cisco.dnac.network_compliance_workflow_manager module – Network Compliance module for managing network compliance tasks on reachable device(s) in Cisco Catalyst Center.
Note
This module is part of the cisco.dnac collection (version 6.25.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.dnac
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.dnac.network_compliance_workflow_manager
.
New in cisco.dnac 6.14.0
Synopsis
Perform compliance checks or sync configurations on reachable devices using IP Address(s) or Site.
API to perform full compliance checks or specific category checks on reachable device(s).
API to sync device configuration on device(s).
Requirements
The below requirements are needed on the host that executes this module.
dnacentersdk == 2.7.0
python >= 3.9
Parameters
Parameter |
Comments |
---|---|
List of device details for running a compliance check or synchronizing device configuration. |
|
List of IP addresses of devices to run a compliance check on or synchronize device configurations. Either “ip_address_list” or “site_name” is required for module to execute. If both “site_name” and “ip_address_list” are provided, operations are performed on devices that are present in both the “ip_address_list” and the specified site. (e.g. [“204.1.2.2”, “204.1.2.5”, “204.1.2.4”]) |
|
Determines if a full compliance check should be triggered on the devices specified in the “ip_address_list” and/or “site_name”. if it is True then compliance will be triggered for all categories. If it is False then compliance will be not be triggered even if run_compliance categories are provided. Note - This operation cannot be performed on Access Points (APs) and if APs are provided, they will be skipped. Choices:
|
|
Specifies the number of devices to be included in a single batch for compliance operations. This parameter is crucial for optimizing performance during large-scale compliance checks. By processing devices in manageable batches, the system can enhance the speed and efficiency of the operation, reducing the overall time required and minimizing the risk of overloading system resources. Adjusting this parameter allows for a balance between throughput and resource utilization, ensuring smooth and effective compliance management. Note - Having a higher value for run_compliance_batch_size may cause errors due to the increased load on the system. Default: |
|
Specifying compliance categories allows you to trigger compliance checks only for the mentioned categories. Category can have one or more values from among the options “INTENT”, “RUNNING_CONFIG”, “IMAGE”, “PSIRT”, “EOX”, “NETWORK_SETTINGS”. Category “INTENT” is mapped to compliance types “NETWORK_SETTINGS”, “NETWORK_PROFILE”, “WORKFLOW”, “FABRIC”, “APPLICATION_VISIBILITY”. If “run_compliance” is False then compliance will be not be triggered even if “run_compliance_categories” are provided. (e.g. [“INTENT”, “RUNNING_CONFIG”, “IMAGE”, “PSIRT”, “EOX”, “NETWORK_SETTINGS”]) |
|
When “site_name” is specified, the module executes the operation on all the devices located within the specified site. This is a string value that should represent the complete hierarchical path of the site. Either “site_name” or “ip_address_list” is required for module to execute. If both “site_name” and “ip_address_list” are provided, operations are performed on devices that are present in both the “ip_address_list” and the specified site. (e.g. “Global/USA/San Francisco/Building_2/floor_1”) |
|
Determines whether to synchronize the device configuration on the devices specified in the “ip_address_list” and/or “site_name”. Sync device configuration, primarily addresses the status of the `RUNNING_CONFIG`. If set to True, and if `RUNNING_CONFIG` status is non-compliant this operation would commit device running configuration to startup by issuing “write memory” to device. Note - This operation cannot be performed on Access Points (APs) and if APs are provided, they will be skipped. Choices:
|
|
Set to True to verify the Cisco Catalyst Center config after applying the playbook config. Choices:
|
|
Defines the timeout in seconds for API calls to retrieve task details. If the task details are not received within this period, the process will end, and a timeout notification will be logged. Default: |
|
Indicates whether debugging is enabled in the Cisco Catalyst Center SDK. Choices:
|
|
The hostname of the Cisco Catalyst Center. |
|
Flag to enable/disable playbook execution logging. When true and dnac_log_file_path is provided, - Create the log file at the execution location with the specified name. When true and dnac_log_file_path is not provided, - Create the log file at the execution location with the name ‘dnac.log’. When false, - Logging is disabled. If the log file doesn’t exist, - It is created in append or write mode based on the “dnac_log_append” flag. If the log file exists, - It is overwritten or appended based on the “dnac_log_append” flag. Choices:
|
|
Determines the mode of the file. Set to True for ‘append’ mode. Set to False for ‘write’ mode. Choices:
|
|
Governs logging. Logs are recorded if dnac_log is True. If path is not specified, - When ‘dnac_log_append’ is True, ‘dnac.log’ is generated in the current Ansible directory; logs are appended. - When ‘dnac_log_append’ is False, ‘dnac.log’ is generated; logs are overwritten. If path is specified, - When ‘dnac_log_append’ is True, the file opens in append mode. - When ‘dnac_log_append’ is False, the file opens in write (w) mode. - In shared file scenarios, without append mode, content is overwritten after each module execution. - For a shared log file, set append to False for the 1st module (to overwrite); for subsequent modules, set append to True. Default: |
|
Sets the threshold for log level. Messages with a level equal to or higher than this will be logged. Levels are listed in order of severity [CRITICAL, ERROR, WARNING, INFO, DEBUG]. CRITICAL indicates serious errors halting the program. Displays only CRITICAL messages. ERROR indicates problems preventing a function. Displays ERROR and CRITICAL messages. WARNING indicates potential future issues. Displays WARNING, ERROR, CRITICAL messages. INFO tracks normal operation. Displays INFO, WARNING, ERROR, CRITICAL messages. DEBUG provides detailed diagnostic info. Displays all log messages. Default: |
|
The password for authentication at the Cisco Catalyst Center. |
|
Specifies the port number associated with the Cisco Catalyst Center. Default: |
|
Specifies the interval in seconds between successive calls to the API to retrieve task details. Default: |
|
The username for authentication at the Cisco Catalyst Center. Default: |
|
Flag to enable or disable SSL certificate verification. Choices:
|
|
Specifies the version of the Cisco Catalyst Center that the SDK should use. Default: |
|
State of Cisco Catalyst Center after module completion. Choices:
|
|
Flag for Cisco Catalyst Center SDK to enable the validation of request bodies against a JSON schema. Choices:
|
Notes
Note
SDK Methods used are compliance.Compliance.run_compliance compliance.Compliance.commit_device_configuration task.Task.get_task_by_id task.Task.get_task_details_by_id task.Task.get_tasks compliance.Compliance.compliance_details_of_device devices.Devices.get_device_list devices.Devices.get_device_by_id site.Site.get_site site.Site.get_membership site_design.Site_design.get_sites site_design.Site_design.get_site_assigned_network_devices
Paths used are post /dna/intent/api/v1/compliance/ post /dna/intent/api/v1/network-device-config/write-memory get /dna/intent/api/v1/task/{taskId} get /dna/intent/api/v1/compliance/${deviceUuid}/detail get /dna/intent/api/v1/membership/${siteId} get /dna/intent/api/v1/site get /dna/intent/api/v1/networkDevices/assignedToSite get /dna/intent/api/v1/sites get /dna/intent/api/v1/tasks/${id}/detail get /dna/intent/api/v1/tasks get /dna/intent/api/v1/network-device/${id} get /dna/intent/api/v1/network-device
Does not support
check_mode
The plugin runs on the control node and does not use any ansible connection plugins instead embedded connection manager from Cisco Catalyst Center SDK
The parameters starting with dnac_ are used by the Cisco Catalyst Center Python SDK to establish the connection
Examples
- name: Run Compliance check on device(s) using IP address list (run_compliance by default is True)
cisco.dnac.network_compliance_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: false
config:
- ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
- name: Run Compliance check on device(s) using IP address list
cisco.dnac.network_compliance_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: false
config:
- ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
run_compliance: true
- name: Run Compliance check on device(s) using Site
cisco.dnac.network_compliance_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: false
config:
- site_name: "Global/USA/San Francisco/Building_1/floor_1"
run_compliance: true
- name: Run Compliance check on device(s) using both IP address list and Site
cisco.dnac.network_compliance_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: false
config:
- ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
site_name: "Global/USA/San Francisco/Building_1/floor_1"
run_compliance: true
- name: Run Compliance check with specific categories on device(s) using IP address list
cisco.dnac.network_compliance_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: false
config:
- ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
run_compliance: true
run_compliance_categories: ["INTENT", "RUNNING_CONFIG", "IMAGE", "PSIRT"]
- name: Run Compliance check with specific categories on device(s) using Site
cisco.dnac.network_compliance_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: false
config:
- site_name: "Global/USA/San Francisco/Building_1/floor_1"
run_compliance: true
run_compliance_categories: ["INTENT", "RUNNING_CONFIG", "IMAGE", "PSIRT"]
- name: Run Compliance check with specific categories on device(s) using both IP address list and Site
cisco.dnac.network_compliance_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: false
config:
- ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
site_name: "Global/USA/San Francisco/Building_1/floor_1"
run_compliance: true
run_compliance_categories: ["INTENT", "RUNNING_CONFIG", "IMAGE", "PSIRT"]
- name: Sync Device Configuration on device(s) using IP address list
cisco.dnac.network_compliance_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: false
config:
- site_name: "Global"
sync_device_config: true
run_compliance: False
- name: Sync Device Configuration on device(s) using Site
cisco.dnac.network_compliance_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: false
config:
- site_name: "Global/USA/San Francisco/Building_1/floor_1"
sync_device_config: true
run_compliance: false
- name: Sync Device Configuration on device(s) using both IP address list and Site
cisco.dnac.network_compliance_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: false
config:
- ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
site_name: "Global/USA/San Francisco/Building_1/floor_1"
sync_device_config: true
run_compliance: false
- name: Run Compliance and Sync Device Configuration using both IP address list and Site
cisco.dnac.network_compliance_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log_level: "{{dnac_log_level}}"
dnac_log: false
config:
- ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
site_name: "Global/USA/San Francisco/Building_1/floor_1"
run_compliance: true
run_compliance_categories: ["INTENT", "RUNNING_CONFIG", "IMAGE", "PSIRT"]
sync_device_config: true
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A dictionary with the response returned by the Cisco Catalyst Center Python SDK Returned: always Sample: |
|
A dictionary with the response returned by the Cisco Catalyst Center Python SDK Returned: always Sample: |
|
A dictionary with the response returned by the Cisco Catalyst Center Python SDK Returned: always Sample: |