Try SpotterProvides rollback and rollback preview functionality for Cisco ACI fabrics (config:ImportP)
| "added in version" 2.4 of ansible.builtin"
Authors: Swetha Chunduri (@schunduri), Dag Wieers (@dagwieers), Jacob McGill (@jmcgill298)
preview | supported by community
pipInstall with pip install ansible==2.4.3.0.post1
Provides rollback and rollback preview functionality for Cisco ACI fabric.
Config Rollbacks are done using snapshots C(aci_snapshot) with the configImportP class.
More information from the internal APIC class I(config:ImportP) at U(https://developer.cisco.com/media/mim-ref/MO-configImportP.html).
---
- name: Create a Snapshot
aci_config_snapshot:
hostname: apic
username: admin
password: SomeSecretPassword
state: present
export_policy: config_backup
- name: Query Existing Snapshots
aci_config_snapshot:
hostname: apic
username: admin
password: SomeSecretPassword
state: query
export_policy: config_backup
- name: Compare Snapshot Files
aci_config_rollback:
hostname: apic
username: admin
password: SomeSecretPassword
state: preview
export_policy: config_backup
snapshot: 'run-2017-08-28T06-24-01'
compare_export_policy: config_backup
compare_snapshot: 'run-2017-08-27T23-43-56'
- name: Rollback Configuration
aci_config_rollback:
hostname: apic
username: admin
password: SomeSecretPassword
state: rollback
import_policy: rollback_config
export_policy: config_backup
snapshot: 'run-2017-08-28T06-24-01'
- name: Rollback Configuration
aci_config_rollback:
hostname: apic
username: admin
password: SomeSecretPassword
state: rollback
import_policy: rollback_config
export_policy: config_backup
snapshot: 'run-2017-08-28T06-24-01'
description: 'Rollback 8-27 changes'
import_mode: atomic
import_type: replace
fail_on_decrypt: yes
host:
aliases:
- hostname
description:
- IP Address or hostname of APIC resolvable by Ansible control host.
- If the value is not specified in the task, the value of environment variable C(ACI_HOST)
will be used instead.
required: true
type: str
port:
description:
- Port number to be used for REST connection.
- The default value depends on parameter C(use_ssl).
- If the value is not specified in the task, the value of environment variable C(ACI_PORT)
will be used instead.
type: int
state:
choices:
- preview
- rollback
default: rollback
description:
- Use C(preview) for previewing the diff between two snapshots.
- Use C(rollback) for reverting the configuration to a previous snapshot.
timeout:
default: 30
description:
- The socket level timeout in seconds.
- If the value is not specified in the task, the value of environment variable C(ACI_TIMEOUT)
will be used instead.
type: int
use_ssl:
default: true
description:
- If C(no), an HTTP connection will be used instead of the default HTTPS connection.
- If the value is not specified in the task, the value of environment variable C(ACI_USE_SSL)
will be used instead.
type: bool
password:
description:
- The password to use for authentication.
- This option is mutual exclusive with C(private_key). If C(private_key) is provided
too, it will be used instead.
- If the value is not specified in the task, the value of environment variables C(ACI_PASSWORD)
or C(ANSIBLE_NET_PASSWORD) will be used instead.
type: str
snapshot:
description:
- The name of the snapshot to rollback to, or the base snapshot to use for comparison.
- The C(aci_snapshot) module can be used to query the list of available snapshots.
required: true
username:
aliases:
- user
default: admin
description:
- The username to use for authentication.
- If the value is not specified in the task, the value of environment variables C(ACI_USERNAME)
or C(ANSIBLE_NET_USERNAME) will be used instead.
type: str
owner_key:
description:
- User-defined string for the ownerKey attribute of an ACI object.
- This attribute represents a key for enabling clients to own their data for entity
correlation.
- If the value is not specified in the task, the value of environment variable C(ACI_OWNER_KEY)
will be used instead.
type: str
owner_tag:
description:
- User-defined string for the ownerTag attribute of an ACI object.
- This attribute represents a tag for enabling clients to add their own data.
- For example, to indicate who created this object.
- If the value is not specified in the task, the value of environment variable C(ACI_OWNER_TAG)
will be used instead.
type: str
use_proxy:
default: true
description:
- If C(no), it will not use a proxy, even if one is defined in an environment variable
on the target hosts.
- If the value is not specified in the task, the value of environment variable C(ACI_USE_PROXY)
will be used instead.
type: bool
annotation:
description:
- User-defined string for annotating an object.
- If the value is not specified in the task, the value of environment variable C(ACI_ANNOTATION)
will be used instead.
type: str
description:
aliases:
- descr
description:
- The description for the Import Policy.
import_mode:
choices:
- atomic
- best-effort
default: atomic
description:
- Determines how the import should be handled by the APIC.
- The APIC defaults new Import Policies to C(atomic).
import_type:
choices:
- merge
- replace
default: replace
description:
- Determines how the current and snapshot configuration should be compared for replacement.
- The APIC defaults new Import Policies to C(replace).
output_path:
description:
- Path to a file that will be used to dump the ACI JSON configuration objects generated
by the module.
- If the value is not specified in the task, the value of environment variable C(ACI_OUTPUT_PATH)
will be used instead.
type: str
private_key:
aliases:
- cert_key
description:
- Either a PEM-formatted private key file or the private key content used for signature-based
authentication.
- This value also influences the default C(certificate_name) that is used.
- This option is mutual exclusive with C(password). If C(password) is provided too,
it will be ignored.
- If the value is not specified in the task, the value of environment variable C(ACI_PRIVATE_KEY)
will be used instead.
type: str
output_level:
choices:
- debug
- info
- normal
default: normal
description:
- Influence the output of this ACI module.
- C(normal) means the standard output, incl. C(current) dict
- C(info) adds informational output, incl. C(previous), C(proposed) and C(sent) dicts
- C(debug) adds debugging output, incl. C(filter_string), C(method), C(response),
C(status) and C(url) information
- If the value is not specified in the task, the value of environment variable C(ACI_OUTPUT_LEVEL)
will be used instead.
type: str
export_policy:
description:
- The export policy that the C(snapshot) is associated to.
required: true
import_policy:
description:
- The name of the Import Policy to use for config rollback.
validate_certs:
default: true
description:
- If C(no), SSL certificates will not be validated.
- This should only set to C(no) when used on personally controlled sites using self-signed
certificates.
- If the value is not specified in the task, the value of environment variable C(ACI_VALIDATE_CERTS)
will be used instead.
type: bool
fail_on_decrypt:
default: 'yes'
description:
- Determines if the APIC should fail the rollback if unable to decrypt secured data.
- The APIC defaults new Import Policies to C(yes).
type: bool
certificate_name:
aliases:
- cert_name
description:
- The X.509 certificate name attached to the APIC AAA user used for signature-based
authentication.
- If a C(private_key) filename was provided, this defaults to the C(private_key) basename,
without extension.
- If PEM-formatted content was provided for C(private_key), this defaults to the C(username)
value.
- If the value is not specified in the task, the value of environment variable C(ACI_CERTIFICATE_NAME)
will be used instead.
type: str
compare_snapshot:
description:
- The name of the snapshot to compare with C(snapshot).
compare_export_policy:
description:
- The export policy that the C(compare_snapshot) is associated to.