cisco.dnac.network_compliance_workflow_manager module – Network Compliance module for managing network compliance tasks on reachable device(s) in Cisco Catalyst Center.

Note

This module is part of the cisco.dnac collection (version 6.22.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cisco.dnac. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.dnac.network_compliance_workflow_manager.

New in cisco.dnac 6.14.0

Synopsis

• Perform compliance checks or sync configurations on reachable devices using IP Address(s) or Site.

• API to perform full compliance checks or specific category checks on reachable device(s).

• API to sync device configuration on device(s).

Requirements

The below requirements are needed on the host that executes this module.

• dnacentersdk == 2.7.0

• python >= 3.9

Parameters

Parameter	Comments
config list / elements=dictionary / required	List of device details for running a compliance check or synchronizing device configuration.
ip_address_list list / elements=string	List of IP addresses of devices to run a compliance check on or synchronize device configurations. Either “ip_address_list” or “site_name” is required for module to execute. If both “site_name” and “ip_address_list” are provided, operations are performed on devices that are present in both the “ip_address_list” and the specified site. (e.g. [“204.1.2.2”, “204.1.2.5”, “204.1.2.4”])
run_compliance boolean	Determines if a full compliance check should be triggered on the devices specified in the “ip_address_list” and/or “site_name”. if it is True then compliance will be triggered for all categories. If it is False then compliance will be not be triggered even if run_compliance categories are provided. Note - This operation cannot be performed on Access Points (APs) and if APs are provided, they will be skipped. Choices: false true ← (default)
run_compliance_batch_size integer	Specifies the number of devices to be included in a single batch for compliance operations. This parameter is crucial for optimizing performance during large-scale compliance checks. By processing devices in manageable batches, the system can enhance the speed and efficiency of the operation, reducing the overall time required and minimizing the risk of overloading system resources. Adjusting this parameter allows for a balance between throughput and resource utilization, ensuring smooth and effective compliance management. Note - Having a higher value for run_compliance_batch_size may cause errors due to the increased load on the system. Default: 100
run_compliance_categories list / elements=string	Specifying compliance categories allows you to trigger compliance checks only for the mentioned categories. Category can have one or more values from among the options “INTENT”, “RUNNING_CONFIG”, “IMAGE”, “PSIRT”, “EOX”, “NETWORK_SETTINGS”. Category “INTENT” is mapped to compliance types “NETWORK_SETTINGS”, “NETWORK_PROFILE”, “WORKFLOW”, “FABRIC”, “APPLICATION_VISIBILITY”. If “run_compliance” is False then compliance will be not be triggered even if “run_compliance_categories” are provided. (e.g. [“INTENT”, “RUNNING_CONFIG”, “IMAGE”, “PSIRT”, “EOX”, “NETWORK_SETTINGS”])
site_name string	When “site_name” is specified, the module executes the operation on all the devices located within the specified site. This is a string value that should represent the complete hierarchical path of the site. Either “site_name” or “ip_address_list” is required for module to execute. If both “site_name” and “ip_address_list” are provided, operations are performed on devices that are present in both the “ip_address_list” and the specified site. (e.g. “Global/USA/San Francisco/Building_2/floor_1”)
sync_device_config boolean	Determines whether to synchronize the device configuration on the devices specified in the “ip_address_list” and/or “site_name”. Sync device configuration, primarily addresses the status of the `RUNNING_CONFIG`. If set to True, and if `RUNNING_CONFIG` status is non-compliant this operation would commit device running configuration to startup by issuing “write memory” to device. Note - This operation cannot be performed on Access Points (APs) and if APs are provided, they will be skipped. Choices: false ← (default) true
config_verify boolean	Set to True to verify the Cisco Catalyst Center config after applying the playbook config. Choices: false ← (default) true
dnac_api_task_timeout integer	Defines the timeout in seconds for API calls to retrieve task details. If the task details are not received within this period, the process will end, and a timeout notification will be logged. Default: 1200
dnac_debug boolean	Indicates whether debugging is enabled in the Cisco Catalyst Center SDK. Choices: false ← (default) true
dnac_host string / required	The hostname of the Cisco Catalyst Center.
dnac_log boolean	Flag to enable/disable playbook execution logging. When true and dnac_log_file_path is provided, - Create the log file at the execution location with the specified name. When true and dnac_log_file_path is not provided, - Create the log file at the execution location with the name ‘dnac.log’. When false, - Logging is disabled. If the log file doesn’t exist, - It is created in append or write mode based on the “dnac_log_append” flag. If the log file exists, - It is overwritten or appended based on the “dnac_log_append” flag. Choices: false ← (default) true
dnac_log_append boolean	Determines the mode of the file. Set to True for ‘append’ mode. Set to False for ‘write’ mode. Choices: false true ← (default)
dnac_log_file_path string	Governs logging. Logs are recorded if dnac_log is True. If path is not specified, - When ‘dnac_log_append’ is True, ‘dnac.log’ is generated in the current Ansible directory; logs are appended. - When ‘dnac_log_append’ is False, ‘dnac.log’ is generated; logs are overwritten. If path is specified, - When ‘dnac_log_append’ is True, the file opens in append mode. - When ‘dnac_log_append’ is False, the file opens in write (w) mode. - In shared file scenarios, without append mode, content is overwritten after each module execution. - For a shared log file, set append to False for the 1st module (to overwrite); for subsequent modules, set append to True. Default: "dnac.log"
dnac_log_level string	Sets the threshold for log level. Messages with a level equal to or higher than this will be logged. Levels are listed in order of severity [CRITICAL, ERROR, WARNING, INFO, DEBUG]. CRITICAL indicates serious errors halting the program. Displays only CRITICAL messages. ERROR indicates problems preventing a function. Displays ERROR and CRITICAL messages. WARNING indicates potential future issues. Displays WARNING, ERROR, CRITICAL messages. INFO tracks normal operation. Displays INFO, WARNING, ERROR, CRITICAL messages. DEBUG provides detailed diagnostic info. Displays all log messages. Default: "WARNING"
dnac_password string	The password for authentication at the Cisco Catalyst Center.
dnac_port string	Specifies the port number associated with the Cisco Catalyst Center. Default: "443"
dnac_task_poll_interval integer	Specifies the interval in seconds between successive calls to the API to retrieve task details. Default: 2
dnac_username aliases: user string	The username for authentication at the Cisco Catalyst Center. Default: "admin"
dnac_verify boolean	Flag to enable or disable SSL certificate verification. Choices: false true ← (default)
dnac_version string	Specifies the version of the Cisco Catalyst Center that the SDK should use. Default: "2.2.3.3"
state string	State of Cisco Catalyst Center after module completion. Choices: "merged" ← (default)
validate_response_schema boolean	Flag for Cisco Catalyst Center SDK to enable the validation of request bodies against a JSON schema. Choices: false true ← (default)

Notes

Note

• SDK Methods used are compliance.Compliance.run_compliance compliance.Compliance.commit_device_configuration task.Task.get_task_by_id task.Task.get_task_details_by_id task.Task.get_tasks compliance.Compliance.compliance_details_of_device devices.Devices.get_device_list devices.Devices.get_device_by_id site.Site.get_site site.Site.get_membership site_design.Site_design.get_sites site_design.Site_design.get_site_assigned_network_devices

• Paths used are post /dna/intent/api/v1/compliance/ post /dna/intent/api/v1/network-device-config/write-memory get /dna/intent/api/v1/task/{taskId} get /dna/intent/api/v1/compliance/${deviceUuid}/detail get /dna/intent/api/v1/membership/${siteId} get /dna/intent/api/v1/site get /dna/intent/api/v1/networkDevices/assignedToSite get /dna/intent/api/v1/sites get /dna/intent/api/v1/tasks/${id}/detail get /dna/intent/api/v1/tasks get /dna/intent/api/v1/network-device/${id} get /dna/intent/api/v1/network-device

• Does not support check_mode

• The plugin runs on the control node and does not use any ansible connection plugins instead embedded connection manager from Cisco Catalyst Center SDK

• The parameters starting with dnac_ are used by the Cisco Catalyst Center Python SDK to establish the connection

Examples

- name: Run Compliance check on device(s) using IP address list (run_compliance by default is True)
  cisco.dnac.network_compliance_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    config:
      - ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]

- name: Run Compliance check on device(s) using IP address list
  cisco.dnac.network_compliance_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    config:
      - ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
        run_compliance: true

- name: Run Compliance check on device(s) using Site
  cisco.dnac.network_compliance_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    config:
      - site_name: "Global/USA/San Francisco/Building_1/floor_1"
        run_compliance: true

- name: Run Compliance check on device(s) using both IP address list and Site
  cisco.dnac.network_compliance_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    config:
      - ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
        site_name: "Global/USA/San Francisco/Building_1/floor_1"
        run_compliance: true

- name: Run Compliance check with specific categories on device(s) using IP address list
  cisco.dnac.network_compliance_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    config:
      - ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
        run_compliance: true
        run_compliance_categories: ["INTENT", "RUNNING_CONFIG", "IMAGE", "PSIRT"]

- name: Run Compliance check with specific categories on device(s) using Site
  cisco.dnac.network_compliance_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    config:
      - site_name: "Global/USA/San Francisco/Building_1/floor_1"
        run_compliance: true
        run_compliance_categories: ["INTENT", "RUNNING_CONFIG", "IMAGE", "PSIRT"]

- name: Run Compliance check with specific categories on device(s) using both IP address list and Site
  cisco.dnac.network_compliance_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    config:
      - ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
        site_name: "Global/USA/San Francisco/Building_1/floor_1"
        run_compliance: true
        run_compliance_categories: ["INTENT", "RUNNING_CONFIG", "IMAGE", "PSIRT"]

- name: Sync Device Configuration on device(s) using IP address list
  cisco.dnac.network_compliance_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    config:
      - site_name: "Global"
        sync_device_config: true
        run_compliance: False

- name: Sync Device Configuration on device(s) using Site
  cisco.dnac.network_compliance_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    config:
      - site_name: "Global/USA/San Francisco/Building_1/floor_1"
        sync_device_config: true
        run_compliance: false

- name: Sync Device Configuration on device(s) using both IP address list and Site
  cisco.dnac.network_compliance_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    config:
      - ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
        site_name: "Global/USA/San Francisco/Building_1/floor_1"
        sync_device_config: true
        run_compliance: false

- name: Run Compliance and Sync Device Configuration using both IP address list and Site
  cisco.dnac.network_compliance_workflow_manager:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    dnac_log_level: "{{dnac_log_level}}"
    dnac_log: false
    config:
      - ip_address_list: ["204.1.2.2", "204.1.2.5", "204.1.2.4"]
        site_name: "Global/USA/San Francisco/Building_1/floor_1"
        run_compliance: true
        run_compliance_categories: ["INTENT", "RUNNING_CONFIG", "IMAGE", "PSIRT"]
        sync_device_config: true

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
sample_response_1 dictionary	A dictionary with the response returned by the Cisco Catalyst Center Python SDK Returned: always Sample: "{\n  \"status\": \"string\",\n  \"changed\": bool,\n  \"msg\": \"string\"\n  \"response\": {\n    \"taskId\": \"string\",\n    \"url\": \"string\"\n  },\n  \"data\": dict,\n  \"version\": \"string\"\n}\n"
sample_response_2 dictionary	A dictionary with the response returned by the Cisco Catalyst Center Python SDK Returned: always Sample: "{\n  \"status\": \"string\",\n  \"changed\": bool,\n  \"msg\": \"string\"\n  \"response\": {\n    \"taskId\": \"string\",\n    \"url\": \"string\"\n  },\n  \"version\": \"string\"\n}\n"
sample_response_3 dictionary	A dictionary with the response returned by the Cisco Catalyst Center Python SDK Returned: always Sample: "{\n  \"changed\": bool,\n  \"msg\": \"string\"\n}\n"

Authors

• Rugvedi Kapse (@rukapse) Madhan Sankaranarayanan (@madhansansel) Sonali Deepthi (@skesali)

Collection links

• Issue Tracker
• Repository (Sources)