Ansible – asa_facts

A simple requirement, discover the configured hostname, software version and platform description for each device. Thankfully with ios_facts and nxos_facts this is a simple task:

---
- name: Get some facts
  hosts:
    all
  connection: network_cli
  gather_facts: no

  tasks:
    - name: Gather facts nxos
      nxos_facts:
      when: ansible_network_os == 'nxos'
  
    - name: Gather facts ios
      nxos_facts:
      when: ansible_network_os == 'ios'

    - name: Display facts
      debug:
        msg: "The software version for {{ ansible_net_hostname }} is {{ ansible_net_version }} on platform {{ ansible_net_model }}
...

The hosts file:

[all:vars]
ansible_python_interpreter=auto_silent

[ios_switches:vars]
ansible_network_os=ios

[ios_switches]
iswitch001 ansible_host=192.168.1.1
iswitch002 ansible_host=192.168.1.2

[nxos_switches:vars]
ansible_network_os=nxos

[nxos_switches]
nswitch001 ansible_host=192.168.2.1
nswitch002 ansible_host=192.168.2.2

[asa:vars]
ansible_network_os=asa

[asa]
asa001 ansible_host=192.168.3.1

Which produces the following output:

TASK [Display facts] ***************************************
ok: [iswitch001] => {
    "msg": "The software version for iswitch001 is 15.2.(2)E7 on platform WS-C2960-XR-48TD-I"
}
ok: [iswitch002] => {
    "msg": "The software version for iswitch002 is 15.2.(2)E7 on platform WS-C2960-XR-48TD-I"
}
ok: [nswitch001] => {
    "msg": "The software version for nswitch001 is 7.0(3)I7(4) on platform Nexus9000 C9372PX chassis"
}
ok: [nswitch002] => {
    "msg": "The software version for nswitch002 is 7.0(3)I7(4) on platform Nexus9000 C9372PX chassis"
}

Now we need to look at getting the same information from an ASA firewall. Sadly there is no get_facts modules for the ASA so we need to capture the output of a set of show commands and parse them for the information we need.

Our first task ‘asa facts‘ runs the three commands in sequence and assigns them to the variable asa_vars. The stdout variable contained in asa_var will have three elements, each one containing the output of the CLI commands in the sequence that they were executed.

- name: asa facts
  asa_commands:
    commands:
      - show run | inc hostname
      - show version
      - show inventory
    register: asa_vars
sh run | inc hostnamehostname ASA001
show versionCisco Adaptive Security Appliance Software Version 9.10(1)22
Firepower Extensible Operating System Version 2.4(1.244)
show inventoryshow_inventory_all -1712699954
Name: “Chassis”, DESCR: “ASA 5506-X with FirePOWER services, 8GE, AC, DES”
PID: ASA5506 , VID: V05 , SN:JMX9472Y2BC

Next we need to extract information from each stdout element and assign it to a variable using the set_fact module. We are going to use the equivalent variable names used by ios_facts and nxos_facts so we don’t have to adjust the final print statement just for the ASA.

- name: asa set facts
  set_fact:
    ansible_net_hostname: "{{ asa_vars.stdout[0].split()[1] }}"
    ansible_net_version: "{{ asa_vars.stdout[1].split('\n')[0].split()[6] }}"
    ansible_net_model: "{{ asa_vars.stdout[2].split('\n')[1].split('\", ')[1].split(': ')[1][1:-1] }}"
  • The hostname is the second string in stdout[0], so using split() will split the string just on whitespace, giving us two elements. We want the second element ([1]).
  • Slightly trickier, stdout[1] contains multiple lines so firstly split on newline character (\n), take the first line ( split('\n')[0]), split on whitespace and assign the seventh string ([6]).
  • Again multi-line, so take the second line ( split('\n')[1] ) . We can’t split on commas as the product description contains commas, so split on ‘”, ‘ ( split('\", ')[1] ) which gives us:

DESCR: “ASA 5506-X with FirePOWER services, 8GE, AC, DES”

Now one final split ( split(': ')[1] ) gives us:

“ASA 5506-X with FirePOWER services, 8GE, AC, DES”

We don’t need the quotation marks so the final step is use a slice, and remove the first and last characters ( [1:-1] ).

This produces the following output for the ASA:

ok: [asa001] => {
    "msg": "The software version for asa001 is 9.10(1)22 on platform ASA 5506-X with FirePOWER services, 8GE, AC, DES"
}

The finished playbook now looks like:

---
- name: Get some facts
  hosts:
    all
  connection: network_cli
  gather_facts: no

  tasks:
    - name: Gather facts nxos
      nxos_facts:
      when: ansible_network_os == 'nxos'
  
    - name: Gather facts ios
      nxos_facts:
      when: ansible_network_os == 'ios'

    - name: Gather facts asa
      block:
        - name: asa facts
          asa_commands:
            commands:
              - show run | inc hostname
              - show version
              - show inventory
            register: asa_vars

        - name: asa set facts
          set_fact:
            ansible_net_hostname: "{{ asa_vars.stdout[0].split()[1] }}"
            ansible_net_version: "{{ asa_vars.stdout[1].split('\n')[0].split()[6] }}"
            ansible_net_model: "{{ asa_vars.stdout[2].split('\n')[1].split('\", ')[1].split(': ')[1][1:-1] }}"
      when: ansible_network_os == 'asa'

    - name: Display facts
      debug:
        msg: "The software version for {{ ansible_net_hostname }} is {{ ansible_net_version }} on platform {{ ansible_net_model }}
...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: