rc/network
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
network/roles/access/tasks/main.yml
Timotej Lazar 6ade4f2f8a access: fix VLAN database idempotency 
Do not try and match the global VLAN list as printed by the switch.
Instead, only try to realize the truth: there may be some VLANs added
and some removed.

We keep the compact_numlist filter and use it instead of the built-in
vlan_parser when listing VLANs for tagged ports. This is because some
switches compact 1,2,4,5,6 as 1-2,4-6 and others as 1,2,4-6 (see next
commit).

All of this should reduce the number of cases where Ansible reports a
change in configuration where there was in fact no change.
2025-09-18 13:54:39 +02:00

40 lines
1.7 KiB
YAML
Raw Blame History

- name: Fetch passwords
set_fact:
password: '{{ lookup("passwordstore", "switch/"~inventory_hostname, returnall=true, missing="empty") | from_yaml }}'
- name: Set username and password for ansible connection
set_fact:
ansible_ssh_user: '{{ password.user }}'
ansible_ssh_pass: '{{ password.pass }}'
- name: Generate SNMP engine ID from serial number
set_fact:
snmp_engine_id: '{{ (serial | sha1)[:24] }}'
- name: Get switch facts
cisco.ios.ios_facts:
gather_subset: config
# Determine VLANs to add and remove from switch.
- set_fact:
actual_vlans: "{{ vlans | map(attribute='vid') }}"
switch_vlans: "{{ ansible_net_config | split('\n') | select('match', '^ *vlan (range )?[0-9]')
| map('regex_search', '[0-9,-]+') | join(',') | ansible.netcommon.vlan_expander }}"
- set_fact:
add_vlans: "{{ actual_vlans | difference(switch_vlans) }}"
del_vlans: "{{ switch_vlans | difference(actual_vlans) }}"
- name: Set configuration
ansible.netcommon.cli_config:
config: '{{ lookup("template", "config-"~manufacturer~"-"~device_type~".j2") }}'
vars:
ansible_command_timeout: 240
ansible_terminal_stderr_re: [] # some errors are not actually errors
register: result
# These lines are not displayed by 'sho ru' and always reported as different, so ignore them.
changed_when: result.commands | reject('match', '^(no shutdown|no switchport access vlan|no switchport trunk native vlan|no voice vlan.*|switchport mode access|switchport mode hybrid|interface .*|no enable service web-server https?|no ip dhcp snooping|no ip dhcp snooping trust|no switchport port-security.*)$')
notify: write config
- name: Run model-specific tasks
include_tasks: '{{ manufacturer~"-"~device_type~".yml" }}'
Reference in a new issue View git blame Copy permalink