Try SpotterProvides a persistent gRPC connection for gNMI API service
Authors: Hans Thienpondt (@HansThienpondt), Sven Wisotzky (@wisotzky)
Install with ansible-galaxy collection install nokia.openconfig:==1.1.2
collections:
- name: nokia.openconfig
version: 1.1.2This gRPC plugin provides methods to interact with the gNMI service.
OpenConfig gNMI specification https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-specification.md
gNMI API https://raw.githubusercontent.com/openconfig/gnmi/master/proto/gnmi/gnmi.proto
This connection plugin provides a persistent communication channel to remote devices using gRPC including the underlying transport (TLS).
The plugin binds to the gNMI gRPC service. It provide wrappers for gNMI requests (Capabilities, Get, Set, Subscribe)
host:
default: inventory_hostname
description:
- Target host FQDN or IP address to establish gRPC connection.
vars:
- name: ansible_host
port:
description:
- Specifies the port on the remote device that listens for connections when establishing
the gRPC connection. If None only the C(host) part will be used.
env:
- name: ANSIBLE_REMOTE_PORT
ini:
- key: remote_port
section: defaults
type: int
vars:
- name: ansible_port
password:
description:
- Configures the user password used to authenticate to the remote device when first
establishing the gRPC connection.
vars:
- name: ansible_password
- name: ansible_ssh_pass
remote_user:
description:
- The username used to authenticate to the remote device when the gRPC connection
is first established. If the remote_user is not specified, the connection will
use the username of the logged in user.
- Can be configured from the CLI via the C(--user) or C(-u) options.
env:
- name: ANSIBLE_REMOTE_USER
ini:
- key: remote_user
section: defaults
vars:
- name: ansible_user
gnmi_encoding:
description:
- Encoding used for gNMI communication
- Must be either JSON or JSON_IETF
- If not provided, will run CapabilityRequest for auto-detection
env:
- name: ANSIBLE_GNMI_ENCODING
ini:
- key: gnmi_encoding
section: grpc_connection
vars:
- name: ansible_gnmi_encoding
certificate_path:
description:
- Folder to search for certificate and key files
env:
- name: ANSIBLE_CERTIFICATE_PATH
ini:
- key: certificate_path
section: grpc_connection
vars:
- name: ansible_certificate_path
grpc_environment:
description:
- Key/Value pairs (dict) to define environment settings specific to gRPC
- The standard mechanism to provide/set the environment in Ansible cannot be used,
because those environment settings are not passed to the client process that establishes
the gRPC connection.
- Set C(GRPC_VERBOSITY) and C(GRPC_TRACE) to setup gRPC logging. Need to add code
for log forwarding of gRPC related log messages to the persistent messages log (see
below).
- Set C(HTTPS_PROXY) to specify your proxy settings (if needed).
- Set C(GRPC_SSL_CIPHER_SUITES) in case the default TLS ciphers do not match what
is offered by the gRPC server.
vars:
- name: ansible_grpc_environment
private_key_file:
description:
- The PEM encoded private key file used to authenticate to the remote device when
first establishing the grpc connection.
env:
- name: ANSIBLE_PRIVATE_KEY_FILE
ini:
- key: private_key_file
section: grpc_connection
vars:
- name: ansible_private_key_file
grpc_channel_options:
description:
- Key/Value pairs (dict) to define gRPC channel options to be used
- gRPC reference U(https://grpc.github.io/grpc/core/group__grpc__arg__keys.html)
- Provide the I(ssl_target_name_override) option to override the TLS subject or subjectAltName
(only in the case secure connections are used). The option must be provided in cases,
when the FQDN or IPv4 address that is used to connect to the device is different
from the subject name that is provided in the host certificate. This is needed,
because the TLS validates hostname or IP address to avoid man-in-the-middle attacks.
vars:
- name: ansible_grpc_channel_options
certificate_chain_file:
description:
- The PEM encoded certificate chain file used to create a SSL-enabled channel. If
the value is None, no certificate chain is used.
env:
- name: ANSIBLE_CERTIFICATE_CHAIN_FILE
ini:
- key: certificate_chain_file
section: grpc_connection
vars:
- name: ansible_certificate_chain_file
root_certificates_file:
description:
- The PEM encoded root certificate file used to create a SSL-enabled channel, if the
value is None it reads the root certificates from a default location chosen by gRPC
at runtime.
env:
- name: ANSIBLE_ROOT_CERTIFICATES_FILE
ini:
- key: root_certificates_file
section: grpc_connection
vars:
- name: ansible_root_certificates_file
persistent_log_messages:
default: false
description:
- This flag will enable logging the command executed and response received from target
device in the ansible log file. For this option to work the 'log_path' ansible configuration
option is required to be set to a file path with write access.
- Be sure to fully understand the security implications of enabling this option as
it could create a security vulnerability by logging sensitive information in log
file.
env:
- name: ANSIBLE_PERSISTENT_LOG_MESSAGES
ini:
- key: log_messages
section: persistent_connection
type: boolean
vars:
- name: ansible_persistent_log_messages
persistent_command_timeout:
default: 300
description:
- Configures the default timeout value (in seconds) when awaiting a response after
issuing a call to a RPC. If the RPC does not return before the timeout exceed, an
error is generated and the connection is closed.
env:
- name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT
ini:
- key: command_timeout
section: persistent_connection
type: int
vars:
- name: ansible_command_timeout
persistent_connect_timeout:
default: 5
description:
- Configures, in seconds, the amount of time to wait when trying to initially establish
a persistent connection. If this value expires before the connection to the remote
device is completed, the connection will fail.
env:
- name: ANSIBLE_PERSISTENT_CONNECT_TIMEOUT
ini:
- key: connect_timeout
section: persistent_connection
type: int
vars:
- name: ansible_connect_timeout