Cisco NXOS : Parsing SNMP trap hosts from command output
59 views
Skip to first unread message
Gavin McKee
Jul 19, 2017, 8:40:15 AM7/19/17
to Ansible Project
Hi Guys,
Can someone advise on the following?
I need to update (standardize) the SNMP trap receivers throughout the network. Given that i'm running Cisco NX OS on the 3500 platform I can't delete the old SNMP trap receiver configuration without specifying the hosts. So I need to run a command and then parse the hosts from it. I'd like to then use the hosts in the returned output to delete the trap receivers before adding the new correct receivers.
---
- name: Update the SNMP information on the network
hosts: lab
gather_facts: no
connection: local
vars:
trapdests: []
ios_provider:
username: "{{ user }}"
password: "{{ password }}"
host: "{{ inventory_hostname }}"
tasks:
- name: get current snmp hosts
register: command_output
ios_command:
commands: "show snmp host"
provider: "{{ ios_provider }}"
- name: snmp update
ios_config:
src: "./configs/snmp.conf"
provider: "{{ ios_provider }}"
match: none
before: "default snmp-server"
- debug: msg="{{command_output.stdout_lines}}"
Here is my output to this stage
< PLAY [Update the SNMP information on the network] >
---------------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
_______________________
< TASK [test nxos snmp] >
-----------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
[WARNING]: argument host has been deprecated and will be removed in a future version
changed: [lab-xxx-xxx-xxxxx]
changed: [10.70.253.249]
_______________________________
< TASK [get current snmp hosts] >
-------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [10.70.253.249]
ok: [lab-xxxx-xxx-xxxxx]
____________________
< TASK [snmp update] >
--------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [10.70.253.249]
changed: [lab-xxx-xxx-xxxx1x]
______________
< TASK [debug] >
--------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [10.70.253.249] => {
"msg": [
[
"Source interface: mgmt0-------------------------------------------------------------------",
"Host Port Version Level Type SecName ",
"-------------------------------------------------------------------",
"10.15.24.118 162 v2c noauth trap xxxxx ",
"Use VRF: management",
"-------------------------------------------------------------------",
"10.30.130.131 162 v2c noauth trap xxxx ",
"Use VRF: management",
"-------------------------------------------------------------------",
"10.50.74.49 162 v2c noauth trap xxxxx ",
"Use VRF: management",
"-------------------------------------------------------------------",
"10.50.74.50 162 v2c noauth trap xxxx ",
"Use VRF: management",
"-------------------------------------------------------------------",
"1.1.1.1 162 v2c noauth trap TESTING ",
"-------------------------------------------------------------------"
]
]
}
ok: [lab-db9-eng-acc01x] => {
"msg": [
[
"-------------------------------------------------------------------",
"Host Port Version Level Type SecName ",
"-------------------------------------------------------------------",
"10.50.74.38 162 v2c noauth trap xxxxx ",
"-------------------------------------------------------------------",
"10.50.32.23 162 v2c noauth trap xxxx ",
"Use VRF: management",
"-------------------------------------------------------------------",
"10.50.74.50 162 v2c noauth trap xxxx ",
"Use VRF: management",
"-------------------------------------------------------------------",
"10.50.74.49 162 v2c noauth trap xxxxxx ",
"Use VRF: management",
"-------------------------------------------------------------------",
"10.30.130.131 162 v2c noauth trap xxxx ",
"Use VRF: management",
"-------------------------------------------------------------------",
"10.15.24.118 162 v2c noauth trap xxxx ",
"Use VRF: management",
"-------------------------------------------------------------------",
"1.1.1.1 162 v2c noauth trap TESTING ",
"-------------------------------------------------------------------"
]
]
}
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
10.70.253.249 : ok=4 changed=2 unreachable=0 failed=0
lab-xxx-xxx-xxx01x : ok=4 changed=2 unreachable=0 failed=0
Ganesh Nalawade
Jul 19, 2017, 9:02:05 AM7/19/17
to ansible...@googlegroups.com
If I understand this correctly, you want to run 2nd task (snmp update) based on the output of 1st task (get current snmp hosts).
One way to do this is to use 'register' keyword to store the output of 1st task and use 'when' conditional to run the second task.
- name: get current snmp hosts
register: command_output
ios_command:
commands: "show snmp host"
provider: "{{ ios_provider }}"
register: result
- name: snmp update
ios_config:
src: "./configs/snmp.conf"
provider: "{{ ios_provider }}"
match: none
when: "'<host'> in result.stdout[0]"
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9bc7ddca-509b-4831-8cc5-90d71a658a7a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Gavin McKee
Jul 19, 2017, 9:32:05 AM7/19/17
to Ansible Project
Hi Ganesh,
I think the first thing I'm trying to do is build a json object with the IP addresses of the currently configured trap receivers. So the first task is as follows:
vars:
trapdests: [] # I want to populate this list with currently configured trap receivers
ios_provider:
username: "{{ user }}"
password: "{{ password }}"
host: "{{ inventory_hostname }}"
tasks:
- name: get current snmp hosts
register: command_output
ios_command:
commands: "show snmp host"
provider: "{{ ios_provider }}"
- debug: msg="{{command_output.stdout_lines}}" <Print the command output to the terminal for debugging>
The next task is to extract the trap receivers from the command output (here is a sample of the command out - from the debug statement above)
ok: [lab-xxx-xx-xxxxx] => {
"msg": [
[
"-------------------------------------------------------------------",
"Host Port Version Level Type SecName ",
"-------------------------------------------------------------------",
"10.50.74.38 162 v2c noauth trap mypub ",
"-------------------------------------------------------------------",
"10.50.32.23 162 v2c noauth trap mypub ",
"Use VRF: management",
"-------------------------------------------------------------------",
"10.50.74.50 162 v2c noauth trap mypub ",
"Use VRF: management",
"-------------------------------------------------------------------",
"10.50.74.49 162 v2c noauth trap mypub ",
"Use VRF: management",
"-------------------------------------------------------------------",
"10.30.130.131 162 v2c noauth trap mypub ",
"Use VRF: management",
"-------------------------------------------------------------------",
"10.15.24.118 162 v2c noauth trap mypub ",
"Use VRF: management",
"-------------------------------------------------------------------",
"1.1.1.1 162 v2c noauth trap TESTING ",
"-------------------------------------------------------------------"
]
]
}
So what I'm trying to learn is how to use a regular expression to extract each IP address from this output , update the trapdests list with these addresses, and then use them to do a
no snmp-server <host> traps version 2c mypub
no snmp-server <host> use-vrf management
I hope that makes sense.
Just as a note - a similar approach is take here https://www.netnea.com/cms/2016/10/16/using-ansible-to-fetch-information-from-ios-devices/ , but that approach is on IOS so the command output is very different and I can't seem to pass a regular expression to the cisco command from within Ansible to even get something similar.
Thanks
Gav
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
Ryan Lambert
Aug 2, 2017, 1:36:08 PM8/2/17
to Ansible Project
Hey Gavin,
Mine is a WIP, but I did a similar thing to replace v2 communities on IOS devices. Same problem there with needing to be specific.
Rather than doing anything with JSON, I directed stdout into a file, then used a python script to massage the results back into a jinja template. You may be able to tweak the regex used in the .py file and the playbook/modules a little to get what you need for trap receivers. I'm fairly new to Ansible, so I tried to make this as straightforward as possible. It's probably considered a dirty approach to folks more experienced, so I hope my code/method doesn't offend anyone. :)
Link:
https://github.com/vPacketNinja/snmp-replace
Hopefully that is helpful for you.
Ryan
Mine is a WIP, but I did a similar thing to replace v2 communities on IOS devices. Same problem there with needing to be specific.
Rather than doing anything with JSON, I directed stdout into a file, then used a python script to massage the results back into a jinja template. You may be able to tweak the regex used in the .py file and the playbook/modules a little to get what you need for trap receivers. I'm fairly new to Ansible, so I tried to make this as straightforward as possible. It's probably considered a dirty approach to folks more experienced, so I hope my code/method doesn't offend anyone. :)
Link:
https://github.com/vPacketNinja/snmp-replace
Hopefully that is helpful for you.
Ryan
Reply all
Reply to author
Forward
0 new messages