Added 'src/network/roles.md'.

Author: gnu4cn

network_run/cisco_dns.yml

@@ -0,0 +1,15 @@
+---
+- name: configure cisco routers
+  hosts: cisco-r1
+  gather_facts: no
+  vars:
+    dns: "223.5.5.5 223.6.6.6"
+
+  tasks:
+   - name: configure hostname
+     cisco.ios.ios_config:
+       lines: hostname {{ inventory_hostname }}
+
+   - name: configure DNS
+     cisco.ios.ios_config:
+       lines: ip name-server {{ dns }}

network_run/cisco_dns_refined.yml

@@ -0,0 +1,7 @@
+---
+- name: configure cisco routers
+  hosts: cisco-r1
+  gather_facts: no
+
+  roles:
+    - system_demo

network_run/cisco_dns_vars.yml

@@ -0,0 +1,10 @@
+---
+- name: configure cisco routers
+  hosts: cisco-r1
+  gather_facts: no
+
+  vars:
+    dns: 8.8.8.8
+
+  roles:
+    - system_demo

network_run/demo_cisco.yml

@@ -0,0 +1,6 @@
+- hosts: cisco-r1
+  gather_facts: no
+
+  tasks:
+    - debug:
+        msg: "test"

network_run/inventory.yml

@@ -4,6 +4,13 @@ leafs:
       ansible_host: 192.168.122.189
       ansible_user: hector
       ansible_network_os: vyos.vyos.vyos
+
+    cisco-r1:
+      ansible_host: 192.168.122.69
+      ansible_network_os: cisco.ios.ios
+      ansible_ssh_user: hector
+      ansible_network_cli_ssh_type: paramiko
+
     arista-sw:
       ansible_host: 192.168.122.116
       ansible_user: admin

network_run/system_demo/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+dns: '223.5.5.5 223.6.6.6'

network_run/system_demo/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- name: configure hostname
+  cisco.ios.ios_config:
+    lines: hostname {{ inventory_hostname }}
+
+- name: configure DNS
+  cisco.ios.ios_config:
+    lines: ip name-server {{ dns }}

src/SUMMARY.md

@@ -172,6 +172,7 @@
     - [网络自动化有何不同？](network/difference.md)
     - [运行咱们的首个命令与 Playbook](network/initial.md)
     - [建立咱们的仓库](network/inventory.md)
+    - [使用 Ansible 网络角色](network/roles.md)
 
 
 ---

src/network/inventory.md

@@ -133,7 +133,7 @@ echo "my-ansible-vault-pw" > ~/my-ansible-vault-pw-file
 2. 创建出咱们 VyOS 网络设备的加密 ssh 密码，从咱们刚才创建的文件中拉取 `ansible-vault` 的密码：
 
 
-```console
+```yaml
 $ ansible-vault encrypt_string --encrypt-vault-id prod "my_password" --name "ansible_password"
 Encryption successful
 ansible_password: !vault |
@@ -148,7 +148,7 @@ ansible_password: !vault |
 > **译注**：`--encrypt-vault-id prod` 命令行参数使用了定义在 `~/.ansible.cfg` 配置设置中的变量。参见 [管理 vault 密码](../usage/vault/passwords.md)。
 
 ```ini
-vault_identity_list = 'dev@~/.ansible/dev.secret', 'prod@~/.ansible/prod.secret', 'default@~/.ansible/prod.secret', 'input@prompt'
+vault_identity_list = 'dev@~/.ansible/dev.secret', 'prod@~/.ansible/prod.secret', 'default@~/.ansible/prod.secret'
 ```
 
 > 使用命令 `openssl rand -base64 20 | sed -E 's/(.)\1+/\1/g' > ~/.ansible/prod.secret` 可产生高强度的随机 `ansible-vault` 密码。
@@ -195,7 +195,7 @@ vyos: # this is a group in yaml inventory, but you can also do under a host
 ansible-playbook -i network_run/inventory.yml --vault-id prod@~/.ansible/prod.secret src/network/demo_vault.yml
 ```
 
-> **译注**：在 `~/.ansible.cfg` 中设置了 `vualt_identity_list` 变量后，不加 `--vault-id` 也可以解密 vault 变量。且运行上面的命令会始终要求输入 Vualt 密码：
+> **译注**：在 `~/.ansible.cfg` 中设置了 `vualt_identity_list` 变量后，不加 `--vault-id` 也可以解密 vault 变量。~~且运行上面的命令会始终要求输入 Vualt 密码~~。经测试，删除 `~/.ansible.cfg` 中变量 `vault_identity_list` 里的 `input@prompt` 后此现象消失。
 
 ```console
 $ ansible-playbook -i network_run/inventory.yml src/network/demo_vault.yml