junos_command

951 views
Skip to first unread message

Asif Iqbal

unread,
Apr 25, 2017, 3:31:13 PM4/25/17
to Ansible Project
I am failing to make junos_command work

2017-04-25 15:28:49,152 p=4058 u=user |  PLAY [sdwan-routers] ****************************************************************************************************
2017-04-25 15:28:49,171 p=4058 u=user |  TASK [junos_command] ****************************************************************************************************
2017-04-25 15:28:49,572 p=4084 u=user |  creating new control socket for host router.example.net:830 as user None
2017-04-25 15:28:49,572 p=4084 u=user |  control socket path is /home/user/.ansible/pc/c08d46d021
2017-04-25 15:28:49,572 p=4084 u=user |  current working directory is /home/user/ansible/sdwan
2017-04-25 15:28:49,572 p=4084 u=user |  using connection plugin netconf
2017-04-25 15:28:49,629 p=4084 u=user |  network_os is set to junos
2017-04-25 15:28:49,629 p=4084 u=user |  ssh connection done, stating ncclient
2017-04-25 15:28:59,694 p=4084 u=user |  failed to create control socket for host router.example.net
2017-04-25 15:28:59,695 p=4084 u=user |  Traceback (most recent call last):
  File "/usr/bin/ansible-connection", line 298, in main
    server = Server(sf_path, pc)
  File "/usr/bin/ansible-connection", line 135, in __init__
    self.conn._connect()
  File "/usr/lib/python2.7/dist-packages/ansible/plugins/connection/netconf.py", line 95, in _connect
    device_params={'name': self._network_os}
  File "/usr/lib/python2.7/dist-packages/ncclient/manager.py", line 149, in connect
    return connect_ssh(*args, **kwds)
  File "/usr/lib/python2.7/dist-packages/ncclient/manager.py", line 118, in connect_ssh
    session.connect(*args, **kwds)
  File "/usr/lib/python2.7/dist-packages/ncclient/transport/ssh.py", line 372, in connect
    raise SSHError("Could not open socket to %s:%s" % (host, port))
SSHError: Could not open socket to router.example.net:830

2017-04-25 15:29:19,598 p=4084 u=user |  number of connection attempts exceeded, unable to connect to control socket
2017-04-25 15:29:19,599 p=4084 u=user |  persistent_connect_interval=1, persistent_connect_retries=30
2017-04-25 15:29:19,625 p=4058 u=user |  fatal: [router.example.net]: FAILED! => {"changed": false, "failed": true, "msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell", "rc": 255}
2017-04-25 15:29:19,626 p=4058 u=user |  PLAY RECAP **************************************************************************************************************
2017-04-25 15:29:19,626 p=4058 u=user |  router.example.net : ok=0    changed=0    unreachable=0    failed=1   

I can only ssh to the router through a proxy host and the router does not have any port 830 open and I verified.

Please advise a workaround..

Thanks

Peter Sprygada

unread,
Apr 25, 2017, 4:34:42 PM4/25/17
to ansible...@googlegroups.com
HI Asif, junos_command requires netconf to be enabled on the remote device.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c11d6f3a-c468-4c41-a097-bdd511cf0cf5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Guz Mateusz ISP_

unread,
Apr 26, 2017, 9:09:55 AM4/26/17
to ansible...@googlegroups.com

I might be mistaken, but when dealing with network devices there should be something like:

connection: local

somewhere at the beginning of the playbook.

And the content of the playbook itself would be helpful here I think.

Please also check:
https://www.ansible.com/webinars-training/ansible-playbooks-using-network-modules

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

ING Services Polska Sp. z o. o. ul. Konduktorska 35, 40-155 Katowice, NIP 634-251-05-98, KRS 0000183258 Sąd Rejonowy w Katowicach, Wydział VIII Gospodarczy Krajowego Rejestru Sądowego, Kapitał zakładowy - 13 950 000,00 zł wpłacony w całości.

Rama Krishna

unread,
May 8, 2017, 7:14:35 AM5/8/17
to Ansible Project
Based on the error message, authentication parameters are not passed properly to the module. 

I see it's using netconf; so i think you have used connection method right.. 

Cheers

Gennadiy Krokodilov

unread,
Feb 8, 2018, 5:30:01 PM2/8/18
to Ansible Project
Boker Tov Asaf,  did you managed to solve it?

I have exactly the same problem with ex4200 and Ansible 2.3.3. netconf is enabled on port 830 and accessible:

[ playbooks]# ssh -s -p 830 ansible@juniper_12 netconf
Welcome to Juniper ex4300-48t 
Password:
<!-- No zombies were killed during the creation of this user interface -->
<!-- user ansible, class j-read-only -->
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <capabilities>
    <capability>urn:ietf:params:netconf:base:1.0</capability>
    <capability>urn:ietf:params:netconf:capability:candidate:1.0</capability>
    <capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</capability>
    <capability>urn:ietf:params:netconf:capability:validate:1.0</capability>
    <capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file</capability>
    <capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>
    <capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file</capability>
    <capability>http://xml.juniper.net/netconf/junos/1.0</capability>
    <capability>http://xml.juniper.net/dmi/system/1.0</capability>
  </capabilities>
  <session-id>11528</session-id>
</hello>
]]>]]>

This is debug log:

2018-02-09 01:13:25,964 p=17223 u=root |  creating new control socket for host 192.168.89.240:830 as user ansible
2018-02-09 01:13:25,965 p=17223 u=root |  control socket path is /root/.ansible/pc/1007ccc67b
2018-02-09 01:13:25,965 p=17223 u=root |  current working directory is /etc/ansible/playbooks
2018-02-09 01:13:25,966 p=17223 u=root |  using connection plugin netconf
2018-02-09 01:13:25,968 p=17223 u=root |  failed to create control socket for host 192.168.89.240
2018-02-09 01:13:25,969 p=17223 u=root |  Traceback (most recent call last):
  File "/opt/ansible/bin/ansible-connection", line 298, in main
    server = Server(sf_path, pc)
  File "/opt/ansible/bin/ansible-connection", line 134, in __init__
    self.conn = connection_loader.get(play_context.connection, play_context, sys.stdin)
  File "/opt/ansible/lib/ansible/plugins/__init__.py", line 358, in get
    self._module_cache[path] = self._load_module_source(name, path)
  File "/opt/ansible/lib/ansible/plugins/__init__.py", line 343, in _load_module_source
    module = imp.load_source(full_name, path, module_file)
  File "/opt/ansible/lib/ansible/plugins/connection/netconf.py", line 39, in <module>
    raise AnsibleError("ncclient is not installed")
AnsibleError: ncclient is not installed 

If you realised how to fix it, please share. 
Thanks!


вторник, 25 апреля 2017 г., 22:31:13 UTC+3 пользователь Asif Iqbal написал:

Ganesh Nalawade

unread,
Feb 9, 2018, 12:17:49 AM2/9/18
to Ansible Project
 
AnsibleError: ncclient is not installed

Please install ncclient and retry.

Command to install ncclient using pip:
# pip install ncclient


Regards,
Ganesh

Gennadiy Krokodilov

unread,
Feb 10, 2018, 12:48:27 PM2/10/18
to Ansible Project
Hi Ganesh,
Thanks! 
I moved FWD and installed it from git, now it is listed in  packages:

[root@server]# pydoc modules | grep -i ncc
UserDict            datetime            ncclient (package)  sre_parse
[root@server]# 

but I still have same error, absolutely the same.

It looks to me as Ansible configuration issue. 
I don't exactly know where to put ncclient module(path where Ansible looks for it) which I installed with setup.py.
At the moment I just added its patch to env (so its listed by pydoc):

ANSIBLE_LIBRARY=/opt/ansible/lib/ansible/modules:/root/Ansible_install/ncclient-0.4.2
ANSIBLE_HOME=/opt/ansible
PYTHONPATH=/opt/ansible/lib:/root/Ansible_install/ncclient-0.4.2

[root@playbooks]# ansible --version
  7198 1518284728.95276: starting run
ansible 2.3.3.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/opt/ansible/lib/ansible/modules', u'/root/Ansible_install/ncclient-0.4.2']
  python version = 2.6.8 (unknown, Nov  7 2012, 14:47:34) [GCC 4.1.2 20080704 (Red Hat 4.1.2-52)]
[root@playbooks]#

I know, Im not cool by running this directly as root, but this is just test env.

Thanks.

пятница, 9 февраля 2018 г., 7:17:49 UTC+2 пользователь Ganesh Nalawade написал:

Gennadiy Krokodilov

unread,
Feb 10, 2018, 2:55:59 PM2/10/18
to Ansible Project
OK, looks like I found the root cause:

VIP_CR:[root@upm1 playbooks]# python
Python 2.6.8 (unknown, Nov  7 2012, 14:47:34) 
[GCC 4.1.2 20080704 (Red Hat 4.1.2-52)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from ncclient import manager
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "build/bdist.linux-i686/egg/ncclient/manager.py", line 22, in <module>
  File "build/bdist.linux-i686/egg/ncclient/operations/__init__.py", line 16, in <module>
  File "build/bdist.linux-i686/egg/ncclient/operations/rpc.py", line 18, in <module>
  File "build/bdist.linux-i686/egg/ncclient/xml_.py", line 22, in <module>
ImportError: /usr/lib/libexslt.so.0: symbol gcry_cipher_setkey, version GCRYPT_1.2 not defined in file libgcrypt.so.11 with link time reference
>>> 

ncclient needs to resolve dependencies.



суббота, 10 февраля 2018 г., 19:48:27 UTC+2 пользователь Gennadiy Krokodilov написал:

Gennadiy Krokodilov

unread,
Feb 10, 2018, 6:33:36 PM2/10/18
to Ansible Project
OK, Finally I got ncclient installed and it works fine (all dependencies solved),
But this is what confusing me now:

2018-02-11 02:01:07,225 p=17431 u=root |  ssh connection done, stating ncclient
2018-02-11 02:01:09,832 p=17431 u=root |  ncclient manager object created successfully
2018-02-11 02:01:09,833 p=17431 u=root |  connection established to 192.168.89.240 in 0:00:02.721349
2018-02-11 02:01:10,108 p=17431 u=root |  incoming request accepted on persistent socket
2018-02-11 02:01:10,109 p=17431 u=root |  socket operation is CONTEXT
2018-02-11 02:01:10,111 p=17431 u=root |  socket operation is EXEC
2018-02-11 02:01:10,112 p=17431 u=root |  socket operation completed with rc 0
2018-02-11 02:01:10,143 p=16797 u=root |  open_session() returned 0 ok 
2018-02-11 02:01:10,577 p=16797 u=root |  Using module file /opt/ansible-2.3.3.0/lib/ansible/modules/network/junos/junos_command.py
2018-02-11 02:01:10,713 p=16797 u=root |  The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_iVnNY8/ansible_module_junos_command.py", line 164, in ?
    from functools import partial
ImportError: No module named functools

2018-02-11 02:01:10,714 p=16797 u=root |  fatal: [hsbu12]: FAILED! => {
    "changed": false, 
    "failed": true, 

This module is installed and listed but, junos_command.py can't find it. 
Does anybody have any ideas?

Thanks in advance!




суббота, 10 февраля 2018 г., 21:55:59 UTC+2 пользователь Gennadiy Krokodilov написал:
Reply all
Reply to author
Forward
0 new messages