Move platform guide to this repo

ansible-collections · Jan 30, 2024 · 39a7aff · 39a7aff
1 parent 746d4e5
commit 39a7aff
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -22,7 +22,7 @@ PEP440 is the schema used to describe the versions of Ansible.
 
 ### Supported connections
 
-The Cisco IOS collection supports `network_cli` connections.
+The Cisco IOS collection supports `network_cli` connections. A detailed platform guide can be found [here](https://github.com/ansible-collections/cisco.ios/blob/main/platform_guide.rst).
 
 ## Included content
 

diff --git a/platform_guide.rst b/platform_guide.rst
@@ -0,0 +1,81 @@
+.. _ios_platform_options:
+
+***************************************
+IOS Platform Options
+***************************************
+
+The `Cisco IOS <https://galaxy.ansible.com/ui/repo/published/cisco/ios>`_ collection supports Enable Mode (Privilege Escalation). This page offers details on how to use Enable Mode on IOS in Ansible.
+
+.. contents::
+  :local:
+
+Connections available
+================================================================================
+
+.. table::
+    :class: documentation-table
+
+    ====================  ==========================================
+    ..                    CLI
+    ====================  ==========================================
+    Protocol              SSH
+
+    Credentials           uses SSH keys / SSH-agent if present
+
+                          accepts ``-u myuser -k`` if using password
+
+    Indirect Access       by a bastion (jump host)
+
+    Connection Settings   ``ansible_connection: ansible.netcommon.network_cli``
+
+    |enable_mode|         supported: use ``ansible_become: true`` with
+                          ``ansible_become_method: enable`` and ``ansible_become_password:``
+
+    Returned Data Format  ``stdout[0].``
+    ====================  ==========================================
+
+.. |enable_mode| replace:: Enable Mode |br| (Privilege Escalation)
+
+
+The ``ansible_connection: local`` has been deprecated. Please use ``ansible_connection: ansible.netcommon.network_cli`` instead.
+
+Using CLI in Ansible
+====================
+
+Example CLI ``group_vars/ios.yml``
+----------------------------------
+
+.. code-block:: yaml
+
+   ansible_connection: ansible.netcommon.network_cli
+   ansible_network_os: cisco.ios.ios
+   ansible_user: myuser
+   ansible_password: !vault...
+   ansible_become: true
+   ansible_become_method: enable
+   ansible_become_password: !vault...
+   ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
+
+
+- If you are using SSH keys (including an ssh-agent) you can remove the ``ansible_password`` configuration.
+- If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
+- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords through environment variables.
+
+Example CLI task
+----------------
+
+.. code-block:: yaml
+
+   - name: Backup current switch config (ios)
+     cisco.ios.ios_config:
+       backup: yes
+     register: backup_ios_location
+     when: ansible_network_os == 'cisco.ios.ios'
+
+Warning
+--------
+Never store passwords in plain text. We recommend using SSH keys to authenticate SSH connections. Ansible supports ssh-agent to manage your SSH keys. If you must use passwords to authenticate SSH connections, we recommend encrypting them with Ansible Vault.
+
+.. seealso::
+
+       :ref:`timeout_options`