I'm very new to Ansible. I have a small lab running and I'm trying to evaluate the use of Ansible for making network changes. I have a workstations running CentOS Linux release 7.3.1611 and Ansible 2.3.0 as a fresh install. I'm using a cisco 819 router running
Cisco IOS Software, C800 Software (C800-UNIVERSALK9-M), Version 15.3(3)M.3. I can SSH from the workstation to the router from the work station and via putty on a windows 10 machine but when I try a connection test I get the following:
[pat@new-host-8 ~]$ansible all -m ping
192.168.1.142 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Connection closed\r\n",
"unreachable": true
}I've run multiple debugs. Can anyone make a suggestion on what the issue might be? I've done some research and have run a number of raw commands as well as a small playbook it appears to not be an SSH error but an issue within an Ansible module with sleep 0 command..
Regards
Pat
Testing SSH terminal session from Ansible host system to the router
[pat@new-host-8 ~]$ ssh 192.168.1.142 -l pat
819#
####################
Info from Ansible ping test to router
Ansible Debug info for session - I see some errors around a mask and trying to make a directory Am i lacking permission to
[pat@new-host-8 ~]$ ansible 192.168.1.142 -m ping -u pat -vvv
Using /etc/ansible/ansible.cfg as config file
META: ran handlers
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/ping.py
<192.168.1.142> ESTABLISH SSH CONNECTION FOR USER: pat
<192.168.1.142> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o ControlPath=/home/pat/.ansible/cp/aebc33cbf9 192.168.1.142 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.1.142> (0, '\r\nLine has invalid autocommand "/bin/sh -c \'echo ~ && sleep 0\'"', '')
<192.168.1.142> ESTABLISH SSH CONNECTION FOR USER: pat
<192.168.1.142> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o ControlPath=/home/pat/.ansible/cp/aebc33cbf9 192.168.1.142 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo Line has invalid autocommand "/bin/sh -c '"'"'"'"'"'"'"'"'echo ~ && sleep 0'"'"'"'"'"'"'"'"'"/.ansible/tmp/ansible-tmp-1497270543.59-269982208566076 `" && echo ansible-tmp-1497270543.59-269982208566076="` echo Line has invalid autocommand "/bin/sh -c '"'"'"'"'"'"'"'"'echo ~ && sleep 0'"'"'"'"'"'"'"'"'"/.ansible/tmp/ansible-tmp-1497270543.59-269982208566076 `" ) && sleep 0'"'"''
<192.168.1.142> (0, '\r\nLine has invalid autocommand "/bin/sh -c \'( umask 77 && mkdir -p "` echo Line has invalid autocommand "/bin/sh -c \'"\'"\'echo ~ && sleep 0\'"\'"\'"/.ansible/tmp/ansible-tmp-1497270543.59-269982208566076 `" && echo ansible-tmp-1497270543.59-269982208566076="` echo Line has invalid autocomma"', '')
<192.168.1.142> PUT /tmp/tmp5htyf9 TO "` echo Line has invalid autocomma"/ping.py
<192.168.1.142> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o ControlPath=/home/pat/.ansible/cp/aebc33cbf9 '[192.168.1.142]'
<192.168.1.142> (255, '', 'Connection closed\r\n')
192.168.1.142 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Connection closed\r\n",
"unreachable": true
}
[pat@new-host-8 ~]$ ################
Router Debug info from Ansible ping test
819#
*Jun 12 12:10:12.685: SSH1: starting SSH control process
*Jun 12 12:10:12.685: SSH1: sent protocol version id SSH-1.99-Cisco-1.25
*Jun 12 12:10:12.685: SSH1: protocol version id is - SSH-2.0-OpenSSH_6.6.1
*Jun 12 12:10:12.685: SSH2 1: SSH2_MSG_KEXINIT sent
*Jun 12 12:10:12.685: SSH2 1: SSH2_MSG_KEXINIT received
*Jun 12 12:10:12.685: SSH2 1: kex: client->server enc:aes128-cbc mac:hmac-sha1
*Jun 12 12:10:12.685: SSH2 1: kex: server->client enc:aes128-cbc mac:hmac-sha1
*Jun 12 12:10:12.685: SSH2 1: Using kex_algo = diffie-hellman-group14-sha1
*Jun 12 12:10:12.809: SSH2 1: expecting SSH2_MSG_KEXDH_INIT
*Jun 12 12:10:12.813: SSH2 1: SSH2_MSG_KEXDH_INIT received
*Jun 12 12:10:12.997: SSH2: kex_derive_keys complete
*Jun 12 12:10:12.997: SSH2 1: SSH2_MSG_NEWKEYS sent
*Jun 12 12:10:12.997: SSH2 1: waiting for SSH2_MSG_NEWKEYS
*Jun 12 12:10:12.997: SSH2 1: SSH2_MSG_NEWKEYS received
*Jun 12 12:10:13.197: SSH2 1: Using method = none
*Jun 12 12:10:13.197: SSH2 1: Authentications that can continue = publickey,keyboard-interactive,password
*Jun 12 12:10:13.201: SSH2 1: Using method = publickey
*Jun 12 12:10:13.201: SSH2 1: Verifying pubkey blob is acceptable for 'pat' in SSH2_MSG_USERAUTH_REQUEST
*Jun 12 12:10:13.201: SSH2 1: Authenticating 'pat' with method: publickey
*Jun 12 12:10:13.205: SSH2 1: Client Signature verification PASSED
*Jun 12 12:10:13.205: SSH2 1: authentication successful for pat
*Jun 12 12:10:13.209: SSH2 1: channel open request
*Jun 12 12:10:13.213: SSH2 1: env request
*Jun 12 12:10:13.213: SSH2 1: env request
*Jun 12 12:10:13.213: SSH2 1: exec request
*Jun 12 12:10:13.213: SSH2 1: exec message received
*Jun 12 12:10:13.213: SSH2 1: starting shell for vty
*Jun 12 12:10:13.317: SSH1: Session terminated normally
*Jun 12 12:10:13.333: SSH1: starting SSH control process
*Jun 12 12:10:13.333: SSH1: sent protocol version id SSH-1.99-Cisco-1.25
*Jun 12 12:10:13.333: SSH1: protocol version id is - SSH-2.0-OpenSSH_6.6.1
*Jun 12 12:10:13.333: SSH2 1: SSH2_MSG_KEXINIT sent
*Jun 12 12:10:13.333: SSH2 1: SSH2_MSG_KEXINIT received
*Jun 12 12:10:13.333: SSH2 1: kex: client->server enc:aes128-cbc mac:hmac-sha1
*Jun 12 12:10:13.333: SSH2 1: kex: server->client enc:aes128-cbc mac:hmac-sha1
*Jun 12 12:10:13.337: SSH2 1: Using kex_algo = diffie-hellman-group14-sha1
*Jun 12 12:10:13.457: SSH2 1: expecting SSH2_MSG_KEXDH_INIT
*Jun 12 12:10:13.461: SSH2 1: SSH2_MSG_KEXDH_INIT received
*Jun 12 12:10:13.645: SSH2: kex_derive_keys complete
*Jun 12 12:10:13.645: SSH2 1: SSH2_MSG_NEWKEYS sent
*Jun 12 12:10:13.645: SSH2 1: waiting for SSH2_MSG_NEWKEYS
*Jun 12 12:10:13.649: SSH2 1: SSH2_MSG_NEWKEYS received
*Jun 12 12:10:13.849: SSH2 1: Using method = none
*Jun 12 12:10:13.849: SSH2 1: Authentications that can continue = publickey,keyboard-interactive,password
*Jun 12 12:10:13.853: SSH2 1: Using method = publickey
*Jun 12 12:10:13.853: SSH2 1: Verifying pubkey blob is acceptable for 'pat' in SSH2_MSG_USERAUTH_REQUEST
*Jun 12 12:10:13.853: SSH2 1: Authenticating 'pat' with method: publickey
*Jun 12 12:10:13.857: SSH2 1: Client Signature verification PASSED
*Jun 12 12:10:13.857: SSH2 1: authentication successful for pat
*Jun 12 12:10:13.861: SSH2 1: channel open request
*Jun 12 12:10:13.865: SSH2 1: env request
*Jun 12 12:10:13.865: SSH2 1: env request
*Jun 12 12:10:13.865: SSH2 1: exec request
*Jun 12 12:10:13.865: SSH2 1: exec message received
*Jun 12 12:10:13.865: SSH2 1: starting shell for vty
*Jun 12 12:10:13.973: SSH1: Session terminated normally
*Jun 12 12:10:13.993: SSH1: starting SSH control process
*Jun 12 12:10:13.993: SSH1: sent protocol version id SSH-1.99-Cisco-1.25
*Jun 12 12:10:13.993: SSH1: protocol version id is - SSH-2.0-OpenSSH_6.6.1
*Jun 12 12:10:13.993: SSH2 1: SSH2_MSG_KEXINIT sent
*Jun 12 12:10:13.993: SSH2 1: SSH2_MSG_KEXINIT received
*Jun 12 12:10:13.993: SSH2 1: kex: client->server enc:aes128-cbc mac:hmac-sha1
*Jun 12 12:10:13.993: SSH2 1: kex: server->client enc:aes128-cbc mac:hmac-sha1
*Jun 12 12:10:13.993: SSH2 1: Using kex_algo = diffie-hellman-group14-sha1
*Jun 12 12:10:14.117: SSH2 1: expecting SSH2_MSG_KEXDH_INIT
*Jun 12 12:10:14.117: SSH2 1: SSH2_MSG_KEXDH_INIT received
*Jun 12 12:10:14.301: SSH2: kex_derive_keys complete
*Jun 12 12:10:14.305: SSH2 1: SSH2_MSG_NEWKEYS sent
*Jun 12 12:10:14.305: SSH2 1: waiting for SSH2_MSG_NEWKEYS
*Jun 12 12:10:14.305: SSH2 1: SSH2_MSG_NEWKEYS received
*Jun 12 12:10:14.505: SSH2 1: Using method = none
*Jun 12 12:10:14.505: SSH2 1: Authentications that can continue = publickey,keyboard-interactive,password
*Jun 12 12:10:14.509: SSH2 1: Using method = publickey
*Jun 12 12:10:14.509: SSH2 1: Verifying pubkey blob is acceptable for 'pat' in SSH2_MSG_USERAUTH_REQUEST
*Jun 12 12:10:14.509: SSH2 1: Authenticating 'pat' with method: publickey
*Jun 12 12:10:14.513: SSH2 1: Client Signature verification PASSED
*Jun 12 12:10:14.513: SSH2 1: authentication successful for pat
*Jun 12 12:10:14.517: SSH2 1: channel open request
*Jun 12 12:10:14.521: SSH2 1: env request
*Jun 12 12:10:14.521: SSH2 1: env request
*Jun 12 12:10:14.521: SSH2 1: subsystem request
*Jun 12 12:10:14.521: SSH2 1: subsystem message received
*Jun 12 12:10:14.521: SSH2 1: searching for subsystem sftp for vty
*Jun 12 12:10:14.621: SSH1: Session terminated normally
######################################################################
This is a small playbook used for testing
---
- hosts: lab
remote_user: pat
tasks:
- name: run show version on remote devices
ios_command:
commands: show version
...
#####################################################################
and the output produced
[pat@new-host-12 playbooks]$ ansible-playbook book3.yml -vvv
PLAY [lab] *********************************************************************
TASK [Gathering Facts] *********************************************************
fatal: [192.168.1.142]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Connection closed\r\n", "unreachable": true}
to retry, use: --limit @/home/pat/playbooks/book3.retry
PLAY RECAP *********************************************************************
192.168.1.142 : ok=0 changed=0 unreachable=1 failed=0
[pat@new-host-12 playbooks]$ ansible-playbook book3.yml -vvv
Using /etc/ansible/ansible.cfg as config file
PLAYBOOK: book3.yml ************************************************************
1 plays in book3.yml
PLAY [lab] *********************************************************************
TASK [Gathering Facts] *********************************************************
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/setup.py
<192.168.1.142> ESTABLISH SSH CONNECTION FOR USER: pat
<192.168.1.142> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o ControlPath=/home/pat/.ansible/cp/aebc33cbf9 192.168.1.142 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.1.142> (0, '\r\nLine has invalid autocommand "/bin/sh -c \'echo ~ && sleep 0\'"', '')
<192.168.1.142> ESTABLISH SSH CONNECTION FOR USER: pat
<192.168.1.142> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o ControlPath=/home/pat/.ansible/cp/aebc33cbf9 192.168.1.142 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo Line has invalid autocommand "/bin/sh -c '"'"'"'"'"'"'"'"'echo ~ && sleep 0'"'"'"'"'"'"'"'"'"/.ansible/tmp/ansible-tmp-1497889235.89-214582953785460 `" && echo ansible-tmp-1497889235.89-214582953785460="` echo Line has invalid autocommand "/bin/sh -c '"'"'"'"'"'"'"'"'echo ~ && sleep 0'"'"'"'"'"'"'"'"'"/.ansible/tmp/ansible-tmp-1497889235.89-214582953785460 `" ) && sleep 0'"'"''
<192.168.1.142> (0, '\r\nLine has invalid autocommand "/bin/sh -c \'( umask 77 && mkdir -p "` echo Line has invalid autocommand "/bin/sh -c \'"\'"\'echo ~ && sleep 0\'"\'"\'"/.ansible/tmp/ansible-tmp-1497889235.89-214582953785460 `" && echo ansible-tmp-1497889235.89-214582953785460="` echo Line has invalid autocomma"', '')
<192.168.1.142> PUT /tmp/tmpssSP_X TO "` echo Line has invalid autocomma"/setup.py
<192.168.1.142> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o ControlPath=/home/pat/.ansible/cp/aebc33cbf9 '[192.168.1.142]'
<192.168.1.142> (255, '', 'Connection closed\r\n')
fatal: [192.168.1.142]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Connection closed\r\n",
"unreachable": true}
to retry, use: --limit @/home/pat/playbooks/book3.retry
PLAY RECAP *********************************************************************
192.168.1.142 : ok=0 changed=0
unreachable=1 failed=0
[pat@new-host-12 playbooks]$
#######################################
this is output from a small successful run of a raw command.
[pat@new-host-12 playbooks]$ ansible 192.168.1.142 -m raw -a "sho ip route"
192.168.1.142 | SUCCESS | rc=0 >>
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0
L 192.168.1.142/32 is directly connected, GigabitEthernet0
192.168.2.0/32 is subnetted, 1 subnets
C 192.168.2.1 is directly connected, Loopback0Shared connection to 192.168.1.142 closed.
[pat@new-host-12 playbooks]$