search

ansible-collections / ansible.netcommon

Ansible Network Collection for Common Code
GNU General Public License v3.0
144 stars 104 forks source link

Cisco ASA net_put "Invalid response from server" "Signature Verified\r\n" #416

Open omegafoo opened 2 years ago

omegafoo commented 2 years ago
SUMMARY

Using net_put to scp a file onto an ASA (firepower1010) fails with the error message: msg: 'Exception received: (''Invalid response from server'', b''Signature Verified\r\n'')'

The image appears to have been sucessully copied to the device and the response 'Signature Verified' as the end of the SCP process is not seen as valid which then breaks the playbook.

ISSUE TYPE
COMPONENT NAME

net_put

ANSIBLE VERSION
ansible-3.6 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/<username>/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible-3.6
  python version = 3.6.8 (default, Aug 13 2020, 07:46:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
COLLECTION VERSION

I am stuck using Ansible 2.9 due to distributed management of the server and 'list' is not an option. I did a force install to ensure everything was up-to-date

$ ansible-galaxy collection install --force-with-deps cisco.asa
Process install dependency map
Starting collection install process
Installing 'cisco.asa:2.1.0' to '/etc/ansible/collections/ansible_collections/cisco/asa'
Installing 'ansible.netcommon:3.0.0' to '/etc/ansible/collections/ansible_collections/ansible/netcommon'
Installing 'ansible.utils:2.6.1' to '/etc/ansible/collections/ansible_collections/ansible/utils'
CONFIGURATION
COLLECTIONS_PATHS(/etc/ansible/ansible.cfg) = [u'/etc/ansible/collections', u'/home/<username>/.ansible/collection
DEFAULT_HOST_LIST(/etc/ansible/ansible.cfg) = [u'/etc/ansible/inventory']
DEFAULT_ROLES_PATH(/etc/ansible/ansible.cfg) = [u'/etc/ansible/roles']
DEFAULT_STDOUT_CALLBACK(/etc/ansible/ansible.cfg) = yaml
DEFAULT_TERMINAL_PLUGIN_PATH(/etc/ansible/ansible.cfg) = [u'/usr/share/ansible/plugins/terminal', u'/etc/ansibl
DISPLAY_SKIPPED_HOSTS(/etc/ansible/ansible.cfg) = False
HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False
INTERPRETER_PYTHON(/etc/ansible/ansible.cfg) = auto
OS / ENVIRONMENT

ASA Version

Cisco Adaptive Security Appliance Software Version 9.16(2)14 
SSP Operating System Version 2.10(1.182)
Device Manager Version 7.16(1)

Compiled on Wed 09-Feb-22 01:55 GMT by builders
System image file is "disk0:/installables/switch/fxos-k8-fp1k-lfbff.2.10.1.182.SPA"
Config file at boot was "startup-config"
STEPS TO REPRODUCE
- name: transfer image
  ansible.netcommon.net_put:
    src: "{{ image_path }}"
    dest: "disk0:/{{ image }}"
  vars:
    ansible_command_timeout: 600
EXPECTED RESULTS

transfer image task should successfully run and return an "OK" response to continue on to the next tax.

ACTUAL RESULTS
TASK [asa-upgrade : transfer image] **************************************************************************************
task path: /etc/ansible/roles/asa-upgrade/tasks/main.yml:14
fatal: [inventory_hostname]: FAILED! => changed=false 
  destination: disk0:/cisco-asa-fp1k.9.16.2.14.SPA
  msg: 'Exception received: (''Invalid response from server'', b''Signature Verified\r\n'')'

PLAY RECAP ***************************************************************************************************************
inventory_hostname        : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
janxe commented 1 year ago

We had this exact issue with asa version 9.16 After we jumped to 9.19, net_put started working as expected again.