Ansible Network Credentials in 2.3 - Rogers Networking Tutorials

In Ansible version 2.2 the network credentials were coded into the playbook which made for a bit of a security issue.

This meant anyone with access to the playbook had access to the user credentials.

In version 2.3 that issue has been resolved and all network credentials have been removed from the playbook.

Ansible network credentials in the Playbook

The simple way to add the credentials into an Ansible playbook was like this

 - name: SAVE AND BACKUP CONFIGS
 ntc_save_config:
 local_file={{ filename }}
 platform=cisco_ios_ssh
 host={{ ansible_hostname }}
 username=roger
 password=roger

The username and password were in clear view for anyone with access to see

The next security step was to use group_vars

Within the playbook you specified provider "{{ cli }}"
 tasks:
 - name: show interfaces
 ios_facts:
 gather_subset: "interfaces"
 provider: "{{ cli }}"

This was then referenced in a group_vars folder where in this case a file called ios.yaml contained the credentials.

ansible_device_os: ios

cli: 
 username: "roger" 
 password: "password123"
 host: "{{ inventory_hostname }}"
 transport: cli

In Ansible 2.3 you don’t need any of this and instead specify the username and password at the time of running the playbook.

I have upgraded my Ansible 2.2 to 2.3 so all the playbooks are currently coded using the above standards. I now get this error

[WARNING]: argument username has been deprecated and will be removed in a future version
[WARNING]: argument host has been deprecated and will be removed in a future version
[WARNING]: argument password has been deprecated and will be removed in a future version

So by removing all username and password information from the playbook you now run it with the following command