SUMMARY

I would open the issue on the cisco.ios collection but I am thinking this will end up a documentation bug as we make the leap to libssh....

Basically we are now hitting a paramiko security issue

The issue is here: ansible/workshops#1604

I have tested with paramiko 2.10.1 and 2.10.3

➜  ~ pip3 show paramiko
Name: paramiko
Version: 2.10.3
Summary: SSH2 protocol library
Home-page: https://paramiko.org
Author: Jeff Forcier
Author-email: [email protected]
License: LGPL
Location: /usr/local/lib/python3.9/site-packages
Requires: bcrypt, cryptography, pynacl, six
Required-by:
➜  ~ ansible --version
ansible [core 2.11.2]
  config file = /Users/sean/.ansible.cfg
  configured module search path = ['/Users/sean/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /Users/sean/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.9 (main, Nov 21 2021, 03:23:42) [Clang 13.0.0 (clang-1300.0.29.3)]
  jinja version = 3.0.1
  libyaml = True

I am getting connection problems with Cisco IOS only... whereas paramiko 2.8.1 works fine. Arista EOS works on 2.8.1, 2.10.1 and 2.10.3

We either need to
A) figure out a workaround and a non-security bugged paramiko version that we can tell customers
or
B) move customers to libssh....

I think in either case... this is probably more documentation than bug? I am not sure... I did notice the network_ee is also pegged at 2.8.1 before I opened this issue...

ISSUE TYPE

• Bug Report

COMPONENT NAME

connection: network_cli
with
ansible_network_os. cisco.ios.ios

ANSIBLE VERSION

2.11.2

COLLECTION VERSION

# /Users/sean/.ansible/collections/ansible_collections
Collection                          Version
----------------------------------- -------
amazon.aws                          3.1.1
ansible.netcommon                   2.0.2
ansible.network                     1.2.0
ansible.posix                       1.3.0
ansible.product_demos               1.2.13
ansible.utils                       2.5.2
ansible.windows                     1.9.0
ansible.workshops                   1.0.11
arista.eos                          2.1.2
awx.awx                             19.4.0
azure.azcollection                  1.12.0
chocolatey.chocolatey               1.2.0
cisco.ios                           2.0.1
cisco.iosxr                         2.8.1
cisco.nxos                          2.9.0
community.aws                       3.1.0
community.crypto                    2.2.3
community.general                   4.5.0
community.mysql                     3.1.1
community.windows                   1.9.0
containers.podman                   1.9.1
f5networks.f5_modules               1.15.0
frr.frr                             1.0.3
junipernetworks.junos               2.1.0
openvswitch.openvswitch             2.1.0
redhat_cop.controller_configuration 2.1.1
redhat_cop.tower_utilities          2.0.1
vyos.vyos                           2.8.0

CONFIGURATION

DEFAULT_STDOUT_CALLBACK(/Users/sean/.ansible.cfg) = yaml
GALAXY_SERVER_LIST(/Users/sean/.ansible.cfg) = ['release_galaxy']
HOST_KEY_CHECKING(/Users/sean/.ansible.cfg) = False

OS / ENVIRONMENT

Mac OS

STEPS TO REPRODUCE

just try to connect to a Cisco IOS box, the one I have is Cisco IOS Software [Fuji], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.9.2, RELEASE SOFTWARE (fc4)

EXPECTED RESULTS

connection occurs...

ACTUAL RESULTS

no connection

Proposal:

GRPC connection plugin to interact with network devices that support gRPC
Author: Gomathi Selvi Srinivasan (@GomathiselviS)

Date: 2021/05/20

• Status: New
• Proposal type:
• Targeted Release:
• Associated PR:
• Estimated time to implement: 6 weeks

Motivation

Describe the reasons for this proposal.
Provide GRPC modules to interact with devices that have gRPC services enabled.

Problems

• As a user, I want to connect to any gRPC enabled remote device and fetch configuration from running/ startup datastore based on device capability.
• As a user, I want to connect to any gRPC enabled remote device and fetch operational state data
• As a user, I want to connect to any gRPC enabled remote device and edit the configuration running/candidate datastore based on device capability.
• As a user, I want to connect to any gRPC enabled remote device and call methods supported by the remote device directly on the device
• As a user, I want to connect to any gRPC enabled remote device and take a back up of the current configuration on the device.

Solution proposal

• grpc_get module:
  The module fetches configuration and state data from a remote gRPC enabled target host.
  Options:

1. section: This argument specifies the string which acts as a filter to restrict the portions of the data to be are retrieved from remote device. If this option is not specified the entire configuration or state data is returned in response provided it is supported by the target host.
2. command: The option specifies the command to be executed on the target host and returns the response in the result. This option is supported if the gRPC target host supports executing the CLI command over the gRPC connection.
3. display: This argument specifies an encoding scheme to use when serializing output from the device. The encoding scheme value depends on the capability of the gRPC server running on the target host. The values can be I(json), I(text) etc.
4. data_type: This argument specifies the type of data that should be fetched from the target host. The value depends on the capability of the gRPC server running on the target host. The values can be I(config), I(oper) etc. based on what is supported by the gRPC server. By default, it will return both configuration and operational state data in response.

• grpc_config module:
  The module will be used to edit the configuration, copy the configuration from one datastore to another or delete a complete configuration datastore on a remote gRPC enabled host.
  Options:
  1. config: This option specifies the string which acts as a filter to restrict the portions of the data to be retrieved from the target host device. If this option is not specified the entire configuration or state data is returned in response provided it is supported by the target host.
  2. state: The operation that needs to be performed on the candidate datastore. Valid values are merged, replaced, and deleted. The default value is merged. merged: If the value is merged the configuration data in the config option is merged with the configuration at the corresponding level in the target datastore. If the value is replaced the configuration data in the config option completely replaces the configuration in the target datastore. If the value is deleted the configuration data in the config option is deleted.
  3. backup: This argument will cause the module to create a full backup of the current C(running-config) from the remote device before any changes are made. If the C(backup_options) value is not given, the backup file is written to the C(backup) folder in the playbook root directory or role root directory, if playbook is part of an ansible role. If the directory does not exist, it is created.
  4. backup_options:: This is a dict object containing configurable options related to backup file path. The value of this option is read only when C(backup) is set to I(yes), if C(backup) is set to I(no) this option will be silently ignored.

- name: run cli command
  grpc_get:
    command: 'show version'
    display: text

- name: Get bgp configuration data
  grpc_get:
    section:  '{"Cisco-IOS-XR-ipv4-bgp-cfg:bgp": [null]}'

- name: Get configuration JSON format over secure TLS channel
  grpc_get:
    display: json
    data: config
  vars:
    ansible_root_certificates_file: /home/username/ems.pem
    ansible_grpc_channel_options:
      'grpc.ssl_target_name_override': 'ems.cisco.com'

 - name: Merge static route config
    ansible.netcommon.grpc_config:
      config:
        Cisco-IOS-XR-ip-static-cfg:router-static:
          default-vrf:
            address-family:
              vrfipv4:
                vrf-unicast:
                  vrf-prefixes:
                    vrf-prefix:
                      - prefix: "1.2.3.6"
                        prefix-length: 32
                        vrf-route:
                          vrf-next-hop-table:
                            vrf-next-hop-next-hop-address:
                              - next-hop-address: "10.0.2.2"

      state: merged

- name: Find diff
    diff: True
    ansible.netcommon.grpc_config:
      config: "{{ lookup('file', 'bgp_start.yml')  }}"
      state: merged

  - name: Backup running config
    ansible.netcommon.grpc_config:
       backup: yes

- name: Replace bgp config
    ansible.netcommon.grpc_config:
      config: "{{ lookup('file', 'bgp.yml')  }}"
      state: replaced

- name: Delete bgp config
    ansible.netcommon.grpc_config:
      config: "{{ lookup('file', 'bgp.yml')  }}"
      state: deleted

Testing (optional)

• Add integration and unit test for grpc_config module.
• Add integration and unit test for grpc_get module.

Documentation (optional)

• Update module documentation for grpc_get, grpc_config

SUMMARY

To update title section of changlog/config.yaml. ref: Title

ISSUE TYPE

• Documentation Report

COMPONENT NAME

ANSIBLE VERSION

Summary

The proposal is to add an Ansible collection for vendor agnostic plugins that allows interacting with SNMP-enabled devices for querying and setting values.

The initial work has already been added to this repository. Please have a look at the README for more details.

Available Plugins

Connection Plugins

• ansible.snmp.v1
• ansible.snmp.v2c
• ansible.snmp.v3usm
• ansible.snmp.v3tls (TO-DO)

Modules

• ansible.snmp.get
• ansible.snmp.walk
• ansible.snmp.set

Dependency

This collection leverages the netsnmp package and it's corresponding Python bindings net-snmp-python.
Steps to install and setup have been explained in this section of the README.

A sample playbook and inventory file has been added in https://github.com/ansible-network/ansible.snmp/tree/main/playbooks.

Proposal:

Add support for a config validation plugin that evaluates network configurations against a predefined set of rules and renders warnings/failures based on the outcome of the validation task. This is aimed to precede *_config tasks in a playbook and would allow us to catch potential errors in the candidate config before the succeeding tasks make configuration changes on the target. The rule set(s) are expected to be implemented by the users based on their exact needs and target platforms.

• Status: New
• Proposal type: Action Plugin
• Targeted Release:
• Associated PR:

Motivation

Describe the reasons for this proposal.
Have the ability to determine the "correctness" of the configuration to be pushed and ensure a more predictable outcome from the *_config modules.

Problems

As a user of the *_config modules:

• I want to ensure that the candidate configuration is properly linted to minimize idempotence issues.
• I want to ensure that every candidate configuration pushed to the target device is in terms with a rule set.

Solution proposal

Playbook:

- hosts: sw01
  gather_facts: no
  tasks:
  - name: Validate candidate config against a pre-defined set of rules
    ansible.utils.validate_config:
      config: "{{ lookup('file', 'candidate.cfg') }}"
      rules: "{{ role_path }}/rules/rules.yaml"

candidate.cfg:

interface Eth1/1
  description test-description-too-long
  no switchport

interface Ethernet1/2
  description intf-2

interface port-channel1
  description po-1

interface po2.1
  description po2

interface Loopback 10
  description lo10

rules.yaml:

---
- name: 1. Interface description should not be more than 8 chars
  example: "Matches description this-is-a-long-description"
  rule: 'description\s(.{9,})'
  action: warn

- name: Ethernet interface names should be in format Ethernet[Slot/chassis number].[sub-intf number (optional)]
  example: "Matches interface Eth1/1, interface Eth 1/1, interface Ethernet 1/1, interface Ethernet 1/1.100"
  rule: 'interface\sE(?!\w{7}\d/\d(.\d+)?)'
  action: fail

- name: Ethernet interface names should be in format Ethernet[Slot/chassis number].[sub-intf number (optional)]
  example: "Matches interface eth1/1, interface eth 1/1, interface ethernet 1/1, interface ethernet 1/1.100"
  rule: 'interface\se(?!\w{7}\d/\d(.\d+)?)'
  action: fail

- name: Loopback interface names should be in format loopback[Virtual Interface Number]
  example: "Matches interface Lo10, interface Loopback 10"
  rule: 'interface\sl(?!\w{7}\d)'
  action: fail

- name: Loopback interface names should be in format loopback[Virtual Interface Number]
  example: "Matches interface lo10, interface loopback 10"
  rule: 'interface\sL(?!\w{7}\d)'
  action: fail

- name: Port Channel names should be in format port-channel[Port Channel number].[sub-intf number (optional)]
  example: "Matches interface port-channel 10, interface po10, interface port-channel 10.1"
  rule: 'interface\sp(?!\w{3}-\w{7}\d(.\d+)?)'
  action: fail

- name: Port Channel names should be in format port-channel[Port Channel number].[sub-intf number (optional)]
  example: "Matches interface Port-channel 10, interface Po10, interface Port-channel 10.1"
  rule: 'interface\sP(?!\w{3}-\w{7}\d(.\d+)?)'
  action: fail

Result:

result: {
  failures: [
    {
        "name": Ethernet interface names should be in format Ethernet[Slot/chassis number].[sub-intf number (optional)],
        "rule": 'interface\sE(?!\w{7}\d/\d(.\d+)?)',
        "config_line": "interface Eth1/1",
    },
    {
        "name": Port Channel names should be in format port-channel[Port Channel number].[sub-intf number (optional)],
        "rule": 'interface\sp(?!\w{3}-\w{7}\d(.\d+)?)',
        "config_line": "interface po2.1",
    },
    {
        "name": Loopback interface names should be in format loopback[Virtual Interface Number],
        "rule": 'interface\sL(?!\w{7}\d)',
        "config_line": "interface Loopback 10",
    },
  ],
  warnings: [
    {
        "name": "Interface description should not be more than 8 chars",
        "rule": "description\s(.{9,})",
        "config_line": "description test-description-too-long", 
    },
  ]
}

SUMMARY

ansible-collections/overview#45 (comment)

If irrelevant, feel free to close the issue

SUMMARY

Need to update changlog/config.yaml title section, ref: title

ISSUE TYPE

• Documentation Report

COMPONENT NAME

ANSIBLE VERSION

Proposal:

Provide a single platform agnostics entry point to manage all the resources supported for given network os.
This will be achieved by implementing a platform-agnostic role ansible.network.network_resource as part of ansible.network collection.

• Status: New
• Proposal type:
• Targeted Release:
• Associated PR: ansible-collections/ansible.netcommon#289

Motivation

Describe the reasons for this proposal.
Provide a single entry point to manage network resource and ease the usage of Ansible network resource modules.

Problems

• As a user, I want to be able to get the list of resource modules supported for a given network os.
• As a user, I want to get the facts for a given resource and store it as host_vars thus enabling the capability to get facts for all the host within the inventory and store facts in a structured format.
• As a user, I want to be able to push the resource config stored as host_vars to the remote host.

Solution proposal

• The role will use a platform-agnostic module ansible.netcommon.network_resource (action plugin) that will provide a single entry point to higher-order roles to manage all the resource modules.

Example usage:

1. Get the list of resource modules for given ansible_network_os

- name: get list of resource modules for given ansible_network_os
  ansible.netcommon.network_resource:
  register: result
  vars:
     ansible_network_os: cisco.ios.ios

2. Fetch ACL resource config for given ansible_network_os

- name: fetch acl resource config
  ansible.netcommon.network_resource:
    name: acls
    state: gathered
  vars:
     ansible_network_os: cisco.ios.ios

3. Push acl resource config for given ansible_network_os

  - name: manage acl config
    ansible.netcommon.network_resource:
      name: acls
      config:
        - afi: ipv4
          acls:
            - name: test_acl
              acl_type: extended
              aces:
                - grant: deny
                  protocol_options:
                    tcp:
                      fin: true
                  source:
                    address: 192.0.2.0
                    wildcard_bits: 0.0.0.255
                  destination:
                    address: 192.0.3.0
                    wildcard_bits: 0.0.0.255
      state: merged
  vars:
     ansible_network_os: cisco.ios.ios

The ansible.network. resource_manager role will support the following functions

• list: The function will take the value of ansible_network_os as input and will return a list of supported resource modules.
• get: The function will take the value of ansible_network_os, the name of the resources (optional) and path to the inventory (optional) as input. This function will fetch the resource facts from the remote host and build the inventory host_vars at runtime.
• configure: The function will take the value of ansible_network_os, the name of the resources (optional) and path to the inventory (optional) as input. This function will then read the host_vars for the given resource from inventory and push it to the remote host. If the name of the resource is not provided in the input it pushes the entire inventory host_vars to the remote host.

Example usage:

1. list function

- hosts: ios
  gather_facts: no
  tasks:
  - name: invoke list fuctnion
    include_role:
      name: ansible.network.resource_manager
      tasks_from: list
    vars:
      ansible_network_os: cisco.ios.ios

2. Get function

- hosts: ios
  gather_facts: no
  tasks:
  - name: invoke get function for all resources
    include_role:
      name: ansible.network.resource_manager
      tasks_from: get
    vars:
      ansible_network_os: cisco.ios.ios
     network_resource_include: [all]       # default value
     network_resource_exclude: []          # default value
     network_resource_inventory_path: "./inventory/host_vars"

3. Configure function

- hosts: ios
  gather_facts: no
  tasks:
  - name: invoke configure function for given resources
    include_role:
      name: ansible.network.resource_manager
      tasks_from: configure
    vars:
      ansible_network_os: cisco.ios.ios
     network_resource_include: ["acls", "interfaces"]
     network_resource_inventory_path: "./inventory/host_vars"

Update README and repo description to better clarify the ansible.network collection is primarily a meta collection, but the inclusion of very generic multi-platform content maybe be considered under some circumstances. Plugins should be located in different, dependent collections. Content inclusion will be at the discretion of the collection maintainers with ongoing operational
overhead and supportability both considered.

Ansible Contributor Summit

We are happy to announce that the registration for the Ansible Contributor Summit is open!

Why

• This is a great opportunity for interested people to meet, discuss related topics, share their stories and opinions, get the latest important updates and just to hang out together.

• There will be different announcements & presentations by Community, Core, Cloud, Network, and other teams.

• Current contributors will be happy to share their stories and experience with newcomers.

• There will be links to interactive self-passed instruqt scenarios shared during the event that help newcomers learn different aspects of development.

Where/when

Online on Matrix and Youtube. Tuesday, April 12, 2022, 12:00 - 20:00 UTC.

How to join

• Add the event to your calendar. Use the ical URL (for example, in Google Calendar "Add other calendars" > "Import from URL") instead of importing the .ics file so that any updates to the event will be reflected in your calendar.

• Check out the Summit page:

  • Add you name to attendees.
  • Suggest summit topics that would be interesting to you to hear about.
  • Vote on and propose changes to topics suggested by others.
  • If you want to be a presenter, please contact the Ansible Community team via [email protected].

We are looking forward to seeing you!:)

Proposal:

network.base application acts as core for other validated content, as it provides the platform agnostic role called Resource Manager.This role provides a single platform-agnostics entry point to manage all the resources supported for a given network OS.
Author: Rohit Thakur (@rohitthakur2590)

Date: 2022/06/21

• Status: New
• Proposal type: Validated Content
• Targeted Release:
• Associated PR: https://github.com/ansible-network/network.base
• Estimated time to implement: 4 weeks

Motivation

Describe the reasons for this proposal.
Provide Network Base Vaidated Content to act as core for other validated content to acheive platform agnostic resource management.

Problems

• Build Brownfield Inventory: Users want to be able to get the facts for a given resource and store it as host_vars thus enabling the capability to get facts for all the hosts within the inventory and store facts in a structured format which acts as SOT.
• Supported Resource Query: Users want to be able to get the list of resource modules supported for a given network os.
• Gather: Users want to be able to gather the facts for specified network resources.
• Persist: Users want to be able to gather the facts for specified network resources and persist those facts into inventory files as host vars.
• Deploy: Users want to be able to deploy the confguration persisted in terms of host vars on to the appliance.
• Configure: Users want to be able to apply configuration in a normalized manner the way resource module does.

Solution proposal

• resource_manager :
  This platform agnostic role enables the user to create a runtime brownfield inventory with all the configuration in terms of host vars. These host vars are ansible facts which have been gathered through the network resource module.The tasks offered by this role could be observed as below:
  Options:

list.yaml:

---
- hosts: ios
  tasks:
  - name: invoke list function
    include_role:
      name: resource_manager
    vars:
      ansible_network_os: cisco.ios.ios
      action: list

gather.yaml:

---
- hosts: ios
  gather_facts: false
  tasks:
  - name: invoke gather function
    include_role:
      name: resource_manager
    vars:
      action: gather
      ansible_network_os: cisco.ios.ios
      resources:
        - 'interfaces'
        - 'l2_interfaces'
        - 'l3_interfaces'

persist.yaml:

---
- hosts: ios
  tasks:
  - name: invoke persist function
    include_role:
      name: resource_manager
    vars:
      action: persist
      ansible_network_os: cisco.ios.ios
      resources:
        - 'interfaces'
        - 'l2_interfaces'
        - 'l3_interfaces'

deploy.yaml:

---
- hosts: ios
  tasks:
  - name: invoke persist function
    include_role:
      name: resource_manager
    vars:
      action: deploy
      ansible_network_os: cisco.ios.ios
      resources:
        - 'all'

config.yaml:

---
- hosts: ios
  tasks:
  - name: invoke persist function
    include_role:
      name: resource_manager
    vars:
      action: configure
      ansible_network_os: cisco.ios.ios
      config:
        - name: "GigabitEthernet0/0"
          description: "Edited with Configure operation"
      state: merged

Testing (optional)

• Add integration and unit test for resource_manager tasks.
• Add integration and unit test for param_list_compare filter plugin.

Documentation (optional)

• Update module documentation for betwork.base and resource_manager

SUMMARY

Dear maintainers,

This is important for your collections!

• In accordance with the Community decision, we have created the news-for-maintainers repository for announcements of changes impacting collection maintainers (see the examples) instead of Issue 45 that will be closed soon.

  • To keep yourself well-informed and, therefore, things in your collection working, please subscribe to the repository by using the Watch button in the upper right corner on the repository's home page.
  • If you do not want to get notifications about related discussions, please subscribe only to Issues.
  • Please read the brief guidelines on how the repository should be used.
  • Please avoid unnecessary discussions in issues, use the Discussions feature. Every comment posted will notify a lot of folks!

• Also we would like to remind you about the Bullhorn contributor newsletter which has recently started to be released weekly. To learn what it looks like, see the past releases. Please subscribe and talk to the Community via Bullhorn!

• Join us in #ansible-social (for news reporting & chat), #ansible-community (for discussing collection & maintainer topics), and other channels on Matrix/IRC.

• Help the Community and the Steering Committee to make right decisions by taking part in discussing and voting on the Community Topics that impact the whole project and the collections in particular. Your opinion there will be much appreciated!

Thank you!

I have been seeing this issue with nxos_config module. I don't know what the cause is and how to solve it.

use case/example:

- name: Delete IP block 
  nxos_config:
    lines: "no ip prefix-list PLIST-XX1"
    save_when: always
  register: ip_delete_result
  until: ip_delete_result is succeeded
  retries: 3

Error:
fatal: [clf01-r03]: FAILED! => {"attempts": 3, "changed": false, "msg": "Socket is closed"}

Originally posted by @ashish-k-panigrahy in ansible-collections/ansible.netcommon#202 (comment)

SUMMARY

We need the description of the meta collection to be there on README

• What it is
• What all the collections it will install
• Example of installation
• List the collections installed part of this as part of example
• Benefit of the collection

Also the title of the README should be just "Ansible Network Meta Collection" and not "Ansible Network Collection for network and IP utilities that are not specific to any platform or OS, or that interact with any platform os."

ISSUE TYPE

• Documentation Report

Proposal:

• Validated content network.bgp enables the users to perform supported health_checks on bgp establishment.
• Enables the user to manage the BGP resources independent of platforms, so users can manage and configure BGP routes with operations like gather, deploy and persist, config.

Author: Rohit Thakur (@rohitthakur2590)

Date: 2022/06/21

• Status: New
• Proposal type: Validated Content
• Targeted Release:
• Associated PR: redhat-cop/network.bgp#1
• Estimated time to implement: 4 weeks

Motivation

Describe the reasons for this proposal.
Provide Network BGP Vaidated Content to perform BGP health checks and manage BGP resources.

Problems

• Build Brownfield Inventory: Users want to be able to get the facts for BGP resources and store it as host_vars thus enabling the capability to get facts for all the hosts within the inventory and store facts in a structured format which acts as SOT.
• BGP Resource Management: Users want to be able to manage the BGP global and BGP address family configurations.This also includes the enablement of gathering facts, updating BGP resource host-vars and deploying config onto the appliance.
• BGP Health Checks:: Users want to be able to perform health checks for BGP applications.These health checks should be able to provide the BGP neighborship status with necessary details.

Solution proposal

• ansible.bgp.run :

• This platform agnostic role enables the user to perform BGP health checks.Users can perfrom following health checks:
  • all_neigbors_up
  • all_neighbors_down
  • min_neighbors_up
• This role enables users to create a runtime brownfield inventory with all the BGP configuration in terms of host vars. These host vars are ansible facts which have been gathered through the *_bgp_global and *_bgp_address_family network resource module.The tasks offered by this role could be observed as below:
  Options:

health_checks.yaml:

---
- hosts: junos
  tasks:
  - name: BGP Manager
    include_role:
      name: ansible.bgp.run
    vars:
      actions:
        - name: health_check
          vars:
            details: True
            checks:
              - name: all_neighbors_up
              - name: all_neighbors_down
              - name: min_neighbors_up
                min_count: 

bgp_persist.yaml:

---
- hosts: junos
  tasks:
  - name: BGP Manager
    include_role:
      name: ansible.bgp.run
    vars:
      actions:
        - name: persist

bgp_persist.yaml:

---
- hosts: junos
  tasks:
  - name: BGP Manager
    include_role:
      name: ansible.bgp.run
    vars:
      actions:
        - name: gather

bgp_persist.yaml:

---
- hosts: junos
  tasks:
  - name: BGP Manager
    include_role:
      name: ansible.bgp.run
    vars:
      actions:
        - name: deploy