module routeros_command fails with connection timeout error - ansible

I'm having an issue using the routeros_command module. I keep getting an error:
ConnectionError: timeout value 30 seconds reached while trying to send command: b'/system resource print'
I read that it must have something to do with the username, because of the dash. But changing the username is not an option for me.
I'm trying to find a different way to access the router while still making sure that the password won't show without using the no_logs option.
- name: Router OS check
vars:
ansible_connection: network_cli
ansible_network_os: routeros
ansible_user: test-router
ansible_password: testing-router12
routeros_command:
commands:
- /system resource print

Related

snmp user configuration using Ansible

I Need to configure snmp user by checking the hosts os and wherever snmp user is blank add the snmp user
Steps Mentioned below :
Check if devices are accessible by SSH or not
The one's which are accessible, identify OS version and device Type
Based on the OS version and Device type, check
SNMP Configuration
run command on device : Show snmp user
if output received, no changes to be done.
if output not received, device eligble for
change
run command : Show run | include ^snmp-server
if network-admin and network-operator groups existing, then only implement the change to add lines "snmp-user group_name"
I did write anisble playbook which segregate the hosts on IOS and nx-os operating system bbut having difficulty to use multiple when conditions so that I can proceed for ios_config change
---
- name : configure snmp user
hosts: all
gather_facts: false
connection: network_cli
vars:
provider:
timeout: 60
tasks:
- name: show version of devices
nxos_command:
commands: show version
register: command_output
- name: check the snmp user nxos_command
nxos_command:
commands: "sh snmp user"
provider: "{{provider}}"
register: nxos_command_run
when: "'NX-OS' in command_output.stdout.0"
- name : display command ouput #running this to get correct values
debug: var=item
when: "'network-admin' in item"
loop:"{{nxos_command_run.stdout_lines.0}}"
#when: "'NX-OS' in command_output.stdout.0" - here I am unable to use two when conditions
so can someone please help me apply the logic for the required conditions

Ansible` ios_command `Error reading SSH protocol banner[Errno 104] Connection reset by peer

I have this command which basically is just to get the data from the device.
- name: Get data
tags: get_facts
ios_command:
commands:
- show version
register: ruijie_sh_interfaces
vars:
ansible_command_timeout: 90
ansible_connection: network_cli
ansible_network_os: ios
But it gives me this error when running this playbook at the AWX-tower.
"msg": "Error reading SSH protocol banner[Errno 104] Connection reset by peer"
I know this device is not accessible with ssh user#ip which outputs:
Unable to negotiate with <IP> port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
BUT IS ACCESSIBLE USING ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user#ip
I want to know how to implement the -oKexAlgorithms=+diffie-hellman-group1-sha1 using network_cli connection type in ansible.
Can you add the key ansible_ssh_common_args to the inventory of the device in AWX and check again?
- name: Get data
tags: get_facts
ios_command:
commands:
- show version
register: ruijie_sh_interfaces
vars:
ansible_command_timeout: 90
ansible_connection: network_cli
ansible_network_os: ios
ansible_ssh_common_args: '-o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-rsa -o Ciphers=+aes256-cbc'
ref. https://github.com/ansible/awx/issues/12578

Ansible libssh connection for network modules using ssh_common_args for chained jumphosts

Have been researching a bit about libssh connection.. this libssh seems to have come up with setup as an alternative to the paramiko connection, basically interested in this as it multiple network modules which can be used with ssh and our ssh_common_args
Has anyone tried this type of libssh connection from ansible shared env.??
https://docs.ansible.com/ansible/2.10/collections/ansible/netcommon/libssh_connection.html
the idea is to be able to use the ansible.netcomm modules, like below link
https://www.ansible.com/blog/new-libssh-connection-plugin-for-ansible-network
Basically i am able to execute the normal ssh connectivity, and using the raw module to execute commands on network device shell.. but the libssh connectivity with ansible.netcommon.cli_command doesnot work, not sure how to get this working
'''
# Test a connection to network device
- name: Try connection test to box
hosts: "{{ affected_host }}"
gather_facts: false
ignore_errors: true
tasks:
- name: Checking NW device Connectivity
raw: show version
register: cmdopt1
- name: PRINT TO TERMINAL WINDOW
debug:
msg: "{{cmdopt1.stdout}}"
- name: Checking NW device Connectivity
ansible.netcommon.cli_command:
command: show version
register: cmdopt2
- name: PRINT TO TERMINAL WINDOW
debug:
msg: "{{cmdopt2.stdout}}"
'''

using netconf_get in an ansible playbook

I am testing out using netconf via Ansible and I keep getting this error when running the playbook:
ansible.module_utils.connection.ConnectionError:
AuthenticationException('Authentication timeout.',)
I am ablte to use ssh over port 830 to my Cisco device from the scripting server:
ssh cisco#10.1.1.1 -p 830 -s netconf
This is the playbook:
---
- name: My Playbook
hosts: 'my_host'
gather_facts: false
tasks:
- name: Execute the get_config RPC
netconf_get:
display: json
register: result
- name: Print the configuration as JSON
debug:
var: result.output
And the inventory is something like this:
[my_lab:children]
my_lab_iosxr
[my_lab:vars]
look_for_keys = False
host_key_checking = False
ansible_ssh_pass = 'cisco'
ansible_user = 'cisco'
[my_lab_iosxr]
my_host ansible_host=10.1.1.1 ansible_network_os=iosxr ansible_connection=netconf
I should add, I see this error on the console of the cisco device when attempting the play above:
Sep 8 17:37:42.218 UTC: SSHD_[67398]: %SECURITY-SSHD-3-ERR_GENERAL :
Failed to receive User authentication request
Looks like I have found the answer to my own question.
I decided to just write my own netconf module in python and I was getting the same error.
So I switched to using python installed on another machine and the same code works.
Seems like there is an issue with the version of python installed on that server...

ansible cisco ios_command module "unable to set terminal parameters"

I am running ansible v 2.5 and trying to run a basic "show clock" command on my switch.
How ever it errors out saying that it is unable to set terminal parameters,
following is my yml File:
---
- hosts: ios_devices
gather_facts: no
connection: local
vars_prompt:
- name: "mgmt_username"
prompt: "Username"
private: no
- name: "mgmt_password"
prompt: "Password"
tasks:
- name: SYS | Define provider
set_fact:
provider:
host: "{{ inventory_hostname }}"
username: "{{ mgmt_username }}"
password: "{{ mgmt_password }}"
- name: IOS | Show clock
ios_command:
provider: "{{ provider }}"
commands:
- show clock
register: clock
- debug: msg="{{ clock.stdout }}"
and on running the playbook i receive the following error:
fatal: [x.x.x.x]: FAILED! => {"msg": "unable to set terminal parameters"}
The error unable to set terminal parameters means that one (or both) of the following commands failed:
terminal length 0
terminal width 512
Try running those commands manually on your Cisco IOS switch to check they are supported.
I have faced the same problem but solved it after using "asa_command" module:
- hosts: ASA
connection: local
gather_facts: no
vars:
cli:
host: "{{ ansible_host }}"
username: "{{ ansible_user }}"
password: "{{ ansible_password }}"
authorize: yes
auth_pass: "{{ ansible_password }}"
tasks:
- name: run multiple commands and evaluate the output
asa_command:
commands:
- show service-policy
- show running-config
provider: "{{ cli }}"
register: output
- debug:
msg: "{{ output.stdout_lines }}"
Yes, have to be able to set the following two command:
terminal length 0
and
terminal width 512
You don't need specific privileges to be able to issue these commands. Both can be issued from the Cisco's regular CLI exec mode.
Check your username "commands" authorization privileges, that could be the issue. You may have a limited command authorization configured on your IOS device. If you have access to "show running" command, try checking aaa authorization using the following:
show run | i aaa authorization commands
If you see it defined on your router/switch, you'll need to talk to your network admin and make sure they allow you or the ansible user you are using to be able to issue "terminal length" and "terminal width" commands. I am not aware of any other way around this.
Just FYI, the "terminal" command is only limited to the user current active session, and will NOT affect any router operational parameters in any way. Once you logout, the terminal parameters will reset to its default.
As for the asa_command workaround, that's not recommended really. asa and ios have different output formatting, so, although may work for some cases, it is guaranteed to fail in other cases.
If you are using an ASA with PIXOS and having the same problem, use the "Pager" command to set the length of your terminal.
Please check out the following Cisco Community link for more information on setting terminal length on different Cisco devices:
Show the Complete Configuration without Breaks/Pauses on Cisco Router/Switches, ASA Firewall and WLC (Wireless LAN Controller)
I just happened to get this issue as well but for IOS XR. the problem for me is that i have created a set of new and unique credentials just for Ansible to access my devices and did not set the proper privileges for these. In my specific case, configuring the new set of credentials to be part of the "sysadmin" group solved the problem for me:
Cisco-IOS-XR Device
username ansible
secret ansible
**group sysadmin**
In case of the IOS / IOS XE devices should check the aaa configuration for the proper privileges as well.
Last but not least, for ASA, i assume it would be the exact same.

Resources