You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Implement feature in cisco.ios that would enable trustpoint creation with "enrollment terminal pem" - (does not require SCEP)
ISSUE TYPE
Currently when using ios_command to attempt to create a trustpoint with "enrollment terminal pem", you can use prompt:answer to get into config mode and then "authenticate" the trustpoint, after which you can provide the certificate as a second answer, but Cisco interpretes what it is provided by Ansible as a string with \n's for line breaks which it doesn't understand. crypto pki authenticate pem_test
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
You would paste this in if doing it manually
-----BEGIN CERTIFICATE-----
MIIDfTCCAmWgAwIBAgIQes7tJu7l8IRGgomMEurtqzANBgkqhkiG9w0BAQsFADBR
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFzAVBgoJkiaJk/IsZAEZFgdhbnNpYmxl
MR8wHQYDVQQDExZhbnNpYmxlLVdJTkFEU0VSVkVSLUNBMB4XDTI0MDIxMjE4NDEw
.....
2L44U/dqJyUphP4TNqoHpXNEM0IvvafdsgawvmDQxdVwfxwPOO5qH4TP1pwBfeaR
pygpGjaxsloJn4otgbkzA3wreYFkUJ2WFU1VCcpldvNVApXjIedc5Hbb9IU4Q8AE
R8Ggz8AGqb892aUXDkZKjpcwtJgvV14VoUPTN2O5xqn0fQ2CUJB+iSL6DmUE63gv
GLf1NxQwQASzBHBKaxNnktP3v/J6yV7IKejDaEQSdkC14TA9Em/RgU6yQ6rEHfnS
wTYDbzZDQrU/FjzM9SkZRnrIfmOe58sRbNH03hUX3sk0
-----END CERTIFICATE-----
COMPONENT NAME
Two potential ideas are to implement ios_trustpoint as a resource module, or by changing the prompt:answer capability in ios_command from1:1 to 1:many.
ADDITIONAL INFORMATION
The feature would enable managing cisco trustpoints without requiring SCEP.
SUMMARY
Implement feature in cisco.ios that would enable trustpoint creation with "enrollment terminal pem" - (does not require SCEP)
ISSUE TYPE
Currently when using ios_command to attempt to create a trustpoint with "enrollment terminal pem", you can use prompt:answer to get into config mode and then "authenticate" the trustpoint, after which you can provide the certificate as a second answer, but Cisco interpretes what it is provided by Ansible as a string with \n's for line breaks which it doesn't understand.
crypto pki authenticate pem_test
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
You would paste this in if doing it manually
-----BEGIN CERTIFICATE-----
MIIDfTCCAmWgAwIBAgIQes7tJu7l8IRGgomMEurtqzANBgkqhkiG9w0BAQsFADBR
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFzAVBgoJkiaJk/IsZAEZFgdhbnNpYmxl
MR8wHQYDVQQDExZhbnNpYmxlLVdJTkFEU0VSVkVSLUNBMB4XDTI0MDIxMjE4NDEw
.....
2L44U/dqJyUphP4TNqoHpXNEM0IvvafdsgawvmDQxdVwfxwPOO5qH4TP1pwBfeaR
pygpGjaxsloJn4otgbkzA3wreYFkUJ2WFU1VCcpldvNVApXjIedc5Hbb9IU4Q8AE
R8Ggz8AGqb892aUXDkZKjpcwtJgvV14VoUPTN2O5xqn0fQ2CUJB+iSL6DmUE63gv
GLf1NxQwQASzBHBKaxNnktP3v/J6yV7IKejDaEQSdkC14TA9Em/RgU6yQ6rEHfnS
wTYDbzZDQrU/FjzM9SkZRnrIfmOe58sRbNH03hUX3sk0
-----END CERTIFICATE-----
COMPONENT NAME
Two potential ideas are to implement ios_trustpoint as a resource module, or by changing the prompt:answer capability in ios_command from1:1 to 1:many.
ADDITIONAL INFORMATION
The feature would enable managing cisco trustpoints without requiring SCEP.
https://raw.githubusercontent.com/taruch/ansible-network-examples/main/rtr4_pem_test.txt
The text was updated successfully, but these errors were encountered: