AnsibleでCisco IOSの情報収集 - ios_commands

  • 3
    いいね
  • 0
    コメント

背景

AnsibleでCisco IOSの情報収集 - ios_factsAnsibleでCisco IOSの情報収集 - snmp_factsの続編。今回はios_commandの記録。ios_configはコンフィグモードでの設定がメインであるのに対して、こちらは主にshowコマンド実行とその結果の処理・活用がメイン。

基本的にコマンドの連打と処理は、力技感が否めませんが、Ansibleモジュールを使うとリターンがJSONなので処理・再利用をしやすい。Netconf/YANGやRestconfの実装も進んでいるが、特にサポートが後回しになるローエンドやバージョンアップできない古い装置・ソフトウェアなども等しく使えるのは利点である。ただし、中身(データモデル)は個々の環境に合わせてパースする必要がある(*コマンドの宿命)。
*ただし、コマンド出力を共通データモデルに合わせる取り組みもあるにはある

※ansible.cfgやinventoryの設定は省略。
※環境はこちらと同じなので省略。

Playbookサンプル - ios_command

  • gather_facts: no のサンプルが多いが、yesにするとシステム変数(ansible_date_timeなど)が使える(この例ではファイル名に利用)
  • ファイル名にansible_net_hostnameを使いたいので、ios_factsも実行しておく
  • ios_factsのサブセットは、軽そうなinterfacesに(all, hardware, config, and interfacesから選択)
  • 使いたいansible_net_hostnameは、どのサブセットでもリターンする(よって処理は軽い方が良いと判断)
  • catalyst3850や3650のように、shellのリターンが遅い機種があるため、timeout: 30 を追加(これがないと、Failする場合がある)
ios_command.yml
---
- hosts: ios
  gather_facts: yes 
  connection: local

  tasks:
    - name: ios_facts to get returned values
      ios_facts:
        gather_subset:
          - interfaces
        provider: "{{ cli }}"

    - name: run multiple IOS exec commands
      ios_command:
        commands:
          - show version
          - show run brief
          - show arp
          - show ip route
        provider: "{{ cli }}"
        timeout: 30
      register: result

    - copy:
        content: "{{ result }}"
        dest: "file/{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}{{ ansible_date_time.hour }}{{ ansible_date_time.minute }}{{ ansible_date_time.second }}_{{ ansible_net_hostname }}_VerRunArpRoute.txt"

  vars:
    cli:
      host: "{{ inventory_hostname }}"
      authorize: yes
      username: "{{ ansible_ssh_user }}"
      password: "{{ ansible_ssh_pass }}"
      auth_pass: "{{ enable_pass }}"

実行例

4つのshowコマンドを実行し、ファイルに保存。ファイル名は、日付+ホスト名+テキストで重複しないように。見ながら実行するときはVerboseモード(-vvvvとか)にすると細かく確認できる。

ios_command.yml
[vagrant@localhost ansible]$ ls file/
[vagrant@localhost ansible]$ 
[vagrant@localhost ansible]$ ansible-playbook ios_command.yml 

PLAY [ios] *********************************************************************

TASK [setup] *******************************************************************
ok: [10.71.130.58]

TASK [ios_facts to get returned values] ****************************************
ok: [10.71.130.58]

TASK [run multiple IOS exec commands] ******************************************
ok: [10.71.130.58]

TASK [copy] ********************************************************************
changed: [10.71.130.58]

PLAY RECAP *********************************************************************
10.71.130.58               : ok=4    changed=1    unreachable=0    failed=0   

[vagrant@localhost ansible]$ 
[vagrant@localhost ansible]$ ls file/
20170323083141_CSR-2_VerRunArpRoute.txt
[vagrant@localhost ansible]$ 

ファイル確認

ファイルの中身はJSONであり、以下のとおりキーに対する値がリスト形式。特に、stdout_linesに対する値が、行ごとにリストになっているため、同じ力技でも比較的、欲しい部分が取り出しやすい。(以下のログはjqで整形)

20170323083141_CSR-2_VerRunArpRoute.txt
[vagrant@localhost ansible]$ cat file/20170323083141_CSR-2_VerRunArpRoute.txt | jq .
{
  "stdout_lines": [
    [
      "Cisco IOS XE Software, Version 16.04.01",
      "Cisco IOS Software [Everest], CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.4.1, RELEASE SOFTWARE (fc2)",
      "Technical Support: http://www.********.com/techsupport",
      "Copyright (c) 1986-2016 by Cisco Systems, Inc.",
      "Compiled Sun 27-Nov-16 13:02 by mcpre",
      "",
      "",
      "Cisco IOS-XE software, Copyright (c) 2005-2016 by ******** Systems, Inc.",
      "All rights reserved.  Certain components of Cisco IOS-XE software are",
      "licensed under the GNU General Public License (\"GPL\") Version 2.0.  The",
      "software code licensed under GPL Version 2.0 is free software that comes",
      "with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such",
      "GPL code under the terms of GPL Version 2.0.  For more details, see the",
      "documentation or \"License Notice\" file accompanying the IOS-XE software,",
      "or the applicable URL provided on the flyer accompanying the IOS-XE",
      "software.",
      "",
      "",
      "ROM: IOS-XE ROMMON",
      "",
      "CSR-2 uptime is 3 days, 8 hours, 17 minutes",
      "Uptime for this control processor is 3 days, 8 hours, 19 minutes",
      "System returned to ROM by reload",
      "System image file is \"bootflash:packages.conf\"",
      "Last reload reason: Critical software exception, check bootflash:crashinfo_RP_00_00_20170320-070803-UTC",
      "",
      "",
      "",
      "This product contains cryptographic features and is subject to United",
      "States and local country laws governing import, export, transfer and",
      "use. Delivery of Cisco cryptographic products does not imply",
      "third-party authority to import, export, distribute or use encryption.",
      "Importers, exporters, distributors and users are responsible for",
      "compliance with U.S. and local country laws. By using this product you",
      "agree to comply with applicable laws and regulations. If you are unable",
      "to comply with U.S. and local laws, return this product immediately.",
      "",
      "A summary of U.S. laws governing Cisco cryptographic products may be found at:",
      "http://www.********.com/wwl/export/crypto/tool/stqrg.html",
      "",
      "If you require further assistance please contact us by sending email to",
      "export@********.com.",
      "",
      "License Level: ax",
      "License Type: Default. No valid license found.",
      "Next reload license Level: ax",
      "",
      "******** CSR1000V (VXE) processor (revision VXE) with 2052375K/3075K bytes of memory.",
      "Processor board ID 94A08OEI6IF",
      "3 Gigabit Ethernet interfaces",
      "32768K bytes of non-volatile configuration memory.",
      "3984700K bytes of physical memory.",
      "7774207K bytes of virtual hard disk at bootflash:.",
      "0K bytes of  at webui:.",
      "",
      "Configuration register is 0x2102",
      ""
    ],
    [
      "Building configuration...",
      "",
      "Current configuration : 3354 bytes",
      "!",
      "! Last configuration change at 23:49:11 UTC Wed Mar 22 2017 by ********",
      "!",
      "version 16.4",
      "service timestamps debug datetime msec",
      "service timestamps log datetime msec",
      "no platform punt-keepalive disable-kernel-core",
      "platform console auto",
      "!",
      "hostname CSR-2",
      "!",
      "boot-start-marker",
      "boot-end-marker",
      "!",
      "!",
      "enable secret 5 $1$gi3J$VCM0Q9b3ZbHjDmBPhHG8i1",
      "!",
      "!",
      "transport-map type persistent webui https-webui",
      " secure-server",
      "!",
      "aaa new-model",
      "!",
      "!",
      "aaa authorization exec default local ",
      "!",
      "!",
      "!",
      "!",
      "!",
      "aaa session-id common",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "",
      "",
      "",
      "no ip domain lookup",
      "ip domain name solse.local",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "subscriber templating",
      "!",
      "!",
      "!",
      "!",
      "flow exporter test",
      "!",
      "multilink bundle-name authenticated",
      "!",
      "!",
      "!",
      "!",
      "!",
      "crypto pki trustpoint TP-self-signed-4057790232",
      " enrollment selfsigned",
      " subject-name cn=IOS-Self-Signed-Certificate-4057790232",
      " revocation-check none",
      " rsakeypair TP-self-signed-4057790232",
      "!",
      "!",
      "crypto pki certificate chain TP-self-signed-4057790232",
      " certificate self-signed 01",
      "",
      "",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "license udi pid CSR1000V sn 94A08OEI6IF",
      "license boot level ax",
      "flowspec",
      "diagnostic bootup level minimal",
      "!",
      "spanning-tree extend system-id",
      "netconf-yang ********-odm actions ACL",
      "netconf-yang ********-odm actions BGP",
      "netconf-yang ********-odm actions OSPF",
      "netconf-yang ********-odm actions Archive",
      "netconf-yang ********-odm actions IPRoute",
      "netconf-yang ********-odm actions EFPStats",
      "netconf-yang ********-odm actions IPSLAStats",
      "netconf-yang ********-odm actions Interfaces",
      "netconf-yang ********-odm actions Environment",
      "netconf-yang ********-odm actions FlowMonitor",
      "netconf-yang ********-odm actions MemoryStats",
      "netconf-yang ********-odm actions BFDNeighbors",
      "netconf-yang ********-odm actions BridgeDomain",
      "netconf-yang ********-odm actions CPUProcesses",
      "netconf-yang ********-odm actions LLDPNeighbors",
      "netconf-yang ********-odm actions VirtualService",
      "netconf-yang ********-odm actions MemoryProcesses",
      "netconf-yang ********-odm actions EthernetCFMStats",
      "netconf-yang ********-odm actions MPLSLDPNeighbors",
      "netconf-yang ********-odm actions PlatformSoftware",
      "netconf-yang ********-odm actions MPLSStaticBinding",
      "netconf-yang ********-odm actions MPLSForwardingTable",
      "netconf-yang",
      "!",
      "restconf",
      "!",
      "username admin password 0 Nms12345!",
      "username testuser password 0 C1sco12345",
      "username ******** privilege 15 password 0 ********",
      "!",
      "redundancy",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "! ",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "!",
      "! ",
      "! ",
      "! ",
      "! ",
      "! ",
      "! ",
      "!",
      "!",
      "interface Loopback0",
      " no ip address",
      "!",
      "interface GigabitEthernet1",
      " ip address 10.71.130.58 255.255.248.0",
      " negotiation auto",
      " no mop enabled",
      " no mop sysid",
      "!",
      "interface GigabitEthernet2",
      " no ip address",
      " shutdown",
      " negotiation auto",
      " no mop enabled",
      " no mop sysid",
      "!",
      "interface GigabitEthernet3",
      " no ip address",
      " shutdown",
      " negotiation auto",
      " no mop enabled",
      " no mop sysid",
      "!",
      "!",
      "virtual-service csr_mgmt",
      " ip shared host-interface GigabitEthernet1",
      " activate",
      "!",
      "ip forward-protocol nd",
      "ip http server",
      "ip http authentication local",
      "ip http secure-server",
      "!",
      "ip route 0.0.0.0 0.0.0.0 10.71.135.254",
      "ip ssh rsa keypair-name ssh-key",
      "ip ssh version 2",
      "!",
      "ip access-list extended test-ansible",
      " permit ip host 1.1.1.1 any log",
      " permit ip host 2.2.2.2 any log",
      "!",
      "!",
      "!",
      "snmp-server community NMS_public RO",
      "snmp-server community NMS_private RW",
      "snmp-server community public RO",
      "snmp-server community private RW",
      "!",
      "!",
      "!",
      "!",
      "control-plane",
      "!",
      " !",
      " !",
      " !",
      " !",
      "!",
      "!",
      "!",
      "!",
      "banner motd ^CHello Ansible!^C",
      "!",
      "line con 0",
      " stopbits 1",
      "line vty 0 4",
      " transport input all",
      "!",
      "transport type persistent webui input https-webui",
      "!",
      "netconf ssh",
      "!",
      "!",
      "!",
      "!",
      "!",
      "end",
      ""
    ],
    [
      "Protocol  Address          Age (min)  Hardware Addr   Type   Interface",
      "Internet  10.71.130.56            4   0050.56a2.3c16  ARPA   GigabitEthernet1",
      "Internet  10.71.130.58            -   0050.56a2.6a84  ARPA   GigabitEthernet1",
      "Internet  10.71.133.131         119   f40f.1b56.5317  ARPA   GigabitEthernet1",
      "Internet  10.71.133.173         194   00af.1f46.14b0  ARPA   GigabitEthernet1",
      "Internet  10.71.134.26          107   544a.000e.6a43  ARPA   GigabitEthernet1",
      "Internet  10.71.134.78           73   3c08.f6e4.e345  ARPA   GigabitEthernet1",
      "Internet  10.71.134.212           3   d0d0.fdb1.db39  ARPA   GigabitEthernet1",
      "Internet  10.71.135.254           0   0019.a992.5c40  ARPA   GigabitEthernet1"
    ],
    [
      "Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP",
      "       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area ",
      "       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2",
      "       E1 - OSPF external type 1, E2 - OSPF external type 2",
      "       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2",
      "       ia - IS-IS inter area, * - candidate default, U - per-user static route",
      "       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP",
      "       a - application route",
      "       + - replicated route, % - next hop override, p - overrides from PfR",
      "",
      "Gateway of last resort is 10.71.135.254 to network 0.0.0.0",
      "",
      "S*    0.0.0.0/0 [1/0] via 10.71.135.254",
      "      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks",
      "C        10.71.128.0/21 is directly connected, GigabitEthernet1",
      "L        10.71.130.58/32 is directly connected, GigabitEthernet1"
    ]
  ],
  "changed": false,
  "stdout": [
    "Cisco IOS XE Software, Version 16.04.01\nCisco IOS Software [Everest], CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.4.1, RELEASE SOFTWARE (fc2)\nTechnical Support: http://www.********.com/techsupport\nCopyright (c) 1986-2016 by Cisco Systems, Inc.\nCompiled Sun 27-Nov-16 13:02 by mcpre\n\n\nCisco IOS-XE software, Copyright (c) 2005-2016 by ******** Systems, Inc.\nAll rights reserved.  Certain components of Cisco IOS-XE software are\nlicensed under the GNU General Public License (\"GPL\") Version 2.0.  The\nsoftware code licensed under GPL Version 2.0 is free software that comes\nwith ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such\nGPL code under the terms of GPL Version 2.0.  For more details, see the\ndocumentation or \"License Notice\" file accompanying the IOS-XE software,\nor the applicable URL provided on the flyer accompanying the IOS-XE\nsoftware.\n\n\nROM: IOS-XE ROMMON\n\nCSR-2 uptime is 3 days, 8 hours, 17 minutes\nUptime for this control processor is 3 days, 8 hours, 19 minutes\nSystem returned to ROM by reload\nSystem image file is \"bootflash:packages.conf\"\nLast reload reason: Critical software exception, check bootflash:crashinfo_RP_00_00_20170320-070803-UTC\n\n\n\nThis product contains cryptographic features and is subject to United\nStates and local country laws governing import, export, transfer and\nuse. Delivery of Cisco cryptographic products does not imply\nthird-party authority to import, export, distribute or use encryption.\nImporters, exporters, distributors and users are responsible for\ncompliance with U.S. and local country laws. By using this product you\nagree to comply with applicable laws and regulations. If you are unable\nto comply with U.S. and local laws, return this product immediately.\n\nA summary of U.S. laws governing Cisco cryptographic products may be found at:\nhttp://www.********.com/wwl/export/crypto/tool/stqrg.html\n\nIf you require further assistance please contact us by sending email to\nexport@********.com.\n\nLicense Level: ax\nLicense Type: Default. No valid license found.\nNext reload license Level: ax\n\n******** CSR1000V (VXE) processor (revision VXE) with 2052375K/3075K bytes of memory.\nProcessor board ID 94A08OEI6IF\n3 Gigabit Ethernet interfaces\n32768K bytes of non-volatile configuration memory.\n3984700K bytes of physical memory.\n7774207K bytes of virtual hard disk at bootflash:.\n0K bytes of  at webui:.\n\nConfiguration register is 0x2102\n",
    "Building configuration...\n\nCurrent configuration : 3354 bytes\n!\n! Last configuration change at 23:49:11 UTC Wed Mar 22 2017 by ********\n!\nversion 16.4\nservice timestamps debug datetime msec\nservice timestamps log datetime msec\nno platform punt-keepalive disable-kernel-core\nplatform console auto\n!\nhostname CSR-2\n!\nboot-start-marker\nboot-end-marker\n!\n!\nenable secret 5 $1$gi3J$VCM0Q9b3ZbHjDmBPhHG8i1\n!\n!\ntransport-map type persistent webui https-webui\n secure-server\n!\naaa new-model\n!\n!\naaa authorization exec default local \n!\n!\n!\n!\n!\naaa session-id common\n!\n!\n!\n!\n!\n!\n!\n!\n!\n\n\n\nno ip domain lookup\nip domain name solse.local\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\nsubscriber templating\n!\n!\n!\n!\nflow exporter test\n!\nmultilink bundle-name authenticated\n!\n!\n!\n!\n!\ncrypto pki trustpoint TP-self-signed-4057790232\n enrollment selfsigned\n subject-name cn=IOS-Self-Signed-Certificate-4057790232\n revocation-check none\n rsakeypair TP-self-signed-4057790232\n!\n!\ncrypto pki certificate chain TP-self-signed-4057790232\n certificate self-signed 01\n\n\n!\n!\n!\n!\n!\n!\n!\nlicense udi pid CSR1000V sn 94A08OEI6IF\nlicense boot level ax\nflowspec\ndiagnostic bootup level minimal\n!\nspanning-tree extend system-id\nnetconf-yang ********-odm actions ACL\nnetconf-yang ********-odm actions BGP\nnetconf-yang ********-odm actions OSPF\nnetconf-yang ********-odm actions Archive\nnetconf-yang ********-odm actions IPRoute\nnetconf-yang ********-odm actions EFPStats\nnetconf-yang ********-odm actions IPSLAStats\nnetconf-yang ********-odm actions Interfaces\nnetconf-yang ********-odm actions Environment\nnetconf-yang ********-odm actions FlowMonitor\nnetconf-yang ********-odm actions MemoryStats\nnetconf-yang ********-odm actions BFDNeighbors\nnetconf-yang ********-odm actions BridgeDomain\nnetconf-yang ********-odm actions CPUProcesses\nnetconf-yang ********-odm actions LLDPNeighbors\nnetconf-yang ********-odm actions VirtualService\nnetconf-yang ********-odm actions MemoryProcesses\nnetconf-yang ********-odm actions EthernetCFMStats\nnetconf-yang ********-odm actions MPLSLDPNeighbors\nnetconf-yang ********-odm actions PlatformSoftware\nnetconf-yang ********-odm actions MPLSStaticBinding\nnetconf-yang ********-odm actions MPLSForwardingTable\nnetconf-yang\n!\nrestconf\n!\nusername admin password 0 Nms12345!\nusername testuser password 0 C1sco12345\nusername ******** privilege 15 password 0 ********\n!\nredundancy\n!\n!\n!\n!\n!\n!\n! \n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n! \n! \n! \n! \n! \n! \n!\n!\ninterface Loopback0\n no ip address\n!\ninterface GigabitEthernet1\n ip address 10.71.130.58 255.255.248.0\n negotiation auto\n no mop enabled\n no mop sysid\n!\ninterface GigabitEthernet2\n no ip address\n shutdown\n negotiation auto\n no mop enabled\n no mop sysid\n!\ninterface GigabitEthernet3\n no ip address\n shutdown\n negotiation auto\n no mop enabled\n no mop sysid\n!\n!\nvirtual-service csr_mgmt\n ip shared host-interface GigabitEthernet1\n activate\n!\nip forward-protocol nd\nip http server\nip http authentication local\nip http secure-server\n!\nip route 0.0.0.0 0.0.0.0 10.71.135.254\nip ssh rsa keypair-name ssh-key\nip ssh version 2\n!\nip access-list extended test-ansible\n permit ip host 1.1.1.1 any log\n permit ip host 2.2.2.2 any log\n!\n!\n!\nsnmp-server community NMS_public RO\nsnmp-server community NMS_private RW\nsnmp-server community public RO\nsnmp-server community private RW\n!\n!\n!\n!\ncontrol-plane\n!\n !\n !\n !\n !\n!\n!\n!\n!\nbanner motd ^CHello Ansible!^C\n!\nline con 0\n stopbits 1\nline vty 0 4\n transport input all\n!\ntransport type persistent webui input https-webui\n!\nnetconf ssh\n!\n!\n!\n!\n!\nend\n",
    "Protocol  Address          Age (min)  Hardware Addr   Type   Interface\nInternet  10.71.130.56            4   0050.56a2.3c16  ARPA   GigabitEthernet1\nInternet  10.71.130.58            -   0050.56a2.6a84  ARPA   GigabitEthernet1\nInternet  10.71.133.131         119   f40f.1b56.5317  ARPA   GigabitEthernet1\nInternet  10.71.133.173         194   00af.1f46.14b0  ARPA   GigabitEthernet1\nInternet  10.71.134.26          107   544a.000e.6a43  ARPA   GigabitEthernet1\nInternet  10.71.134.78           73   3c08.f6e4.e345  ARPA   GigabitEthernet1\nInternet  10.71.134.212           3   d0d0.fdb1.db39  ARPA   GigabitEthernet1\nInternet  10.71.135.254           0   0019.a992.5c40  ARPA   GigabitEthernet1",
    "Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP\n       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area \n       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2\n       E1 - OSPF external type 1, E2 - OSPF external type 2\n       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2\n       ia - IS-IS inter area, * - candidate default, U - per-user static route\n       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP\n       a - application route\n       + - replicated route, % - next hop override, p - overrides from PfR\n\nGateway of last resort is 10.71.135.254 to network 0.0.0.0\n\nS*    0.0.0.0/0 [1/0] via 10.71.135.254\n      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks\nC        10.71.128.0/21 is directly connected, GigabitEthernet1\nL        10.71.130.58/32 is directly connected, GigabitEthernet1"
  ],
  "warnings": []
}

フィルタ例

jqでフィルタする例。実際には、pythonスクリプトでファイルを読み込んで楽に処理するイメージ。

コンフィグレーションからbanner部分を取り出す

20170323083141_CSR-2_VerRunArpRoute.txt
[vagrant@localhost ansible]$ cat file/20170323083141_CSR-2_VerRunArpRoute.txt | jq .stdout_lines[1][214]
"banner motd ^CHello Ansible!^C"
[vagrant@localhost ansible]$

ARPテーブルを取り出す

この中身もリストになっているので、色々処理しやすい!ルーティングテーブルとか、フローキャッシュテーブルとか.. これは便利な気がする。

20170323083141_CSR-2_VerRunArpRoute.txt
[vagrant@localhost ansible]$ cat file/20170323083141_CSR-2_VerRunArpRoute.txt | jq .stdout_lines[2]
[
  "Protocol  Address          Age (min)  Hardware Addr   Type   Interface",
  "Internet  10.71.130.56            4   0050.56a2.3c16  ARPA   GigabitEthernet1",
  "Internet  10.71.130.58            -   0050.56a2.6a84  ARPA   GigabitEthernet1",
  "Internet  10.71.133.131         119   f40f.1b56.5317  ARPA   GigabitEthernet1",
  "Internet  10.71.133.173         194   00af.1f46.14b0  ARPA   GigabitEthernet1",
  "Internet  10.71.134.26          107   544a.000e.6a43  ARPA   GigabitEthernet1",
  "Internet  10.71.134.78           73   3c08.f6e4.e345  ARPA   GigabitEthernet1",
  "Internet  10.71.134.212           3   d0d0.fdb1.db39  ARPA   GigabitEthernet1",
  "Internet  10.71.135.254           0   0019.a992.5c40  ARPA   GigabitEthernet1"
]

関連記事

AnsibleでCisco IOSの情報収集 - ios_facts
AnsibleでCisco IOSの情報収集 - snmp_facts