I have a playbook that steps through all the ports on a cisco switch stack,
adding or removing lines and it takes a very long time to run. I can see
in TACACS command accounting that it is doing a "show running-config" after
each port modification. If I have a switch stack with (8) 48-port
switches, it can take hours for the job to complete. And it maxes out the
CPU on the switch with all the "ssh" module activity.
Is there a way to suppress this action? Or is it unwise to think of doing
this?
Example:
$ ansible --version
ansible 2.9.2
...
python version = 2.7.17 (default, Nov 7 2019, 10:07:09) [GCC 7.4.0]
Playbook:
- hosts: switches_live
no_log: false
gather_facts: false
connection: local
serial: 12
tasks:
- name: OBTAIN LOGIN CREDENTIALS
include_vars: vaultfile.yml
- name: DEFINE PROVIDER
set_fact:
provider:
host: "{{ inventory_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
- name: CONFIGURE PORT ISE SETTINGS
ios_config:
running_config:
defaults: no
provider: "{{ provider }}"
lines:
- ip access-group ACL-DEFAULT in
- authentication event fail action next-method
- authentication event server dead action authorize vlan {{
item.vlan }}
- authentication event server dead action authorize voice
- authentication event server alive action reinitialize
- authentication host-mode multi-auth
- authentication open
- authentication order dot1x mab
- authentication priority dot1x mab
- authentication port-control auto
- authentication periodic
- authentication timer reauthenticate server
- authentication violation restrict
- mab
- dot1x pae authenticator
- dot1x timeout tx-period 5
- dot1x max-reauth-req 2
parents:
- interface {{ item.iface }}
with_items: "{{ port_list }}"
- name: SAVE CONFIG
ios_config:
provider: "{{ provider }}"
save_when: modified
$ ansible-playbook --ask-vault-pass --inventory=ise-port-configs.hosts
ise-port-configs.yml
Thu Feb 20 20:42:47 CST 2020
Vault password:
PLAY [switches_live]
*****************************************************************************************************************************************************
TASK [OBTAIN LOGIN CREDENTIALS]
******************************************************************************************************************************************
ok: [esisetest4]
TASK [DEFINE PROVIDER]
***************************************************************************************************************************************************
ok: [esisetest4]
TASK [CONFIGURE PORT ISE SETTINGS]
***************************************************************************************************************************************
changed: [esisetest4] => (item={u'iface': u'Gi1/0/1', u'vlan': 54})
changed: [esisetest4] => (item={u'iface': u'Gi1/0/2', u'vlan': 54})
changed: [esisetest4] => (item={u'iface': u'Gi1/0/3', u'vlan': 54})
<snip>
TASK [SAVE CONFIG]
*******************************************************************************************************************************************************
changed: [esisetest4]
PLAY RECAP
***************************************************************************************************************************************************************
esisetest4 : ok=4 changed=2 unreachable=0
failed=0 skipped=0 rescued=0 ignored=0
Thanks for any tips.
-John
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7269b0fd-7fe6-4102-8e1b-065e618d0f00%40googlegroups.com.
