Ansible provides an option in the asa_config module to specify the context your wish to work on. This requires that you know the context names and configure them into the inventory as shown below:
[fw:vars]
ansible_network_os=asa
ansible_python_interpreter=auto_silent
[fw]
asa001 ansible_host=192.168.252.1 asa_multi_context="no"
asa002 ansible_host=192.168.252.2 asa_multi_context="yes" asa_contexts='["foo", "bar", "baz"]'
---
- name: ASA context backup
hosts:
all
connection: network_cli
gather_facts: no
strategy: linear
tasks:
- name: Take backup
asa_config:
context: "{{ item }}"
backup: yes
backup_options:
dir_path: "~./output/
filename: "{{ inventory_hostname }}-{{ item }}.cfg"
loop:
"{{ asa_contexts }}"
when:
- ansible_network_os == 'asa'
- asa_multi_context == 'yes'
...
Looks simple enough, but the idea of automation is to work at scale and to handle edge cases without throwing errors. What we need is a more dynamic method for discovering the context names from the device itself:
---
- name: ASA context backup
hosts:
all
connection: network_cli
gather_facts: no
strategy: linear
tasks:
- name: ASA block
block:
- name: Discover contexts
asa_command:
commands:
- changeto system
- show run context | inc context
register: var_contexts_names
- name: Take backup
asa_config:
context: "{{ item.split(' ')[1] }}"
backup: yes
backup_options:
dir_path: "~./output/
filename: "{{ inventory_hostname }}-{{ item.split(' ')[1] }}.cfg"
loop:
"{{ var_contexts_names.stdout_lines[1] }}"
when:
- ansible_network_os == 'asa'
- asa_multi_context == 'yes'
...
OK, better still, but now lets dynamically determine if an ASA is running in context mode by adding the following task:
- name: Contexts enabled
block:
- name: Get context count
asa_command:
commands:
- show run | inc context
register: var_context
- set_fact:
asa_multi_context: false
- set_fact:
asa_multi_context: true
when: var_context.stdout[0] != ""
when: ansible_network_os = 'asa'
Using the value of asa_multi_context create a conditional branch with backup tests for ASAs with and without contexts:
---
- name: ASA context backup
hosts:
all
connection: network_cli
gather_facts: no
strategy: linear
tasks:
- name: ASA block
block:
- name: Contexts
block:
- name: Get context
asa_command:
commands:
- show run | inc context
register: var_context
- set_fact:
asa_multi_context: no
- set_fact:
asa_multi_context: yes
when: var_context.stdout[0] != ""
- name: Contexts present
block:
- name: Discover contexts
asa_command:
commands:
- changeto system
- show run context | inc context
register: var_contexts_names
- name: Take backup
asa_config:
context: "{{ item.split(' ')[1] }}"
backup: yes
backup_options:
dir_path: "~./output/"
filename: "{{ inventory_hostname }}-{{ item.split(' ')[1] }}.cfg"
loop:
"{{ var_contexts_names.stdout_lines[1] }}"
when: asa_multi_context == true
- name: No contexts present
asa_config:
backup: yes
backup_options:
dir_path: "~./output/"
filename: "{{ inventory_hostname }}.cfg"
when: asa_multi_context == false
when: ansible_network_os == 'asa'
...
This playbook now allows for a simpler inventory file:
[fw:vars]
ansible_network_os=asa
ansible_python_interpreter=auto_silent
[fw]
asa001 ansible_host=192.168.252.1
asa002 ansible_host=192.168.252.2
need to add an ending ” on all the lines with dir_path: “~./output/
LikeLike
Cheers, hadn’t noticed the missing quote in all this time! Hope the playbook was useful once you fixed it!
LikeLike