Try SpotterA resource module for handling device discovery tasks.
| "added in version" 6.6.0 of cisco.dnac"
Authors: Abinash Mishra (@abimishr) Phan Nguyen (@phannguy) Madhan Sankaranarayanan (@madhansansel)
Install with ansible-galaxy collection install cisco.dnac:==6.13.3
collections:
- name: cisco.dnac
version: 6.13.3Manages device discovery using IP address, address range, CDP, and LLDP, including deletion of discovered devices.
API to discover a device or multiple devices
API to delete a discovery of a device or multiple devices
- name: Execute discovery of devices with both global credentials and discovery specific credentials
cisco.dnac.discovery_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log: True
dnac_log_level: "{{dnac_log_level}}"
state: merged
config_verify: True
config:
- discovery_name: Discovery with both global and job specific credentials
discovery_type: RANGE
ip_address_list:
- 201.1.1.1-201.1.1.100
ip_filter_list:
- 201.1.1.2
- 201.1.1.10
discovery_specific_credentials:
cli_credentials_list:
- username: cisco
password: Cisco123
enable_password: Cisco123
http_read_credential:
username: cisco
password: Cisco123
port: 443
secure: true
http_write_credential:
username: cisco
password: Cisco123
port: 443
secure: True
snmp_v2_read_credential:
desc: snmp_v2-new
community: Cisco123
snmp_v2_write_credential:
desc: snmp_v2-new
community: Cisco123
snmp_v3_credential:
username: v3Public2
snmp_mode: AUTHPRIV
auth_type: SHA
auth_password: Lablab123
privacy_type: AES256
privacy_password: Lablab123
net_conf_port: 750
global_credentials:
cli_credentials_list:
- description: ISE
username: cisco
- description: CLI1234
username: cli
http_read_credential_list:
- description: HTTP Read
username: HTTP_Read
http_write_credential_list:
- description: HTTP Write
username: HTTP_Write
snmp_v3_credential_list:
- description: snmpV3
username: snmpV3
snmp_v2_read_credential_list:
- description: snmpV2_read
snmp_v2_write_credential_list:
- description: snmpV2_write
net_conf_port_list:
- description: Old_one
start_index: 1
records_to_return: 100
protocol_order: ssh
retry: 5
timeout: 3
- name: Execute discovery of devices with discovery specific credentials only
cisco.dnac.discovery_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log: True
dnac_log_level: "{{dnac_log_level}}"
state: merged
config_verify: True
config:
- discovery_name: Single with discovery specific credentials only
discovery_type: SINGLE
ip_address_list:
- 204.1.1.10
discovery_specific_credentials:
cli_credentials_list:
- username: cisco
password: Cisco123
enable_password: Cisco123
http_read_credential:
username: cisco
password: Cisco123
port: 443
secure: true
http_write_credential:
username: cisco
password: Cisco123
port: 443
secure: True
snmp_v2_read_credential:
desc: snmp_v2-new
community: Cisco123
snmp_v2_write_credential:
desc: snmp_v2-new
community: Cisco123
snmp_v3_credential:
username: v3Public2
snmp_mode: AUTHPRIV
auth_type: SHA
auth_password: Lablab123
privacy_type: AES256
privacy_password: Lablab123
net_conf_port: 750
use_global_credentials: False
start_index: 1
records_to_return: 100
protocol_order: ssh
retry: 5
timeout: 3
- name: Execute discovery of devices with global credentials only
cisco.dnac.discovery_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log: True
dnac_log_level: "{{dnac_log_level}}"
state: merged
config_verify: True
config:
- discovery_name: CDP with global credentials only
discovery_type: CDP
ip_address_list:
- 204.1.1.1
cdp_level: 16
global_credentials:
cli_credentials_list:
- description: ISE
username: cisco
- description: CLI1234
username: cli
http_read_credential_list:
- description: HTTP Read
username: HTTP_Read
http_write_credential_list:
- description: HTTP Write
username: HTTP_Write
snmp_v3_credential_list:
- description: snmpV3
username: snmpV3
snmp_v2_read_credential_list:
- description: snmpV2_read
snmp_v2_write_credential_list:
- description: snmpV2_write
net_conf_port_list:
- description: Old_one
start_index: 1
records_to_return: 100
protocol_order: ssh
retry: 5
timeout: 3
- name: Execute discovery of devices with all the global credentials (max 5 allowed)
cisco.dnac.discovery_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log: True
dnac_log_level: "{{dnac_log_level}}"
state: merged
config_verify: True
config:
- discovery_name: CIDR with all global credentials
discovery_type: CIDR
ip_address_list:
- 204.1.2.0/24
ip_filter_list:
- 204.1.2.10
preferred_mgmt_ip_method: None
start_index: 1
records_to_return: 100
protocol_order: telnet
retry: 10
timeout: 3
use_global_credentials: True
- name: Delete disovery by name
cisco.dnac.discovery_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log: True
dnac_log_level: "{{dnac_log_level}}"
state: deleted
config_verify: True
config:
- discovery_name: Single discovery
state:
choices:
- merged
- deleted
default: merged
description: The state of Cisco Catalyst Center after module completion.
type: str
config:
description:
- List of details of device being managed.
elements: dict
required: true
suboptions:
cdp_level:
default: 16
description: Total number of levels that are there in cdp's method of discovery
type: int
delete_all:
default: false
description: Parameter to delete all the discoveries at one go
type: bool
discovery_name:
description: Name of the discovery task
required: true
type: str
discovery_specific_credentials:
description: Credentials specifically created by the user for performing device
discovery.
suboptions:
cli_credentials_list:
description: List of CLI credentials to be used during device discovery.
elements: dict
suboptions:
enable_password:
description: Enable password for CLI authentication, mandatory when using
CLI credential.
type: str
password:
description: Password for CLI authentication, mandatory when using CLI
credential.
type: str
username:
description: Username for CLI authentication, mandatory when using CLI
credentials.
type: str
type: list
http_read_credential:
description: HTTP read credential is used for authentication purposes and
specifically utilized to grant read-only access to certain resources from
the device.
suboptions:
password:
description: Password for HTTP(S) Read authentication, mandatory when
using HTTP credentials.
type: str
port:
description: Port for HTTP(S) Read authentication, mandatory for using
HTTP credentials.
type: int
secure:
description: Flag for HTTP(S) Read authentication, not mandatory when
using HTTP credentials.
type: bool
username:
description: Username for HTTP(S) Read authentication, mandatory when
using HTTP credentials.
type: str
type: dict
http_write_credential:
description: HTTP write credential is used for authentication purposes and
grants Cisco Catalyst Center the ability to alter configurations, update
software, or perform other modifications on a network device.
suboptions:
password:
description: Password for HTTP(S) Write authentication, mandatory when
using HTTP credentials.
type: str
port:
description: Port for HTTP(S) Write authentication, mandatory when using
HTTP credentials.
type: int
secure:
description: Flag for HTTP(S) Write authentication, not mandatory when
using HTTP credentials.
type: bool
username:
description: Username for HTTP(S) Write authentication, mandatory when
using HTTP credentials.
type: str
type: dict
net_conf_port:
description:
- To be used when network contains IOS XE-based wireless controllers.
- This is used for discovery and the enabling of wireless services on the
controllers.
- Requires valid SSH credentials to work.
- Avoid standard ports like 22, 80, and 8080.
type: str
snmp_v2_read_credential:
description:
- The SNMP v2 credentials to be created and used for contacting a device via
SNMP protocol in read mode.
- SNMP v2 also delivers data encryptions, but it uses data types.
suboptions:
community:
description: SNMP V2 Read community string enables Cisco Catalyst Center
to extract read-only data from device.
type: str
desc:
description: Name/Description of the SNMP read credential to be used for
creation of snmp_v2_read_credential.
type: str
type: dict
snmp_v2_write_credential:
description:
- The SNMP v2 credentials to be created and used for contacting a device via
SNMP protocol in read and write mode.
- SNMP v2 also delivers data encryptions, but it uses data types.
suboptions:
community:
description: SNMP V2 Write community string is used to extract data and
alter device configurations.
type: str
desc:
description: Name/Description of the SNMP write credential to be used
for creation of snmp_v2_write_credential.
type: str
type: dict
snmp_v3_credential:
description:
- The SNMP v3 credentials to be created and used for contacting a device via
SNMP protocol in read and write mode.
- SNMPv3 is the most secure version of SNMP, allowing users to fully encrypt
transmissions, keeping us safe from external attackers.
suboptions:
auth_password:
description:
- Authentication Password of the SNMP v3 protocol to be used.
- Must be of length greater than 7 characters.
- Not required for NOAUTHNOPRIV snmp_mode.
type: str
auth_type:
choices:
- SHA
- MD5
description:
- Authentication type of the SNMP v3 protocol to be used.
- SHA uses Secure Hash Algorithm (SHA) as your authentication protocol.
- MD5 uses Message Digest 5 (MD5) as your authentication protocol and
is not recommended.
- Not required for NOAUTHNOPRIV snmp_mode.
type: str
privacy_password:
description:
- Privacy password of the SNMP v3 protocol to be used in AUTHPRIV SNMP
mode
- Not required for AUTHNOPRIV and NOAUTHNOPRIV snmp_mode.
type: str
privacy_type:
choices:
- AES128
- AES192
- AES256
description:
- Privacy type/protocol of the SNMP v3 protocol to be used in AUTHPRIV
SNMP mode
- Not required for AUTHNOPRIV and NOAUTHNOPRIV snmp_mode.
type: str
snmp_mode:
choices:
- AUTHPRIV
- AUTHNOPRIV
- NOAUTHNOPRIV
description:
- Mode of SNMP which determines the encryption level of our community
string.
- AUTHPRIV mode uses both Authentication and Encryption.
- AUTHNOPRIV mode uses Authentication but no Encryption.
- NOAUTHNOPRIV mode does not use either Authentication or Encryption.
type: str
username:
description: Username of the SNMP v3 protocol to be used.
type: str
type: dict
type: dict
discovery_type:
choices:
- SINGLE
- RANGE
- MULTI RANGE
- CDP
- LLDP
- CIDR
description: Determines the method of device discovery. Here are the available
options. - SINGLE discovers a single device using a single IP address. - RANGE
discovers multiple devices within a single IP address range. - MULTI RANGE discovers
devices across multiple IP address ranges. - CDP uses Cisco Discovery Protocol
to discover devices in subsequent layers of the given IP address. - LLDP uses
Link Layer Discovery Protocol to discover devices in subsequent layers of the
specified IP address. - CIDR discovers devices based on subnet filtering using
Classless Inter-Domain Routing.
required: true
type: str
global_credentials:
description:
- Set of various credential types, including CLI, SNMP, HTTP, and NETCONF, that
a user has pre-configured in the Device Credentials section of the Cisco Catalyst
Center.
- If user doesn't pass any global credentials in the playbook, then by default,
we will use all the global credentials present in the Cisco Catalyst Center
of each type for performing discovery. (Max 5 allowed)
suboptions:
cli_credentials_list:
description:
- Accepts a list of global CLI credentials for use in device discovery.
- It's recommended to create device credentials with both a unique username
and a clear description.
elements: dict
suboptions:
description:
description: Name of the CLI credential, mandatory when using global CLI
credentials.
type: str
username:
description: Username required for CLI authentication and is mandatory
when using global CLI credentials.
type: str
type: list
http_read_credential_list:
description:
- List of global HTTP Read credentials that will be used in the process of
discovering devices.
- It's recommended to create device credentials with both a unique username
and a clear description for easy identification.
elements: dict
suboptions:
description:
description: Name of the HTTP Read credential, mandatory when using global
HTTP credentials.
type: str
username:
description: Username for HTTP Read authentication, mandatory when using
global HTTP credentials.
type: str
type: list
http_write_credential_list:
description:
- List of global HTTP Write credentials that will be used in the process of
discovering devices.
- It's recommended to create device credentials with both a unique username
and a clear description for easy identification.
elements: dict
suboptions:
description:
description: Name of the HTTP Write credential, mandatory when using global
HTTP credentials.
type: str
username:
description: Username for HTTP Write authentication, mandatory when using
global HTTP credentials.
type: str
type: list
net_conf_port_list:
description:
- List of Global Net conf ports to be used during device discovery.
- It's recommended to create device credentials with unique description.
elements: dict
suboptions:
description:
description: Name of the Net Conf Port credential, mandatory when using
global Net conf port.
type: str
type: list
snmp_v2_read_credential_list:
description:
- List of Global SNMP V2 Read credentials to be used during device discovery.
- It's recommended to create device credentials with a clear description for
easy identification.
elements: dict
suboptions:
description:
description: Name of the SNMP Read credential, mandatory when using global
SNMP credentials.
type: str
type: list
snmp_v2_write_credential_list:
description:
- List of Global SNMP V2 Write credentials to be used during device discovery.
- It's recommended to create device credentials with a clear description for
easy identification.
elements: dict
suboptions:
description:
description: Name of the SNMP Write credential, mandatory when using global
SNMP credentials.
type: str
type: list
snmp_v3_credential_list:
description:
- List of Global SNMP V3 credentials to be used during device discovery, giving
read and write mode.
- It's recommended to create device credentials with both a unique username
and a clear description for easy identification.
elements: dict
suboptions:
description:
description: Name of the SNMP V3 credential, mandatory when using global
SNMP credentials.
type: str
username:
description: Username for SNMP V3 authentication, mandatory when using
global SNMP credentials.
type: str
type: list
type: dict
version_added: 6.12.0
version_added_collection: cisco.dnac
ip_address_list:
description: List of IP addresses to be discovered. For CDP/LLDP/SINGLE based
discovery, we should pass a list with single element like - 10.197.156.22. For
CIDR based discovery, we should pass a list with single element like - 10.197.156.22/22.
For RANGE based discovery, we should pass a list with single element and range
like - 10.197.156.1-10.197.156.100. For MULTI RANGE based discovery, we should
pass a list with multiple elementd like - 10.197.156.1-10.197.156.100 and in
next line - 10.197.157.1-10.197.157.100. Maximum of 8 IP address ranges are
allowed.
elements: str
required: true
type: list
ip_filter_list:
description: List of IP adddrsess that needs to get filtered out from the IP addresses
passed.
elements: str
type: list
lldp_level:
default: 16
description: Total number of levels that are there in lldp's method of discovery
type: int
preferred_mgmt_ip_method:
default: None
description: Preferred method for the management of the IP (None/UseLoopBack)
type: str
protocol_order:
default: ssh
description: Determines the order in which device connections will be attempted.
Here are the options - "telnet" Only telnet connections will be tried. - "ssh,
telnet" SSH (Secure Shell) will be attempted first, followed by telnet if SSH
fails.
type: str
records_to_return:
default: 100
description: Number of records to return for the header in fetching global v2
credentials
type: int
retry:
description: Number of times to try establishing connection to device
type: int
start_index:
default: 1
description: Start index for the header in fetching SNMP v2 credentials
type: int
timeout:
description: Time to wait for device response in seconds
type: int
use_global_credentials:
default: true
description:
- Determines if device discovery should utilize pre-configured global credentials.
- Setting to True employs the predefined global credentials for discovery tasks.
This is the default setting.
- Setting to False requires manually provided, device-specific credentials for
discovery, as global credentials will be bypassed.
type: bool
type: list
dnac_log:
default: false
description:
- Flag to enable/disable playbook execution logging.
- When true and dnac_log_file_path is provided, - Create the log file at the execution
location with the specified name.
- When true and dnac_log_file_path is not provided, - Create the log file at the execution
location with the name 'dnac.log'.
- When false, - Logging is disabled.
- If the log file doesn't exist, - It is created in append or write mode based on
the "dnac_log_append" flag.
- If the log file exists, - It is overwritten or appended based on the "dnac_log_append"
flag.
type: bool
dnac_host:
description:
- The hostname of the Cisco Catalyst Center.
required: true
type: str
dnac_port:
default: '443'
description:
- Specifies the port number associated with the Cisco Catalyst Center.
type: str
dnac_debug:
default: false
description:
- Indicates whether debugging is enabled in the Cisco Catalyst Center SDK.
type: bool
dnac_verify:
default: true
description:
- Flag to enable or disable SSL certificate verification.
type: bool
dnac_version:
default: 2.2.3.3
description:
- Specifies the version of the Cisco Catalyst Center that the SDK should use.
type: str
config_verify:
default: false
description: Set to True to verify the Cisco Catalyst Center config after applying
the playbook config.
type: bool
dnac_password:
description:
- The password for authentication at the Cisco Catalyst Center.
type: str
dnac_username:
aliases:
- user
default: admin
description:
- The username for authentication at the Cisco Catalyst Center.
type: str
dnac_log_level:
default: WARNING
description:
- Sets the threshold for log level. Messages with a level equal to or higher than
this will be logged. Levels are listed in order of severity [CRITICAL, ERROR, WARNING,
INFO, DEBUG].
- CRITICAL indicates serious errors halting the program. Displays only CRITICAL messages.
- ERROR indicates problems preventing a function. Displays ERROR and CRITICAL messages.
- WARNING indicates potential future issues. Displays WARNING, ERROR, CRITICAL messages.
- INFO tracks normal operation. Displays INFO, WARNING, ERROR, CRITICAL messages.
- DEBUG provides detailed diagnostic info. Displays all log messages.
type: str
dnac_log_append:
default: true
description: Determines the mode of the file. Set to True for 'append' mode. Set to
False for 'write' mode.
type: bool
dnac_log_file_path:
default: dnac.log
description:
- Governs logging. Logs are recorded if dnac_log is True.
- If path is not specified, - When 'dnac_log_append' is True, 'dnac.log' is generated
in the current Ansible directory; logs are appended. - When 'dnac_log_append' is
False, 'dnac.log' is generated; logs are overwritten.
- If path is specified, - When 'dnac_log_append' is True, the file opens in append
mode. - When 'dnac_log_append' is False, the file opens in write (w) mode. - In
shared file scenarios, without append mode, content is overwritten after each module
execution. - For a shared log file, set append to False for the 1st module (to overwrite);
for subsequent modules, set append to True.
type: str
dnac_api_task_timeout:
default: 1200
description: Defines the timeout in seconds for API calls to retrieve task details.
If the task details are not received within this period, the process will end, and
a timeout notification will be logged.
type: int
dnac_task_poll_interval:
default: 2
description: Specifies the interval in seconds between successive calls to the API
to retrieve task details.
type: int
validate_response_schema:
default: true
description:
- Flag for Cisco Catalyst Center SDK to enable the validation of request bodies against
a JSON schema.
type: bool
response_1:
description: A dictionary with the response returned by the Cisco Catalyst Center
Python SDK
returned: always
sample: "{\n \"response\":\n {\n \"response\": String,\n \"version\"\
: String\n },\n \"msg\": String\n}\n"
type: dict
response_2:
description: A list with the response returned by the Cisco Catalyst Center Python
SDK
returned: always
sample: "{\n \"response\": [],\n \"msg\": String\n}\n"
type: list
response_3:
description: A string with the response returned by the Cisco Catalyst Center Python
SDK
returned: always
sample: "{\n \"response\": String,\n \"msg\": String\n}\n"
type: dict