I'm trying to connect Arista switches using Ansible.
I get the following error When I try to connect to Arista switches.
fatal: [172.21.21.166]: FAILED! => {"changed": false, "msg": "operation requires privilege escalation"}
My playbook:
- name: Create Loopback
gather_facts: false
hosts: Leaf
tasks:
- name: configure loopback interface
arista.eos.eos_l3_interface:
name: Loopback 77
ipv4: "{{ hostvars[inventory_hostname]['lo_ip'] }}/32"
My hosts file:
[Leaf]
172.21.21.154 lo_ip=192.168.0.1
172.21.21.164 lo_ip=192.168.0.2
172.21.21.165 lo_ip=192.168.0.3
172.21.21.166 lo_ip=192.168.0.4
172.21.21.179 lo_ip=192.168.0.5
[Leaf:vars]
ansible_connection=ansible.netcommon.network_cli
ansible_network_os=arista.eos.eos
ansible_user=mikronet
ansible_password=XXXXX
Related
I need to run a SQL query on Azure SQL Database from an Ansible playbook.
My task is:
- name: Sql server - rights
vars:
sql_groups:
- { group_name: "{{ reader_group }}", db_access: "db_datareader" }
- { group_name: "{{ contributer_group }}", db_access: "db_datawriter" }
- { group_name: "{{ owner_group }}", db_access: "db_owner" }
community.general.odbc:
dsn: "Driver={ODBC Driver 13 for SQL Server};Server=tcp:{{ sql_server_host }},1433;Database={{ sql_server_db }};Uid={{ mssql_login_user }};Pwd={{ mssql_login_password }};Encrypt=yes;TrustServerCertificate=no;Connection Timeout=30;Authentication=ActiveDirectoryPassword"
query: |
CREATE USER ["{{ group_name }}"] FROM EXTERNAL PROVIDER
EXEC sp_addrolemember '{{ db_access }}', '{{ group_name }}'
loop: "{{ sql_groups }}"
When I run the playbook with the following command, Ansible tries to communicate via SSH.
ansible-playbook -i inventory.yml playbook.yml --check
The error is :
[WARNING]: Unhandled error in Python interpreter discovery for host XXXXXX: Failed to connect to the host via ssh: ssh: Could not resolve hostname XXXXXX: Name
or service not known
fatal: [XXXXXX]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"XXXXXX\". Make sure this host can be reached over ssh: ssh: Could not resolve hostname XXXXXX: Name or service not known\r\n", "unreachable": true}
I think I need to force the use of an ODBC connection with something like below (example is for Windows server) :
ansible_connection: winrm
ansible_port: 5986
ansible_winrm_transport: credssp
ansible_winrm_server_cert_validation: ignore
What should I do ?
ansible_port: 1433 ? And what other parameters ?
I don't see how to communicate via ODBC.
I am executing a PS script on a windows host and want to store its stdout in a file on an ansible local machine. I have a playbook like following:
---
- name: Check Antivirus software
hosts: all
become: false
gather_facts: no
tasks:
- name: Get AV details
win_shell: |
echo "script printing data on stdout"
register: result
- name: save response
copy:
content: '{{ result.stdout }}'
dest: '{{ response_file }}'
delegate_to: localhost
From the above playbook, 1st task gets executed without any issues. But 2nd task gives the following error.
TASK [save response] *******************************************************************************************************************************************
fatal: [20.15.102.192 -> localhost]: UNREACHABLE! => {"changed": false, "msg": "ntlm: HTTPSConnectionPool(host='localhost', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f4940760208>: Failed to establish a new connection: [Errno 111] Connection refused',))", "unreachable": true}
I also tried local_action which is also giving the same error.
I'm running a basic acl creation on Ansible but get this error:
TASK [Merge provided configuration with device configuration] ********************************************************************
fatal: [192.168.0.140]: FAILED! => {"changed": false, "msg": "sh access-list\r\n ^\r\nERROR: % Invalid input detected at '^' marker.\r\n\rASA> "}
---
- name: "ACL TEST 1"
hosts: ASA
connection: local
gather_facts: false
collections:
- cisco.asa
tasks:
- name: Merge provided configuration with device configuration
cisco.asa.asa_acls:
config:
acls:
- name: purple_access_in
acl_type: extended
aces:
- grant: permit
line: 1
protocol_options:
tcp: true
source:
address: 10.0.3.0
netmask: 255.255.255.0
destination:
address: 52.58.110.120
netmask: 255.255.255.255
port_protocol:
eq: https
log: default
state: merged
The hosts file is:
[ASA]
192.168.0.140
[ASA:vars]
ansible_user=admin
ansible_ssh_pass=admin
ansible_become_method=enable
ansible_become_pass=cisco
ansible_connection=ansible.netcommon.network_cli
ansible_network_os=cisco.asa.asa
ansible_python_interpreter=python
There's not much to the code but am struggling to get past the error. I don't even need the "sh access-list" output.
Below are couple of IP addresses and their telnet response (output)
telnet 10.9.9.112 22
Trying 10.9.9.112......
telnet 10.9.9.143 22
Trying 10.9.9.143.....
telnet: connect to address 10.9.9.143: Connection refused.
For the first IP 10.9.9.112 there is no connection and firewall blocks any connection from source to destination. The output simply says Trying .... and stays that way without printing anything else.
For the second IP 10.9.9.143 i get Connection refused immediately in the output and the control back to the prompt.
I wish to grab both scenarios in when condition and perform different activities for both the cases.
I tried to use Ansible's telnet module but I don't know how to grab both the different outputs in the registered variable.
In my case it prints the same message for both the IPs.
Ansible output for first ip:
TASK [debug] *************************************
ok: [localhost] => {
"msg": "HERE:{u'msg': u'Timeout when waiting for 10.9.9.112', u'failed': True, 'changed': False, u'elapsed': 4}"
Ansible Output for second ip:
TASK [debug] *************************************
ok: [localhost] => {
"msg": "HERE:{u'msg': u'Timeout when waiting for 10.9.9.143', u'failed': True, 'changed': False, u'elapsed': 3}"
The only difference I see is the value for elapsed.
Here is my playbook.
---
- name: "Play 1"
hosts: localhost
tasks:
- wait_for:
hosts: "{{ item }}"
port: 22
state: started
delay: 3
timeout: 90
ignore_errors: yes
register: telnetout
loop:
- 10.9.9.112
- 10.9.9.143
- debug:
msg: "HERE: {{ telnetout }}"
telnet module unfortunately does not record Connection Refused message in the output.
We have to use raw module instead like below.
---
- name: "Play 1"
hosts: localhost
tasks:
- raw: "timeout --signal=9 2 telnet {{ item }} 22"
ignore_errors: yes
register: telnetout
loop:
- 10.9.9.112
- 10.9.9.143
- debug:
msg: "HERE: {{ telnetout }}"
I am trying to configure one set of hosts [nodes] using facts from another set of hosts [etcd]. Here is my hosts file
[master]
kubernetes ansible_ssh_host=10.2.23.108
[nodes]
n1 ansible_ssh_host=10.2.23.192
n2 ansible_ssh_host=10.2.23.47
[etcd]
etcd01 ansible_ssh_host=10.2.23.11
etcd02 ansible_ssh_host=10.2.23.10
etcd03 ansible_ssh_host=10.2.23.9
Note that the group [etcd] is not the target of provisioning - [nodes] is. But provisioning [nodes] requires knowledge of the facts of [etcd].
Here is my playbook:
---
- name: Configure common
hosts: nodes
sudo: True
tasks:
- name: etcd endpoints
file: dest=/etc/kubernetes state=directory
- name: etcd endpoints
template: src=files/k.j2 dest=/etc/kubernetes/apiserver
Finally, here is the template for files/k.j2
KUBE_ETCD_SERVERS="--etcd_servers="{% for host in groups['etcd'] %}https://{{hostvars[host]['ansible_eth0']["ipv4"]["address"]}}:2380{% if not loop.last %},{% endif %}{% endfor %}"
The goal is to produce a KUBE_ETCD_SERVERS value that looks like
--etcd_servers=https://10.2.23.11:2380,https://10.2.23.10:2380,https://10.2.23.10:2380
When I run this playbook I get console output
TASK [etcd endpoints] **********************************************************
fatal: [n1]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleUndefinedVariable: 'dict object' has no attribute 'ansible_eth0'"}
fatal: [n2]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleUndefinedVariable: 'dict object' has no attribute 'ansible_eth0'"}
What is the idiomatic Ansible way to make the etcd facts available to the node play?
If you want to use facts of some host, you should gather them first.
Run setup task on [etcd] hosts to populate hostvars.
---
- name: Gather etcd facts
hosts: etcd
tasks:
- setup:
- name: Configure common
hosts: nodes
sudo: True
tasks:
- name: etcd endpoints
file: dest=/etc/kubernetes state=directory
- name: etcd endpoints
template: src=files/k.j2 dest=/etc/kubernetes/apiserver