Juniper / ansible-junos-stdlib

Junos modules for Ansible
Apache License 2.0
306 stars 158 forks source link

1st attempt unformatted password #444

Open sward1557 opened 5 years ago

sward1557 commented 5 years ago

Issue Type

Module Name

Password var reference not resolving. Example shows use of juniper_junos_facts but I have run into this with _confg and _command.

Juniper.Junos role and Python libraries version

ansible 2.7.0
  config file = /cyclops-ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15 (default, Aug 16 2018, 14:17:09) [GCC 6.4.0]

ansible==2.7.0
asn1crypto==0.24.0
bcrypt==3.1.4
certifi==2018.10.15
cffi==1.11.5
chardet==3.0.4
cryptography==2.7
enum34==1.1.6
future==0.17.1
idna==2.7
ipaddress==1.0.22
Jinja2==2.10
jmespath==0.9.4
junos-eznc==2.2.1
jxmlease==1.0.2.dev1
lxml==4.2.2
MarkupSafe==1.1.0
ncclient==0.6.6
netaddr==0.7.19
ntlm-auth==1.2.0
omsdk==1.2.370
paramiko==2.4.2
passlib==1.7.1
pexpect==4.7.0
ply==3.11
prettytable==0.7.2
ptyprocess==0.6.0
pyasn1==0.4.4
pycparser==2.19
pycrypto==2.6.1
pycryptodomex==3.8.2
PyNaCl==1.3.0
pyserial==3.4
pysmi==0.3.4
pysnmp==4.4.9
pysnmp-mibs==0.1.6
pysphere==0.1.7
python-version==0.0.2
pyvmomi==6.7.1.2018.12
pywinrm==0.3.0
PyYAML==3.13
requests==2.20.1
requests-ntlm==1.1.0
scp==0.13.2
selectors2==2.0.1
six==1.11.0
urllib3==1.24.1
xmltodict==0.11.0
zabbix-api==0.5.4

- src: https://github.com/Juniper/ansible-junos-stdlib.git
  scm: git
  version: 2.1.0
  name: juniper.junos

OS / Environment

Playbook is running on:

NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.8.1
PRETTY_NAME="Alpine Linux v3.8"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"
Software Platform
15.1X49-D45 SRX340
12.1X46-D35.1 SRX240H2
15.1X49-D40.6 SRX1500

Summary

Module is not able to pull user password correctly in Production. In our lab environment this isn't an problem.

Steps to reproduce

- name: Gathering Facts
  hosts: juniper
  roles:
    - juniper.junos
  connection: netconf
  gather_facts: false
  remote_user: "{{ srx_remote_user }}"
  vars:
    ansible_network_os: junos
    ansible_user: "{{ srx_remote_user }}"
    ansible_ssh_pass: "{{ srx_remote_user_ssh_pass | default(omit) }}"

  tasks:
    - name: Collect Junos Device Information
      juniper_junos_facts:
      register: junos_facts

    - name: Print Junos Facts
      debug:
        msg: "{{ junos_facts }}"
srx_remote_user: ansible
srx_remote_user_ssh_pass: "{{ vault_cyclops_ansible_user_pass }}"

Expected results

/cyclops-ansible # ansible-playbook playbooks/juniper_junos_facts.yml -l hostname
PLAY [Gathering Facts] ***********************************************************************************
TASK [Collect Junos Device Information] ******************************************************************
fatal: [hostname]: FAILED! => {"changed": false, "msg": "Unable to make a PyEZ connection: ConnectAuthError(hostname)"}
[hostname] TASK: Collect Junos Device Information (debug)> redo
ok: [hostname]
TASK [Print Junos Facts] *********************************************************************************
ok: [hostname] => {
    "msg": {
        "ansible_facts": {
            "junos": {
                "HOME": "/var/home/SU",
                "RE0": {
                    "last_reboot_reason": "0x200:normal shutdown",
                    "mastership_state": "master",
                    "model": "RE-SRX340",
                    "status": "OK",
                    "up_time": "756 days, 22 hours, 33 minutes, 42 seconds"
                },

    }
}
PLAY RECAP ***********************************************************************************************
hostname        : ok=2    changed=0    unreachable=0    failed=0

Actual results

#       ansible-playbook playbooks/juniper_junos_facts.yml -l hostname -vvvv
ansible-playbook 2.7.0
  config file = /cyclops-ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.15 (default, Aug 16 2018, 14:17:09) [GCC 6.4.0]
Using /cyclops-ansible/ansible.cfg as config file
setting up inventory plugins
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc
Loading callback plugin cyclops_slack_failed of type notification, v2.0 from /cyclops-ansible/playbooks/callback_plugins/cyclops_slack_failed.pyc
Loading callback plugin cyclops_slack_freeipa_user_changes of type notification, v2.0 from /cyclops-ansible/playbooks/callback_plugins/cyclops_slack_freeipa_user_changes.pyc
Loading callback plugin jsnapy of type aggregate, v2.0 from /cyclops-ansible/roles/juniper.junos/callback_plugins/jsnapy.pyc
Loading callback plugin slack_backported of type notification, v2.0 from /cyclops-ansible/playbooks/callback_plugins/slack_backported.pyc
Loading callback plugin syslog_json of type aggregate, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/syslog_json.pyc

PLAYBOOK: juniper_junos_facts.yml **************************************************************************************************

1 plays in playbooks/juniper_junos_facts.yml

PLAY [Gathering Facts] *************************************************************************************************************
META: ran handlers
Trying secret FileVaultSecret(filename='/.vault') for vault_id=default
Trying secret FileVaultSecret(filename='/.vault') for vault_id=default

TASK [Collect Junos Device Information] ********************************************************************************************
task path: /cyclops-ansible/playbooks/juniper_junos_facts.yml:14
<10.2.1.1> attempting to start connection
<10.2.1.1> using connection plugin netconf
<10.2.1.1> local domain socket does not exist, starting it
<10.2.1.1> control socket path is /root/.ansible/pc/a4447d854d
<10.2.1.1> connection to remote device started successfully
<10.2.1.1> local domain socket listeners started successfully
<10.2.1.1> 
<10.2.1.1> local domain socket path is /root/.ansible/pc/a4447d854d
<10.2.1.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.2.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502 `" && echo ansible-tmp-1563553341.31-235616940099502="` echo /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502 `" ) && sleep 0'
Using module file /cyclops-ansible/roles/juniper.junos/library/juniper_junos_facts.py
<10.2.1.1> PUT /root/.ansible/tmp/ansible-local-92EqahCf/tmp0LA048 TO /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502/AnsiballZ_juniper_junos_facts.py
<10.2.1.1> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502/ /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502/AnsiballZ_juniper_junos_facts.py && sleep 0'
<10.2.1.1> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502/AnsiballZ_juniper_junos_facts.py && sleep 0'
<10.2.1.1> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
  File "/tmp/ansible_juniper_junos_facts_payload_QprqN9/ansible_juniper_junos_facts_payload.zip/ansible/module_utils/juniper_junos_common.py", line 1304, in open
    self.dev.open()
  File "/usr/lib/python2.7/site-packages/jnpr/junos/device.py", line 1268, in open
    raise EzErrors.ConnectAuthError(self)

fatal: [hostname]: FAILED! => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "attempts": null, 
            "baud": null, 
            "config_format": null, 
            "console": null, 
            "host": "hostname", 
            "level": null, 
            "logdir": null, 
            "logfile": null, 
            "mode": null, 
            "passwd": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "port": 830, 
            "provider": null, 
            "savedir": null, 
            "ssh_config": null, 
            "ssh_private_key_file": null, 
            "timeout": 30, 
            "user": "ansible"
        }
    }, 
    "msg": "Unable to make a PyEZ connection: ConnectAuthError(hostname)"
}

PLAY RECAP *************************************************************************************************************************
hostname        : ok=0    changed=0    unreachable=0    failed=1

This may also be of use:

Demonstrates (1) why you're getting a ConnetAuthError the first attempt (because of the unformatted password) and (2) why it works the second attempt (because it's getting the properly formatted password)

PLAY [Gathering Facts] ***************************************************************************************************************************
TASK [Collect Junos Device Information] **********************************************************************************************************
fatal: [hostname]: FAILED! => {"changed": false, "msg": "Unable to make a PyEZ connection: ConnectAuthError(hostname)"}
[hostname] TASK: Collect Junos Device Information (debug)> p task.args
{'_ansible_check_mode': False,
 '_ansible_debug': False,
 '_ansible_diff': False,
 '_ansible_keep_remote_files': False,
 '_ansible_module_name': u'juniper_junos_facts',
 '_ansible_no_log': False,
 '_ansible_remote_tmp': u'~/.ansible/tmp',
 '_ansible_selinux_special_fs': ['fuse', 'nfs', 'vboxsf', 'ramfs', '9p'],
 '_ansible_shell_executable': u'/bin/sh',
 '_ansible_socket': u'/root/.ansible/pc/7c06e50a92',
 '_ansible_syslog_facility': u'LOG_USER',
 '_ansible_tmpdir': u'/root/.ansible/tmp/ansible-local-37734EPyQ/ansible-tmp-1563310619.76-182954198747515/',
 '_ansible_verbosity': 0,
 '_ansible_version': '2.7.0',
 '_module_name': u'juniper_junos_facts',
 '_module_utils_path': '/cyclops-ansible/roles/juniper.junos/module_utils',
 'host': u'hostname',
 'passwd': u'{{ srx_remote_user_ssh_pass | default(omit) }}',  <--------------------------**
 'user': u'ansible'}
[hostname] TASK: Collect Junos Device Information (debug)> r
ok: [hostname]
[hostname] TASK: Collect Junos Device Information (debug)> p task.args
{'_ansible_check_mode': False,
 '_ansible_debug': False,
 '_ansible_diff': False,
 '_ansible_keep_remote_files': False,
 '_ansible_module_name': u'juniper_junos_facts',
 '_ansible_no_log': False,
 '_ansible_remote_tmp': u'~/.ansible/tmp',
 '_ansible_selinux_special_fs': ['fuse', 'nfs', 'vboxsf', 'ramfs', '9p'],
 '_ansible_shell_executable': u'/bin/sh',
 '_ansible_socket': u'/root/.ansible/pc/7c06e50a92',
 '_ansible_syslog_facility': u'LOG_USER',
 '_ansible_tmpdir': u'/root/.ansible/tmp/ansible-local-37734EPyQ/ansible-tmp-1563310645.75-61079557661853/',
 '_ansible_verbosity': 0,
 '_ansible_version': '2.7.0',
 '_module_name': u'juniper_junos_facts',
 '_module_utils_path': '/cyclops-ansible/roles/juniper.junos/module_utils',
 'host': u'hostname',
 'passwd': u'OMIT', *This was the correct password    <-----------------------------------------**
 'user': u'ansible'}
rsmekala commented 5 years ago

@sward1557 I am not quite sure I follow the issue description. Will give it a try and try to respond back by EOW.