Error handling in ios_config module

628 views
Skip to first unread message

Uroš Bajželj

unread,
Mar 25, 2016, 10:41:29 AM3/25/16
to Ansible Project
Hello

I am using ios_config module to configure crypto map on the router.

When you configure the empty crypto map statement the router display the following note:

HQ(config)#crypto map CMAP 10 ipsec-isakmp 

% NOTE: This new crypto map will remain disabled until a peer

and a valid access list have been configured.


The problem here is that this error fails the task and ansible does not execute all commands in list. Is there anyway to tell the ansible to ignore this message?


This is my task:


    - name: Configure crypto map

      ios_config:

        host: "{{ ansible_ssh_host }}"

        username: "{{ username }}"

        password: "{{ password }}"

        lines:

          - match address GRE-IPSEC

        parents: ['crypto map CMAP {{ item.0 + 1 }} ipsec-isakmp']

        before: ['no crypto map CMAP {{ item.0 + 1 }} ipsec-isakmp']

        match: strict

      with_indexed_items: '{{ groups.remote }}'

      when: "inventory_hostname in groups.hq"


I also tried to add "ignore_errors: yes". But still it does not execute all commands in the lines.


I was reading about failed_when attribute but I was not able to implement this in the correct way.

(failed_when: "'FAILED' in command_result.msg)


Any ideas?


BR,


Uros

Roger Gomez

unread,
Mar 26, 2016, 10:49:30 AM3/26/16
to Ansible Project
Maybe you can try blocks Ansible Blocks, they work pretty similar to Python Try/Except/Finally.
Thanks.

Uroš Bajželj

unread,
Mar 28, 2016, 3:55:20 PM3/28/16
to Ansible Project
Hello

Thanks for the answer. I tried your suggested solution but it does not help.

The problem is that if task fails in the block section, then the rescue section is initiated. But the task fails here as well. 

Trying to find other solution... :)

BR,

Uros


Dne sobota, 26. marec 2016 15.49.30 UTC+1 je oseba Roger Gomez napisala:

Peter Sprygada

unread,
Mar 28, 2016, 7:25:44 PM3/28/16
to ansible...@googlegroups.com
Its a bug in ios_config not properly handling the return prompt. Should have a fix committed soon to address this

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/501de10e-e29c-44c2-8f21-5e85825b9dd1%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Uroš Bajželj

unread,
Mar 29, 2016, 2:12:02 AM3/29/16
to Ansible Project
Ok great. Just to note, it is the same problem with ios_command and ios_template.

BTW: Are you planning to add additional modules to networking section to handle for example access-list only, crypto settings, etc...? I mean like ios_access_list to handle ACLs from high level perspective.

BR,

Uros


Dne torek, 29. marec 2016 01.25.44 UTC+2 je oseba Peter Sprygada napisala:

Peter Sprygada

unread,
Mar 29, 2016, 10:17:35 PM3/29/16
to ansible...@googlegroups.com
​Should now be fixed in ansible/ansible devel.

no plan as of right now for higher order modules that scrap the cli.  you should be able to accomplish most of these tasks with roles today using the current modules as the foundation​

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6da5bec8-beb0-442a-83a1-09f35454456a%40googlegroups.com.

Ian Zhang

unread,
Jun 5, 2017, 6:37:30 PM6/5/17
to Ansible Project
Is there any update for this issue? i got similar thing need deal but not knowing how to...
Thanks in advance for any instructions. 

Thanks
-Ian

Peter Rubenstein

unread,
Oct 18, 2023, 1:00:41 PM10/18/23
to Ansible Project
This seems to still be broken all these years later. I'm hitting the exact same issue with "crypto map". Is there a workaround?

ansible --version
ansible [core 2.15.4]
  config file = /home/plrub160/git/isp_link_change/ansible.cfg
  configured module search path = ['/home/plrub160/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/plrub160/VENV/ISP-LINK-CHANGE/lib/python3.11/site-packages/ansible
  ansible collection location = /home/plrub160/git/isp_link_change/collections
  executable location = /home/plrub160/VENV/ISP-LINK-CHANGE/bin/ansible
  python version = 3.11.4 (main, Jul  5 2023, 14:15:25) [GCC 11.2.0] (/home/plrub160/VENV/ISP-LINK-CHANGE/bin/python)
  jinja version = 3.1.2
  libyaml = True

Reply all
Reply to author
Forward
0 new messages