Ansible and Juniper.junos got hung at junos_get_facts

[Steven Truong]

Hi all,

I am fairly new with Juniper.junos but know Ansible well and what I am trying to do is a fairly simple thing but it does not seem to work for me.

# cat hosts.sc2firewalls 

[srx550]

192.168.11.1

---

- name: Get device facts

  hosts: srx550

  roles:

  - Juniper.junos

  connection: local

  gather_facts: no

  tasks:

  - name: checking NETCONF connectivity

    wait_for: host={{ inventory_hostname }} port=22 timeout=10

  - name: retrieve info from devices

    junos_get_facts: host={{ inventory_hostname }} logfile=/home/$USER/juniper.log 

    register: junos

  - name: version

    debug: msg="{{ junos.facts.version }}"

--------------------------------------

But my run got hung and timed out.

< TASK: checking NETCONF connectivity >

 -------------------------------------

        \   ^__^

         \  (oo)\_______

            (__)\       )\/\

                ||----w |

                ||     ||

<192.168.11.1> REMOTE_MODULE wait_for host=192.168.11.1 port=22 timeout=10

<192.168.11.1> EXEC ['/bin/sh', '-c', 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1408631193.16-76332173120789 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1408631193.16-76332173120789 && echo $HOME/.ansible/tmp/ansible-tmp-1408631193.16-76332173120789']

<192.168.11.1> PUT /tmp/tmpLZeowt TO /home/steven/.ansible/tmp/ansible-tmp-1408631193.16-76332173120789/wait_for

<192.168.11.1> EXEC ['/bin/sh', '-c', u'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/steven/.ansible/tmp/ansible-tmp-1408631193.16-76332173120789/wait_for; rm -rf /home/steven/.ansible/tmp/ansible-tmp-1408631193.16-76332173120789/ >/dev/null 2>&1']

ok: [192.168.11.1] => {"changed": false, "elapsed": 0, "path": null, "port": 22, "search_regex": null, "state": "started"}

< TASK: retrieve info from devices >

 ----------------------------------

        \   ^__^

         \  (oo)\_______

            (__)\       )\/\

                ||----w |

                ||     ||

<192.168.11.1> REMOTE_MODULE junos_get_facts host=192.168.11.1 logfile=/home/$USER/juniper.log

<192.168.11.1> EXEC ['/bin/sh', '-c', 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1408631193.28-62119542719751 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1408631193.28-62119542719751 && echo $HOME/.ansible/tmp/ansible-tmp-1408631193.28-62119542719751']

<192.168.11.1> PUT /tmp/tmpfoMjLs TO /home/steven/.ansible/tmp/ansible-tmp-1408631193.28-62119542719751/junos_get_facts

<192.168.11.1> EXEC ['/bin/sh', '-c', u'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/steven/.ansible/tmp/ansible-tmp-1408631193.28-62119542719751/junos_get_facts; rm -rf /home/steven/.ansible/tmp/ansible-tmp-1408631193.28-62119542719751/ >/dev/null 2>&1']

failed: [192.168.11.1] => {"failed": true}

msg: unable to connect to 192.168.11.1: ConnectTimeoutError(192.168.11.1)

---

I checked my firewall and I could do netconf just fine.

ssh -s ste...@192.168.11.1 netconf

Warning: Permanently added '192.168.11.1' (ECDSA) to the list of known hosts.

<!-- No zombies were killed during the creation of this user interface -->

<!-- user steven, class j-super-user -->

<hello>

  <capabilities>

    <capability>urn:ietf:params:xml:ns:netconf:base:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:candidate:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:confirmed-commit:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:validate:1.0</capability>

    <capability>urn:ietf:params:xml:ns:netconf:capability:url:1.0?protocol=http,ftp,file</capability>

    <capability>http://xml.juniper.net/netconf/junos/1.0</capability>

    <capability>http://xml.juniper.net/dmi/system/1.0</capability>

  </capabilities>

  <session-id>5080</session-id>

</hello>

]]>]]>

----

I copied the /home/steven/.ansible/tmp/ansible-tmp-1408631193.28-62119542719751/junos_get_facts and ran it manually and then stopped it.  Here was what I got.

 File "/usr/lib/python2.7/pdb.py", line 1314, in main

    pdb._runscript(mainpyfile)

  File "/usr/lib/python2.7/pdb.py", line 1233, in _runscript

    self.run(statement)

  File "/usr/lib/python2.7/bdb.py", line 400, in run

    exec cmd in globals, locals

  File "<string>", line 1, in <module>

  File "./junos_get_facts", line 85, in <module>

    '''

  File "./junos_get_facts", line 137, in main

    dev.open()

  File "/usr/local/lib/python2.7/dist-packages/jnpr/junos/device.py", line 392, in open

    device_params={'name': 'junos'})

  File "/usr/local/lib/python2.7/dist-packages/ncclient/manager.py", line 96, in connect_ssh

    session.connect(*args, **kwds)

  File "/usr/local/lib/python2.7/dist-packages/ncclient/transport/ssh.py", line 182, in connect

    sock.connect(sa)

  File "/usr/lib/python2.7/socket.py", line 224, in meth

    return getattr(self._sock,name)(*args)

KeyboardInterrupt

Uncaught exception. Entering post mortem debugging

Running 'cont' or 'step' will restart the program

> /usr/lib/python2.7/socket.py(224)meth()

-> return getattr(self._sock,name)(*args)

------

Please tell me what could be the problem.

Thank you very much.

Steven.

[Nitin Kumar]

As you have provided port 22 to waitfor task. Provide the same to junos_facts too.

Nitin K

--
You received this message because you are subscribed to the Google Groups "Junos Python EZ" group.
To unsubscribe from this group and stop receiving emails from it, send an email to junos-python-...@googlegroups.com.
Visit this group at http://groups.google.com/group/junos-python-ez.
To view this discussion on the web visit https://groups.google.com/d/msgid/junos-python-ez/1bae8ba2-3bc4-4526-8713-a5b9b4d4fc05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Rick Sherman]

Please also note that the best practice is to use port 830 for NETCONF.

http://www.juniper.net/techpubs/en_US/junos14.1/topics/topic-map/netconf-ssh-connection.html

-Rick

To unsubscribe from this group and stop receiving emails from it, send an email to junos-python-ez+unsubscribe@googlegroups.com.

[Steven Truong]

Thank Rick for his advice.  I changed all of my stuffs for netconf to use 830.

Nick, if you use port 830, then you do not have to specify port for junos_get_facts and besides that port is not a valid option.

Thanks all for your helps.

Steven.

To unsubscribe from this group and stop receiving emails from it, send an email to junos-python-...@googlegroups.com.

[Steven Truong]

Thanks Nitin. I had that.  Here are the codes:

netconf {

    ssh {

        connection-limit 2;

        rate-limit 5;

        port 830;

    }

Steven.

[Steven Truong]

Hi Nitin,

Everything works now.

Thanks for your helps.

Steven.