ios_config error: unable to set terminal parameters

[Steve G]

Hi,

I'm trying to test enable mode privilege escalation on a Cisco router. 

I have created a simple playbook to update the hostname of the router, as shown below - 

---

- name: Update hostname

  hosts: all

  tasks: 

  - ios_config: 

      lines: hostname {{ inventory_hostname }}

I have a group vars file (all.yml) in the group_vars directory -

---

ansible_network_os: ios

ansible_become: yes

ansible_become_method: enable

ansible_become_password: cisco

ansible_connection: network_cli

ansible_user: ansible

ansible_password: ansible

I have created a local user called ansible (password: ansible) on the Cisco router with privilege level 0. I have also set the enable password to cisco.

I also have the following aaa commands set on the router - 

aaa authentication login default local

aaa authentication enable default enable

aaa authorization exec default local 

I would expect Ansible to log in to the router and enter enable mode, enter config mode and update the hostname.

However, I get the following error when running with -vvvv -

ansible-playbook 2.9.4

  config file = /root/.ansible.cfg

  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']

  ansible python module location = /usr/lib/python2.7/dist-packages/ansible

  executable location = /usr/bin/ansible-playbook

  python version = 2.7.17 (default, Nov  7 2019, 10:07:09) [GCC 7.4.0]

Using /root/.ansible.cfg as config file

setting up inventory plugins

host_list declined parsing /root/ansible/chgconfig/hosts as it did not pass its verify_file() method

script declined parsing /root/ansible/chgconfig/hosts as it did not pass its verify_file() method

auto declined parsing /root/ansible/chgconfig/hosts as it did not pass its verify_file() method

Parsed /root/ansible/chgconfig/hosts inventory source with ini plugin

Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc

PLAYBOOK: chgconfig.yml *************************************************************************************************************************************************************************************************************

Positional arguments: chgconfig.yml

become_method: sudo

inventory: (u'/root/ansible/chgconfig/hosts',)

forks: 5

tags: (u'all',)

verbosity: 4

connection: smart

timeout: 10

1 plays in chgconfig.yml

PLAY [Update hostname] **************************************************************************************************************************************************************************************************************

META: ran handlers

TASK [ios_config] *******************************************************************************************************************************************************************************************************************

task path: /root/ansible/chgconfig/chgconfig.yml:6

<150.1.7.7> attempting to start connection

<150.1.7.7> using connection plugin network_cli

<150.1.9.9> attempting to start connection

<150.1.9.9> using connection plugin network_cli

<150.1.7.7> local domain socket does not exist, starting it

<150.1.7.7> control socket path is /root/.ansible/pc/e903e53500

<150.1.7.7> local domain socket listeners started successfully

<150.1.7.7> loaded cliconf plugin ios from path /usr/lib/python2.7/dist-packages/ansible/plugins/cliconf/ios.py for network_os ios

<150.1.7.7> 

<150.1.7.7> local domain socket path is /root/.ansible/pc/e903e53500

<150.1.9.9> local domain socket does not exist, starting it

<150.1.9.9> control socket path is /root/.ansible/pc/3d3c9ac8a1

<150.1.9.9> local domain socket listeners started successfully

<150.1.9.9> loaded cliconf plugin ios from path /usr/lib/python2.7/dist-packages/ansible/plugins/cliconf/ios.py for network_os ios

<150.1.9.9> 

<150.1.9.9> local domain socket path is /root/.ansible/pc/3d3c9ac8a1

fatal: [R9]: FAILED! => {

    "changed": false, 

    "msg": "unable to set terminal parameters"

}

fatal: [R7]: FAILED! => {

    "changed": false, 

    "msg": "unable to set terminal parameters"

}

        to retry, use: --limit @/root/ansible/chgconfig/chgconfig.retry

PLAY RECAP **************************************************************************************************************************************************************************************************************************

R7                         : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

R9                         : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Note that if I modify the privilege level of user ansible on the Cisco router to 15, then the playbook works, but the whole point is to test privilege mode escalation.

Any ideas?

Thanks!