reload command not working properly for asa_command module

117 views
Skip to first unread message

Vikram S

unread,
Oct 16, 2021, 3:27:45 AM10/16/21
to Ansible Project

I wrote below script to reload ASA firewall. The script reloads ASA firewall but the fact that reload has happened does not get passed back to ansible. So the script waits forever until command_timeout occurs. I tried some alternate solutions and none of them worked:

  1. Changed connction type from network_cli to local but didn't help.

  2. Removed ASA_command module and used cli_command module with prompt options but didn't work.

  3. Changed commnand from "reload noconfirm" to "reload noconfirm in 01" but didn't help.

  4. Gave the 'reload noconfirm' using asa_config module but didn't help.

  5. Ran script with -vvvv option but didn't provide any useful insight. Pasting output of the task when run with -vvvv below.

Please note prompt option doesn't seem to exists for asa_command module (like it exists for ios_command module). So i had to use 'reload noconfirm' command.



- name: RELOAD

      asa_command:

        commands: "reload noconfirm"

      vars:

        ansible_command_timeout: 180

        connection: local


- name: WAIT FOR FIREWALL TO REBOOT

        wait_for:

          host: "{{ ansible_host }}"

          port: 22

          delay: 180

          timeout: 4800

        delegate_to: localhost

--------------------------------------------------------

- name: run command expecting user confirmation
  cli_command:
    command: reload
    prompt: [confirm]
    answer: y
  vars:
    ansible_command_timeout: 300

--------------------------------------------------------------------
OUTPUT WHEN -VVVV IS ENABLED:

TASK [RELOAD] *****************************************************************************************************************************************************************************************************
task path: /root/AsaUpgradeSTANDALONE.yaml:121
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
redirecting (type: terminal) ansible.builtin.asa to cisco.asa.asa
redirecting (type: cliconf) ansible.builtin.asa to cisco.asa.asa
<10.82.86.253> attempting to start connection
<10.82.86.253> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<10.82.86.253> found existing local domain socket, using it!
<10.82.86.253> Response received, triggered 'persistent_buffer_read_timeout' timer of 0.1 seconds
<10.82.86.253> Response received, triggered 'persistent_buffer_read_timeout' timer of 0.1 seconds
<10.82.86.253> updating play_context for connection
<10.82.86.253>
<10.82.86.253> local domain socket path is /root/.ansible/pc/217564bb08
redirecting (type: action) ansible.builtin.asa to cisco.asa.asa
redirecting (type: action) ansible.builtin.asa to cisco.asa.asa
<10.82.86.253> ANSIBLE_NETWORK_IMPORT_MODULES: disabled
<10.82.86.253> ANSIBLE_NETWORK_IMPORT_MODULES: module execution time may be extended
<10.82.86.253> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.82.86.253> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-99435r1nq464 `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-99435r1nq464/ansible-tmp-1634360158.3046613-10213-138442598470061 `" && echo ansible-tmp-1634360158.3046613-10213-138442598470061="` echo /root/.ansible/tmp/ansible-local-99435r1nq464/ansible-tmp-1634360158.3046613-10213-138442598470061 `" ) && sleep 0'
redirecting (type: modules) ansible.builtin.asa_command to cisco.asa.asa_command
Using module file /root/.ansible/collections/ansible_collections/cisco/asa/plugins/modules/asa_command.py
<10.82.86.253> PUT /root/.ansible/tmp/ansible-local-99435r1nq464/tmppz_j513g TO /root/.ansible/tmp/ansible-local-99435r1nq464/ansible-tmp-1634360158.3046613-10213-138442598470061/AnsiballZ_asa_command.py
<10.82.86.253> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-99435r1nq464/ansible-tmp-1634360158.3046613-10213-138442598470061/ /root/.ansible/tmp/ansible-local-99435r1nq464/ansible-tmp-1634360158.3046613-10213-138442598470061/AnsiballZ_asa_command.py && sleep 0'
<10.82.86.253> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-local-99435r1nq464/ansible-tmp-1634360158.3046613-10213-138442598470061/AnsiballZ_asa_command.py && sleep 0'



<10.82.86.253> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-99435r1nq464/ansible-tmp-1634360158.3046613-10213-138442598470061/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_asa_command_payload_c2ij8p4i/ansible_asa_command_payload.zip/ansible_collections/cisco/asa/plugins/module_utils/network/asa/asa.py", line 147, in run_commands
    return connection.run_commands(commands=commands, check_rc=check_rc)
  File "/tmp/ansible_asa_command_payload_c2ij8p4i/ansible_asa_command_payload.zip/ansible/module_utils/connection.py", line 195, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [FW50]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "authorize": null,
            "commands": [
                "reload noconfirm"
            ],
            "context": null,
            "interval": 1,
            "match": "all",
            "passwords": null,
            "provider": null,
            "retries": 10,
            "wait_for": null
        }
    },
    "msg": "command timeout triggered, timeout value is 900 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide."
}

Regards,
Vikram
Reply all
Reply to author
Forward
0 new messages