I have a playbook that steps through all the ports on a cisco switch stack, adding or removing lines and it takes a very long time to run. I can see in TACACS command accounting that it is doing a "show running-config" after each port modification. If I have a switch stack with (8) 48-port switches, it can take hours for the job to complete. And it maxes out the CPU on the switch with all the "ssh" module activity.
Is there a way to suppress this action? Or is it unwise to think of doing this? Example: $ ansible --version ansible 2.9.2 ... python version = 2.7.17 (default, Nov 7 2019, 10:07:09) [GCC 7.4.0] Playbook: - hosts: switches_live no_log: false gather_facts: false connection: local serial: 12 tasks: - name: OBTAIN LOGIN CREDENTIALS include_vars: vaultfile.yml - name: DEFINE PROVIDER set_fact: provider: host: "{{ inventory_hostname }}" username: "{{ username }}" password: "{{ password }}" - name: CONFIGURE PORT ISE SETTINGS ios_config: running_config: defaults: no provider: "{{ provider }}" lines: - ip access-group ACL-DEFAULT in - authentication event fail action next-method - authentication event server dead action authorize vlan {{ item.vlan }} - authentication event server dead action authorize voice - authentication event server alive action reinitialize - authentication host-mode multi-auth - authentication open - authentication order dot1x mab - authentication priority dot1x mab - authentication port-control auto - authentication periodic - authentication timer reauthenticate server - authentication violation restrict - mab - dot1x pae authenticator - dot1x timeout tx-period 5 - dot1x max-reauth-req 2 parents: - interface {{ item.iface }} with_items: "{{ port_list }}" - name: SAVE CONFIG ios_config: provider: "{{ provider }}" save_when: modified $ ansible-playbook --ask-vault-pass --inventory=ise-port-configs.hosts ise-port-configs.yml Thu Feb 20 20:42:47 CST 2020 Vault password: PLAY [switches_live] ***************************************************************************************************************************************************** TASK [OBTAIN LOGIN CREDENTIALS] ****************************************************************************************************************************************** ok: [esisetest4] TASK [DEFINE PROVIDER] *************************************************************************************************************************************************** ok: [esisetest4] TASK [CONFIGURE PORT ISE SETTINGS] *************************************************************************************************************************************** changed: [esisetest4] => (item={u'iface': u'Gi1/0/1', u'vlan': 54}) changed: [esisetest4] => (item={u'iface': u'Gi1/0/2', u'vlan': 54}) changed: [esisetest4] => (item={u'iface': u'Gi1/0/3', u'vlan': 54}) <snip> TASK [SAVE CONFIG] ******************************************************************************************************************************************************* changed: [esisetest4] PLAY RECAP *************************************************************************************************************************************************************** esisetest4 : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Thanks for any tips. -John -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7269b0fd-7fe6-4102-8e1b-065e618d0f00%40googlegroups.com.