I'm new to Ansible and I'm running into errors. My goal is to be able to manage Fortigate/Cisco devices.
I created a Ubuntu VM(22.04) with all the necessary packages needed to run Ansible. I've created a very basic hosts file with a firewall group:
[firewalls]
10.23.60.120
10.23.60.122
I've been successful at pinging each of the firewalls as well as using SSH to connect to the firewalls. But once I attempt to ping the firewalls using the -m ping module I get the following errors:
ansible -i hosts firewalls -m ping
[WARNING]: Platform unknown on host 10.23.60.120 is using the discovered Python
interpreter at /usr/bin/python, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.13/reference_appendices/interpreter_discovery.html for more information.
10.23.60.120 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
}
"changed": false,
"module_stderr": "Shared connection to 10.23.60.120 closed.\r\n",
"module_stdout": "TR1-SDWAN-LAB-01 # 8415: Unknown action 0\r\nCommand fail. Return code
-1\r\n\r\n TR1-SDWAN-LAB-01 # ",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 0
}
Any help is appreciated.
According the information provided it seems that you try to establish a SSH connection to a switch. Such devices may not have all capabilities for Python scripts.
Because of ping module – Try to connect to host, verify a usable python and return pong on success it
"is NOT ICMP ping, ... just a trivial test module that requires Python on the remote-node"
is a "... test module, this module always returns pong on successful contact. It does not make sense in playbooks, but it is useful from /usr/bin/ansible to verify the ability to login and that a usable Python is configured."
The Most Significant Information is the error message Unknown action 0 and which is according Fortigate Documentation - Command syntax just an unknown command
"If you do not enter a known command, the CLI will return an error message such as: Unknown action 0"
Further Background Information
Fortinet Ansible Issue #72 "Unknown Action 0 when running modules"
Similar Q&A
Ansible: How to check SSH access
Ansible: Error "Line has invalid autocommand"
Related
I keep running into the following error while installing Ansible Automation Platform 2.2:
TASK [ansible.automation_platform_installer.preflight : Ensure hostname on nodes with receptor installed is not localhost] ***
fatal: [172.16.10.13]: FAILED! => {"changed": false, "msg": "The system hostname cannot be localhost, receptor requires it to be set to something other than localhost"}
The inventory file contents:
[automationcontroller]
172.16.10.13
[automationcontroller:vars]
peers=execution_nodes
ansible_user=root
ansible_ssh_private_key_file="path to my key file"
Example inventory file from Red Hat installation guide:
[automationcontroller]
127.0.0.1 ansible_connection=local
[database]
database.example.com
[all:vars]
admin_password='<password>'
pg_password='<password>'
pg_host='database.example.com'
pg_port='5432'
pg_database='awx'
pg_username='awx'
registry_url='registry.redhat.io'
registry_username='<registry username>'
registry_password='<registry password>'
Installation with both fails with the same error.
Basic networking topology in an ip4 system consists of the total ip4 address space less certain specific adress blocks and individual addresses.
The localhost/localnet block at 127.n.n.n is routable, but only to other addresses in that block, none of which are routable beyond the confines of the local host environment.
Hence the name ‘localhost’.
Since it is impossible to network on an address space that is unrouteable to any network, i.e., literally any other host, you will find it a prerequisite activity to fully configure a proper network in which all collaborative network contributors are all routable with each other.
Apparently you are supposed to use the fqdn.
On rhel 9:
sudo hostname your-hostname
[automationcontroller]
your-hostname.example.com
[automationcontroller:vars]
peers=execution_nodes
ansible_user=root
ansible_ssh_private_key_file="path to my key file"
I used pip to install Ansible in MacOS. But I cannot find the /etc/ansible folder. Neither the inventory file.
I want to run my playbook in minikube environment. But the playbook returns,
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: 192.168.99.105
How to solve this issue?
I looked into this matter and using Ansible for managing minikube is not an easy topic. Let me elaborate on that:
The main issue is cited below:
Most Ansible modules that execute under a POSIX environment require a Python interpreter on the target host. Unless configured otherwise, Ansible will attempt to discover a suitable Python interpreter on each target host the first time a Python module is executed for that host.
-- Ansible Docs
What that means is that most of the modules will be unusable. Even ping
Steps to reproduce:
Install Ansible
Install Virtualbox
Install minikube
Start minikube
SSH into minikube
Configure Ansible
Test
Install Ansible
As the original poster said it can be installed through pip.
For example:
$ pip3 install ansible
Install VirtualBox
Please download and install appropriate version for your system.
Install minikube
Please follow this site: Kubernetes.io
Start minikube
You can start minikube by invoking command:
$ minikube start --vm-driver=virtualbox
Parameter --vm-driver=virtualbox is important because it will be useful later for connecting to the minikube.
Please wait for minikube to successfully deploy on the Virtualbox.
SSH into minikube
It is necessary to know the IP address of minikube inside the Virtualbox.
One way of getting this IP is:
Open Virtualbox
Click on the minikube virtual machine for it to show
Enter root for account name. It should not ask for password
Execute command: $ ip a | less and find the address of network interface. It should be in format of 192.168.99.XX
From terminal that was used to start minikube please run below command:
$ minikube ssh
Command above will ssh to newly created minikube environment and it will store a private key in location:
HOME_DIRECTORY .minikube/machines/minikube/id_rsa
id_rsa will be needed to connect to the minikube
Try to login to minikube by invoking command:
ssh -i PATH_TO/id_rsa docker#IP_ADDRESS
If login has happened correctly there should be no issues with Ansible
Configure Ansible
For using ansible-playbook 2 files will be needed:
Hosts file with information about hosts
Playbook file with statements what you require from Ansible to do
Example hosts file:
[minikube_env]
minikube ansible_host=IP_ADDRESS ansible_ssh_private_key_file=./id_rsa
[minikube_env:vars]
ansible_user=docker
ansible_port=22
The ansible_ssh_private_key_file=./id_rsa will tell Ansible to use ssh key from file with correct key to this minikube instance.
Note that this declaration will need to have id_rsa file in the same location as rest of the files.
Example playbook:
- name: Playbook for checking connection between hosts
hosts: all
gather_facts: no
tasks:
- name: Task to check the connection
ping:
You can test the connection by invoking command:
$ ansible-playbook -i hosts_file ping.yaml
Above command should fail because there is no Python interpreter installed.
fatal: [minikube]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "module_stderr": "Shared connection to 192.168.99.101 closed.\r\n", "module_stdout": "/bin/sh: /usr/bin/python: No such file or directory\r\n", "msg": "The module failed to execute correctly, you probably need to set the interpreter.\nSee stdout/stderr for the exact error", "rc": 127}
There is a successful connection between Ansible and minikube but there is no Python interpreter to back it up.
There is a way to use Ansible without Python interpreter.
This Ansible documentation is explaining the use of raw module.
I would like to ask a question that might not really have an answer but it will save my life.
So yesterday I started using google-authenticator for a second factor authentication on all my servers.
I am configuring all my hosts with Ansible so it is very important for me to have connection from it obviously, so, what I did, was I added this line to my /etc/pam.d/ssh file
auth [success=done default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
which I think returns success if I meet the rules I added in /etc/security/access-local.conf
#localhost doesn't need two step verification
+ : ALL : <<localnetworkip>>/24
+ : ALL : LOCAL
#All other hosts need two step verification
- : ALL : ALL
So I am allowing any machine from my local network. This work when I try to ssh from my ansible to the host (it doesn't ask me for verification code) but when I try to run an ansible playbook on the same local IP I get:
fatal: [Host]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (keyboard-interactive).", "unreachable": true}
I think Ansible doesn't know how to handle keyboard-interaction, has anyone managed to bypass it?
Thank you
So I figured out how to bypass this for my case at least.
I added the following rule at the end in /etc/ssh/sshd_config
Match Address <<localnetworkip>>/24
AuthenticationMethods publickey keyboard-interactive
So Google authentication is not mandatory anymore from internal network
I am trying to run example from Ansible Up and Running book.
My playbooks directory
ls
ansible.cfg hosts ubuntu-bionic-18.04-cloudimg-console.log Vagrantfile
hosts
testserver ansible_host=127.0.0.1 ansible_port=2222
ansible.cfg
[defaults]
inventory = hosts
remote_user = vagrant
private_key_file = .vagrant/machines/default/virtualbox/private_key
host_key_checking = False
Vagrantfile
config.vm.box = "ubuntu/bionic64"
When I try ping
ansible testserver -m ping
I got
testserver | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to 127.0.0.1 closed.\r\n",
"module_stdout": "/bin/sh: 1: /usr/bin/python: not found\r\n",
"msg": "MODULE FAILURE",
"rc": 127
}
I can ssh without any problems
ssh vagrant#127.0.0.1 -p 2222 -i /home/miki/playbooks/.vagrant/machines/default/virtualbox/private_key
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-50-generic x86_64)
System information as of Tue May 21 06:39:46 UTC 2019
System load: 0.0 Processes: 108
Usage of /: 18.5% of 9.63GB Users logged in: 0
Memory usage: 17% IP address for enp0s3: 10.0.2.15
Swap usage: 0%
Last login: Tue May 21 06:32:13 2019 from 10.0.2.2
Why ansible ping does not work?
From the error message
"module_stdout": "/bin/sh: 1: /usr/bin/python: not found\r\n",
it seems the remote host does not have python installed.
Quoting from the requiremet docs
On the managed nodes, you need a way to communicate, which is normally ssh. By default this uses sftp. If that’s not available, you can switch to scp in ansible.cfg. You also need Python 2 (version 2.6 or later) or Python 3 (version 3.5 or later).
Ansible needs python to be present in remote host.
Also, about the usage of ping module, it's not the same as ping shell command.
Try installing python in the remote host (either manually or using raw module) and then re-run the script.
I got the same error as well. Then found this:
"module_stdout": "/bin/sh: 1: /usr/bin/python: not found\r\n",
As python is installed in local host, and python is not installed in the remote host, just installed python in the remote host. And found the problem is solved !!!
This is just because you are mixing up ansible ping module and classic ICMP ping command in your terminal which are not equivalent. From the above link
This is NOT ICMP ping, this is just a trivial test module that requires Python on the remote-node.
With the above confusion, you are miss-interpreting the clear error messages you are getting when running the playbook:
First
Shared connection to 127.0.0.1 closed
... which means a connection was first opened and that your host is reachable
Second
/bin/sh: 1: /usr/bin/python: not found
... which means that python (required for ansible) is not installed or not in a default path.
I am testing ansible (developer build) to connect to a windows machine.
ansible 2.0.0 (devel d1b98ec776)
The following command fails
ansible inh-jnambood-dt.india.mentorg.com -m win_ping -vvvv
Error is as below
bash-4.1$ ansible inh-jnambood-dt.india.mentorg.com -m win_ping -vvvv
Using /etc/ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<inh-jnambood-dt.india.mentorg.com> ESTABLISH WINRM CONNECTION FOR USER: jnambood#MGC.MENTORG.COM on PORT 5985 TO inh-jnambood-dt.india.mentorg.com
inh-jnambood-dt.india.mentorg.com | FAILED! => {
"failed": true,
"msg": "ERROR! kerberos: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('Server not found in Kerberos database', -1765328377)), plaintext: 401 Unauthorized."
jnambood is my user id MGC.MENTORG.COM is the domain
Clearly there is some step I missed. What should I do to fix this error?
That usually means that the Linux host where you're running kinit is not joined to the domain (ie, it doesn't have a properly configured computer account in the domain). The existing docs unhelpfully omit that requirement...
I've also seen this occur where the FQDN of the the host is not entered in both the command and the ansible hosts file.
Try something like:
inh-jnambood-dt.mcg.mentorg.com
HTH
I'm not using Ansible, but pywinrm directly. To get things working from a RHEL7 computer to a Windows 10 host in the domain, I changed # to / in the pywinrm code. I did this because I saw other software use HTTP/hostname and not HTTP#hostname when talking to Kerberos. Hope this is useful for somebody.
https://github.com/requests/requests-kerberos/pull/141/commits
We had this same error. For us, it was resolved by shortening the hostname to have less than 15 characters.