graphiant.naas.graphiant_backbone module – Manage Graphiant Core (backbone) device configuration

Note

This module is part of the graphiant.naas collection (version 26.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install graphiant.naas. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: graphiant.naas.graphiant_backbone.

New in graphiant.naas 26.5.0

Synopsis 

Manage configuration of Graphiant Core (backbone) devices.
Supports full Core configuration push as well as targeted operations on core-to-core interfaces, core-to-core IPsec tunnels, WAN ISP circuits, direct-peer interfaces, and per-VRF syslog targets.
All payloads target the core branch of the device configuration (gsdk.put_device_config). This is the counterpart to graphiant.naas.graphiant_interfaces, which targets the edge branch.
The single config_yaml_file holds the full Core configuration; each operation slices the appropriate section (interfaces filtered by type / circuit prefix, site block, vrfs.syslogTargets, …) and pushes only that slice.
Configuration files support Jinja2 templating for dynamic generation.

Requirements 

The below requirements are needed on the host that executes this module.

python >= 3.7
graphiant-sdk >= 26.5.0

Parameters 

Parameter	Comments
access_token string	Bearer token for API authentication (for example, from `graphiant login`, which opens a browser for sign-in (SSO or non-SSO) and retrieves the token). If not passed as a module argument, the collection reads `GRAPHIANT_ACCESS_TOKEN` (set after `graphiant login` when you `source ~/.graphiant/env.sh`). When a bearer token is present (module argument or environment), it takes precedence over `username` and `password`. If no valid token is available, the module authenticates with `username` and `password` when both are supplied.
config_yaml_file string / required	Path to the backbone (Core) interface configuration YAML file. Required for all operations. Can be an absolute path or relative path. Relative paths are resolved using the configured config_path. Configuration files support Jinja2 templating syntax for dynamic generation. File must contain a top-level `backbone_devices:` list, one entry per Core device with a `core:` block (name, regionName, site, interfaces, vrfs).
detailed_logs boolean	Enable detailed logging output for troubleshooting and monitoring. Logs are captured and included in the result message for display using ansible.builtin.debug. Choices: `false` ← (default) `true`
host aliases: base_url string / required	Graphiant portal host URL for API connectivity. Example: “https://api.graphiant.com”
operation string	The specific backbone operation to perform. `configure`: Push full Core configuration (name + regionName + site + interfaces + vrfs). `deconfigure`: Orchestrated full backbone teardown (WAN circuits, direct-peer, core-to-core tunnels, core-to-core interfaces, syslog targets) -- idempotent. `configure_core_to_core_interfaces`: Configure core-to-core interfaces (loopback / core_to_core_link / disabled). `deconfigure_core_to_core_interfaces`: Reset core-to-core interfaces to the enterprise default LAN. `configure_core_to_core_tunnel_interfaces`: Configure core-to-core IPsec tunnel interfaces. `deconfigure_core_to_core_tunnel_interfaces`: Delete core-to-core IPsec tunnel interfaces. `configure_wan_circuits`: Configure ISP transit (`isp-`) interfaces. `deconfigure_wan_circuits`: Reset ISP transit interfaces. `configure_direct_peer_interfaces`: Configure direct-peer (`direct-peer-`) interfaces. `deconfigure_direct_peer_interfaces`: Reset direct-peer interfaces. `configure_syslog_targets`: Push per-VRF syslog targets under `core.vrfs.<vrf>`. `deconfigure_syslog_targets`: Remove per-VRF syslog targets (sets each to null). Choices: `"configure"` `"deconfigure"` `"configure_core_to_core_interfaces"` `"deconfigure_core_to_core_interfaces"` `"configure_core_to_core_tunnel_interfaces"` `"deconfigure_core_to_core_tunnel_interfaces"` `"configure_wan_circuits"` `"deconfigure_wan_circuits"` `"configure_direct_peer_interfaces"` `"deconfigure_direct_peer_interfaces"` `"configure_syslog_targets"` `"deconfigure_syslog_targets"`
password string	Graphiant portal password for authentication. Required for password-based login when no valid bearer token is available from `access_token` or `GRAPHIANT_ACCESS_TOKEN`.
state string	The desired state for the Core device configuration. `present`: Maps to `configure` when `operation` is not specified. `absent`: Maps to `deconfigure` when `operation` is not specified. Choices: `"present"` ← (default) `"absent"`
username string	Graphiant portal username for authentication. Required for password-based login when no valid bearer token is available from `access_token` or `GRAPHIANT_ACCESS_TOKEN`.

Attributes 

Attribute	Support	Description
check_mode	Support: full When run with `--check`, the module logs the exact payloads that would be pushed with a `[check_mode]` prefix so you can see what configuration would be applied.	Supports check mode. In check mode, no configuration is pushed to the devices but payloads that would be pushed are logged with `[check_mode]`.

Notes 

Note

Operations:
- configure: Full Core configuration push (name + regionName + site + interfaces + vrfs).
- deconfigure: Orchestrated full teardown -- runs deconfigure for WAN ISP circuits, direct-peer, core-to-core tunnels, core-to-core interfaces, and syslog targets in dependency order.
- configure_core_to_core_interfaces / deconfigure_core_to_core_interfaces: core-to-core interfaces on `graphiant-core` (`loopback` / `core_to_core_link` with optional VLAN sub-interfaces / `disabled`).
- configure_core_to_core_tunnel_interfaces / deconfigure_core_to_core_tunnel_interfaces: core-to-core IPsec tunnel interfaces (`core_to_core_ipsec_tunnel`).
- configure_wan_circuits / deconfigure_wan_circuits: ISP transit interfaces with circuit names prefixed `isp-` (plus paired `p2mp_tunnel` entries).
- configure_direct_peer_interfaces / deconfigure_direct_peer_interfaces: direct-peer interfaces with circuit names prefixed `direct-peer-`.
- configure_syslog_targets / deconfigure_syslog_targets: per-VRF `syslogTargets` blocks under `core.vrfs.<vrf>`.
The module automatically resolves device names to IDs and validates configurations.
Deconfigure operations reset interfaces to the enterprise default LAN (`default-<enterprise_id>`) and are idempotent (check device state via `gsdk.get_device_info` before building delete payloads).
Configuration files support Jinja2 templating syntax for dynamic configuration generation.
Check mode (--check): No config is pushed; payloads that would be pushed are logged with [check_mode].

Examples 

- name: Configure all backbone interfaces (full push)
  graphiant.naas.graphiant_backbone:
    operation: configure
    config_yaml_file: "sample_backbone_config.yaml"
    host: "{{ graphiant_host }}"
    access_token: "{{ graphiant_access_token }}"
    detailed_logs: true

- name: Configure core-to-core interfaces
  graphiant.naas.graphiant_backbone:
    operation: configure_core_to_core_interfaces
    config_yaml_file: "sample_backbone_config.yaml"
    host: "{{ graphiant_host }}"
    access_token: "{{ graphiant_access_token }}"

- name: Configure core-to-core IPsec tunnels
  graphiant.naas.graphiant_backbone:
    operation: configure_core_to_core_tunnel_interfaces
    config_yaml_file: "sample_backbone_config.yaml"
    host: "{{ graphiant_host }}"
    access_token: "{{ graphiant_access_token }}"

- name: Configure backbone WAN ISP circuit interfaces
  graphiant.naas.graphiant_backbone:
    operation: configure_wan_circuits
    config_yaml_file: "sample_backbone_config.yaml"
    host: "{{ graphiant_host }}"
    access_token: "{{ graphiant_access_token }}"

- name: Configure backbone direct-peer interfaces
  graphiant.naas.graphiant_backbone:
    operation: configure_direct_peer_interfaces
    config_yaml_file: "sample_backbone_direct_peer_config.yaml"
    host: "{{ graphiant_host }}"
    access_token: "{{ graphiant_access_token }}"

- name: Configure backbone syslog targets
  graphiant.naas.graphiant_backbone:
    operation: configure_syslog_targets
    config_yaml_file: "sample_backbone_config.yaml"
    host: "{{ graphiant_host }}"
    access_token: "{{ graphiant_access_token }}"

- name: Deconfigure core-to-core interfaces
  graphiant.naas.graphiant_backbone:
    operation: deconfigure_core_to_core_interfaces
    config_yaml_file: "sample_backbone_config.yaml"
    host: "{{ graphiant_host }}"
    access_token: "{{ graphiant_access_token }}"

- name: Deconfigure all backbone interfaces (orchestrated teardown)
  graphiant.naas.graphiant_backbone:
    operation: deconfigure
    config_yaml_file: "sample_backbone_config.yaml"
    host: "{{ graphiant_host }}"
    access_token: "{{ graphiant_access_token }}"
    detailed_logs: true

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
changed boolean	Whether the operation pushed configuration changes. `true` when at least one device’s matching configuration was pushed. `false` when no matching configuration was found in the file. Returned: always Sample: `true`
config_yaml_file string	The interface configuration file used for the operation. Returned: always Sample: `"sample_backbone_config.yaml"`
msg string	Result message from the operation, including detailed logs when `detailed_logs` is enabled. Returned: always Sample: `"Successfully configured backbone (Core) devices"`
operation string	The operation that was performed. Returned: always Sample: `"configure"`

Authors

Graphiant Team (@graphiant)

graphiant.naas.graphiant_backbone module – Manage Graphiant Core (backbone) device configuration

Synopsis 

Requirements 

Parameters 

Attributes 

Notes 

See Also 

Examples 

Return Values 

Authors

Collection links