Skip to content

Latest commit

 

History

History
1411 lines (1345 loc) · 53.8 KB

cisco.nxos.nxos_ntp_global_module.rst

File metadata and controls

1411 lines (1345 loc) · 53.8 KB

cisco.nxos.nxos_ntp_global

NTP Global resource module.

Version added: 2.6.0

Synopsis

  • This module manages ntp configuration on devices running Cisco NX-OS.

Parameters

Parameter Choices/Defaults Comments
config
dictionary
A dict of ntp configuration.
access_group
dictionary
NTP access-group.
This option is unsupported on MDS switches.
match_all
boolean
    Choices:
  • no
  • yes
Scan ACLs present in all ntp access groups.
peer
list / elements=dictionary
Access-group peer.
access_list
string
Name of access list.
query_only
list / elements=dictionary
Access-group query-only.
access_list
string
Name of access list.
serve
list / elements=dictionary
Access-group serve.
access_list
string
Name of access list.
serve_only
list / elements=dictionary
Access-group serve-only.
access_list
string
Name of access list.
allow
dictionary
Enable/Disable the packets.
control
dictionary
Control mode packets.
rate_limit
integer
Rate-limit delay.
private
boolean
    Choices:
  • no
  • yes
Enable/Disable Private mode packets.
authenticate
boolean
    Choices:
  • no
  • yes
Enable/Disable authentication.
authentication_keys
list / elements=dictionary
NTP authentication key.
encryption
integer
0 for Clear text
7 for Encrypted
id
integer
Authentication key number (range 1-65535).
key
string
Authentication key.
logging
boolean
    Choices:
  • no
  • yes
Enable/Disable logging of NTPD Events.
master
dictionary
Act as NTP master clock.
This option is unsupported on MDS switches.
stratum
integer
Stratum number.
passive
boolean
    Choices:
  • no
  • yes
NTP passive command.
This option is unsupported on MDS switches.
peers
list / elements=dictionary
NTP Peers.
key_id
integer
Keyid to be used while communicating to this server.
maxpoll
integer
Maximum interval to poll a peer.
Poll interval in secs to a power of 2.
minpoll
integer
Minimum interval to poll a peer.
Poll interval in secs to a power of 2.
peer
string
Hostname/IP address of the NTP Peer.
prefer
boolean
    Choices:
  • no
  • yes
Preferred Server.
vrf
string
Display per-VRF information.
This option is unsupported on MDS switches.

aliases: use_vrf
servers
list / elements=dictionary
NTP servers.
key_id
integer
Keyid to be used while communicating to this server.
maxpoll
integer
Maximum interval to poll a peer.
Poll interval in secs to a power of 2.
minpoll
integer
Minimum interval to poll a peer.
Poll interval in secs to a power of 2.
prefer
boolean
    Choices:
  • no
  • yes
Preferred Server.
server
string
Hostname/IP address of the NTP Peer.
vrf
string
Display per-VRF information.
This option is not applicable for MDS switches.

aliases: use_vrf
source
string
Source of NTP packets.
This option is unsupported on MDS switches.
source_interface
string
Source interface sending NTP packets.
trusted_keys
list / elements=dictionary
NTP trusted-key number.
key_id
integer
Trusted-Key number.
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the NX-OS device by executing the command show running-config ntp.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • merged ←
  • replaced
  • overridden
  • deleted
  • parsed
  • gathered
  • rendered
The state the configuration should be left in.
The states replaced and overridden have identical behaviour for this module.
Please refer to examples for more details.

Notes

Note

  • Tested against NX-OS 9.3.6 on Cisco Nexus Switches.
  • This module works with connection network_cli and httpapi.
  • Tested against Cisco MDS NX-OS 9.2(2) with connection network_cli.

Examples

# Using merged

# Before state:
# -------------
# nxos-9k-rdo# show running-config ntp
# nxos-9k-rdo#

- name: Merge the provided configuration with the existing running configuration
  cisco.nxos.nxos_ntp_global: &id001
    config:
      access_group:
        peer:
          - access_list: PeerAcl1
        serve:
          - access_list: ServeAcl1
      authenticate: true
      authentication_keys:
        - id: 1001
          key: vagwwtKfkv
          encryption: 7
        - id: 1002
          key: vagwwtKfkvgthz
          encryption: 7
      logging: true
      master:
        stratum: 2
      peers:
        - peer: 192.0.2.1
          key_id: 1
          maxpoll: 15
          minpoll: 5
          vrf: default
        - peer: 192.0.2.2
          key_id: 2
          prefer: true
          vrf: siteA
      servers:
        - server: 198.51.100.1
          key_id: 2
          vrf: default
        - server: 203.0.113.1
          key_id: 1
          vrf: siteB

# Task output
# -------------
#  before: {}
#
#  commands:
#    - "ntp authenticate"
#    - "ntp logging"
#    - "ntp master 2"
#    - "ntp authentication-keys 1001 md5 vagwwtKfkv 7"
#    - "ntp authentication-keys 1002 md5 vagwwtKfkvgthz 7"
#    - "ntp peer 192.0.2.1 use-vrf default key 1 minpoll 5 maxpoll 15"
#    - "ntp peer 192.0.2.2 prefer use-vrf siteA key 2"
#    - "ntp server 198.51.100.1 use-vrf default key 2"
#    - "ntp server 203.0.113.1 use-vrf siteB key 1"
#    - "ntp access-group peer PeerAcl1"
#    - "ntp access-group serve ServeAcl1"
#
#  after:
#    access_group:
#      peer:
#        - access_list: PeerAcl1
#      serve:
#       - access_list: ServeAcl1
#    authenticate: true
#    authentication_keys:
#      - id: 1001
#        key: vagwwtKfkv
#        encryption: 7
#      - id: 1002
#        key: vagwwtKfkvgthz
#        encryption: 7
#    logging: true
#    master:
#     stratum: 2
#    peers:
#      - peer: 192.0.2.1
#        key_id: 1
#        maxpoll: 15
#        minpoll: 5
#        vrf: default
#      - peer: 192.0.2.2
#        key_id: 2
#        prefer: true
#        vrf: siteA
#    servers:
#      - server: 198.51.100.1
#        key_id: 2
#        vrf: default
#      - server: 203.0.113.1
#        key_id: 1
#        vrf: siteB

# After state:
# ------------
# nxos-9k-rdo# show running-config ntp
# ntp authenticate
# ntp logging
# ntp master 2
# ntp authentication-keys 1001 md5 vagwwtKfkv 7
# ntp authentication-keys 1002 md5 vagwwtKfkvgthz 7
# ntp peer 192.0.2.1 use-vrf default key 1 minpoll 5 maxpoll 15
# ntp peer 192.0.2.2 prefer use-vrf siteA key 2
# ntp server 198.51.100.1 use-vrf default key 2
# ntp server 203.0.113.1 use-vrf siteB key 1
# ntp access-group peer PeerAcl1
# ntp access-group serve ServeAcl1

# Using replaced

# Before state:
# ------------
# nxos-9k-rdo# show running-config ntp
# ntp authenticate
# ntp logging
# ntp master 2
# ntp authentication-keys 1001 md5 vagwwtKfkv 7
# ntp authentication-keys 1002 md5 vagwwtKfkvgthz 7
# ntp peer 192.0.2.1 use-vrf default key 1 minpoll 5 maxpoll 15
# ntp peer 192.0.2.2 prefer use-vrf siteA key 2
# ntp server 198.51.100.1 use-vrf default key 2
# ntp server 203.0.113.1 use-vrf siteB key 1
# ntp access-group peer PeerAcl1
# ntp access-group serve ServeAcl1

- name: Replace logging global configurations of listed logging global with provided configurations
  cisco.nxos.nxos_ntp_global:
    config:
      access_group:
        peer:
          - access_list: PeerAcl2
        serve:
          - access_list: ServeAcl2
      logging: true
      master:
        stratum: 2
      peers:
        - peer: 192.0.2.1
          key_id: 1
          maxpoll: 15
          minpoll: 5
          vrf: default
        - peer: 192.0.2.5
          key_id: 2
          prefer: true
          vrf: siteA
      servers:
        - server: 198.51.100.1
          key_id: 2
          vrf: default
    state: replaced

# Task output
# -------------
#  before:
#    access_group:
#      peer:
#        - access_list: PeerAcl1
#      serve:
#       - access_list: ServeAcl1
#    authenticate: true
#    authentication_keys:
#      - id: 1001
#        key: vagwwtKfkv
#        encryption: 7
#      - id: 1002
#        key: vagwwtKfkvgthz
#        encryption: 7
#    logging: true
#    master:
#     stratum: 2
#    peers:
#      - peer: 192.0.2.1
#        key_id: 1
#        maxpoll: 15
#        minpoll: 5
#        vrf: default
#      - peer: 192.0.2.2
#        key_id: 2
#        prefer: true
#        vrf: siteA
#    servers:
#      - server: 198.51.100.1
#        key_id: 2
#        vrf: default
#      - server: 203.0.113.1
#        key_id: 1
#        vrf: siteB
#
#  commands:
#    - "no ntp authenticate"
#    - "no ntp authentication-keys 1001 md5 vagwwtKfkv 7"
#    - "no ntp authentication-keys 1002 md5 vagwwtKfkvgthz 7"
#    - "ntp peer 192.0.2.5 prefer use-vrf siteA key 2"
#    - "no ntp peer 192.0.2.2 prefer use-vrf siteA key 2"
#    - "no ntp server 203.0.113.1 use-vrf siteB key 1"
#    - "ntp access-group peer PeerAcl2"
#    - "no ntp access-group peer PeerAcl1"
#    - "ntp access-group serve ServeAcl2"
#    - "no ntp access-group serve ServeAcl1"
#
#  after:
#    access_group:
#      peer:
#        - access_list: PeerAcl2
#      serve:
#        - access_list: ServeAcl2
#    logging: true
#    master:
#      stratum: 2
#    peers:
#      - peer: 192.0.2.1
#        key_id: 1
#        maxpoll: 15
#        minpoll: 5
#        vrf: default
#      - peer: 192.0.2.5
#        key_id: 2
#        prefer: true
#        vrf: siteA
#    servers:
#      - server: 198.51.100.1
#        key_id: 2
#        vrf: default

# After state:
# ------------
# nxos-9k-rdo# show running-config ntp
# ntp logging
# ntp master 2
# ntp peer 192.0.2.1 use-vrf default key 1 minpoll 5 maxpoll 15
# ntp peer 192.0.2.5 prefer use-vrf siteA key 2
# ntp server 198.51.100.1 use-vrf default key 2
# ntp access-group peer PeerAcl2
# ntp access-group serve ServeAcl2

# Using deleted to delete all logging configurations

# Before state:
# ------------
# nxos-9k-rdo# show running-config ntp

- name: Delete all logging configuration
  cisco.nxos.nxos_ntp_global:
    state: deleted

# Task output
# -------------
#  before:
#    access_group:
#      peer:
#        - access_list: PeerAcl1
#      serve:
#       - access_list: ServeAcl1
#    authenticate: true
#    authentication_keys:
#      - id: 1001
#        key: vagwwtKfkv
#        encryption: 7
#      - id: 1002
#        key: vagwwtKfkvgthz
#        encryption: 7
#    logging: true
#    master:
#     stratum: 2
#    peers:
#      - peer: 192.0.2.1
#        key_id: 1
#        maxpoll: 15
#        minpoll: 5
#        vrf: default
#      - peer: 192.0.2.2
#        key_id: 2
#        prefer: true
#        vrf: siteA
#    servers:
#      - server: 198.51.100.1
#        key_id: 2
#        vrf: default
#      - server: 203.0.113.1
#        key_id: 1
#        vrf: siteB
#
#  commands:
#    - "no ntp authenticate"
#    - "no ntp logging"
#    - "no ntp master 2"
#    - "no ntp authentication-keys 1001 md5 vagwwtKfkv 7"
#    - "no ntp authentication-keys 1002 md5 vagwwtKfkvgthz 7"
#    - "no ntp peer 192.0.2.1 use-vrf default key 1 minpoll 5 maxpoll 15"
#    - "no ntp peer 192.0.2.2 prefer use-vrf siteA key 2"
#    - "no ntp server 198.51.100.1 use-vrf default key 2"
#    - "no ntp server 203.0.113.1 use-vrf siteB key 1"
#    - "no ntp access-group peer PeerAcl1"
#    - "no ntp access-group serve ServeAcl1"
#
#  after: {}

# After state:
# ------------
# nxos-9k-rdo# show running-config ntp
# nxos-9k-rdo#

# Using rendered

- name: Render platform specific configuration lines with state rendered (without connecting to the device)
  cisco.nxos.nxos_ntp_global:
    config:
      access_group:
        peer:
          - access_list: PeerAcl1
        serve:
          - access_list: ServeAcl1
      authenticate: true
      authentication_keys:
        - id: 1001
          key: vagwwtKfkv
          encryption: 7
        - id: 1002
          key: vagwwtKfkvgthz
          encryption: 7
      logging: true
      master:
        stratum: 2
      peers:
        - peer: 192.0.2.1
          key_id: 1
          maxpoll: 15
          minpoll: 5
          vrf: default
        - peer: 192.0.2.2
          key_id: 2
          prefer: true
          vrf: siteA
      servers:
        - server: 198.51.100.1
          key_id: 2
          vrf: default
        - server: 203.0.113.1
          key_id: 1
          vrf: siteB
    state: rendered

# Task Output (redacted)
# -----------------------
#  rendered:
#    - "ntp authenticate"
#    - "ntp logging"
#    - "ntp master 2"
#    - "ntp authentication-keys 1001 md5 vagwwtKfkv 7"
#    - "ntp authentication-keys 1002 md5 vagwwtKfkvgthz 7"
#    - "ntp peer 192.0.2.1 use-vrf default key 1 minpoll 5 maxpoll 15"
#    - "ntp peer 192.0.2.2 prefer use-vrf siteA key 2"
#    - "ntp server 198.51.100.1 use-vrf default key 2"
#    - "ntp server 203.0.113.1 use-vrf siteB key 1"
#    - "ntp access-group peer PeerAcl1"
#    - "ntp access-group serve ServeAcl1"

# Using parsed

# parsed.cfg
# ------------
# ntp authenticate
# ntp logging
# ntp master 2
# ntp authentication-keys 1001 md5 vagwwtKfkv 7
# ntp authentication-keys 1002 md5 vagwwtKfkvgthz 7
# ntp peer 192.0.2.1 use-vrf default key 1 minpoll 5 maxpoll 15
# ntp peer 192.0.2.2 prefer use-vrf siteA key 2
# ntp server 198.51.100.1 use-vrf default key 2
# ntp server 203.0.113.1 use-vrf siteB key 1
# ntp access-group peer PeerAcl1
# ntp access-group serve ServeAcl1

- name: Parse externally provided ntp configuration
  cisco.nxos.nxos_ntp_global:
    running_config: "{{ lookup('file', './fixtures/parsed.cfg') }}"
    state: parsed

# Task output (redacted)
# -----------------------
# parsed:
#    access_group:
#      peer:
#        - access_list: PeerAcl1
#      serve:
#       - access_list: ServeAcl1
#    authenticate: true
#    authentication_keys:
#      - id: 1001
#        key: vagwwtKfkv
#        encryption: 7
#      - id: 1002
#        key: vagwwtKfkvgthz
#        encryption: 7
#    logging: true
#    master:
#     stratum: 2
#    peers:
#      - peer: 192.0.2.1
#        key_id: 1
#        maxpoll: 15
#        minpoll: 5
#        vrf: default
#      - peer: 192.0.2.2
#        key_id: 2
#        prefer: true
#        vrf: siteA
#    servers:
#      - server: 198.51.100.1
#        key_id: 2
#        vrf: default
#      - server: 203.0.113.1
#        key_id: 1
#        vrf: siteB

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
after
dictionary
when changed
The resulting configuration after module execution.

Sample:
This output will always be in the same format as the module argspec.
before
dictionary
when state is merged, replaced, overridden, deleted or purged
The configuration prior to the module execution.

Sample:
This output will always be in the same format as the module argspec.
commands
list
when state is merged, replaced, overridden, deleted or purged
The set of commands pushed to the remote device.

Sample:
['ntp master stratum 2', 'ntp peer 198.51.100.1 use-vrf test maxpoll 7', 'ntp authentication-key 10 md5 wawyhanx2 7', 'ntp access-group peer PeerAcl1', 'ntp access-group peer PeerAcl2', 'ntp access-group query-only QueryAcl1']
gathered
list
when state is gathered
Facts about the network resource gathered from the remote device as structured data.

Sample:
This output will always be in the same format as the module argspec.
parsed
list
when state is parsed
The device native config provided in running_config option parsed into structured data as per module argspec.

Sample:
This output will always be in the same format as the module argspec.
rendered
list
when state is rendered
The provided configuration in the task rendered in device-native format (offline).

Sample:
['ntp master stratum 2', 'ntp peer 198.51.100.1 use-vrf test maxpoll 7', 'ntp authentication-key 10 md5 wawyhanx2 7', 'ntp access-group peer PeerAcl1', 'ntp access-group peer PeerAcl2', 'ntp access-group query-only QueryAcl1']


Status

Authors

  • Nilashish Chakraborty (@NilashishC)