search

ansible-collections / cisco.nxos

Ansible Network Collection for Cisco NXOS
GNU General Public License v3.0
115 stars 108 forks source link

Unable to set terminal parameters #589

Open lravelo opened 1 year ago

lravelo commented 1 year ago

Trying to run just a simple play to return the running config on a N9K but keep getting "unable to set terminal parameters". My command is the following:

ansible device_roles_switch -i nexus.yml -c network_cli -m nxos_command -a "commands='show run'"

my nexus.yml file:

---
all:
  hosts:
    core02:
      ansible_host: xxx.xxx.xxx.xxx
      ansible_password: <pw>
      ansible_user: <user>
      ansible_network_os: cisco.nxos.nxos
device_roles_switch:
  hosts:
    core02:

Verbose output:

ansible [core 2.13.6]
  config file = /Users/XXXXX/Nextcloud/Scripts/ansible/ansible.cfg
  configured module search path = ['/Users/XXXXX/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/homebrew/Cellar/ansible/6.6.0/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/XXXXX/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/homebrew/bin/ansible
  python version = 3.10.8 (main, Oct 13 2022, 09:48:40) [Clang 14.0.0 (clang-1400.0.29.102)]
  jinja version = 3.1.2
  libyaml = True
Using /Users/XXXXX/Nextcloud/Scripts/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /Users/XXXXX/Nextcloud/Scripts/ansible/nexus.yml as it did not pass its verify_file() method
script declined parsing /Users/XXXXX/Nextcloud/Scripts/ansible/nexus.yml as it did not pass its verify_file() method
Parsed /Users/XXXXX/Nextcloud/Scripts/ansible/nexus.yml inventory source with yaml plugin
Loading callback plugin minimal of type stdout, v2.0 from /opt/homebrew/Cellar/ansible/6.6.0/libexec/lib/python3.10/site-packages/ansible/plugins/callback/minimal.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
META: ran handlers
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.netcommon from /opt/homebrew/Cellar/ansible/6.6.0/libexec/lib/python3.10/site-packages/ansible_collections/ansible/netcommon
Loading collection cisco.nxos from /opt/homebrew/Cellar/ansible/6.6.0/libexec/lib/python3.10/site-packages/ansible_collections/cisco/nxos
<XXX.XXX.XXX.XXX> attempting to start connection
<XXX.XXX.XXX.XXX> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /opt/homebrew/bin/ansible-connection
<XXX.XXX.XXX.XXX> local domain socket does not exist, starting it
<XXX.XXX.XXX.XXX> control socket path is /Users/XXXXX/.ansible/pc/ebfe2f1d91
<XXX.XXX.XXX.XXX> redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
<XXX.XXX.XXX.XXX> Loading collection ansible.netcommon from /opt/homebrew/Cellar/ansible/6.6.0/libexec/lib/python3.10/site-packages/ansible_collections/ansible/netcommon
<XXX.XXX.XXX.XXX> Loading collection cisco.nxos from /opt/homebrew/Cellar/ansible/6.6.0/libexec/lib/python3.10/site-packages/ansible_collections/cisco/nxos
<XXX.XXX.XXX.XXX> local domain socket listeners started successfully
<XXX.XXX.XXX.XXX> loaded cliconf plugin ansible_collections.cisco.nxos.plugins.cliconf.nxos from path /opt/homebrew/Cellar/ansible/6.6.0/libexec/lib/python3.10/site-packages/ansible_collections/cisco/nxos/plugins/cliconf/nxos.py for network_os cisco.nxos.nxos
<XXX.XXX.XXX.XXX> ssh type is set to auto
<XXX.XXX.XXX.XXX> autodetecting ssh_type
[WARNING]: ansible-pylibssh not installed, falling back to paramiko
<XXX.XXX.XXX.XXX> ssh type is now set to paramiko
<XXX.XXX.XXX.XXX> 
<XXX.XXX.XXX.XXX> local domain socket path is /Users/XXXXX/.ansible/pc/ebfe2f1d91
redirecting (type: modules) ansible.builtin.nxos_command to cisco.nxos.nxos_command
redirecting (type: action) ansible.builtin.nxos to cisco.nxos.nxos
<XXX.XXX.XXX.XXX> Using network group action nxos for nxos_command
redirecting (type: action) ansible.builtin.nxos to cisco.nxos.nxos
<XXX.XXX.XXX.XXX> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
redirecting (type: modules) ansible.builtin.nxos_command to cisco.nxos.nxos_command
<XXX.XXX.XXX.XXX> ANSIBLE_NETWORK_IMPORT_MODULES: found nxos_command  at /opt/homebrew/Cellar/ansible/6.6.0/libexec/lib/python3.10/site-packages/ansible_collections/cisco/nxos/plugins/modules/nxos_command.py
<XXX.XXX.XXX.XXX> ANSIBLE_NETWORK_IMPORT_MODULES: running nxos_command
<XXX.XXX.XXX.XXX> ANSIBLE_NETWORK_IMPORT_MODULES: complete
core02 | FAILED! => {
    "changed": false,
    "module_stderr": "unable to set terminal parameters",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"
}

I do see the successful authentication on my RADIUS server logs

NilashishC commented 1 year ago

@lravelo Could you please share the NX-OS version? Also, the persistent_log_messages from a failed playbook run would help debug this further. Steps to enable this is described here: https://docs.ansible.com/ansible/latest/network/user_guide/network_debug_troubleshooting.html#enabling-networking-device-interaction-logging

lravelo commented 1 year ago

@NilashishC forgot to mention that in my first post. The version of NXOS is 7.0(3)I7(9). Here is the log as requested:


2022-11-14 10:53:20,823 p=7576 u=user n=ansible | PLAY [Kickoff cisco backup playbooks] ********************************************************************************************************************************************************
2022-11-14 10:53:20,842 p=7576 u=user n=ansible | PLAY [Playbook to backup configs on Cisco devices] *******************************************************************************************************************************************
2022-11-14 10:53:20,860 p=7576 u=user n=ansible | TASK [show version] **************************************************************************************************************************************************************************
2022-11-14 10:53:21,113 p=7584 u=user n=ansible | jsonrpc request: b'{"jsonrpc": "2.0", "method": "pop_messages", "id": "2ef25c42-53fc-4826-a9a6-7f668de80065", "params": [[], {}]}'
2022-11-14 10:53:21,114 p=7584 u=user n=ansible | jsonrpc response: {"jsonrpc": "2.0", "id": "2ef25c42-53fc-4826-a9a6-7f668de80065", "result_type": "pickle", "result": "(lp0\n(Vvvvv\np1\nVloaded cliconf plugin ansible_collections.cisco.nxos.plugins.cliconf.nxos from path /opt/homebrew/Cellar/ansible/6.6.0/libexec/lib/python3.10/site-packages/ansible_collections/cisco/nxos/plugins/cliconf/nxos.py for network_os cisco.nxos.nxos\np2\ntp3\na(Vlog\np4\nVnetwork_os is set to cisco.nxos.nxos\np5\ntp6\na(Vwarning\np7\nVPersistent connection logging is enabled for XXX.XXX.XXX.XXX. This will log ALL interactions to /Users/user/Nextcloud/Scripts/ansible/ansible.log and WILL NOT redact sensitive configuration like passwords. USE WITH CAUTION!\np8\ntp9\na(g1\nVssh type is set to auto\np10\ntp11\na(g1\nVautodetecting ssh_type\np12\ntp13\na(g7\nVansible-pylibssh not installed, falling back to paramiko\np14\ntp15\na(g1\nVssh type is now set to paramiko\np16\ntp17\na."}
2022-11-14 10:53:21,739 p=7580 u=user n=ansible | network_os is set to cisco.nxos.nxos
2022-11-14 10:53:21,742 p=7580 u=user n=ansible | [WARNING]: Persistent connection logging is enabled for XXX.XXX.XXX.XXX. This will log ALL interactions to /Users/user/Nextcloud/Scripts/ansible/ansible.log and WILL NOT redact sensitive
configuration like passwords. USE WITH CAUTION!

2022-11-14 10:53:21,743 p=7580 u=user n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko

2022-11-14 10:53:21,753 p=7584 u=user n=ansible | jsonrpc request: b'{"jsonrpc": "2.0", "method": "get_capabilities", "id": "d2a920e2-f233-40ef-a542-965f12822512", "params": [[], {}]}'
2022-11-14 10:53:22,070 p=7584 u=user n=p=7584 u=user | paramiko [XXX.XXX.XXX.XXX] | Connected (version 2.0, client OpenSSH_7.2)
2022-11-14 10:53:22,492 p=7584 u=user n=p=7584 u=user | paramiko [XXX.XXX.XXX.XXX] | Auth banner: b'User Access Verification\n'
2022-11-14 10:53:22,494 p=7584 u=user n=p=7584 u=user | paramiko [XXX.XXX.XXX.XXX] | Authentication (password) successful!
2022-11-14 10:53:23,204 p=7584 u=user n=ansible | jsonrpc response: {"jsonrpc": "2.0", "id": "d2a920e2-f233-40ef-a542-965f12822512", "error": {"code": -32603, "message": "Internal error", "data": "unable to set terminal parameters"}}
2022-11-14 10:53:23,209 p=7576 u=user n=ansible | fatal: [core02]: FAILED! => {"changed": false, "module_stderr": "unable to set terminal parameters", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"}
2022-11-14 10:53:23,211 p=7584 u=user n=ansible | jsonrpc request: b'{"jsonrpc": "2.0", "method": "reset", "id": "89985520-0028-4e7c-9fd7-2a62b2d71907", "params": [[], {}]}'
2022-11-14 10:53:23,212 p=7584 u=user n=ansible | jsonrpc response: {"jsonrpc": "2.0", "id": "89985520-0028-4e7c-9fd7-2a62b2d71907", "result_type": "pickle", "result": "N."}
2022-11-14 10:53:23,212 p=7576 u=user n=ansible | PLAY RECAP ***********************************************************************************************************************************************************************************
2022-11-14 10:53:23,213 p=7576 u=user n=ansible | core02                     : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   
2022-11-14 10:53:23,313 p=7584 u=user n=ansible | invoked shell using ssh_type: paramiko
2022-11-14 10:53:23,313 p=7584 u=user n=ansible | ssh connection done, setting terminal
2022-11-14 10:53:23,314 p=7584 u=user n=ansible | loaded terminal plugin for network_os cisco.nxos.nxos
2022-11-14 10:53:23,314 p=7584 u=user n=ansible | command: None
2022-11-14 10:53:23,314 p=7584 u=user n=ansible | response-1: b'\r\n'
2022-11-14 10:53:23,314 p=7584 u=user n=ansible | response-2: b'Cisco Nexus Operating System (NX-OS) Software\r\nTAC support: http://www.cisco.com/tac\r\nCopyright (C) 2002-2020, Cisco and/or its affiliates.\r\nAll rights reserved.\r\nThe copyrights to certain works contained in this software are\r\nowned by other third parties '
2022-11-14 10:53:23,314 p=7584 u=user n=ansible | response-3: b'and used and distributed under their own\r\nlicenses, such as open source.  This software is provided "as is," and unless\r\notherwise stated, there is no warranty, express or implied, including but not\r\nlimited to warranties of merchantability and fitness for'
2022-11-14 10:53:23,314 p=7584 u=user n=ansible | response-4: b' a particular purpose.\r\nCertain components of this software are licensed under\r\nthe GNU General Public License (GPL) version 2.0 or \r\nGNU General Public License (GPL) version 3.0  or the GNU\r\nLesser General Public License (LGPL) Version 2.1 or \r\nLesser Gen'
2022-11-14 10:53:23,314 p=7584 u=user n=ansible | response-5: b'eral Public License (LGPL) Version 2.0. \r\nA copy of each such license is available at\r\nhttp://www.opensource.org/licenses/gpl-2.0.php and\r\nhttp://opensource.org/licenses/gpl-3.0.html and\r\nhttp://www.opensource.org/licenses/lgpl-2.1.php and\r\nhttp://www.gnu.'
2022-11-14 10:53:23,314 p=7584 u=user n=ansible | response-6: b'org/licenses/old-licenses/library.txt.\r\n'
2022-11-14 10:53:23,315 p=7584 u=user n=ansible | response-7: b'\rcore02# '
2022-11-14 10:53:23,315 p=7584 u=user n=ansible | matched cli prompt 'b'\rcore02# '' with regex 'b'[\\r\\n](?!\\s*<)?(\\x1b\\S+)*[a-zA-Z_0-9]{1}[a-zA-Z0-9-_.]*[>|#](?:\\s*)(\\x1b\\S+)*$'' from response 'b'h such license is available at\r\nhttp://www.opensource.org/licenses/gpl-2.0.php and\r\nhttp://opensource.org/licenses/gpl-3.0.html and\r\nhttp://www.opensource.org/licenses/lgpl-2.1.php and\r\nhttp://www.gnu.org/licenses/old-licenses/library.txt.\r\n\rcore02# ''
2022-11-14 10:53:23,315 p=7584 u=user n=ansible | Response received, triggered 'persistent_buffer_read_timeout' timer of 0.1 seconds
2022-11-14 10:53:23,315 p=7584 u=user n=ansible | firing event: on_open_shell()
2022-11-14 10:53:23,315 p=7584 u=user n=ansible | send command: b'terminal length 0\r'
2022-11-14 10:53:23,315 p=7584 u=user n=ansible | command: b'terminal length 0'
2022-11-14 10:53:23,315 p=7584 u=user n=ansible | response-1: b'terminal length 0'
2022-11-14 10:53:23,316 p=7584 u=user n=ansible | response-2: b'\r\r\n'
2022-11-14 10:53:23,316 p=7584 u=user n=ansible | response-3: b'\rcore02# '
2022-11-14 10:53:23,316 p=7584 u=user n=ansible | matched cli prompt 'b'\rcore02# '' with regex 'b'[\\r\\n](?!\\s*<)?(\\x1b\\S+)*[a-zA-Z_0-9]{1}[a-zA-Z0-9-_.]*[>|#](?:\\s*)(\\x1b\\S+)*$'' from response 'b'terminal length 0\r\r\n\rcore02# ''
2022-11-14 10:53:23,316 p=7584 u=user n=ansible | Response received, triggered 'persistent_buffer_read_timeout' timer of 0.1 seconds
2022-11-14 10:53:23,316 p=7584 u=user n=ansible | send command: b'terminal width 511\r'
2022-11-14 10:53:23,316 p=7584 u=user n=ansible | command: b'terminal width 511'
2022-11-14 10:53:23,316 p=7584 u=user n=ansible | response-1: b'terminal w'
2022-11-14 10:53:23,317 p=7584 u=user n=ansible | response-2: b'idth 5'
2022-11-14 10:53:23,317 p=7584 u=user n=ansible | response-3: b'11\r\r\n'
2022-11-14 10:53:23,317 p=7584 u=user n=ansible | response-4: b'% Permission denied for the role\r\n'
2022-11-14 10:53:23,317 p=7584 u=user n=ansible | matched error regex (terminal_stderr_re) 'b'^% \\w+'' from response 'b'terminal width 511\r\r\n% Permission denied for the role\r\n''
2022-11-14 10:53:23,317 p=7584 u=user n=ansible | matched stdout regex (terminal_stdout_re) 'b'[\\r\\n](?!\\s*<)?(\\x1b\\S+)*[a-zA-Z_0-9]{1}[a-zA-Z0-9-_.]*[>|#](?:\\s*)(\\x1b\\S+)*$'' from error response 'b'terminal width 511\r\r\n% Permission denied for the role\r\n''
2022-11-14 10:53:23,317 p=7584 u=user n=ansible | response-5: b'\rcore02# '
2022-11-14 10:53:23,317 p=7584 u=user n=ansible | matched error regex (terminal_stderr_re) 'b'^% \\w+'' from response 'b'terminal width 511\r\r\n% Permission denied for the role\r\n\rcore02# ''
2022-11-14 10:53:23,318 p=7584 u=user n=ansible | matched stdout regex (terminal_stdout_re) 'b'[\\r\\n](?!\\s*<)?(\\x1b\\S+)*[a-zA-Z_0-9]{1}[a-zA-Z0-9-_.]*[>|#](?:\\s*)(\\x1b\\S+)*$'' from error response 'b'terminal width 511\r\r\n% Permission denied for the role\r\n\rcore02# ''
2022-11-14 10:53:23,318 p=7584 u=user n=ansible | matched cli prompt 'b'\rcore02# '' with regex 'b'[\\r\\n](?!\\s*<)?(\\x1b\\S+)*[a-zA-Z_0-9]{1}[a-zA-Z0-9-_.]*[>|#](?:\\s*)(\\x1b\\S+)*$'' from response 'b'terminal width 511\r\r\n% Permission denied for the role\r\n\rcore02# ''
2022-11-14 10:53:23,318 p=7584 u=user n=ansible | resetting persistent connection for socket_path /Users/user/.ansible/pc/f8b4b5c646
2022-11-14 10:53:23,318 p=7584 u=user n=ansible | closing ssh connection to device
2022-11-14 10:53:23,318 p=7584 u=user n=ansible | firing event: on_close_shell()
2022-11-14 10:53:23,318 p=7584 u=user n=ansible | cli session is now closed
2022-11-14 10:53:23,318 p=7584 u=user n=ansible | ssh connection has been closed successfully
2022-11-14 10:53:23,318 p=7584 u=user n=ansible | reset call on connection instance
2022-11-14 10:53:23,319 p=7584 u=user n=ansible | shutdown complete

Here's the role I created on the switch:

Role: ansible
  Description: Role for Ansible to connect and perform backups
  Vlan policy: permit (default)
  Interface policy: permit (default)
  Vrf policy: permit (default)
  -------------------------------------------------------------------
  Rule    Perm    Type        Scope               Entity
  -------------------------------------------------------------------
  5       permit  command                         show running-config
  4       permit  command                         show inventory
  3       permit  command                         show version
  2       permit  command                         terminal length 511
  1       permit  command                         terminal length 0

I have validated that I can set the terminal length for the user in question to both of those values

lravelo commented 1 year ago

just realized it was terminal **width** 511 and I had it wrong -_- it looks like it's working now. thanks for the help. One question: is there anywhere in the ansible documentation that makes a reference to the role permissions needed for this? I managed to find documentation for Oxidized directly from Cisco that actually helped me with this but I could find nowhere within Ansible docs to help. If there is, please let me know. If there isn't, how can I go about requesting this be added?

NilashishC commented 1 year ago

@lravelo I believe there's no documentation around roles for NX-OS right now. But we should be able to add it in the Platform Guide for NX-OS in docs.ansible.com. Could you please update this issue to indicate this request? I'll start working on it. Thank you!