cisco asa backups playbook fails
373 views
Skip to first unread message
dbs34
May 2, 2023, 2:48:50 PM5/2/23
to Ansible Project
Hello All!
I have been tasked with backing up our network devices. I am not a network guy but I know ansible and linux. I keep getting this error and have not found much on the web for help. The error is "unable to disable terminal pager."
PLAY [Backup ASA Configuration] ***********************************************************************************************************************************
Found a vault_id (default) in the vaulttext
We have a secret associated with vault id (default), will try to use to decrypt /etc/ansible/group_vars/asa/vault.yml
Trying to use vault secret=(FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml')) id=default to decrypt /etc/ansible/group_vars/asa/vault.yml
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Decrypt of "b'/etc/ansible/group_vars/asa/vault.yml'" successful with secret=FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') and vault_id=default
Read vars_file '/etc/ansible/group_vars/asa/vault.yml'
META: ran handlers
Found a vault_id (default) in the vaulttext
We have a secret associated with vault id (default), will try to use to decrypt /etc/ansible/group_vars/asa/vault.yml
Trying to use vault secret=(FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml')) id=default to decrypt /etc/ansible/group_vars/asa/vault.yml
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Decrypt of "b'/etc/ansible/group_vars/asa/vault.yml'" successful with secret=FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') and vault_id=default
Read vars_file '/etc/ansible/group_vars/asa/vault.yml'
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon
TASK [Backup ASA Configuration] ***********************************************************************************************************************************
task path: /etc/ansible/playbooks/networking/zzasap01.yml:15
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
redirecting (type: terminal) ansible.builtin.asa to cisco.asa.asa
redirecting (type: cliconf) ansible.builtin.asa to cisco.asa.asa
<zzaxxxxxxxxx> attempting to start connection
<zzaxxxxxxx> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<zzasxxxxxxxx> local domain socket does not exist, starting it
<zzasxxxxxx> control socket path is /root/.ansible/pc/4e7f6e3bdf
<zzasxxxxxx> redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
<zzasaxxxxxxxx> Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon
<zzasxxxxxxx> Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasxxxxxxxx> redirecting (type: terminal) ansible.builtin.asa to cisco.asa.asa
<zzaxxxxxx> Loading collection cisco.asa from /root/.ansible/collections/ansible_collections/cisco/asa
<zzasxxxxxxx> redirecting (type: cliconf) ansible.builtin.asa to cisco.asa.asa
<zzasxxxxxxxx> local domain socket listeners started successfully
<zzaxxxxxxx> loaded cliconf plugin ansible_collections.cisco.asa.plugins.cliconf.asa from path /root/.ansible/collections/ansible_collections/cisco/asa/plugins/cliconf/asa.py for network_os asa
<zzasxxxxxxxxm> ssh type is set to libssh
<zzaxxxxxxxx>
<zzasxxxxxx> local domain socket path is /root/.ansible/pc/4e7f6e3bdf
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
<zzaxxxxxx> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<zzasxxxxxxxx> ANSIBLE_NETWORK_IMPORT_MODULES: found cisco.asa.asa_config at /root/.ansible/collections/ansible_collections/cisco/asa/plugins/modules/asa_config.py
<zzaxxxxxxx> ANSIBLE_NETWORK_IMPORT_MODULES: running cisco.asa.asa_config
<zzaxxxxxx> ANSIBLE_NETWORK_IMPORT_MODULES: complete
<zzasaxxxxxxx> ANSIBLE_NETWORK_IMPORT_MODULES: Result: {'failed': True, '_ansible_parsed': False, 'module_stdout': '', 'module_stderr': 'unable to disable terminal pager', 'msg': 'MODULE FAILURE\nSee stdout/stderr for the exact error'}
fatal: [zzaxxxxx]: FAILED! => {
"changed": false,
"module_stderr": "unable to disable terminal pager",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"
}
####
**my yaml file which is using vault**
---
- name: Backup ASA Configuration
hosts: zzasxxxx
gather_facts: false
vars:
# Encrypted variables
ansible_user: "{{ vault_asa_user }}"
ansible_password: "{{ vault_asa_pass }}"
vars_files:
- '/etc/ansible/group_vars/asa/vault.yml'
tasks:
- name: Backup ASA Configuration
cisco.asa.asa_config:
backup: true
backup_options:
filename: "{{ inventory_hostname }}.cfg"
dir_path: /mnt
register: config_output
- name: Print backup output
debug:
var: config_output
...
PLAY [Backup ASA Configuration] ***********************************************************************************************************************************
Found a vault_id (default) in the vaulttext
We have a secret associated with vault id (default), will try to use to decrypt /etc/ansible/group_vars/asa/vault.yml
Trying to use vault secret=(FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml')) id=default to decrypt /etc/ansible/group_vars/asa/vault.yml
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Decrypt of "b'/etc/ansible/group_vars/asa/vault.yml'" successful with secret=FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') and vault_id=default
Read vars_file '/etc/ansible/group_vars/asa/vault.yml'
META: ran handlers
Found a vault_id (default) in the vaulttext
We have a secret associated with vault id (default), will try to use to decrypt /etc/ansible/group_vars/asa/vault.yml
Trying to use vault secret=(FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml')) id=default to decrypt /etc/ansible/group_vars/asa/vault.yml
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Decrypt of "b'/etc/ansible/group_vars/asa/vault.yml'" successful with secret=FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') and vault_id=default
Read vars_file '/etc/ansible/group_vars/asa/vault.yml'
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon
TASK [Backup ASA Configuration] ***********************************************************************************************************************************
task path: /etc/ansible/playbooks/networking/zzasap01.yml:15
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
redirecting (type: terminal) ansible.builtin.asa to cisco.asa.asa
redirecting (type: cliconf) ansible.builtin.asa to cisco.asa.asa
<zzaxxxxxxxxx> attempting to start connection
<zzaxxxxxxx> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<zzasxxxxxxxx> local domain socket does not exist, starting it
<zzasxxxxxx> control socket path is /root/.ansible/pc/4e7f6e3bdf
<zzasxxxxxx> redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
<zzasaxxxxxxxx> Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon
<zzasxxxxxxx> Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasxxxxxxxx> redirecting (type: terminal) ansible.builtin.asa to cisco.asa.asa
<zzaxxxxxx> Loading collection cisco.asa from /root/.ansible/collections/ansible_collections/cisco/asa
<zzasxxxxxxx> redirecting (type: cliconf) ansible.builtin.asa to cisco.asa.asa
<zzasxxxxxxxx> local domain socket listeners started successfully
<zzaxxxxxxx> loaded cliconf plugin ansible_collections.cisco.asa.plugins.cliconf.asa from path /root/.ansible/collections/ansible_collections/cisco/asa/plugins/cliconf/asa.py for network_os asa
<zzasxxxxxxxxm> ssh type is set to libssh
<zzaxxxxxxxx>
<zzasxxxxxx> local domain socket path is /root/.ansible/pc/4e7f6e3bdf
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_config to cisco.asa.asa
<zzaxxxxxx> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<zzasxxxxxxxx> ANSIBLE_NETWORK_IMPORT_MODULES: found cisco.asa.asa_config at /root/.ansible/collections/ansible_collections/cisco/asa/plugins/modules/asa_config.py
<zzaxxxxxxx> ANSIBLE_NETWORK_IMPORT_MODULES: running cisco.asa.asa_config
<zzaxxxxxx> ANSIBLE_NETWORK_IMPORT_MODULES: complete
<zzasaxxxxxxx> ANSIBLE_NETWORK_IMPORT_MODULES: Result: {'failed': True, '_ansible_parsed': False, 'module_stdout': '', 'module_stderr': 'unable to disable terminal pager', 'msg': 'MODULE FAILURE\nSee stdout/stderr for the exact error'}
fatal: [zzaxxxxx]: FAILED! => {
"changed": false,
"module_stderr": "unable to disable terminal pager",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"
}
####
**my yaml file which is using vault**
---
- name: Backup ASA Configuration
hosts: zzasxxxx
gather_facts: false
vars:
# Encrypted variables
ansible_user: "{{ vault_asa_user }}"
ansible_password: "{{ vault_asa_pass }}"
vars_files:
- '/etc/ansible/group_vars/asa/vault.yml'
tasks:
- name: Backup ASA Configuration
cisco.asa.asa_config:
backup: true
backup_options:
filename: "{{ inventory_hostname }}.cfg"
dir_path: /mnt
register: config_output
- name: Print backup output
debug:
var: config_output
...
when I added terminal_plugins=/root/.ansible/collections/ansible_collections/cisco/asa/plugins to my ansible.cfg i got a whole new set of python errors notably "AttributeError: module 'ansible.plugins.terminal.asa' has no attribute 'TerminalModule'"
note my CLI does work # ansible zzasxxxx -m ping -u username --ask-pass -vvvvvvvv
note my CLI does work # ansible zzasxxxx -m ping -u username --ask-pass -vvvvvvvv
ansible-playbook [core 2.13.3]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections:/root/.ansible/collections/ansible_collections
executable location = /usr/bin/ansible-playbook
python version = 3.9.13 (main, Nov 16 2022, 15:11:16) [GCC 8.5.0 20210514 (Red Hat 8.5.0-15.0.1)]
jinja version = 3.1.2
libyaml = True
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections:/root/.ansible/collections/ansible_collections
executable location = /usr/bin/ansible-playbook
python version = 3.9.13 (main, Nov 16 2022, 15:11:16) [GCC 8.5.0 20210514 (Red Hat 8.5.0-15.0.1)]
jinja version = 3.1.2
libyaml = True
thank you!
dbs34
May 2, 2023, 5:03:44 PM5/2/23
to Ansible Project
I ran some more tests and it does not matter what command I send or directive aka backup: yes I see the same error on all 3 unique devices. An cisco-asa a dellos9 cmc device and a cisco nxos switch.
module_stderr": "unable to set terminal parameters",
dbs34
May 3, 2023, 9:22:22 AM5/3/23
to Ansible Project
I was able to get past this error by setting ansible_network_terminal_errors=ignore in my hosts file
By default its set to fatal.
[ASA:vars]
ansible_network_terminal_errors=ignore
Reply all
Reply to author
Forward
0 new messages