Ansible ios_command module - Failure execution basic commands on a Cisco IOS device
1,073 views
Skip to first unread message
Reza Toghraee
May 22, 2017, 6:11:29 PM5/22/17
to Ansible Project, Reza Toghraee (Visionaire)
Hello
Ansible version: 2.3.0.0
Python version = 2.7.13 (default, May 11 2017, 16:44:39) [GCC 4.4.7 20120313 (Red Hat 4.4.7-18)]
Host : CentOS release 6.9 (Final)
Paramiko version : 2.1.2
I'm trying to use ansible and ansible ios_command to execute a basic 'show version' command on a cisco catalyst 6500 switch.
in my environment, the host running Ansible has private keys, and can connect to Cisco devices without password just by public key authentication. I can ssh to the Router_65 from host with no password.
basically when I run the adhoc ansible command : ansible router_65 -m raw -a 'show ver' -vvv
this works well and I can see the output. I realized that the above adhoc ansible command uses the default openssh client in OS.
But I would like to get better output in order to parse it. I looked at ntc-ansible and ios_command modules.
I couldn't get any of these 2 working as they both are based on paramiko (Python SSH agent). Paramiko seems to be the problem for me to get this working.
to start I created a simple playbook:
root@host/ansible cat show_ver.yml
---
- hosts: ios_devices
gather_facts: no
connection: local
tasks:
- name: IOS | Show ver
ios_command:
commands:
- show version
register: clock
- debug: msg="{{ clock.stdout }}"
I use the below command to run the playbook to get more details :
ansible-playbook --ssh-extra-args='-o ProxyCommand="ssh myuser@router_65 "' /root/ansible/show_ver.yml -e "ansible_python_interpreter=/usr/local/bin/python2.7" -vvvvv
after running this command it doesnt work and I get such details in ansible log file whcih I have specified in /etc/ansible/ansible.cfg
p=27867 u=root | META: ran handlers
p=27867 u=root | TASK [IOS | Show ver] ******************************************************************************************************************************************************************************
p=27867 u=root | task path: /root/ansible/show_ver.yml:28
p=27876 u=root | creating new control socket for host Router_65:22 as user None
p=27876 u=root | control socket path is /root/.ansible/pc/30936bbb76
p=27876 u=root | current working directory is /root/ansible
p=27876 u=root | using connection plugin network_cli
paramiko.transport starting thread (client mode): 0x78c7f250L
paramiko.transport Local version/idstring: SSH-2.0-paramiko_2.1.2
paramiko.transport Banner: Router_65#SSH-2.0-paramiko_2.1.2
paramiko.transport Banner: Translating "SSH-2.0-paramiko_2.1.2"
paramiko.transport Banner: % Unknown command or computer name, or unable to find computer address
paramiko.transport Banner: Router_65#
paramiko.transport Exception: Error reading SSH protocol banner
paramiko.transport Traceback (most recent call last):
paramiko.transport File "/usr/local/lib/python2.7/site-packages/paramiko/transport.py", line 1749, in run
paramiko.transport self._check_banner()
paramiko.transport File "/usr/local/lib/python2.7/site-packages/paramiko/transport.py", line 1897, in _check_banner
paramiko.transport raise SSHException('Error reading SSH protocol banner' + str(e))
paramiko.transport SSHException: Error reading SSH protocol banner
paramiko.transport
p=27876 u=root | connecting to host Router_65 returned an error
p=27876 u=root | Error reading SSH protocol banner
p=27876 u=root | number of connection attempts exceeded, unable to connect to control socket
p=27876 u=root | persistent_connect_interval=1, persistent_connect_retries=30
p=27867 u=root | fatal: [Router_65]: FAILED! => {
"changed": false,
"failed": true,
"msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell",
"rc": 255
}
2017-05-22 15:00:47,816 p=27867 u=root | to retry, use: --limit @/root/ansible/show_ver.retry
The error which I'm getting is from paramiko. I tried to play in transport.py and pakcte.py of paramiko, but still I dotn understand the logoc of cheking the SSH Banner.
the cisco device had a banner motd , however I have disabled that to make it easier to debug.
any thoughts appriciated.
Thanks
Reza Toghraee
Ansible version: 2.3.0.0
Python version = 2.7.13 (default, May 11 2017, 16:44:39) [GCC 4.4.7 20120313 (Red Hat 4.4.7-18)]
Host : CentOS release 6.9 (Final)
Paramiko version : 2.1.2
I'm trying to use ansible and ansible ios_command to execute a basic 'show version' command on a cisco catalyst 6500 switch.
in my environment, the host running Ansible has private keys, and can connect to Cisco devices without password just by public key authentication. I can ssh to the Router_65 from host with no password.
basically when I run the adhoc ansible command : ansible router_65 -m raw -a 'show ver' -vvv
this works well and I can see the output. I realized that the above adhoc ansible command uses the default openssh client in OS.
But I would like to get better output in order to parse it. I looked at ntc-ansible and ios_command modules.
I couldn't get any of these 2 working as they both are based on paramiko (Python SSH agent). Paramiko seems to be the problem for me to get this working.
to start I created a simple playbook:
root@host/ansible cat show_ver.yml
---
- hosts: ios_devices
gather_facts: no
connection: local
tasks:
- name: IOS | Show ver
ios_command:
commands:
- show version
register: clock
- debug: msg="{{ clock.stdout }}"
I use the below command to run the playbook to get more details :
ansible-playbook --ssh-extra-args='-o ProxyCommand="ssh myuser@router_65 "' /root/ansible/show_ver.yml -e "ansible_python_interpreter=/usr/local/bin/python2.7" -vvvvv
after running this command it doesnt work and I get such details in ansible log file whcih I have specified in /etc/ansible/ansible.cfg
p=27867 u=root | META: ran handlers
p=27867 u=root | TASK [IOS | Show ver] ******************************************************************************************************************************************************************************
p=27867 u=root | task path: /root/ansible/show_ver.yml:28
p=27876 u=root | creating new control socket for host Router_65:22 as user None
p=27876 u=root | control socket path is /root/.ansible/pc/30936bbb76
p=27876 u=root | current working directory is /root/ansible
p=27876 u=root | using connection plugin network_cli
paramiko.transport starting thread (client mode): 0x78c7f250L
paramiko.transport Local version/idstring: SSH-2.0-paramiko_2.1.2
paramiko.transport Banner: Router_65#SSH-2.0-paramiko_2.1.2
paramiko.transport Banner: Translating "SSH-2.0-paramiko_2.1.2"
paramiko.transport Banner: % Unknown command or computer name, or unable to find computer address
paramiko.transport Banner: Router_65#
paramiko.transport Exception: Error reading SSH protocol banner
paramiko.transport Traceback (most recent call last):
paramiko.transport File "/usr/local/lib/python2.7/site-packages/paramiko/transport.py", line 1749, in run
paramiko.transport self._check_banner()
paramiko.transport File "/usr/local/lib/python2.7/site-packages/paramiko/transport.py", line 1897, in _check_banner
paramiko.transport raise SSHException('Error reading SSH protocol banner' + str(e))
paramiko.transport SSHException: Error reading SSH protocol banner
paramiko.transport
p=27876 u=root | connecting to host Router_65 returned an error
p=27876 u=root | Error reading SSH protocol banner
p=27876 u=root | number of connection attempts exceeded, unable to connect to control socket
p=27876 u=root | persistent_connect_interval=1, persistent_connect_retries=30
p=27867 u=root | fatal: [Router_65]: FAILED! => {
"changed": false,
"failed": true,
"msg": "unable to open shell. Please see: https://docs.ansible.com/ansible/network_debug_troubleshooting.html#unable-to-open-shell",
"rc": 255
}
2017-05-22 15:00:47,816 p=27867 u=root | to retry, use: --limit @/root/ansible/show_ver.retry
The error which I'm getting is from paramiko. I tried to play in transport.py and pakcte.py of paramiko, but still I dotn understand the logoc of cheking the SSH Banner.
the cisco device had a banner motd , however I have disabled that to make it easier to debug.
any thoughts appriciated.
Thanks
Reza Toghraee
lei wang
Jul 27, 2017, 2:59:52 AM7/27/17
to Ansible Project, re...@toghraee.com
here is my way ios_command it work well
在 2017年5月23日星期二 UTC+8上午6:11:29,Reza Toghraee写道:
cat /etc/ansible/hosts
[cisco]
10.101.24.241 ansible_ssh_user=cisco ansible_ssh_pass=cisco123
root@ansible:~# ansible cisco -c local -m ios_command -a "commands='show version'"
10.101.24.241 | SUCCESS => {
"changed": false,
"stdout": [
"Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)\nCopyright (c) 1986-2009 by Cisco Systems, Inc.\nCompiled Mon 09-Mar-09 18:10 by gereddy\nImage text-base: 0x00003000, data-base: 0x01100000\n\nROM: Bootstrap program is C2960 boot loader\nBOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)\n\nc2960 uptime is 14 weeks, 2 days, 22 hours, 4 minutes\nSystem returned to ROM by power-on\nSystem image file is \"flash:c2960-lanbasek9-mz.122-44.SE6/c2960-lanbasek9-mz.122-44.SE6.bin\"\n\n\nThis product contains cryptographic features and is subject to United\nStates and local country laws governing import, export, transfer and\nuse. Delivery of Cisco cryptographic products does not imply\nthird-party authority to import, export, distribute or use encryption.\nImporters, exporters, distributors and users are responsible for\ncompliance with U.S. and local country laws. By using this product you\nagree to comply with applicable laws and regulations. If you are unable\nto comply with U.S. and local laws, return this product immediately.\n\nA summary of U.S. laws governing Cisco cryptographic products may be found at:\nhttp://www.cisco.com/wwl/export/crypto/tool/stqrg.html\n\nIf you require further assistance please contact us by sending email to\nex...@cisco.com.\n\ncisco WS-C2960G-24TC-L (PowerPC405) processor (revision H0) with 61440K/4088K bytes of memory.\nProcessor board ID FOC1431X2HG\nLast reset from power-on\n4 Virtual Ethernet interfaces\n24 Gigabit Ethernet interfaces\nThe password-recovery mechanism is enabled.\n\n64K bytes of flash-simulated non-volatile configuration memory.\nBase ethernet MAC Address : E8:04:62:18:34:80\nMotherboard assembly number : 73-10015-09\nPower supply part number : 341-0098-02\nMotherboard serial number : FOC14316AK4\nPower supply serial number : AZS142805WG\nModel revision number : H0\nMotherboard revision number : A0\nModel number : WS-C2960G-24TC-L\nSystem serial number : FOC1431X2HG\nTop Assembly Part Number : 800-26673-06\nTop Assembly Revision Number : A0\nVersion ID : V06\nCLEI Code Number : COMP300ARA\nHardware Board Revision Number : 0x01\n\n\nSwitch Ports Model SW Version SW Image \n------ ----- ----- ---------- ---------- \n* 1 24 WS-C2960G-24TC-L 12.2(44)SE6 C2960-LANBASEK9-M \n\n\nConfiguration register is 0xF"
在 2017年5月23日星期二 UTC+8上午6:11:29,Reza Toghraee写道:
Reply all
Reply to author
Forward
0 new messages