nokia / nokia.openconfig / 1.1.2 / connection / gnmi Provides a persistent gRPC connection for gNMI API service Authors: Hans Thienpondt (@HansThienpondt), Sven Wisotzky (@wisotzky)nokia.openconfig.gnmi (1.1.2) — connection
Install with ansible-galaxy collection install nokia.openconfig:==1.1.2
collections: - name: nokia.openconfig version: 1.1.2
This gRPC plugin provides methods to interact with the gNMI service.
OpenConfig gNMI specification https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-specification.md
gNMI API https://raw.githubusercontent.com/openconfig/gnmi/master/proto/gnmi/gnmi.proto
This connection plugin provides a persistent communication channel to remote devices using gRPC including the underlying transport (TLS).
The plugin binds to the gNMI gRPC service. It provide wrappers for gNMI requests (Capabilities, Get, Set, Subscribe)
host: default: inventory_hostname description: - Target host FQDN or IP address to establish gRPC connection. vars: - name: ansible_host port: description: - Specifies the port on the remote device that listens for connections when establishing the gRPC connection. If None only the C(host) part will be used. env: - name: ANSIBLE_REMOTE_PORT ini: - key: remote_port section: defaults type: int vars: - name: ansible_port password: description: - Configures the user password used to authenticate to the remote device when first establishing the gRPC connection. vars: - name: ansible_password - name: ansible_ssh_pass remote_user: description: - The username used to authenticate to the remote device when the gRPC connection is first established. If the remote_user is not specified, the connection will use the username of the logged in user. - Can be configured from the CLI via the C(--user) or C(-u) options. env: - name: ANSIBLE_REMOTE_USER ini: - key: remote_user section: defaults vars: - name: ansible_user gnmi_encoding: description: - Encoding used for gNMI communication - Must be either JSON or JSON_IETF - If not provided, will run CapabilityRequest for auto-detection env: - name: ANSIBLE_GNMI_ENCODING ini: - key: gnmi_encoding section: grpc_connection vars: - name: ansible_gnmi_encoding certificate_path: description: - Folder to search for certificate and key files env: - name: ANSIBLE_CERTIFICATE_PATH ini: - key: certificate_path section: grpc_connection vars: - name: ansible_certificate_path grpc_environment: description: - Key/Value pairs (dict) to define environment settings specific to gRPC - The standard mechanism to provide/set the environment in Ansible cannot be used, because those environment settings are not passed to the client process that establishes the gRPC connection. - Set C(GRPC_VERBOSITY) and C(GRPC_TRACE) to setup gRPC logging. Need to add code for log forwarding of gRPC related log messages to the persistent messages log (see below). - Set C(HTTPS_PROXY) to specify your proxy settings (if needed). - Set C(GRPC_SSL_CIPHER_SUITES) in case the default TLS ciphers do not match what is offered by the gRPC server. vars: - name: ansible_grpc_environment private_key_file: description: - The PEM encoded private key file used to authenticate to the remote device when first establishing the grpc connection. env: - name: ANSIBLE_PRIVATE_KEY_FILE ini: - key: private_key_file section: grpc_connection vars: - name: ansible_private_key_file grpc_channel_options: description: - Key/Value pairs (dict) to define gRPC channel options to be used - gRPC reference U(https://grpc.github.io/grpc/core/group__grpc__arg__keys.html) - Provide the I(ssl_target_name_override) option to override the TLS subject or subjectAltName (only in the case secure connections are used). The option must be provided in cases, when the FQDN or IPv4 address that is used to connect to the device is different from the subject name that is provided in the host certificate. This is needed, because the TLS validates hostname or IP address to avoid man-in-the-middle attacks. vars: - name: ansible_grpc_channel_options certificate_chain_file: description: - The PEM encoded certificate chain file used to create a SSL-enabled channel. If the value is None, no certificate chain is used. env: - name: ANSIBLE_CERTIFICATE_CHAIN_FILE ini: - key: certificate_chain_file section: grpc_connection vars: - name: ansible_certificate_chain_file root_certificates_file: description: - The PEM encoded root certificate file used to create a SSL-enabled channel, if the value is None it reads the root certificates from a default location chosen by gRPC at runtime. env: - name: ANSIBLE_ROOT_CERTIFICATES_FILE ini: - key: root_certificates_file section: grpc_connection vars: - name: ansible_root_certificates_file persistent_log_messages: default: false description: - This flag will enable logging the command executed and response received from target device in the ansible log file. For this option to work the 'log_path' ansible configuration option is required to be set to a file path with write access. - Be sure to fully understand the security implications of enabling this option as it could create a security vulnerability by logging sensitive information in log file. env: - name: ANSIBLE_PERSISTENT_LOG_MESSAGES ini: - key: log_messages section: persistent_connection type: boolean vars: - name: ansible_persistent_log_messages persistent_command_timeout: default: 300 description: - Configures the default timeout value (in seconds) when awaiting a response after issuing a call to a RPC. If the RPC does not return before the timeout exceed, an error is generated and the connection is closed. env: - name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT ini: - key: command_timeout section: persistent_connection type: int vars: - name: ansible_command_timeout persistent_connect_timeout: default: 5 description: - Configures, in seconds, the amount of time to wait when trying to initially establish a persistent connection. If this value expires before the connection to the remote device is completed, the connection will fail. env: - name: ANSIBLE_PERSISTENT_CONNECT_TIMEOUT ini: - key: connect_timeout section: persistent_connection type: int vars: - name: ansible_connect_timeout