Ansible command line password not passed to the module anymore

33Fraise33 commented 2 years ago

Issue Type

Bug Report

Module Name

Juniper.device.config

juniper.device collection and Python libraries version

ansible [core 2.13.2]
  config file = /home/gianni/git/5g-ansible-networking/ansible.cfg
  configured module search path = ['/home/gianni/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  ansible collection location = /home/gianni/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.5 (main, Jun  6 2022, 18:49:26) [GCC 12.1.0]
  jinja version = 3.1.2
  libyaml = True

aiofiles @ file:///build/python-aiofiles/src/aiofiles/dist/aiofiles-0.8.0-py3-none-any.whl
aiohttp==3.8.1
aiohttp-cors==0.7.0
aiosignal==1.2.0
alabaster==0.7.12
ansible==6.1.0
ansible-core==2.13.2
ansible-pylibssh==0.4.0
appdirs==1.4.4
async-generator==1.10
async-timeout==4.0.2
attrs==21.4.0
Babel==2.10.3
bcrypt==3.2.2
btrfsutil==5.18.1
build==0.8.0
CacheControl==0.12.6
certifi==2022.6.15
cffi==1.15.1
chardet==4.0.0
charset-normalizer==2.1.0
colorama==0.4.5
commonmark==0.9.1
configobj==5.1.0.dev0
crit==3.17.1
cryptography==37.0.4
distlib==0.3.5
distro==1.7.0
docutils==0.19
evdev==1.6.0
frozenlist==1.3.0
future==0.18.2
gns3-gui==2.2.33.1
gns3-server==2.2.33.1
html5lib==1.1
idna==3.3
imagesize==1.4.1
importlib-metadata==4.8.1
installer==0.5.1
isodate==0.6.1
jaraco.context==4.1.1
jaraco.functools==3.5.1
jaraco.text==3.8.1
Jinja2==3.1.2
jsonschema==3.2.0
junos-eznc==2.6.5
jxmlease==1.0.3
libfdt==1.6.1
libvirt-python==8.6.0
louis==3.22.0
lxml==4.9.1
MarkupSafe==2.1.1
more-itertools==8.13.0
msgpack==1.0.3
multidict==6.0.2
ncclient==0.6.13
netaddr==0.8.0
netsnmp-python==1.0a1
nftables==0.1
nspektr==0.4.0
ordered-set==4.0.2
packaging==21.3
paramiko==2.11.0
pep517==0.12.0
platformdirs==2.5.2
ply==3.11
prompt-toolkit==3.0.30
protobuf==4.21.4
psutil==5.9.1
pwquality==1.4.4
py-cpuinfo==8.0.0
pycairo==1.21.0
pycountry==22.3.5
pycparser==2.21
pycryptodome==3.15.0
Pygments==2.12.0
PyGObject==3.42.2
PyNaCl==1.4.0
pynput==1.7.6
pyOpenSSL==22.0.0
pyparsing==3.0.9
PyQt5==5.15.7
PyQt5-sip==12.11.0
pyrsistent==0.18.1
pyserial==3.5
PySocks==1.7.1
python-xlib==0.31
pytz==2022.1
PyYAML==6.0
requests==2.27.1
resolvelib==0.8.1
rich @ file:///build/python-rich/src/rich-12.5.1/dist/rich-12.5.0-py3-none-any.whl
scp==0.14.4
selectors2==2.0.2
sentry-sdk==1.9.0
sip==4.19.25
six==1.16.0
snowballstemmer==2.2.0
speedtest-cli==2.1.3
Sphinx==5.1.1
sphinxcontrib-applehelp==1.0.2
sphinxcontrib-devhelp==1.0.2
sphinxcontrib-htmlhelp==2.0.0
sphinxcontrib-jsmath==1.0.1
sphinxcontrib-qthelp==1.0.3
sphinxcontrib-serializinghtml==1.1.5
streamlink==4.2.0
team==1.0
tenacity==8.0.1
terminator==2.1.1
tomli==2.0.1
transitions==0.8.11
trove-classifiers==2022.7.22
typing_extensions==4.2.0
urllib3==1.26.9
validate==5.1.0.dev0
validate-pyproject==0.9
wcwidth==0.2.5
webencodings==0.5.1
websocket-client==1.3.3
xmltodict==0.13.0
yamlordereddictloader==0.4.0
yarl==1.7.2
yt-dlp==2022.7.18
zipp==3.8.1

OS / Environment

Juniper EX2300 Junos: 21.2R2-S2.3

Summary

The module is not passing the ssh password from the command line /environment anymore. when you supply --ask-pass or -k it does not pass it through to the juniper.device.config module. I need to supply: passwd: "{{ ansible_ssh_pass | default(omit) }}" to have it work with password authentication on initial staging/config.

Steps to reproduce

ansible-playbook -i <inv> playbook.yml -u root -e "ssh_private_key_file='/dev/null'" -k

In the below config if the passwd module is removed it stops working, this was working before but I am not sure why it does not anymore without explicitely add the passwd entry.

- name: JUNIPER - System settings
  juniper.device.config:
    passwd: "{{ ansible_ssh_pass | default(omit) }}"
    load: replace
    template: "{{ role_path }}/templates/junos_system.conf.j2"
    format: text
    config_mode: private
    timeout: 60
    vars:
      var1: test

Expected results

Use the supplied password by default instead of needing to add it to the module. Actual results

fatal: [CME_LTE_SW06]: FAILED! => {"changed": false, "msg": "Unable to make a PyEZ connection: ConnectAuthError(169.254.33.251)"}

jaakub commented 1 year ago

I've come across identical issue with the latest version. Would be nice to see it resolved.

cmason3 commented 1 year ago

I am also now experiencing this issue with the Juniper.Junos role since upgrading to ansible-core>=2.13 or ansible>=6.0. I am now stuck on ansible-core<=2.12 as I am unable to authenticate to a device as the credentials aren't being correctly obtained from the command line when authenticating using a password protected SSH public key - the ssh_private_key_file field is being passed through as null.

Ansible believe the solution is that the juniper plugin will need to be updated to consult self._connection.get_option() as opposed to attempting to get the information from task_vars.

cmason3 commented 1 year ago

This issue is also present with the newer juniper.device collection for Ansible. Tested using juniper.device==1.0.2 which fails with ansible-core>=2.13.

cmason3 commented 1 year ago

PR #615 raised if anyone is still actively maintaining this repository?

chidanandpujar commented 1 year ago

Hi @cmason3 Thanks , We are running functional tests .

Thanks

chidanandpujar commented 1 year ago

Fix is merged via https://github.com/Juniper/ansible-junos-stdlib/pull/615

Juniper / ansible-junos-stdlib