I am testing out using netconf via Ansible and I keep getting this error when running the playbook:
ansible.module_utils.connection.ConnectionError:
AuthenticationException('Authentication timeout.',)
I am ablte to use ssh over port 830 to my Cisco device from the scripting server:
ssh cisco#10.1.1.1 -p 830 -s netconf
This is the playbook:
---
- name: My Playbook
hosts: 'my_host'
gather_facts: false
tasks:
- name: Execute the get_config RPC
netconf_get:
display: json
register: result
- name: Print the configuration as JSON
debug:
var: result.output
And the inventory is something like this:
[my_lab:children]
my_lab_iosxr
[my_lab:vars]
look_for_keys = False
host_key_checking = False
ansible_ssh_pass = 'cisco'
ansible_user = 'cisco'
[my_lab_iosxr]
my_host ansible_host=10.1.1.1 ansible_network_os=iosxr ansible_connection=netconf
I should add, I see this error on the console of the cisco device when attempting the play above:
Sep 8 17:37:42.218 UTC: SSHD_[67398]: %SECURITY-SSHD-3-ERR_GENERAL :
Failed to receive User authentication request
Looks like I have found the answer to my own question.
I decided to just write my own netconf module in python and I was getting the same error.
So I switched to using python installed on another machine and the same code works.
Seems like there is an issue with the version of python installed on that server...
Related
In my job there is a playbook developed in the following way that is executed by ansible tower.
This is the file that ansible tower executes and calls a playbook
report.yaml:
- hosts: localhost
gather_facts: false
connection: local
tasks:
- name: "Execute"
include_role:
name: 'fusion'
main.yaml from fusion role:
- name: "hc fusion"
include_tasks: "hc_fusion.yaml"
hc_fusion.yaml from fusion role:
- name: "FUSION"
shell: ansible-playbook roles/fusion/tasks/fusion.yaml --extra-vars 'fusion_ip_ha={{item.ip}} fusion_user={{item.username}} fusion_pass={{item.password}} fecha="{{fecha.stdout}}" fusion_ansible_become_user={{item.ansible_become_user}} fusion_ansible_become_pass={{item.ansible_become_pass}}'
fusion.yaml from fusion role:
- hosts: localhost
vars:
ansible_become_user: "{{fusion_ansible_become_user}}"
ansible_become_pass: "{{fusion_ansible_become_pass}}"
tasks:
- name: Validate
ignore_unreachable: yes
shell: service had status
delegate_to: "{{fusion_user}}#{{fusion_ip_ha}}"
become: True
become_method: su
This is a summary of the entire run.
Previously it worked but throws the following error.
stdout: PLAY [localhost] \nTASK [Validate] [1;31mfatal: [localhost -> gandalf#10.66.173.14]: UNREACHABLE! => {\"changed\": false, \"msg\": \"Failed to connect to the host via ssh: Warning: Permanently added '10.66.173.14' (RSA) to the list of known hosts.\ngandalf#10.66.173.14: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password), \"skip_reason\": \"Host localhost is unreachable\"
When I execute ansible-playbook roles/fusion/tasks/fusion.yaml --extra-vars XXXXXXXX from the command line with user awx it works.
Also I validated the connection from the server where ansible tower is running to where you want to connect with the ssh command and if it allows me to connect without requesting a password with the user awx
fusion.yaml does not explicitly specify connection plugin, thus default ssh type is being used. For localhost this approach usually brings a number of related problems (ssh keys, known_hosts, loopback interfaces etc.). If you need to run tasks on localhost you should define connection plugin local just like in your report.yaml playbook.
Additionally, as Zeitounator mentioned, running one ansible playbook from another with shell model is a really bad practice. Please, avoid this. Ansible has a number of mechanism for code re-use (includes, imports, roles etc.).
Have been researching a bit about libssh connection.. this libssh seems to have come up with setup as an alternative to the paramiko connection, basically interested in this as it multiple network modules which can be used with ssh and our ssh_common_args
Has anyone tried this type of libssh connection from ansible shared env.??
https://docs.ansible.com/ansible/2.10/collections/ansible/netcommon/libssh_connection.html
the idea is to be able to use the ansible.netcomm modules, like below link
https://www.ansible.com/blog/new-libssh-connection-plugin-for-ansible-network
Basically i am able to execute the normal ssh connectivity, and using the raw module to execute commands on network device shell.. but the libssh connectivity with ansible.netcommon.cli_command doesnot work, not sure how to get this working
'''
# Test a connection to network device
- name: Try connection test to box
hosts: "{{ affected_host }}"
gather_facts: false
ignore_errors: true
tasks:
- name: Checking NW device Connectivity
raw: show version
register: cmdopt1
- name: PRINT TO TERMINAL WINDOW
debug:
msg: "{{cmdopt1.stdout}}"
- name: Checking NW device Connectivity
ansible.netcommon.cli_command:
command: show version
register: cmdopt2
- name: PRINT TO TERMINAL WINDOW
debug:
msg: "{{cmdopt2.stdout}}"
'''
I'm looking to create a playbook on ansible to gather info of more than 300 hosts and save the info to a file. I get 2 diffente issues, one not being able to save the info to a file and the second issue comes because of telnet connection of some hosts, only working for ssh hosts.
ansible 2.9.3
under vm CentOS7
Already tried:
- name: "[SCAN][IOS] IOS play for scanning facts"
hosts: CISCO
connection: network_cli
ignore_errors: true
ignore_unreachable: true
vars:
ansible_network_os: ios
gather_facts: False
tasks:
- name: run show logging host ip on remote devices
ios_command:
commands: show run | i logging host
register: output
- debug:
var: output["stdout_lines"]
This playbook shows the ssh hosts results according to the configuration required, but I'm not able to save this info to a file.
On the other hand I would like to run this commands on telnet hosts, is it possible to run this in both connection types together and save to file?
I'm running a simple ansible playbook and getting an error:
ERROR: parse error: playbooks must be formatted as a YAML list, got type 'str'
---
- hosts: all
tasks:
- name: Get server availability by pinging it
ping:
- name: Get server hostname
command: hostname
Not sure where the problem is. Ansible v1.9.6
Answer from comment: missing -i flag in ansible-playbook hostname.yml inventory.
I am trying to configure a EOS switch using ansible. I have established connection between them using SSH keys, and tested the connection. I wrote a simple playbook and trying to execute it. But I am getting a msg: unsupported parameter for module: transport
My playbook
- hosts: EOS
gather_facts: no
roles:
- arista.eos
tasks:
- name: Configuring VLAN
eos_vlan: vlanid=150
name=NewVLAN
transport={{ transport }}
username={{ username }}
password={{ password }}
debug=yes
register: vlan_cfg_output
- debug: var=vlan_cfg_output
In my inventory file
[EOS]
Arista ansible_ssh_host=192.168.10.5
[EOS:vars]
ansible_ssh_user=ansible
transport=http
username=eapi
password=password
Which versions of the following are you using?
Ansible
pyeapi
ansible-eos
I ran a test using SSH with your playbook and hosts file and it worked fine on one of my switches.
PS: There is a mailing for questions, ansible-dev#arista.com. Also, you can raise issues here: https://github.com/arista-eosplus/ansible-eos/issues. Both of these options are better than SO.
While this might not completely answer your question, the arista.eos role is deprecated
https://eos.arista.com/forum/arista-eos-was-not-found-on-httpsgalaxy-ansible-com/