• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Network Automation Engineer: Roger Perkin CCIE 50038

CCIE, Wireless, F5, Ansible, AWS, Cloud and data centre to Network Automation - my journey as a network engineer

  • Courses
  • Consulting
  • Contact
  • NETWORK AUTOMATION >Ansible, Python, DevOps etc
    • Ansible for Network Automation
    • Python for Network Automation
  • My CCIE Journey >How I passed the Lab
    • CCIE Blog
    • CCIE Study Plan
  • F5 CertificationF5 Cerfification Cost and Tutorials
    • Cloud
    • VMWare
    • GNS3
    • JUNIPER
  • CiscoPassword Recovery, Software Upgrades
    • Software-Upgrade-Guides
    • Password Recovery
    • WIRELESS
    • Security
      • ISE
    • Cisco Commerce
    • BGP
    • OSPF
    • 4500x
    • NEXUS
    • Windows 10
    • Wireless Console Cable
  • Devnet CertificaitonsDevnet Associate, Specialist & Professional
  • BLOG
    • Contact
    • About Roger
Home >> Network Automation >> Ansible >> Ansible Network Passwords in 2.3

Ansible Network Passwords in 2.3

In Ansible version 2.2 the network credentials were coded into the playbook which made for a bit of a security issue.

This meant anyone with access to the playbook had access to the user credentials.

In version 2.3 that issue has been resolved and all network credentials have been removed from the playbook.

Ansible network credentials in the Playbook

The simple way to add the credentials into an Ansible playbook was like this

 - name: SAVE AND BACKUP CONFIGS
 ntc_save_config:
 local_file={{ filename }}
 platform=cisco_ios_ssh
 host={{ ansible_hostname }}
 username=roger
 password=roger

The username and password were in clear view for anyone with access to see

The next security step was to use group_vars

Within the playbook you specified provider "{{ cli }}"
 tasks:
 - name: show interfaces
 ios_facts:
 gather_subset: "interfaces"
 provider: "{{ cli }}"

This was then referenced in a group_vars folder where in this case a file called ios.yaml contained the credentials.

ansible_device_os: ios

cli: 
 username: "roger" 
 password: "password123"
 host: "{{ inventory_hostname }}"
 transport: cli

In Ansible 2.3 you don’t need any of this and instead specify the username and password at the time of running the playbook.

I have upgraded my Ansible 2.2 to 2.3 so all the playbooks are currently coded using the above standards. I now get this error

[WARNING]: argument username has been deprecated and will be removed in a future version
[WARNING]: argument host has been deprecated and will be removed in a future version
[WARNING]: argument password has been deprecated and will be removed in a future version

So by removing all username and password information from the playbook you now run it with the following command

Ansible Playbook now looks like this

ansible playbook with no network credentials

Run the Playbook with the new command

ansible-playbook <playbook name> -u <username> -k 

This will prompt you to enter the SSH password

ansible network credentials 2.3

This means that the SSH password is no longer stored anywhere in Ansible

It does mean that you have to enter it each time you run the playbook though!

 

Want to learn more about Network Automation?

Network Automation skills are becoming a must for network engineers of the future. Get started and learn the skills you need for the future with my course on Ansible for Network Engineers Today!

Show me more about the network automation course
hp instant ink

Roger Perkin - CCIE #50038 is a Network Automation Engineer & CCIE Consultant based in the UK, currently working for Softcat Plc as a Senior Network & Security Consultant.
Rogers' CCIE Journey | About Roger | Contact | Twitter | Linkedin

Previous Post: « How To Build your own Garden Office from Scratch
Next Post: AnsibleFest London 2017 – Review »

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

About Roger

roger perkin

Roger Perkin, CCIE #50038 is a Senior Network & Security Consultant working for a Cisco Gold Partner in the UK.
He is also an evangelist for Network Automation.

Let’s connect

  • GitHub
  • LinkedIn
  • Twitter
  • YouTube
ccie blueprint popup
Ansible Tutorials for Network Engineers
 

Most Popular Pages

  • Ansible for Network Automation
  • MPLS Configuration Tutorial
  • Cisco 3850 IOS Upgrade
  • Build CCIE Lab with CSR1000V
  • What is Cisco ISE?
  • Route Distinguisher vs Route-Target
  • Folding Laptop Stand Review
  • 19 Best Study Tips
  • Best Vertical Mouse
  • Is CCIE still worth it in 2019?
  • OSPF LSA Types
  • How to clean your computer screen and keyboard
network eyes banner
the ccie blueprint network automation course

Looking for Ansible Network Automation Training?


Learn how to install Ansible, write your first playbook and start automating your network today.


Check out my Ansible Network Automation Training
  • How to Become a Network Engineer
  • Ansible for Network Engineers
  • Check CCIE Status
  • MPLS Configuration Step by Step

The Author

roger perkin ccie network automation engineer
Roger Perkin, (CCIE #50038) is a Senior Network & Security Consultant.
Currently working for Softcat plc.
Roger is an evangelist for Network Automation
and is continuing to develop skills in Ansible and the Devops culture.
Contact

Most Visited Pages

Software Upgrade Guides
Wireless Console Cable
Network Automation Tools 
Bose Connect Windows 10
Private VLANs explained
Cisco ISE Overview

Ansible

Where are Ansible Modules stored
Ansible IOS Command Example
Ansile Backup Cisco Config
How to Install Ansible Tower
Ansible Network Automation Training
Resources

Python

Best way to learn Python

Home Office

Best Vertical Mouse
My Standing Desk
Folding Laptop Stand - Roost
How to clean computer screen and keyboard

Personal Development

How to Focus
Disclaimer | Privacy Policy | Copyright rogerperkin.co.uk 2018 | Sitemap