CNOS supports Enable Mode (Privilege Escalation). This page offers details on how to use Enable Mode on CNOS in Ansible.
uses SSH keys / SSH-agent if present
|Indirect Access||via a bastion (jump host)|
|Returned Data Format||
For legacy playbooks, CNOS still supports
ansible_connection: local. We recommend modernizing to use
ansible_connection: network_cli as soon as possible.
ansible_connection: network_cli ansible_network_os: cnos ansible_user: myuser ansible_password: !vault... ansible_become: yes ansible_become_method: enable ansible_become_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
- If you are using SSH keys (including an ssh-agent) you can remove the
- If you are accessing your host directly (not through a bastion/jump host) you can remove the
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the
ProxyCommanddirective. To prevent secrets from leaking out (for example in
psoutput), SSH does not support providing passwords via environment variables.
- name: Retrieve CNOS OS version cnos_command: commands: show version when: ansible_network_os == 'cnos'
Never store passwords in plain text. We recommend using SSH keys to authenticate SSH connections. Ansible supports ssh-agent to manage your SSH keys. If you must use passwords to authenticate SSH connections, we recommend encrypting them with Ansible Vault.