ASA_command module freezes for no apparent reason
Vikram S
Hi,
I have a written a script to do IOS upgrade of active-standby ASA firewall. Script first upgrades standby firewall and does post-upgrade verification and then switches to active firewall to upgrade it (multiple plays in a playbook). Using ansible 2.10 with python 3 in WSL linux.
After standby firewall reloads and comes back, script freezes in the ASA_command module for gathering failover state for no apparent reason. No success or error is shown, it just stends there. This same failover state is gathered without any issues before reload though.
I removed ASA_command module but script again freezes in the next module below ASA_command module.
This happens only for active-stansby firewall. The same module doesn't freeze for standalone firewall after reboot.
i changed connection type from network_cli to local but didn't help.
I am giving below truncated script and console output for 'gather failover state' module when script was run with -vvvv. As the entire script is several pages long.
I am thinking of experimenting with cli_command module instead of asa_command module. Also thinking of splitting post-upgrade tasks into a separate play withion same playbook. However i am trying to get to the root cause of this issue.
TRUNCATED SCRIPT:
---
- name: 1ST PLAY FOR STANDBY FIREWALL UPGRADE TASKS
hosts: STANDBYFIREWALL
serial: 1
gather_facts: false
connection: local
tasks:
- name: GATHER FAILOVER STATE
asa_command:
commands: "show failover state | i This"
register: show_failover
- name: WRITE TO MEMORY
asa_config:
save: yes
vars:
ansible_command_timeout: 300
- name: RELOAD
asa_command:
commands: "reload noconfirm"
async: 60
poll: 0
- name: sleep for 3 minutes
wait_for:
timeout: 180
delegate_to: localhost
- name: WAIT FOR FIREWALL TO REBOOT
wait_for:
host: "{{ ansible_host }}"
port: 22
timeout: 3600
delegate_to: localhost
- name: sleep for 4 minutes for services & protocols to load
wait_for:
timeout: 240
delegate_to: localhost
- name: GATHER FAILOVER STATE
asa_command:
commands: "show failover state | i This"
register: show_failover_new
OUTPUT:
TASK [GATHER FAILOVER STATE] **************************************************************************************************************************************************************************************
redirecting (type: action) ansible.builtin.asa to cisco.asa.asa
redirecting (type: action) ansible.builtin.asa to cisco.asa.asa
<10.58.222.4> using connection plugin network_cli (was local)
redirecting (type: connection) ansible.builtin.persistent to ansible.netcommon.persistent
<10.58.222.4> starting connection from persistent connection plugin
Found ansible-connection at path /usr/bin/ansible-connection
shutdown complete
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/paramiko/channel.py", line 699, in recv
out = self.in_buffer.read(nbytes, self.timeout)
File "/usr/local/lib/python3.9/dist-packages/paramiko/buffered_pipe.py", line 164, in read
raise PipeTimeout()
paramiko.buffered_pipe.PipeTimeout
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/.ansible/collections/ansible_collections/ansible/netcommon/plugins/connection/network_cli.py", line 962, in send
response = self.receive(
File "/root/.ansible/collections/ansible_collections/ansible/netcommon/plugins/connection/network_cli.py", line 913, in receive
response = self.receive_paramiko(
File "/root/.ansible/collections/ansible_collections/ansible/netcommon/plugins/connection/network_cli.py", line 727, in receive_paramiko
data = self._ssh_shell.recv(256)
File "/usr/local/lib/python3.9/dist-packages/paramiko/channel.py", line 701, in recv
raise socket.timeout()
socket.timeout
Regards,
Vikram