Problems with asa_config

[Steven Carter]

I am having problems running the following play:

- hosts: cil-fw

  gather_facts: no

  connection: local

  vars_files:

    - ./cilfu-vars.yml

    - ./cil-vault.yml

  vars:

    cli:

      host: "{{ inventory_hostname }}"

      username: "{{ cil_admin_username }}"

      password: "{{ cil_admin_password }}"

      transport: cli

  tasks:

    - name: Get Version

      asa_command:

        commands:

          - show version

        provider: "{{ cli }}"

    - name: Add Context

      asa_config:

        lines:

          - context cilfu

          - allocate-interface Port-channel1.102

          - allocate-interface Port-channel1.703

          - config-url disk0:/cilfu.cfg

        context: system

        provider: "{{ cli }}"

        

        

    - name: Configure the outside interface

      asa_config:

        lines:

          - nameif outside

        context: cilfu

        parents: ['interface Port-channel1.102']

        provider: "{{ cli }}" 

The first problem was with authentication.  Originally, I had "authorize" and "auth_pass" set, but it did not seem to be able to enable properly:

TASK [Add Context] *************************************************************

fatal: [csn-sjc18-asa1]: FAILED! => {"changed": false, "failed": true, "msg": "matched error in response: changeto system\r\n^\r\nERROR: % Invalid input detected at '^' marker.\r\n\rcsn-sjc18-asa1/admin> "}

I got around this problem by giving the admin user auto-exec. The next play seems to run:

PLAY [cil-fw] ******************************************************************

TASK [Get Version] *************************************************************

ok: [csn-sjc18-asa1]

TASK [Add Context] *************************************************************

changed: [csn-sjc18-asa1]

TASK [Configure the outside interface] *****************************************

fatal: [csn-sjc18-asa1]: FAILED! => {"changed": false, "commands": ["configure terminal", "interface Port-channel1.102", "nameif outside", "end"], "failed": true, "msg": "matched error in response: bal\r\nCryptochecksum:45e26010ee904847ecd150979e737e47\r\n: end\r\n\rcsn-sjc18-asa1/cilfu# Port-channel1.102\r\n                       ^\r\nERROR: % Invalid input detected at '^' marker.\r\n\rcsn-sjc18-asa1/cilfu# "}

to retry, use: --limit @/Users/stevenca/Box Sync/csn/cil/ansible/cilfu-asa.retry

PLAY RECAP *********************************************************************

csn-sjc18-asa1             : ok=2    changed=1    unreachable=0    failed=1

Task "Add Context" seems to complete, but the context does not show up in the config.  When I add it manually and try to configure nameif under the interface, I get the failure that I see above.  Is this module still in the works or am I doing something wrong (or both)?  In either case, I am happy to do some testing on it.

Thanks,

Steven.