search

ansible-collections / cisco.ios

Ansible Network Collection for Cisco IOS
GNU General Public License v3.0
293 stars 171 forks source link

Section Command not present in Cisco Firmware on branches older than 12.3 #891

Closed CyberCriminal0 closed 1 year ago

CyberCriminal0 commented 1 year ago
SUMMARY

Playbooks using this collection against Cisco IOS devices running a firmware branch older than 12.3 (in this case 12.2(55)SE) do not include the "section" command causing tasks to fail.

ISSUE TYPE
COMPONENT NAME

cisco.ios.ios_snmp_server

ANSIBLE VERSION
ansible [core 2.14.3]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
Collection Version
---------- -------
cisco.ios  5.0.0
CONFIGURATION
CONFIG_FILE() = None
OS / ENVIRONMENT

Distributor ID: Debian Description: Debian GNU/Linux 12 (bookworm) Release: 12 Codename: bookworm

STEPS TO REPRODUCE
---
- name: Set SNMP
  hosts: switches
  gather_facts: yes
  tasks:
  - name: Apply SNMP config
    cisco.ios.ios_snmp_server:
      config:
        groups:
          - group: RW
            version: v3
            version_option: priv
            write: v1default
          - group: RO
            version: v3
            version_option: priv
        users:
          - username: user0
            authentication:
             algorithm: sha
             password: removed
            encryption:
             password: removed
             priv: aes
             priv_option: 128
            version: v3
            group: RO
          - username: user1
            authentication:
             algorithm: sha
             password: removed
            encryption:
             password: removed
             priv: aes
             priv_option: 128
            version: v3
            group: RW
      state: merged

This is run on a Cisco WS-C3560X-48P-E switch, running firmware 12.2(55)SE5

EXPECTED RESULTS

Playbook would run and set the defined SNMP users and group

ACTUAL RESULTS

Attempting to run show running-config | section ^snmp-server on the switch via the local CLI shows the same result, other filtering commands like "include" work as expected, just not section as it is a feature of IOS 12.3

<10.1.19.1> ANSIBLE_NETWORK_IMPORT_MODULES: complete
The full traceback is:
  File "/runner/requirements_collections/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/facts/facts.py", line 126, in get_network_resources_facts
    inst.populate_facts(self._connection, self.ansible_facts, data)
  File "/runner/requirements_collections/ansible_collections/cisco/ios/plugins/module_utils/network/ios/facts/snmp_server/snmp_server.py", line 129, in populate_facts
    data = self.get_snmp_data(connection)
  File "/runner/requirements_collections/ansible_collections/cisco/ios/plugins/module_utils/network/ios/facts/snmp_server/snmp_server.py", line 37, in get_snmp_data
    _get_snmp_data = connection.get("show running-config | section ^snmp-server")
  File "/usr/local/lib/python3.9/site-packages/ansible/module_utils/connection.py", line 200, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [sar_test]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "config": {
                "accounting": null,
                "cache": null,
                "chassis_id": null,
                "communities": null,
                "contact": null,
                "context": null,
                "drop": null,
                "engine_id": null,
                "file_transfer": null,
                "groups": [
                    {
                        "acl_v4": null,
                        "acl_v6": null,
                        "context": null,
                        "group": "RW",
                        "notify": null,
                        "read": null,
                        "version": "v3",
                        "version_option": "priv",
                        "write": "v1default"
                    },
                    {
                        "acl_v4": null,
                        "acl_v6": null,
                        "context": null,
                        "group": "RO",
                        "notify": null,
                        "read": null,
                        "version": "v3",
                        "version_option": "priv",
                        "write": null
                    }
                ],
                "hosts": null,
                "if_index": null,
                "inform": null,
                "ip": null,
                "location": null,
                "manager": null,
                "packet_size": null,
                "password_policy": null,
                "queue_length": null,
                "source_interface": null,
                "system_shutdown": null,
                "trap_source": null,
                "trap_timeout": null,
                "traps": null,
                "users": [
                    {
                        "acl_v4": null,
                        "acl_v6": null,
                        "authentication": {
                            "algorithm": "sha",
                            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                        },
                        "encryption": {
                            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                            "priv": "aes",
                            "priv_option": "128"
                        },
                        "group": "RO",
                        "remote": null,
                        "udp_port": null,
                        "username": "user0",
                        "version": "v3",
                        "version_option": null,
                        "vrf": null
                    },
                    {
                        "acl_v4": null,
                        "acl_v6": null,
                        "authentication": {
                            "algorithm": "sha",
                            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                        },
                        "encryption": {
                            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                            "priv": "aes",
                            "priv_option": "128"
                        },
                        "group": "RW",
                        "remote": null,
                        "udp_port": null,
                        "username": "user1",
                        "version": "v3",
                        "version_option": null,
                        "vrf": null
                    }
                ],
                "views": null
            },
            "running_config": null,
            "state": "merged"
        }
    },
    "msg": "show running-config | section ^snmp-server\r\nshow running-config | section ^snmp-server\r\n                      ^\r\n% Invalid input detected at '^' marker.\r\n\r\n#"
}
CyberCriminal0 commented 1 year ago

I am unsure if it is possible to override the usage of "section" for "include" or a similar command in this playbook, that would solve this issue as that command is present in firmware 12.2

KB-perByte commented 1 year ago

@CyberCriminal0 Hello, The supported appliance version is IOSXE 17.x The version mentioned is not supported anymore.

The suggestion you shared does partially solve the problem but that raised a group of more issues where we need to maintain various patterns of similar commands which is again version specific. Hence, similar solutions are not adequate. Regards