network_cli+ssh + jumphost: ansible_ssh_common_args is ignored

438 views
Skip to first unread message

Gaétan QUENTIN@Work

unread,
Mar 23, 2022, 5:04:31 PM3/23/22
to Ansible Project


Hi,

 i am trying to use network_cli with ssh transport and with a jumphost and it does not work: ansible_ssh_common_args is ignored. i have tried with paramiko and libssh .

 my goal is to use the bigip_command module. i have tried the standard one in ansible 2.9/2.10 and also in external collection. here i report about the standard one in 2.9/2.10.


Here is the table of my tests:
Python Ansible ssh lib ansible_connection ansible_network_os JH result
2.7.5 2.9.25 Paramiko 2.1.1 network_cli bigip no ConnectionError: Error reading SSH protocol banner
2.7.5 2.9.24 Paramiko 2.10.3 network_cli bigip no OK !
2.7.5 2.9.24 Paramiko 2.10.3 network_cli bigip yes proxycommand ignored … KO !
2.7.5 2.9.24 Ansible-pylibssh 0.3.0 network_cli bigip no OK !
2.7.5 2.9.24 Ansible-pylibssh 0.3.0 network_cli bigip yes proxycommand ignored … KO !
2.7.5 2.10 Paramiko 2.10.3 network_cli bigip no "missing required arguments: password, user found in provider"
2.7.5 2.10 Ansible-pylibssh 0.3.0 network_cli bigip no ConnectionError: command timeout triggered, timeout value is 30 secs
3.6.8 2.9.24 Paramiko 2.10.3 network_cli bigip no OK !
3.6.8 2.9.24 Ansible-pylibssh 0.3.0 network_cli bigip no OK !
3.6.8 2.10 Paramiko 2.10.3 network_cli bigip no "missing required arguments: password, user found in provider"
3.6.8 2.10 Ansible-pylibssh 0.3.0 network_cli bigip no ansible.module_utils.connection.ConnectionError: command timeout triggered, timeout value is 30 secs.
3.8 2.10 Paramiko 2.10.3 network_cli bigip no "missing required arguments: password, user found in provider"
3.8 2.10 Ansible-pylibssh 0.3.0 network_cli bigip no connected and wait …. 

how to tell paramiko or libssh to use the ansible_ssh_common_args variable?

i can't use the ssh/config file to declare a proxy so all must be set in ansible....


part of my code:
- name: Exec network_cli command without collection
bigip_command:
commands:
- show sys hardware
provider:
server: "{{ ansible_host }}"
server_port: "{{ ansible_port }}"
transport: cli

part of my inventory:
ansible_port: 22
ansible_connection: network_cli
ansible_network_os: bigip
#ansible_network_cli_ssh_type: paramiko
ansible_network_cli_ssh_type: libssh
ansible_ssh_common_args: -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -o ProxyCommand="ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null xxxx@zzzzz "


Regards,
-- 
-----------------
Gaétan

Only doctor Who can reboot the universe.

Sagar Paul

unread,
Mar 28, 2022, 5:16:01 AM3/28/22
to Ansible Project
Hey there, 

There are some issues regarding the proxy commands that are inherited from open issues in Paramiko itself, where it fails to pick up the arguments correctly that end in failure.
You may re-order the arguments withing the ansible_ssh_common_args as such - ansible_ssh_common_args: '-o ProxyCommand="ssh -i ~/.ssh/**KEYFILEOFBASTIONHOST**.pem -W %h:%p -q -p 2022 -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null xxxx@zzzzz

Hope it helps.
Regards

Sagar Paul
E- sag...@redhat.com
GH - KB-perByte

Gaétan QUENTIN@Work

unread,
Mar 29, 2022, 7:47:00 AM3/29/22
to ansible...@googlegroups.com

Hi,


 thanks for your answer.

i have set the variable this way:

ansible_ssh_common_args: '-o ProxyCommand="ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null login@JUMP_HOST " -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null'


and there is no trace in ansible logs that ansible is trying to use this variable, no proxy connect attempts.

shouldn't there be information in debug log ?


Regards,

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f5cb1ae8-9819-4966-b464-1dc176038bfdn%40googlegroups.com.

Gaétan QUENTIN@Work

unread,
Mar 29, 2022, 2:05:28 PM3/29/22
to ansible...@googlegroups.com

sorry i have said something wrong. i don't see anything in ouput but in log i can see that:


2022-03-29 17:59:36,971 p=1451 u=mylogin n=ansible | <labkvmbigip_16_0_0_1.public.nas-x35g.lab> ESTABLISH PARAMIKO SSH CONNECTION FOR USER: root on PORT 22 TO labkvmbigip_16_0_0_1.public.nas-x35g.lab
2022-03-29 17:59:36,974 p=1451 u=mylogin n=ansible | <labkvmbigip_16_0_0_1.public.nas-x35g.lab> CONFIGURE PROXY COMMAND FOR CONNECTION: ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null myl...@172.16.99.23
2022-03-29 17:59:39,370 p=1451 u=mylogin n=p=1451 u=mylogin | paramiko [labkvmbigip_16_0_0_1.public.nas-x35g.lab] | Exception (client): Error reading SSH protocol banner
2022-03-29 17:59:39,371 p=1451 u=mylogin n=p=1451 u=mylogin | paramiko [labkvmbigip_16_0_0_1.public.nas-x35g.lab] | Traceback (most recent call last):
2022-03-29 17:59:39,371 p=1451 u=mylogin n=p=1451 u=mylogin | paramiko [labkvmbigip_16_0_0_1.public.nas-x35g.lab] | File "/home/mylogin/venv-ansible-2.9-python-2.7/lib/python2.7/site-packages/paramiko/transport.py", line 2093, in run
2022-03-29 17:59:39,371 p=1451 u=mylogin n=p=1451 u=mylogin | paramiko [labkvmbigip_16_0_0_1.public.nas-x35g.lab] | self._check_banner()
2022-03-29 17:59:39,371 p=1451 u=mylogin n=p=1451 u=mylogin | paramiko [labkvmbigip_16_0_0_1.public.nas-x35g.lab] | File "/home/mylogin/venv-ansible-2.9-python-2.7/lib/python2.7/site-packages/paramiko/transport.py", line 2275, in _check_banner
2022-03-29 17:59:39,371 p=1451 u=mylogin n=p=1451 u=mylogin | paramiko [labkvmbigip_16_0_0_1.public.nas-x35g.lab] | "Error reading SSH protocol banner" + str(e)
2022-03-29 17:59:39,371 p=1451 u=mylogin n=p=1451 u=mylogin | paramiko [labkvmbigip_16_0_0_1.public.nas-x35g.lab] | SSHException: Error reading SSH protocol banner
2022-03-29 17:59:39,371 p=1451 u=mylogin n=p=1451 u=mylogin | paramiko [labkvmbigip_16_0_0_1.public.nas-x35g.lab] |
2022-03-29 17:59:39,482 p=1451 u=mylogin n=ansible | shutdown complete

regards,

Gaétan QUENTIN@Work

unread,
Mar 30, 2022, 7:31:27 AM3/30/22
to ansible...@googlegroups.com

in fact, even a direct cli_command call without bigip_command give the same pb:

- name: run show version command
ansible.netcommon.cli_command:
command: show version
tags:
- netcli-collection-command


logs:


2022-03-30 11:29:11,241 p=3199 u=da_ansible n=ansible | Using module_utils file /home/da_ansible/venv-ansible-2.9-python-2.7/lib/python2.7/site-packages/ansible/module_utils/common/json.py
2022-03-30 11:29:11,244 p=3199 u=da_ansible n=ansible | Using module file /home/da_ansible/.ansible/collections/ansible_collections/ansible/netcommon/plugins/modules/cli_command.py
2022-03-30 11:29:11,245 p=3199 u=da_ansible n=ansible | <172.16.99.23> PUT /home/da_ansible/.ansible/tmp/ansible-local-3190zeYu5Z/tmp8EZd8f TO /home/da_ansible/.ansible/tmp/ansible-local-3190zeYu5Z/ansible-tmp-1648639751.15-3199-151113274687612/AnsiballZ_cli_command.py
2022-03-30 11:29:11,245 p=3199 u=da_ansible n=ansible | <172.16.99.23> EXEC /bin/sh -c 'chmod u+x /home/da_ansible/.ansible/tmp/ansible-local-3190zeYu5Z/ansible-tmp-1648639751.15-3199-151113274687612/ /home/da_ansible/.ansible/tmp/ansible-local-3190zeYu5Z/ansible-tmp-1648639751.15-3199-151113274687612/AnsiballZ_cli_command.py && sleep 0'
2022-03-30 11:29:11,250 p=3199 u=da_ansible n=ansible | <172.16.99.23> EXEC /bin/sh -c 'python /home/da_ansible/.ansible/tmp/ansible-local-3190zeYu5Z/ansible-tmp-1648639751.15-3199-151113274687612/AnsiballZ_cli_command.py && sleep 0'
2022-03-30 11:29:11,317 p=3207 u=da_ansible n=ansible | jsonrpc request: {"params": [[], {"sendonly": false, "prompt": null, "check_all": false, "newline": true, "command": "show version", "answer": null}], "jsonrpc": "2.0", "method": "get", "id": "d73d563d-74a9-4a55-aad7-997e7372ec3d"}
2022-03-30 11:29:11,318 p=3207 u=da_ansible n=ansible | jsonrpc response: {"jsonrpc": "2.0", "id": "d73d563d-74a9-4a55-aad7-997e7372ec3d", "error": {"message": "Method not found", "code": -32601}}
2022-03-30 11:29:11,323 p=3199 u=da_ansible n=ansible | <172.16.99.23> EXEC /bin/sh -c 'rm -f -r /home/da_ansible/.ansible/tmp/ansible-local-3190zeYu5Z/ansible-tmp-1648639751.15-3199-151113274687612/ > /dev/null 2>&1 && sleep 0'
2022-03-30 11:29:11,331 p=3190 u=da_ansible n=ansible | The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
  File "/tmp/ansible_ansible.netcommon.cli_command_payload_oPK79G/ansible_ansible.netcommon.cli_command_payload.zip/ansible_collections/ansible/netcommon/plugins/modules/cli_command.py", line 169, in main
  File "/tmp/ansible_ansible.netcommon.cli_command_payload_oPK79G/ansible_ansible.netcommon.cli_command_payload.zip/ansible/module_utils/connection.py", line 185, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)

2022-03-30 11:29:11,331 p=3190 u=da_ansible n=ansible | fatal: [labkvmbigip-direct]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "answer": null,
            "check_all": false,
            "command": "show version",
            "newline": true,
            "prompt": null,
            "sendonly": false
        }
    },
    "msg": "Method not found"
}

Reply all
Reply to author
Forward
0 new messages