ansible - ios_config: suppress all the "show running-configs" that occur after updating each port on a cisco switch?

Archives Ansible Project
1

I have a playbook that steps through all the ports on a cisco switch stack, adding or removing lines and it takes a very long time to run. I can see in TACACS command accounting that it is doing a “show running-config” after each port modification. If I have a switch stack with (8) 48-port switches, it can take hours for the job to complete. And it maxes out the CPU on the switch with all the “ssh” module activity.

Is there a way to suppress this action? Or is it unwise to think of doing this?

Example:

$ ansible --version
ansible 2.9.2

python version = 2.7.17 (default, Nov 7 2019, 10:07:09) [GCC 7.4.0]

Playbook:

  • hosts: switches_live
    no_log: false
    gather_facts: false
    connection: local
    serial: 12
    tasks:

  • name: OBTAIN LOGIN CREDENTIALS
    include_vars: vaultfile.yml

  • name: DEFINE PROVIDER
    set_fact:
    provider:
    host: “{{ inventory_hostname }}”
    username: “{{ username }}”
    password: “{{ password }}”

  • name: CONFIGURE PORT ISE SETTINGS
    ios_config:
    running_config:
    defaults: no
    provider: “{{ provider }}”
    lines:

  • ip access-group ACL-DEFAULT in

  • authentication event fail action next-method

  • authentication event server dead action authorize vlan {{ item.vlan }}

  • authentication event server dead action authorize voice

  • authentication event server alive action reinitialize

  • authentication host-mode multi-auth

  • authentication open

  • authentication order dot1x mab

  • authentication priority dot1x mab

  • authentication port-control auto

  • authentication periodic

  • authentication timer reauthenticate server

  • authentication violation restrict

  • mab

  • dot1x pae authenticator

  • dot1x timeout tx-period 5

  • dot1x max-reauth-req 2
    parents:

  • interface {{ item.iface }}
    with_items: “{{ port_list }}”

  • name: SAVE CONFIG
    ios_config:
    provider: “{{ provider }}”
    save_when: modified

$ ansible-playbook --ask-vault-pass --inventory=ise-port-configs.hosts ise-port-configs.yml
Thu Feb 20 20:42:47 CST 2020

Vault password:

PLAY [switches_live] *****************************************************************************************************************************************************

TASK [OBTAIN LOGIN CREDENTIALS] ******************************************************************************************************************************************
ok: [esisetest4]

TASK [DEFINE PROVIDER] ***************************************************************************************************************************************************
ok: [esisetest4]

TASK [CONFIGURE PORT ISE SETTINGS] ***************************************************************************************************************************************
changed: [esisetest4] => (item={u’iface’: u’Gi1/0/1’, u’vlan’: 54})
changed: [esisetest4] => (item={u’iface’: u’Gi1/0/2’, u’vlan’: 54})
changed: [esisetest4] => (item={u’iface’: u’Gi1/0/3’, u’vlan’: 54})

TASK [SAVE CONFIG] *******************************************************************************************************************************************************
changed: [esisetest4]

PLAY RECAP ***************************************************************************************************************************************************************
esisetest4 : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Thanks for any tips.
-John