Problem starting with cisco_ios

[Ángel L. Mateo]

I'm beginning with puppetlabs/cisco_ios module. For the moment, just a
proof of concept.

These are the modules I have installed:

/etc/puppetlabs/code/environments/ciscotest/modules
├── puppetlabs-cisco_ios (v0.6.1)
├── puppetlabs-concat (v5.1.0)
├── puppetlabs-device_manager (v2.7.0)
├── puppetlabs-hocon (v1.0.1)
├── puppetlabs-netdev_stdlib (v0.17.0)
├── puppetlabs-puppetserver_gem (v1.0.0)
├── puppetlabs-resource_api (v1.0.0)
└── puppetlabs-stdlib (v5.1.0)

In _manifests/site.pp_ I have:
node default {
device_manager {'switch_cisco_pruebas':
type => 'cisco_ios',
credentials => {
address => '1.2.3.4',
port => '22',
username => 'test',
password => 'password',
enable_password => 'enablepassword',
},
}
}

The problem I have is that running puppet agent gives no error, but the
device command doesn't work. I have the error:

root@leo10:/etc/puppetlabs/code/environments/ciscotest# puppet device
--verbose --target switch_cisco_pruebas --apply ~/manifest.pp --noop
Error: Could not autoload puppet/provider/ntp_server/cisco_ios:
superclass mismatch for class Device
Error: Could not autoload puppet/type/ntp_server: Could not autoload
puppet/provider/ntp_server/cisco_ios: superclass mismatch for class Device
Error: Evaluation Error: Error while evaluating a Resource Statement,
Could not autoload puppet/type/ntp_server: Could not autoload
puppet/provider/ntp_server/cisco_ios: superclass mismatch for class
Device (file: /home/amateo_adm/manifest.pp, line: 1, column: 1) on node
switch_cisco_pruebas

Could anybody help me?

--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 868888337

[Ángel L. Mateo]

El 30/11/18 a las 14:29, Ángel L. Mateo escribió:

>
> In _manifests/site.pp_ I have:
> node default {
>   device_manager {'switch_cisco_pruebas':
>     type => 'cisco_ios',
>     credentials => {
>       address => '1.2.3.4',
>       port => '22',
>       username => 'test',
>       password => 'password',
>       enable_password => 'enablepassword',
>     },
>   }
> }
>

Errata. This is my manifest:

node default {
include cisco_ios::proxy

device_manager {'switch_cisco_pruebas':
type => 'cisco_ios',
credentials => {
address => '1.2.3.4',
port => '22',
username => 'test',
password => 'password',
enable_password => 'enablepassword',
},
}
}

[Will Meek]

Hi Angel,

I'm having a look at this now.

The manifest you supplied looks to be device_manager setup, which is executed either by an agent (if set in an environment) or 'puppet apply' rather than 'puppet device'.

This sets up the device.conf ready for puppet device.

Can you tell me if you get any output for a 'resource' command eg.

# puppet device --verbose --target switch_cisco_pruebas --resource banner

Info: retrieving resource: banner from switch_cisco_pruebas at file:///etc/puppetlabs/puppet/devices/switch_cisco_pruebas.conf

banner { 'default': 

  motd => 'Compliance banner',

}

Also - could you verify that the resource_api gem is installed?

eg.

# gem list | grep resource_api

puppet-resource_api (1.6.2)

Thanks

Will

[Ángel L. Mateo]

El 30/11/18 a las 15:16, Will Meek escribió:

> Hi Angel,
>
> I'm having a look at this now.
>
> The manifest you supplied looks to be device_manager setup, which is
> executed either by an agent (if set in an environment) or 'puppet apply'
> rather than 'puppet device'.
>
> This sets up the device.conf ready for puppet device.
>

You're right. That's the code I use to configure the device manager
(the proxy agent). I forgot to paste the code for the device. It's this:

# ~/manifest.pp
ntp_server { '1.2.3.5':
ensure => 'present',
key => 94,
prefer => true,
minpoll => 4,
maxpoll => 14,
}

I had to manually add modulepath to my apply commands:

root@leo10:/etc/puppetlabs/code/environments# puppet device --verbose
--target switch_cisco_pruebas --apply ~/manifest.pp --noop --modulepath
/etc/puppetlabs/code/environments/ciscotest/modules
Notice: Compiled catalog for switch_cisco_pruebas in environment
production in 0.07 seconds
Info: Applying configuration version '1543995151'
Notice: /Stage[main]/Main/Ntp_server[1.2.3.5]/ensure: current_value
'absent', should be 'present' (noop)
Info: Class[Main]: Unscheduling all events on Class[Main]
Info: Creating state file
/opt/puppetlabs/puppet/cache/devices/switch_cisco_pruebas/state/state.yaml
Notice: Applied catalog in 1.19 seconds

> Can you tell me if you get any output for a 'resource' command eg.
>
> # puppet device --verbose --target switch_cisco_pruebas --resource banner
>
> Info: retrieving resource: banner from switch_cisco_pruebas at
> file:///etc/puppetlabs/puppet/devices/switch_cisco_pruebas.conf
>
> banner { 'default':
>
> motd => 'Compliance banner',
>
> }
>

amateo_adm@leo10:~$ sudo puppet device --verbose --target

switch_cisco_pruebas --resource banner
Info: retrieving resource: banner from switch_cisco_pruebas at
file:///etc/puppetlabs/puppet/devices/switch_cisco_pruebas.conf
banner { 'default':

I'm getting the configured banner:

motd =>
"\n+--------------------------------------------------------------+\n|
|\n| ATICA
UNIVERSIDAD DE MURCIA CATALYST 3650-12X|\n|
http://www.um.es PILOTO HIPERCONV|\n|
|\n|
------------------------------ |\n|
|\n| ATENCION: Esta intentando
conectar con un conmutador privado |\
...

>
> Also - could you verify that the resource_api gem is installed?
>
> eg.
>
> # gem list | grep resource_api
>
> puppet-resource_api(1.6.2)
>

It's installed in the puppet's ruby environment, but not in _standard's_:

amateo_adm@leo10:~$ gem list | grep resource_api

amateo_adm@leo10:~$ sudo /opt/puppetlabs/puppet/bin/gem list | grep
resource_api
puppet-resource_api (1.6.2, 1.6.1, 1.6.0)

[Ángel L. Mateo]

I don't know what have I touch (if it's really my fault), but it's not
working again.

This is the manifest to configure the proxy agent:

node default {

include cisco_ios::proxy

device_manager {'switch_cisco_pruebas':
type => 'cisco_ios',
credentials => {

address => '10.54.1.111',

port => '22',
username => 'test',

password => 'test123',
enable_password => '123test',
},
}

}

With banner resource it works:

amateo_adm@leo10:~$ sudo puppet device --verbose --target

switch_cisco_pruebas --resource banner --modulepath
/etc/puppetlabs/code/environments/ciscotest/modules

Info: retrieving resource: banner from switch_cisco_pruebas at
file:///etc/puppetlabs/puppet/devices/switch_cisco_pruebas.conf
banner { 'default':

motd => 'Test banner',
}

and I can configure it with this manifest:
banner {'default':
motd => 'Test banner',
}

and sudo puppet device --verbose --target switch_cisco_pruebas
--modulepath /etc/puppetlabs/code/environments/ciscotest/modules --apply
~/manifest.pp

but it didn't work with ntp_server resource:

amateo_adm@leo10:~$ sudo puppet device --verbose --target

switch_cisco_pruebas --modulepath
/etc/puppetlabs/code/environments/ciscotest/modules --resource ntp_server
Error: Could not autoload puppet/provider/ntp_server/ios: superclass
mismatch for class NtpServer

Error: Could not autoload puppet/type/ntp_server: Could not autoload

puppet/provider/ntp_server/ios: superclass mismatch for class NtpServer

Error: Could not autoload puppet/type/ntp_server: Could not autoload

puppet/provider/ntp_server/ios: superclass mismatch for class NtpServer

El 5/12/18 a las 8:33, Ángel L. Mateo escribió:

[Will Meek]

Hi Angel,

Thank you for the detail so far!

The only way I can reproduce this on my setup is with having puppetlabs-cisco_ios 0.5.0 installed in the production environment, whereby puppet tries to pick up the old 'ios' provider rather than the >0.6.0 'cisco_ios' provider.

puppet device --verbose --target switch_cisco_pruebas --modulepath /etc/puppetlabs/code/environments/ciscotest/modules --resource ntp_server

Error: Could not autoload puppet/provider/ntp_server/ios: superclass mismatch for class NtpServer

puppet module list

/etc/puppetlabs/code/environments/production/modules

└── puppetlabs-cisco_ios (v0.5.0)

puppet module list --environment ciscotest

/etc/puppetlabs/code/environments/ciscotest/modules

├── puppetlabs-cisco_ios (v0.6.1)

Do you have an old version of the cisco_ios module installed in any environments?

This should be addressed by the resolution of Puppet ticket https://tickets.puppetlabs.com/browse/PUP-8766, hopefully early 2019.

In the meantime, if you add a --libdir are you successful? 

eg.

sudo puppet device --verbose --target switch_cisco_pruebas --modulepath /etc/puppetlabs/code/environments/ciscotest/modules --resource ntp_server --libdir /etc/puppetlabs/code/environments/ciscotest/modules/cisco_ios/lib/

Info: retrieving resource: ntp_server from switch_cisco_pruebas at file:///etc/puppetlabs/puppet/devices/switch_cisco_pruebas.conf

ntp_server { '1.2.3.5': 

  key => 94,

  minpoll => 4,

  maxpoll => 14,

  prefer => true,

  ensure => 'present',

}

Out of interest - what version of Puppet are you running?

puppet --version

6.0.4

Thanks

Will

On Friday, November 30, 2018 at 1:29:16 PM UTC, amateo wrote:

[Ángel L. Mateo]

El 5/12/18 a las 12:11, Will Meek escribió:

> Hi Angel,
>
> Thank you for the detail so far!
>
> The only way I can reproduce this on my setup is with having
> puppetlabs-cisco_ios 0.5.0 installed in the production environment,
> whereby puppet tries to pick up the old 'ios' provider rather than the
> >0.6.0 'cisco_ios' provider.
>

That seem to be the problem. I had an old version in production and
latest in a test environment. I have removed all environments, leaving
just production with latest version, and it works, but I have had to
purge /opt/puppetlabs/puppet/cache and run puppet agent.

Thank you Will

[Will Meek]

Angel,

No problem, I'm very glad you found resolution to this!

I would be interested to hear any feedback you may have during usage of the cisco_ios module.

And of course, community PRs are always welcome to the project :)

Thanks!

Regards,

Will

[Ángel L. Mateo]

I have it working and I can run puppet device to send configuration to
device.

Now, I would like to configure the agent proxy so I don't have to
manually run puppet device to send configuration to devices, but to
puppet agent doing it for me in every run. Is this possible, how do I
have to do it?

I'm trying it with this manifest:

node default {

include cisco_ios::proxy

exec {'run puppet device':
command => '/opt/puppetlabs/bin/puppet device --verbose --logdest
syslog',
require => Class['cisco_ios::proxy'],

}

device_manager {'switch_cisco_pruebas':
type => 'cisco_ios',
credentials => {

address => '10.54.1.111',

port => '22',
username => 'test',

password => 'test123',
enable_password => '123test',
},
}

}

node switch_cisco_pruebas {

ntp_server { '1.2.3.5':
ensure => 'present',
key => 94,
prefer => true,

minpoll => 4,
maxpoll => 14,
}

ios_config { 'prueba_comandos':
command => "
default interface Gi1/0/2
int gi1/0/2
description Prueba Puppet
",
}
}

With this manifest, the "run puppet device" exec is done in every
puppet agent run, sending configuration to device, and works with
ntp_server and banner resources, but it doesn't work with ios_config
one, I get the error

Dec 5 14:23:55 leo10 puppet-agent[66368]: Could not retrieve catalog
from remote server: Error 500 on SERVER: Server Error: Evaluation Error:

Error while evaluating a Resource Statement, Could not autoload

puppet/type/ios_config: no such file to load -- puppet/resource_api
(file: /etc/puppetlabs/code/environments/production/manifests/site.pp,
line: 33, column: 2) on node switch_cisco_pruebas

The same manifest, applied with puppet device works without any problem.

What do I have to do to automatically configure device in every puppet run?

El 5/12/18 a las 12:11, Will Meek escribió:

> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users...@googlegroups.com
> <mailto:puppet-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/ef8056dd-83f3-4ed6-907b-42eec15cf9fc%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/ef8056dd-83f3-4ed6-907b-42eec15cf9fc%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.

[Will Meek]

Hi Angel,

In terms of having a regular execution of puppet device, you could utilise the device_manager and set up a run_interval parameter:

https://forge.puppet.com/puppetlabs/device_manager#run_interval

which will set up a regular cron job.

Also, it is worth adding cisco_ios::server to your puppet server manifest alongside cisco_ios::proxy, as per the cisco_ios setup guide: https://forge.puppet.com/puppetlabs/cisco_ios#setup

If you still have issues with the resource_api autoload, you could try adding the gem to your puppetserver:

puppetserver gem install puppet-resource_api
puppetserver reload
puppet agent -tv

Regards

Will