diff --git a/ansible/group_vars/fanout/secrets.yml b/ansible/group_vars/fanout/secrets.yml index 735cd95babc..f1218d53c5d 100644 --- a/ansible/group_vars/fanout/secrets.yml +++ b/ansible/group_vars/fanout/secrets.yml @@ -14,3 +14,6 @@ fanout_network_password: netpassword # Credential for accessing the Linux shell fanout_shell_user: shelladmin fanout_shell_password: shellpassword + +#fanout_tacacs_sonic_user: admin +#fanout_tacacs_sonic_password: password diff --git a/ansible/roles/fanout/tasks/fanout_eos.yml b/ansible/roles/fanout/tasks/fanout_eos.yml index fb06f2996a6..7f5f85a9896 100644 --- a/ansible/roles/fanout/tasks/fanout_eos.yml +++ b/ansible/roles/fanout/tasks/fanout_eos.yml @@ -1,5 +1,14 @@ +- name: set login to tacacs if tacacs is defined + set_fact: ansible_ssh_user={{ fanout_tacacs_eos_user }} ansible_ssh_password={{ fanout_tacacs_eos_password }} + when: > + fanout_tacacs_user is not defined and fanout_tacacs_user is not defined and + fanout_tacacs_eos_user is defined and fanout_tacacs_eos_password is defined + - name: prepare fanout switch admin login info - set_fact: ansible_ssh_user={{ fanout_admin_user }} ansible_ssh_pass={{ fanout_admin_password }} + set_fact: ansible_ssh_user={{ fanout_admin_user }} ansible_ssh_password={{ fanout_admin_password }} + when: > + fanout_tacacs_user is not defined and fanout_tacacs_user is not defined and + fanout_tacacs_eos_user is not defined and fanout_tacacs_eos_password is not defined - name: create persistent shell login file: path=/mnt/flash/rc.eos state=touch diff --git a/ansible/roles/fanout/tasks/fanout_mlnx.yml b/ansible/roles/fanout/tasks/fanout_mlnx.yml index 663b1f76f8f..0f5b2186af7 100644 --- a/ansible/roles/fanout/tasks/fanout_mlnx.yml +++ b/ansible/roles/fanout/tasks/fanout_mlnx.yml @@ -6,8 +6,22 @@ ### specified in this playbook, you would need to come up with your own fanout switch deployment ### playbook ################################################################################################ +- name: set login to tacacs if tacacs is defined + set_fact: ansible_ssh_user={{ fanout_tacacs_mlnx_user }} ansible_ssh_password={{ fanout_tacacs_mlnx_password }} + when: > + fanout_tacacs_user is not defined and fanout_tacacs_user is not defined and + fanout_tacacs_mlnx_user is defined and fanout_tacacs_mlnx_password is defined + tags: always + - name: prepare fanout switch admin login info - set_fact: ansible_ssh_user={{ fanout_mlnx_user }} ansible_ssh_pass={{ fanout_mlnx_password }} peer_hwsku={{device_info[inventory_hostname]['HwSku']}} + set_fact: ansible_ssh_user={{ fanout_mlnx_user }} ansible_ssh_pass={{ fanout_mlnx_password }} + when: > + fanout_tacacs_user is not defined and fanout_tacacs_user is not defined and + fanout_tacacs_mlnx_user is not defined and fanout_tacacs_mlnx_password is not defined + tags: always + +- name: prepare peer hwsku + set_fact: peer_hwsku={{ device_info[inventory_hostname]['HwSku'] }} tags: always ########################################## diff --git a/ansible/roles/fanout/tasks/fanout_sonic.yml b/ansible/roles/fanout/tasks/fanout_sonic.yml index cc628ad2213..a0106e6d0fd 100644 --- a/ansible/roles/fanout/tasks/fanout_sonic.yml +++ b/ansible/roles/fanout/tasks/fanout_sonic.yml @@ -1,7 +1,16 @@ - debug: msg="{{ device_info[inventory_hostname] }}" +- name: set login to tacacs if tacacs is defined + set_fact: ansible_ssh_user={{ fanout_tacacs_sonic_user }} ansible_ssh_password={{ fanout_tacacs_sonic_password }} + when: > + fanout_tacacs_user is not defined and fanout_tacacs_user is not defined and + fanout_tacacs_sonic_user is defined and fanout_tacacs_sonic_password is defined + - name: prepare fanout switch admin login info set_fact: ansible_ssh_user={{ fanout_sonic_user }} ansible_ssh_password={{ fanout_sonic_password }} + when: > + fanout_tacacs_user is not defined and fanout_tacacs_user is not defined and + fanout_tacacs_sonic_user is not defined and fanout_tacacs_sonic_password is not defined - name: retrieve SONiC version shell: cat /etc/sonic/sonic_version.yml | grep ":" diff --git a/ansible/roles/fanout/tasks/main.yml b/ansible/roles/fanout/tasks/main.yml index 6fba92771be..0d9b436f2e5 100644 --- a/ansible/roles/fanout/tasks/main.yml +++ b/ansible/roles/fanout/tasks/main.yml @@ -13,6 +13,13 @@ - set_fact: sw_type="{{ device_info[inventory_hostname]['Type'] }}" +# fanout_tacacs_user can override fanout_tacacs_sonic_user, +# fanout_tacacs_sonic_user can override fanout_sonic_user +- name: set login info if fanout_tacacs_user and fanout_tacacs_password is defined + set_fact: ansible_ssh_user={{ fanout_tacacs_user }} ansible_ssh_password={{ fanout_tacacs_password }} + when: fanout_tacacs_user is defined and fanout_tacacs_password is defined + tags: always + - set_fact: os='eos' when: os is not defined tags: always