Deploy Configurations
deploy CommandΒΆ
Deploy configurations to Arista EOS devices via eAPI with validation and diff support.
SynopsisΒΆ
Common OptionsΒΆ
| Option | Short | Type | Default | Description |
|---|---|---|---|---|
--inventory-path |
-i |
Path | Required | Path to Ansible inventory directory |
--configs-path |
-c |
Path | Auto | Path to configuration files (default: <inventory>/intended/configs) |
--dry-run |
Flag | false |
Preview changes without applying them | |
--diff |
Flag | false |
Display full configuration differences | |
--verify-ssl |
Flag | false |
Enable SSL certificate verification | |
--limit |
-l |
Text | All | Filter devices by hostname or group patterns (repeatable, supports wildcards) |
--limit-to-groups |
Text | All | Deprecated. Use --limit instead. Deploy to specific groups |
|
--verbose |
-v |
Flag | false |
Show detailed deployment progress |
See Environment Variables for configuration via environment variables.
Required variables in your inventory:
ansible_user- Username for eAPI authenticationansible_password- Password for eAPI authentication
Variable precedence:
- Host-level variables (highest priority)
- Group-level variables
Quick StartΒΆ
Basic DeploymentΒΆ
Deploy all configurations with validation:
Preview Changes (Recommended)ΒΆ
Always preview changes before applying:
Production DeploymentΒΆ
Deploy with SSL verification enabled:
Key FeaturesΒΆ
π Dry-Run ModeΒΆ
Preview configuration changes without modifying devices.
What happens:
- β Connects to devices
- β Generates configuration diffs
- β Validates configurations
- β Does NOT apply changes
Best Practice
Always run with --dry-run first to validate changes before live deployment.
π Configuration DiffΒΆ
Display detailed configuration differences:
Output example:
spine-1:
--- running-config
+++ intended-config
@@ -10,7 +10,7 @@
hostname spine-1
!
interface Ethernet1
- description old description
+ description new description
no switchport
Note
Diff statistics (lines added/removed) are always shown in the status table. The --diff flag displays the full unified diff for each device.
π SSL VerificationΒΆ
Enable SSL certificate verification for secure production deployments:
Advanced OptionsΒΆ
| Option | Type | Default | Description |
|---|---|---|---|
--no-session |
Flag | false |
Skip config session validation (faster but riskier) |
--max-concurrent |
Integer | 10 | Maximum concurrent device deployments |
--timeout |
Integer | 30 | Connection timeout in seconds |
Deployment WorkflowΒΆ
The deployment process follows these steps:
- Load Inventory: Parse Ansible inventory to discover devices and credentials
- Load Configurations: Read device configuration files from configs directory
- Connect: Establish eAPI connections to target devices
- Validate: Apply configs in a temporary session for validation (default)
- Deploy: Commit validated configurations to devices
- Report: Display results with diff statistics and errors
Configuration ValidationΒΆ
Default Mode (Recommended)ΒΆ
By default, configurations are validated using EOS config sessions before being applied:
How it works:
- Creates temporary config session
- Applies configuration to session
- Validates syntax and semantics
- Commits if valid, automatically rolls back if invalid
Recommended for Production
Config session validation provides safety and automatic rollback.
Fast Mode (Lab Only)ΒΆ
Skip validation for faster deployment in lab environments:
Use with Caution
- No validation performed
- No automatic rollback
- Invalid config can disrupt device operation
- Only use in lab environments
CredentialsΒΆ
Credentials are extracted from Ansible inventory variables:
all:
children:
spines:
vars:
ansible_user: admin
ansible_password: admin123
hosts:
spine-1:
ansible_host: 192.168.0.10
Usage ExamplesΒΆ
Selective DeploymentΒΆ
The --limit option supports flexible device filtering for phased rollouts:
- Group names:
SPINES,LEAFS,BORDER_LEAFS - Hostname patterns:
spine*,leaf-[12]*,border-? - Exact hostnames:
spine-01,leaf-1a
Wildcard patterns:
*- Matches any characters:spine*matchesspine-01,spine-02,spineA?- Matches single character:leaf-?matchesleaf-1,leaf-a[...]- Matches character set:leaf-[12]amatchesleaf-1a,leaf-2a
Examples:
# Deploy to specific group
avd-cli deploy eos -i ./inventory -l spines --dry-run
avd-cli deploy eos -i ./inventory -l spines
# Deploy to devices matching pattern
avd-cli deploy eos -i ./inventory -l "spine*"
# Deploy to specific devices
avd-cli deploy eos -i ./inventory -l spine-01 -l spine-02
# Mix hostname and group filters
avd-cli deploy eos -i ./inventory -l "spine*" -l BORDER_LEAFS
# Phased rollout
avd-cli deploy eos -i ./inventory -l spines --dry-run
avd-cli deploy eos -i ./inventory -l spines
avd-cli deploy eos -i ./inventory -l leafs --dry-run
avd-cli deploy eos -i ./inventory -l leafs
Deployment Filtering
Unlike generation, deployment filtering affects which devices receive configuration pushes via eAPI. Only devices matching the filter patterns will be contacted.
Custom Configuration PathΒΆ
Use a custom configuration directory:
Configuration files must be named <hostname>.cfg.
High Concurrency DeploymentΒΆ
Deploy to many devices simultaneously:
Extended TimeoutΒΆ
Increase timeout for slow networks or large configurations:
OutputΒΆ
Deployment PlanΒΆ
Deployment Plan (live deployment)
Mode: merge
Targets: 4 devices
Concurrency: 10
Credentials: admin / ********
β Ό Deploying to 4 devices...
Results TableΒΆ
Deployment Status
ββββββββββββββ¬βββββββββββ¬βββββββββββ¬βββββββββββββ¬βββββββββββββββββββββββββ
β Hostname β Status β Duration β Diff (+/-) β Error β
ββββββββββββββΌβββββββββββΌβββββββββββΌβββββββββββββΌβββββββββββββββββββββββββ€
β spine-1 β success β 2.34s β +15 / -3 β β
β spine-2 β success β 1.89s β +45 / -10 β β
β leaf-1 β success β 3.12s β +12 / -2 β β
β leaf-2 β failed β 5.00s β - β Connection timeout β
ββββββββββββββ΄βββββββββββ΄βββββββββββ΄βββββββββββββ΄βββββββββββββββββββββββββ
Summary:
β Success: 3
β Failed: 1
β 1 deployment(s) failed
Columns:
- Status:
success,failed, orskipped - Duration: Time taken for deployment
- Diff (Β±): Configuration changes (additions in green, deletions in red)
- Error: Failure reason if applicable
Full Diff Output (βdiff)ΒΆ
With --diff flag, view complete configuration changes:
spine-1:
--- running-config
+++ intended-config
@@ -10,7 +10,7 @@
hostname spine-1
!
interface Ethernet1
- description old description
+ description new description
no switchport
Exit CodesΒΆ
| Code | Description |
|---|---|
| 0 | All deployments successful |
| 1 | One or more deployments failed |
Best PracticesΒΆ
1. Always Dry-Run First
Preview changes before applying:
2. Incremental Deployment
Deploy to groups or patterns separately:
3. Version Control
Commit configurations before deployment:
4. Test in Lab First
Validate in non-production environment:
5. Backup Configurations
Always backup before major changes:
6. Use Config Session Validation
Enable validation for production (default):
7. Adjust Timeouts
Set appropriate timeouts based on network:
- Lab/Fast: 30s (default)
- Production/WAN: 60-120s
- Large configs: 120s+
8. Secure Credentials
Use Ansible Vault for sensitive data:
9. Limit Concurrency
Donβt overwhelm production devices:
CI/CD IntegrationΒΆ
GitHub ActionsΒΆ
name: Deploy Configurations
on:
push:
branches: [main]
paths: ['inventory/intended/configs/**']
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install avd-cli
run: pip install avd-cli
- name: Dry-run
run: avd-cli deploy eos -i ./inventory --dry-run --diff
- name: Deploy
if: github.ref == 'refs/heads/main'
run: avd-cli deploy eos -i ./inventory --verify-ssl
GitLab CIΒΆ
deploy:
stage: deploy
script:
- pip install avd-cli
- avd-cli deploy eos -i ./inventory --dry-run --diff
- avd-cli deploy eos -i ./inventory --verify-ssl
only:
- main
changes:
- inventory/intended/configs/**
See AlsoΒΆ
- generate Command - Generate configurations before deployment
- validate Command - Validate inventory structure
- Environment Variables - Configuration options
- Workflows - Understanding AVD workflows