Ansible - save config - Small business SG 500

177 views
Skip to first unread message

Jean berjonneau

unread,
Jan 28, 2019, 10:25:30 AM1/28/19
to Ansible Project
Ansible version = 2.7.5


Hello all,

I am using Ansible to save configurations of all my switches but they are CISCO small businesses.

I am curently using a playbook like this :

---
- hosts: SW-Switches
  gather_facts: no
  connection: local

  vars_prompt:
  - name: "mgmt_username"
    prompt: "Username"
    private: no
  - name: "mgmt_password"
    prompt: "Password"


  tasks:
  - name: Provider
    set_fact:
      provider:
        host: "{{ inventory_hostname }}"
        username: "{{ mgmt_username }}"
        password: "{{ mgmt_password }}"


  - name: Show run
    ios_command:
      provider: "{{ provider }}"
      commands:
        - command: show running-configuration
      register: showrun

  - name: save output
    copy:
      content: "{{ showrun.stdout }}"
      dest: "/etc/ansible/show_run_test11.22.conf"
~


and it returns an error:

[root@BX-ANSIBLE ansible]# ansible-playbook test11.22.yml
Username: ########
Password: ########

PLAY [SW-Switches] *********************************************************************************

TASK [SYS | Define provider] ***********************************************************************
ok: [BX-COM-SW6]

TASK [IOS | Show run] ******************************************************************************
fatal: [BX-COM-SW6]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (ios_command) module: register Supported parameters include: auth_pass, authorize, commands, host, interval, match, password, port, provider, retries, ssh_keyfile, timeout, username, wait_for"}
        to retry, use: --limit @/etc/ansible/test11.22.retry

PLAY RECAP *****************************************************************************************
BX-COM-SW6                 : ok=1    changed=0    unreachable=0    failed=1


I run the command "ios_command : show clock" instead of "show running-configuration" and it works fine. 

I guess there is something i have to do to let it access to next level of command on switches.

Am i missing something to get it saved on my ansible Server?

NB: i know small business switches can't get multiple command line but i only give it 1 command at a time.

Thanks for you help


Dick Visser

unread,
Jan 28, 2019, 10:32:56 AM1/28/19
to ansible...@googlegroups.com
Your 'register' statement should be less indented

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d3b29d2a-2aa7-4c90-a4ae-544b6076a4bd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

Jean berjonneau

unread,
Jan 30, 2019, 2:59:20 AM1/30/19
to Ansible Project
Hello, 

thanks for your answer, actually when i do this with "show clock" it works fine. 
Taking your advice i tried, this is my ne
 - name: IOS | Datadump + Show run
    ios_config:
      authorize: yes
      provider: "{{ provider }}"
      commands:
        - terminal datadump
    register: showrun

And it answered back with more errors than before....

The full traceback is:
Traceback (most recent call last):
  File "/root/.ansible/tmp/ansible-tmp-1548834885.34-267057542623206/AnsiballZ_ios_config.py", line 113, in <module>
    _ansiballz_main()
  File "/root/.ansible/tmp/ansible-tmp-1548834885.34-267057542623206/AnsiballZ_ios_config.py", line 105, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/root/.ansible/tmp/ansible-tmp-1548834885.34-267057542623206/AnsiballZ_ios_config.py", line 48, in invoke_module
    imp.load_module('__main__', mod, module, MOD_DESC)
  File "/tmp/ansible_ios_config_payload_5TvH1X/__main__.py", line 541, in <module>
  File "/tmp/ansible_ios_config_payload_5TvH1X/__main__.py", line 472, in main
  File "/tmp/ansible_ios_config_payload_5TvH1X/__main__.py", line 333, in edit_config_or_macro
  File "/tmp/ansible_ios_config_payload_5TvH1X/ansible_ios_config_payload.zip/ansible/module_utils/connection.py", line 173, in __rpc__
ansible.module_utils.connection.ConnectionError: operation requires privilege escalation


fatal: [BX-COM-SW6]: FAILED! => {
    "changed": false,
    "module_stderr": "Traceback (most recent call last):\n  File \"/root/.ansible/tmp/ansible-tmp-1548834885.34-267057542623206/AnsiballZ_ios_config.py\", line 113, in <module>\n    _ansiballz_main()\n  File \"/root/.ansible/tmp/ansible-tmp-1548834885.34-267057542623206/AnsiballZ_ios_config.py\", line 105, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/root/.ansible/tmp/ansible-tmp-1548834885.34-267057542623206/AnsiballZ_ios_config.py\", line 48, in invoke_module\n    imp.load_module('__main__', mod, module, MOD_DESC)\n  File \"/tmp/ansible_ios_config_payload_5TvH1X/__main__.py\", line 541, in <module>\n  File \"/tmp/ansible_ios_config_payload_5TvH1X/__main__.py\", line 472, in main\n  File \"/tmp/ansible_ios_config_payload_5TvH1X/__main__.py\", line 333, in edit_config_or_macro\n  File \"/tmp/ansible_ios_config_payload_5TvH1X/ansible_ios_config_payload.zip/ansible/module_utils/connection.py\", line 173, in __rpc__\nansible.module_utils.connection.ConnectionError: operation requires privilege escalation\n",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}


Krisztián Tóth

unread,
Jan 30, 2019, 5:55:28 AM1/30/19
to ansible...@googlegroups.com
Hello,

You should try, what the documentation recommends:
"Starting with Ansible 2.5 we recommend using "connection: network_cli" and "become: yes" with "become_pass""

From the error, that is clear you have privilege escalation problem:

" ansible.module_utils.connection.ConnectionError: operation requires privilege escalation "

Other deprecated features are used like "provider" and "authorize".
See here.

Bye,
Krisztian

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ba3903bb-1080-4273-b177-b90fa6de8fc9%40googlegroups.com.

Jean berjonneau

unread,
Feb 12, 2019, 8:18:12 AM2/12/19
to Ansible Project
Hello,

I finally got the answer after weeks of trying:

---
- hosts: #######
  gather_facts: yes
  connection: local
  become: pass

  vars:
    date: "{{ lookup('pipe', 'date +%Y.%m.%d-%H:%M') }}"

  vars_prompt:
  - name: "mgmt_username"
    prompt: "Username"
    private: no
  - name: "mgmt_password"
    prompt: "Password"

  tasks:

  - name: SYS | Define provider
    set_fact:
      provider:
        host: "{{ inventory_hostname }}"
        username: "{{ mgmt_username }}"
        password: "{{ mgmt_password }}"

  - name: show run
    ios_command:
      provider: "{{ provider }}"
      commands:
        - command: 'copy running-config tftp://##.###.###.##/{{ inventory_hostname }}.{{ date }}.txt'


This playbook save configuration file with the name of your switch and date/time.txt into your FileServer TFTP

It works fine for SG300 and SG500. small business switches

Hope it can helps someone.
Reply all
Reply to author
Forward
0 new messages