libssh vs paramiko - ios_facts are different when running Ansible playbooks - ansible

I have a playbook I am writing that automates the install of firmware to our fleet of C2960Xs.
I recently moved the location of the Ansible server I am using from my homelab to a VM in Azure. We have security rules on our sites to only allow remote connection on a specific non-default port. After reading, I discovered that means I need to use libssh and not paramiko for remote commands.
I have a specific task I am running, and when running it returns:
fatal: [HOSTNAME]: FAILED! => {
"msg": "The conditional check 'ansible_net_filesystems_info['flash:'].spacefree_kb >
firmware_image_size' failed. The error was: error while evaluating
conditional (ansible_net_filesystems_info['flash:'].spacefree_kb >
firmware_image_size): 'ansible_net_filesystems_info' is undefined" }
I then compared the 'before' and 'after' for what facts are being stored at the beginning of the playbook. I found that using Paramiko, I seem to have a TON more detail compared to the facts being gathered via libssh.
One of which being the variable ansible_net_filesystems_info that my playbook references.
Is there a workaround for this process? The idea being to verify there is free space on the switch before moving an archive to the switch for unzipping.

Under the cisco.ios.ios_facts documentation, you can specify the types of facts you want to pull. I added the line: >gather_subset: all

Related

Is it possible to upgrade Ansible itself with the modules of Ansible?

I came across a code as;
- pip: name=ansible version=<ansible_version> extra_args='--ignore-installed'
During my test I confirmed the upgrade of Ansible version.
I also tried this with raw module;
- raw: pip install ansible==<ansible_version>
but the following tasks after this fails during playbook execution. There are various types of errors:
ImportError: cannot import name AnsiblePlugin
TypeError: mkdtemp() takes at most 4 arguments (5 given)
...
or playbook execution even hangs on next task.
I wonder is it really possible to upgrade version of Ansible by using ansible-playbook execution itself. Would it be possible by reloading Ansible core modules somehow after Ansible version upgrade?
Ansible can be upgraded via pip module of Ansible itself, but any subsequent tasks might fail after the upgrade, this is a natural behavior.
Only exception is remote host here. If your installation or upgrade of Ansible is performed by an Ansible task which is executed on a remote host, it would proceed without causing a failure. Because in this scenario, actual installation of Ansible is done on remote host without updating any configuration of Ansible on localhost.

How to restart Ansible host machine on Linux?

I've installed Ansible host on my RHEL Linux machine.
I made some configurations changes and I want to restart it but I can't find how it's being done.
I used this manual for installation.
Checking running services I don't see an Ansible service.
How can I restart Ansible?
*NOTE: I installed Ansible from source files.
Ansible is not a service, it is an executable program (actually a few executables) which is called, starts, and ends its execution.
There is no way to restart Ansible other than calling it again. The changes in configuration will be reflected on the next run.
Also: there is no "Ansible host" component. "Ansible control machine" is a general term for the machine you run Ansible executables on.
Similarly Ansible-Pull is also not a service, but a script which is scheduled externally.
try
ps -ef|grep ansible
to double check that there is no ansible service or daemon.

WIndows PowerShell provisioning script not being executed

I'm deploying a Windows 2012 R2 VSI and need to be able to manage it using Ansible.
I'm using this Ansible sample script ConfigureRemotingForAnsible.ps1 although renamed and have the script hosted on SL Object storage. I specify a postinstall script URL including https (which is supposed to cause the execution of the script after downloading) during the order.
After the Windows VSI is ready I attempt to run a win-ping as follows:
- name: ad1 ready
gather_facts: false
tags: setup
hosts: ad1
tasks:
- name: ping the windows vsi
win_ping:
This fails with the output:
fatal: [169.55.189.16]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='169.55.189.16', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x107c0b310>: Failed to establish a new connection: [Errno 61] Connection refused',))", "unreachable": true}
If I connect to the system and look in c:\PostInstall I see my script has been downloaded. If I then open a PowerShell and run the script, I am able to then run the above win-ping successfully.
This tells me that the script is downloaded cleanly and is apparently correct, but is not being executed in spite of the https in the postinstall URL.
I can't find any documentation on requirements of the postinstall script for windows, but I'm wondering if the problem is that I'm using a PowerShell script, and that the post provision process tries to run this in a standard CMD shell.
Does anyone have any ideas or thoughts on what could be wrong?
It should work with powershell succesfully, you should be able to see the logs of the powershell execution in "C:\postInstallScript.log" perhaps it contains more information about the error.
Anyway if you are still facing this issue I suggest you to open a ticket in Softlayer with "hardware issue" subject, because the issue is likely due to a restriction in the windows machine which is not allowing to execute the script.
Regards
I believe the problem with PowerShell as a provisioning script is the default configuration of PowerShell requires a signed PowerShell script to execute (with no arguments defined). If the PowerShell script is not signed, the execution policy has to be changed on the server, or flags passed to the PowerShell interpreter to allow execution.

Do Ansible modules run locally or on the remote host?

I am running an Ansible playbook that uses the route53 module and getting an error saying I need 'boto' installed:
TASK [dns : Retrieve DNS record] ***********************************************
fatal: [10.13.25.12]: FAILED! => {"changed": false, "failed": true, "msg": "boto required for this module"}
I do have 'boto' installed on my Ansible machine.
Question: Do all Ansible modules cited in Playbook tasks actually run on the remote host machine?
I have added tasks that install 'python-pip' and 'boto', but it seems that boto should be running on my Ansible server. I feel like I've done something wrong here.
Here are my tasks for installing pip/boto on my remote host machine which do result in no more errors in the running of the route53 module:
- name: Install Pip
apt: name=python-pip state=present
- name: Install boto
pip: name=boto
Modules are executed remotely. Though this only is half of the truth. Many modules bring action plugins with them. These action plugins run locally and invoke their module component (or other modules) later.
For instance the template module actually is an action plugin which renders the template locally and then invokes the copy module.
Unfortunately you can not know what is a module and what is an action plugin without looking at the source. The documentation does not even mention action plugins do exists...
You can find all core action plugins here. As you can see there is no route53 plugin so this really is a module and therefore runs remotely.
Why you still get this error after installing boto I can't explain. I can only suggest you look at the source and try to reproduce the problem without Ansible.
These few import statements do not run without errors on the remote machine.
import boto
import boto.ec2
from boto import route53
from boto.route53 import Route53Connection
from boto.route53.record import Record, ResourceRecordSets
from boto.route53.status import Status
Udondan's answer covers the how some modules have a local component as well as remote actions but for general use all you need to know is that for these modules that interact with a remote service (such as all of the cloud modules) rather than a remote host you might be best off running these as a local action to force Ansible to run the module locally rather than on the remote host that the playbook/role is currently targeting.
You can do this easily by using local_action in your task definition like this:
- name: Retrieve DNS record
local_action:
module: route53_facts
query: record_sets
hosted_zone_id: '{{ route53_hosted_zone_id }}'
...
register: dns_records

Is there any Ansible remote client for control machine?

Ansible unlike chef and puppet uses agent less run .
I would like to know is there any ansible remote client so that we can connect to fleet of ansible control machines to execute ansible playbooks on their respective targets .
I am looking for a command line cliient similar to following
ansible-execute hostname_of_control_machine username_of_control_machine password_of_control_machine inventory_file playbook_name
Please suggest if any ?
There is nothing preventing you from using Ansible to run Ansible on other machines. The Python API might be a good place to start, as you can get programmatic control over the initial Ansible runner.
You can do this with SSH
ssh username#controlmachine 'ansible-playbook yourPlaybook.yml

Resources