How do I use openSSH instead of paramiko (i.e. no connection:local) for IOS modules?

68 views
Skip to first unread message

Johann Lo

unread,
Sep 22, 2016, 12:37:37 PM9/22/16
to Ansible Project
I'm trying to use the ios networking modules (ios_config, ios_template etc.) and the only way I can get them to work properly is via connection: local and passing the parameters to each task via something like this

- hosts: all
  connection: local
  gather_facts: no

  tasks:
  - name: define provider
    set_fact:
      provider:
        host: "{{ inventory_hostname }}"
        username: "{{ username }}"
        password: "{{ password }}"
        auth_pass: "{{ auth_pass }}"
        authorize: "{{ authorize }}"
        backup: "{{ backup }}"

1.) Is there a way to use standard SSH AND pass the ios module specific parameters such as auth_pass? Whatever I do, whether I place the username, password or auth_pass variables in inventory, play or host variables, it ignores them and connects with no user.

2.) Using the current method I understand its paramiko under the hood. This has a MAJOR problem where each task keeps its SSH connection open and does not close it. How do I get it to close the SSH connection and not fill uip my devices? This is a major issue as network devices normally restrict to several concurrent connections.

Note this is also relevant to the Arista (EOS) templates.

Thanks

Peter Sprygada

unread,
Sep 22, 2016, 5:14:20 PM9/22/16
to ansible...@googlegroups.com
The short answer is you don't.

Traditional network devices that dump an authenticated session to the "CLI" effectively prevent you from being able to use OpenSSH as a programmable transport in the way that is implemented for other systems. 

WRT point #2.  SSH connections being made by network modules *should* be cleaning up the connections behind themselves.  If that is not the case, then its a bug and we need to get it fixed.  

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ae7111dc-3485-4111-9fb5-c1cb2be7207b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages