client authentication mode is password,jwt
# Security profile is not-set
# API timeout is 900 seconds
# vrf is not-set
# Cipher suite is ecdhe-ecdsa-with-aes-256-gcm-SHA384,ecdhe-ecdsa-with-chacha20-poly1305-SHA256,ecdhe-ecdsa-with-aes-128-gcm-SHA256
#
# sonic# show ip telemetry
#
# Log level is 0
# JWT valid is 3600 seconds
# JWT refresh is 900 seconds
# Port is 8080
# Client authentication mode is password,jwt
# Security profile is not-set
# API timeout is 0 seconds
# vrf is not-set

- name: Merge mgmt servers configuration
  dellemc.enterprise_sonic.sonic_mgmt_servers:
    config:
      rest:
        api_timeout: 120
        client_auth: password
        log_level: 6
        port: 443
        read_timeout: 60
        req_limit: 100
        security_profile: profile1
        shutdown: True
        vrf: mgmt
        cipher_suite: ecdhe-ecdsa-with-aes-256-gcm-SHA384
      telemetry:
        api_timeout: 45
        client_auth: cert,jwt
        jwt_refresh: 80
        jwt_valid: 300
        log_level: 10
        port: 1234
        security_profile: profile2
        vrf: mgmt
    state: merged

# After state:
# ------------
#
# sonic# show ip rest
#
# Log level is 6
# Port is 443, disabled
# Request limit is 100
# Read timeout is 60 seconds
# Client authentication mode is password
# Security profile is profile1
# API timeout is 120 seconds
# vrf is mgmt
# Cipher suite is ecdhe-ecdsa-with-aes-256-gcm-SHA384
#
# sonic# show ip telemetry
#
# Log level is 10
# JWT valid is 300 seconds
# JWT refresh is 80 seconds
# Port is 1234
# Client authentication mode is cert,jwt
# Security profile is profile2
# API timeout is 45 seconds
# vrf is mgmt


# Using Replaced
#
# Before state:
# -------------
#
# sonic# show ip rest
#
# Log level is 6
# Port is 443, disabled
# Request limit is 100
# Read timeout is 60 seconds
# Client authentication mode is password
# Security profile is profile1
# API timeout is 120 seconds
# vrf is mgmt
# Cipher suite is ecdhe-ecdsa-with-aes-256-gcm-SHA384
#
# sonic# show ip telemetry
#
# Log level is 10
# JWT valid is 300 seconds
# JWT refresh is 80 seconds
# Port is 1234
# Client authentication mode is cert,jwt
# Security profile is profile2
# API timeout is 45 seconds
# vrf is mgmt

- name: Replace mgmt servers configuration
  dellemc.enterprise_sonic.sonic_mgmt_servers:
    config:
      rest:
        api_timeout: 180
        vrf: mgmt
        cipher_suite: ecdhe-ecdsa-with-aes-256-gcm-SHA384,ecdhe-ecdsa-with-chacha20-poly1305-SHA256
      telemetry:
        log_level: 25
        security_profile: profile2
    state: replaced

# After state:
# ------------
#
# sonic# show ip rest
#
# Log level is 0
# Port is 443
# Request limit is not-set
# Read timeout is 15 seconds
# Client authentication mode is password,jwt
# Security profile is not-set
# API timeout is 180 seconds
# vrf is mgmt
# Cipher suite is ecdhe-ecdsa-with-aes-256-gcm-SHA384,ecdhe-ecdsa-with-chacha20-poly1305-SHA256
#
# sonic# show ip telemetry
#
# Log level is 25
# JWT valid is 3600 seconds
# JWT refresh is 900 seconds
# Port is 8080
# Client authentication mode is password,jwt
# Security profile is profile2
# API timeout is 0 seconds
# vrf is not-set


# Using Overridden
#
# Before state:
# -------------
#
# sonic# show ip rest
#
# Log level is 6
# Port is 443, disabled
# Request limit is 100
# Read timeout is 60 seconds
# Client authentication mode is password
# Security profile is profile1
# API timeout is 120 seconds
# vrf is mgmt
# Cipher suite is ecdhe-ecdsa-with-aes-256-gcm-SHA384,ecdhe-ecdsa-with-chacha20-poly1305-SHA256
#
# sonic# show ip telemetry
#
# Log level is 10
# JWT valid is 300 seconds
# JWT refresh is 80 seconds
# Port is 1234
# Client authentication mode is cert,jwt
# Security profile is profile2
# API timeout is 45 seconds
# vrf is mgmt

- name: Override mgmt servers configuration
  dellemc.enterprise_sonic.sonic_mgmt_servers:
    config:
      rest:
        api_timeout: 120
        client_auth: password
        log_level: 6
        port: 443
        read_timeout: 60
        req_limit: 100
        security_profile: profile1
        shutdown: True
        vrf: mgmt
        cipher_suite: ecdhe-ecdsa-with-aes-128-gcm-SHA256,ecdhe-ecdsa-with-aes-256-gcm-SHA384
    state: overridden

# After state:
# ------------
#
# sonic# show ip rest
#
# Log level is 6
# Port is 443, disabled
# Request limit is 100
# Read timeout is 60 seconds
# Client authentication mode is password
# Security profile is profile1
# API timeout is 120 seconds
# vrf is mgmt
# Cipher suite is ecdhe-ecdsa-with-aes-128-gcm-SHA256,ecdhe-ecdsa-with-aes-256-gcm-SHA384
#
# sonic# show ip telemetry
#
# Log level is 0
# JWT valid is 3600 seconds
# JWT refresh is 900 seconds
# Port is 8080
# Client authentication mode is password,jwt
# Security profile is not-set
# API timeout is 0 seconds
# vrf is not-set


# Using Deleted
#
# Before state:
# -------------
#
# sonic# show ip rest
#
# Log level is 6
# Port is 443, disabled
# Request limit is 100
# Read timeout is 60 seconds
# Client authentication mode is password
# Security profile is profile1
# API timeout is 120 seconds
# vrf is mgmt
# Cipher suite is ecdhe-ecdsa-with-aes-128-gcm-SHA256,ecdhe-ecdsa-with-aes-256-gcm-SHA384
#
# sonic# show ip telemetry
#
# Log level is 10
# JWT valid is 300 seconds
# JWT refresh is 80 seconds
# Port is 1234
# Client authentication mode is cert,jwt
# Security profile is profile2
# API timeout is 45 seconds
# vrf is mgmt

- name: Delete mgmt servers configuration
  dellemc.enterprise_sonic.sonic_mgmt_servers:
    config:
      rest:
        api_timeout: 120
        client_auth: password
        log_level: 6
        port: 443
        read_timeout: 60
        req_limit: 100
        security_profile: profile1
        shutdown: True
        vrf: mgmt
        cipher_suite: ecdhe-ecdsa-with-aes-256-gcm-SHA384,ecdhe-ecdsa-with-aes-128-gcm-SHA256
      telemetry:
        api_timeout: 45
        client_auth: cert,jwt
        jwt_refresh: 80
        jwt_valid: 300
        log_level: 10
        port: 1234
        security_profile: profile2
        vrf: mgmt
    state: deleted

# After state:
# ------------
#
# sonic# show ip rest
#
# Log level is 0
# Port is 443
# Request limit is not-set
# Read timeout is 15 seconds
# Client authentication mode is password,jwt
# Security profile is not-set
# API timeout is 900 seconds
# vrf is not-set
# Cipher suite is ecdhe-ecdsa-with-aes-256-gcm-SHA384,ecdhe-ecdsa-with-chacha20-poly1305-SHA256,ecdhe-ecdsa-with-aes-128-gcm-SHA256
#
# sonic# show ip telemetry
#
# Log level is 0
# JWT valid is 3600 seconds
# JWT refresh is 900 seconds
# Port is 8080
# Client authentication mode is password,jwt
# Security profile is not-set
# API timeout is 0 seconds
# vrf is not-set

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

after

list / elements=string

The resulting configuration module invocation.

Returned: when changed

Sample: ["The configuration returned will always be in the same format as the parameters above.\n"]

after(generated)

list / elements=string

The generated configuration from module invocation.

Returned: when check_mode

Sample: ["The configuration returned will always be in the same format\n as the parameters above.\n"]

before

list / elements=string

The configuration prior to the module invocation.

Returned: always

Sample: ["The configuration returned will always be in the same format as the parameters above.\n"]

commands

list / elements=string

The set of commands pushed to the remote device.

Returned: always

Sample: ["command 1", "command 2", "command 3"]

Authors

  • Shade Talabi (@stalabi1)