QFX5100 22.1R1.10 "Opening and ending tag mismatch"

[vifino]

SUMMARY

While trying to deploy config changes via junipernetworks.junos.junos_config on a QFX5100 running 22.1R1.10 flex with the qfx5e firmware, I get an error about an "Opening and ending tag mismatch", seemingly while parsing a NETCONF response from the device.

ISSUE TYPE

• Bug Report

COMPONENT NAME

Definitly affects junipernetworks.junos.junos_config. Gathering Facts seems to work.

ANSIBLE VERSION

ansible [core 2.12.5]
  config file = /home/vifino/.ansible.cfg
  configured module search path = ['/home/vifino/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /nix/store/v0a9bz3sm06by20ihf13h319dzf2ia4r-python3.9-ansible-core-2.12.5/lib/python3.9/site-packages/ansible
  ansible collection location = /home/vifino/.ansible/collections:/usr/share/ansible/collections
  executable location = /nix/store/v0a9bz3sm06by20ihf13h319dzf2ia4r-python3.9-ansible-core-2.12.5/bin/ansible
  python version = 3.9.12 (main, Mar 23 2022, 21:36:19) [GCC 11.3.0]
  jinja version = 3.1.1
  libyaml = True

COLLECTION VERSION

$ ansible-galaxy collection list ansible.netcommon

# /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections
Collection        Version
----------------- -------
ansible.netcommon 2.6.1

# /home/vifino/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
ansible.netcommon 3.0.0

$ ansible-galaxy collection list junipernetworks.junos

# /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections
Collection            Version
--------------------- -------
junipernetworks.junos 2.10.0

# /home/vifino/.ansible/collections/ansible_collections
Collection            Version
--------------------- -------
junipernetworks.junos 3.0.0

I tried both 2.10.0 (bundled with my ansible) and latest 3.0.0, neither work.

CONFIGURATION

CACHE_PLUGIN(/home/vifino/.ansible.cfg) = jsonfile
CACHE_PLUGIN_CONNECTION(/home/vifino/.ansible.cfg) = /tmp/ansible_facts_vifino
CACHE_PLUGIN_TIMEOUT(/home/vifino/.ansible.cfg) = 3600
DEFAULT_LOAD_CALLBACK_PLUGINS(/home/vifino/.ansible.cfg) = True
DEFAULT_REMOTE_USER(/home/vifino/.ansible.cfg) = vifino
DEFAULT_STDOUT_CALLBACK(/home/vifino/.ansible.cfg) = yaml
DIFF_ALWAYS(/home/vifino/.ansible.cfg) = True
DIFF_CONTEXT(/home/vifino/.ansible.cfg) = 5
INTERPRETER_PYTHON(/home/vifino/.ansible.cfg) = auto_silent

OS / ENVIRONMENT

Ansible is running on NixOS.

The working device is a MX204 running 22.1R1.10. The failing device is a QFX5100-48S-AFO running 22.1R1.10 flex on the qfx5e flavour.

STEPS TO REPRODUCE

---
- hosts: qfx5100
  tasks:
    - name: Test snippet
      junipernetworks.junos.junos_config:
        lines:
          - set system ports console log-out-on-disconnect

EXPECTED RESULTS

I expect to be able to deploy config on this device just like the MXes. It worked before but it just started breaking, without updates inbetween.

ACTUAL RESULTS

ansible-playbook [core 2.12.5]
  config file = /home/vifino/.ansible.cfg
  configured module search path = ['/home/vifino/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /nix/store/v0a9bz3sm06by20ihf13h319dzf2ia4r-python3.9-ansible-core-2.12.5/lib/python3.9/site-packages/ansible
  ansible collection location = /home/vifino/.ansible/collections:/usr/share/ansible/collections
  executable location = /nix/store/v0a9bz3sm06by20ihf13h319dzf2ia4r-python3.9-ansible-core-2.12.5/bin/ansible-playbook
  python version = 3.9.12 (main, Mar 23 2022, 21:36:19) [GCC 11.3.0]
  jinja version = 3.1.1
  libyaml = True
Using /home/vifino/.ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/vifino/src/ansible/ansible-juniper/inventory/hosts as it did not pass its verify_file() method
script declined parsing /home/vifino/src/ansible/ansible-juniper/inventory/hosts as it did not pass its verify_file() method
auto declined parsing /home/vifino/src/ansible/ansible-juniper/inventory/hosts as it did not pass its verify_file() method
Parsed /home/vifino/src/ansible/ansible-juniper/inventory/hosts inventory source with ini plugin
Loading collection junipernetworks.junos from /home/vifino/.ansible/collections/ansible_collections/junipernetworks/junos
redirecting (type: action) junipernetworks.junos.junos_config to junipernetworks.junos.junos
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading collection community.general from /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections/community/general
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading callback plugin community.general.yaml of type stdout, v2.0 from /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections/community/general/plugins/callback/yaml.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: fra2_debug.yml ********************************************************************************************************************************************************************
Positional arguments: fra2_debug.yml
verbosity: 4
remote_user: vifino
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
diff: True
inventory: ('/home/vifino/src/ansible/ansible-juniper/inventory',)
forks: 5
1 plays in fra2_debug.yml

PLAY [qfx5100.fake.tld] ***********************************************************************************************************************************************************
META: ran handlers
redirecting (type: action) junipernetworks.junos.junos_config to junipernetworks.junos.junos
Loading collection ansible.netcommon from /home/vifino/.ansible/collections/ansible_collections/ansible/netcommon

TASK [Test snippet] *************************************************************************************************************************************************************************
task path: /home/vifino/src/ansible/ansible-juniper/fra2_debug.yml:5
<1.2.3.4> attempting to start connection
<1.2.3.4> using connection plugin ansible.netcommon.netconf
Found ansible-connection at path /nix/store/v0a9bz3sm06by20ihf13h319dzf2ia4r-python3.9-ansible-core-2.12.5/bin/ansible-connection
<1.2.3.4> local domain socket does not exist, starting it
<1.2.3.4> control socket path is /home/vifino/.ansible/pc/d93ef8727c
<1.2.3.4> Loading collection ansible.netcommon from /home/vifino/.ansible/collections/ansible_collections/ansible/netcommon
<1.2.3.4> Loading collection junipernetworks.junos from /home/vifino/.ansible/collections/ansible_collections/junipernetworks/junos
<1.2.3.4> local domain socket listeners started successfully
<1.2.3.4> loaded netconf plugin ansible_collections.junipernetworks.junos.plugins.netconf.junos from path /home/vifino/.ansible/collections/ansible_collections/junipernetworks/junos/plugins/netconf/junos.py for network_os junipernetworks.junos.junos
<1.2.3.4>
<1.2.3.4> local domain socket path is /home/vifino/.ansible/pc/d93ef8727c
redirecting (type: action) junipernetworks.junos.junos_config to junipernetworks.junos.junos
redirecting (type: action) junipernetworks.junos.junos_config to junipernetworks.junos.junos
<1.2.3.4> ANSIBLE_NETWORK_IMPORT_MODULES: enabled via connection option
<1.2.3.4> ANSIBLE_NETWORK_IMPORT_MODULES: found junipernetworks.junos.junos_config  at /home/vifino/.ansible/collections/ansible_collections/junipernetworks/junos/plugins/modules/junos_config.py
<1.2.3.4> ANSIBLE_NETWORK_IMPORT_MODULES: running junipernetworks.junos.junos_config
<1.2.3.4> ANSIBLE_NETWORK_IMPORT_MODULES: complete
fatal: [qfx5100.fake.tld]: FAILED! => changed=false
  module_stderr: 'b''Opening and ending tag mismatch: routing-engine line 2 and nc:rpc-reply, line 6, column 16 (<string>, line 6)'''
  module_stdout: ''
  msg: |-
    MODULE FAILURE
    See stdout/stderr for the exact error

PLAY RECAP **********************************************************************************************************************************************************************************
qfx5100.fake.tld : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

[vifino]

The error is a bit more verbose when running with junipernetworks.junos 2.10.0 and ansible.netcommon 2.6.1:

ansible-playbook [core 2.12.5]
  config file = /home/vifino/.ansible.cfg
  configured module search path = ['/home/vifino/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /nix/store/v0a9bz3sm06by20ihf13h319dzf2ia4r-python3.9-ansible-core-2.12.5/lib/python3.9/site-packages/ansible
  ansible collection location = /home/vifino/.ansible/collections:/usr/share/ansible/collections
  executable location = /nix/store/v0a9bz3sm06by20ihf13h319dzf2ia4r-python3.9-ansible-core-2.12.5/bin/ansible-playbook
  python version = 3.9.12 (main, Mar 23 2022, 21:36:19) [GCC 11.3.0]
  jinja version = 3.1.1
  libyaml = True
Using /home/vifino/.ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/vifino/src/ansible/ansible-juniper/inventory/hosts as it did not pass its verify_file() method
script declined parsing /home/vifino/src/ansible/ansible-juniper/inventory/hosts as it did not pass its verify_file() method
auto declined parsing /home/vifino/src/ansible/ansible-juniper/inventory/hosts as it did not pass its verify_file() method
Parsed /home/vifino/src/ansible/ansible-juniper/inventory/hosts inventory source with ini plugin
Loading collection junipernetworks.junos from /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections/junipernetworks/junos
redirecting (type: action) junipernetworks.junos.junos_config to junipernetworks.junos.junos
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading collection community.general from /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections/community/general
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading callback plugin community.general.yaml of type stdout, v2.0 from /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections/community/general/plugins/callback/yaml.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: fra2_debug.yml ********************************************************************************************************************************************************************
Positional arguments: fra2_debug.yml
verbosity: 4
remote_user: vifino
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
diff: True
inventory: ('/home/vifino/src/ansible/ansible-juniper/inventory',)
forks: 5
1 plays in fra2_debug.yml

PLAY [qfx5100.fake.tld] ***********************************************************************************************************************************************************
META: ran handlers
redirecting (type: action) junipernetworks.junos.junos_config to junipernetworks.junos.junos
Loading collection ansible.netcommon from /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections/ansible/netcommon

TASK [Test snippet] *************************************************************************************************************************************************************************
task path: /home/vifino/src/ansible/ansible-juniper/fra2_debug.yml:5
<1.2.3.4> attempting to start connection
<1.2.3.4> using connection plugin ansible.netcommon.netconf
Found ansible-connection at path /nix/store/v0a9bz3sm06by20ihf13h319dzf2ia4r-python3.9-ansible-core-2.12.5/bin/ansible-connection
<1.2.3.4> local domain socket does not exist, starting it
<1.2.3.4> control socket path is /home/vifino/.ansible/pc/6f2d094806
<1.2.3.4> Loading collection ansible.netcommon from /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections/ansible/netcommon
<1.2.3.4> Loading collection junipernetworks.junos from /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections/junipernetworks/junos
<1.2.3.4> local domain socket listeners started successfully
<1.2.3.4> loaded netconf plugin ansible_collections.junipernetworks.junos.plugins.netconf.junos from path /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections/junipernetworks/junos/plugins/netconf/junos.py for network_os junipernetworks.junos.junos
<1.2.3.4>
<1.2.3.4> local domain socket path is /home/vifino/.ansible/pc/6f2d094806
redirecting (type: action) junipernetworks.junos.junos_config to junipernetworks.junos.junos
redirecting (type: action) junipernetworks.junos.junos_config to junipernetworks.junos.junos
<1.2.3.4> ANSIBLE_NETWORK_IMPORT_MODULES: disabled
<1.2.3.4> ANSIBLE_NETWORK_IMPORT_MODULES: module execution time may be extended
<1.2.3.4> ESTABLISH LOCAL CONNECTION FOR USER: vifino
<1.2.3.4> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/vifino/.ansible/tmp/ansible-local-10147281cenz08g `"&& mkdir "` echo /home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942 `" && echo ansible-tmp-1652603487.0243556-1014743-134818354368942="` echo /home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942 `" ) && sleep 0'
Using module file /nix/store/s0vjdxmryljkgcmhbb98hyr3p7a6pajl-python3.9-ansible-5.7.1/lib/python3.9/site-packages/ansible_collections/junipernetworks/junos/plugins/modules/junos_config.py
<1.2.3.4> PUT /home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/tmpc2niei3t TO /home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942/AnsiballZ_junos_config.py
<1.2.3.4> EXEC /bin/sh -c 'chmod u+x /home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942/ /home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942/AnsiballZ_junos_config.py && sleep 0'
<1.2.3.4> EXEC /bin/sh -c '/nix/store/01kia41csjia67pry1rv828i9pvnnqfq-python3-3.9.12/bin/python3.9 /home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942/AnsiballZ_junos_config.py && sleep 0'
<1.2.3.4> EXEC /bin/sh -c 'rm -f -r /home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/netconf.py", line 91, in parse_rpc_error
  File "/nix/store/01kia41csjia67pry1rv828i9pvnnqfq-python3-3.9.12/lib/python3.9/xml/etree/ElementTree.py", line 1349, in XML
    parser.feed(text)
xml.etree.ElementTree.ParseError: syntax error: line 1, column 0

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942/AnsiballZ_junos_config.py", line 107, in <module>
    _ansiballz_main()
  File "/home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942/AnsiballZ_junos_config.py", line 99, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942/AnsiballZ_junos_config.py", line 47, in invoke_module
    runpy.run_module(mod_name='ansible_collections.junipernetworks.junos.plugins.modules.junos_config', init_globals=dict(_module_fqn='ansible_collections.junipernetworks.junos.plugins.modules.junos_config', _modlib_path=modlib_path),
  File "/nix/store/01kia41csjia67pry1rv828i9pvnnqfq-python3-3.9.12/lib/python3.9/runpy.py", line 210, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/nix/store/01kia41csjia67pry1rv828i9pvnnqfq-python3-3.9.12/lib/python3.9/runpy.py", line 97, in _run_module_code
    _run_code(code, mod_globals, init_globals,
  File "/nix/store/01kia41csjia67pry1rv828i9pvnnqfq-python3-3.9.12/lib/python3.9/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/junipernetworks/junos/plugins/modules/junos_config.py", line 533, in <module>
  File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/junipernetworks/junos/plugins/modules/junos_config.py", line 492, in main
  File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/junipernetworks/junos/plugins/modules/junos_config.py", line 396, in configure_device
  File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/junipernetworks/junos/plugins/module_utils/network/junos/junos.py", line 337, in load_config
  File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/netconf.py", line 80, in __rpc__
  File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/netconf.py", line 126, in parse_rpc_error
ansible.module_utils.connection.ConnectionError: b'Opening and ending tag mismatch: routing-engine line 2 and nc:rpc-reply, line 6, column 16 (<string>, line 6)'
fatal: [qfx5100.fake.tld]: FAILED! => changed=false
  module_stderr: |-
    Traceback (most recent call last):
      File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/netconf.py", line 91, in parse_rpc_error
      File "/nix/store/01kia41csjia67pry1rv828i9pvnnqfq-python3-3.9.12/lib/python3.9/xml/etree/ElementTree.py", line 1349, in XML
        parser.feed(text)
    xml.etree.ElementTree.ParseError: syntax error: line 1, column 0

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942/AnsiballZ_junos_config.py", line 107, in <module>
        _ansiballz_main()
      File "/home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942/AnsiballZ_junos_config.py", line 99, in _ansiballz_main
        invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
      File "/home/vifino/.ansible/tmp/ansible-local-10147281cenz08g/ansible-tmp-1652603487.0243556-1014743-134818354368942/AnsiballZ_junos_config.py", line 47, in invoke_module
        runpy.run_module(mod_name='ansible_collections.junipernetworks.junos.plugins.modules.junos_config', init_globals=dict(_module_fqn='ansible_collections.junipernetworks.junos.plugins.modules.junos_config', _modlib_path=modlib_path),
      File "/nix/store/01kia41csjia67pry1rv828i9pvnnqfq-python3-3.9.12/lib/python3.9/runpy.py", line 210, in run_module
        return _run_module_code(code, init_globals, run_name, mod_spec)
      File "/nix/store/01kia41csjia67pry1rv828i9pvnnqfq-python3-3.9.12/lib/python3.9/runpy.py", line 97, in _run_module_code
        _run_code(code, mod_globals, init_globals,
      File "/nix/store/01kia41csjia67pry1rv828i9pvnnqfq-python3-3.9.12/lib/python3.9/runpy.py", line 87, in _run_code
        exec(code, run_globals)
      File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/junipernetworks/junos/plugins/modules/junos_config.py", line 533, in <module>
      File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/junipernetworks/junos/plugins/modules/junos_config.py", line 492, in main
      File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/junipernetworks/junos/plugins/modules/junos_config.py", line 396, in configure_device
      File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/junipernetworks/junos/plugins/module_utils/network/junos/junos.py", line 337, in load_config
      File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/netconf.py", line 80, in __rpc__
      File "/tmp/ansible_junipernetworks.junos.junos_config_payload_1vqp2c8t/ansible_junipernetworks.junos.junos_config_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/netconf.py", line 126, in parse_rpc_error
    ansible.module_utils.connection.ConnectionError: b'Opening and ending tag mismatch: routing-engine line 2 and nc:rpc-reply, line 6, column 16 (<string>, line 6)'
  module_stdout: ''
  msg: |-
    MODULE FAILURE
    See stdout/stderr for the exact error
  rc: 1

PLAY RECAP **********************************************************************************************************************************************************************************
qfx5100.fake.tld : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

[vifino]

We've reproduced this on another QFX with another Linux ansible host.

• A QFX5110 with 22.1R1.10 with management network configured.
• enable netconf over ssh and enable rfc-compliant feature.

Run the following

ansible all -m junipernetworks.junos.junos_config -c ansible.netcommon.netconf -i 10.20.10.200, -e ansible_network_os=junipernetworks.junos.junos -a "lines='set system ports console log-out-on-disconnect'"

10.20.10.200 is the QFX in this case.

So, it seems that it does not like that the netconf is RFC 4741 compliant.

[rohitthakur2590]

@vifino This doesn't seem to be ocuuring at ansible end. Please feel free to open new issue in case you are still getting issue at ansible end.

[vifino]

@rohitthakur2590 It is directly related to netconf { yang-compliant; rfc-compliant; }. Try it.

[33Fraise33]

@rohitthakur2590 Can this issue please be reopened? I have the same issue when running:

---
- name: NETCONF - Enable netconf on device
  junipernetworks.junos.junos_netconf:
  vars:
    ansible_connection: ansible.netcommon.network_cli
    ansible_network_os: junipernetworks.junos.junos
    ansible_network_cli_ssh_type: paramiko

- name: INTERFACES - Juniper system settings
  junipernetworks.junos.junos_config:
    update: replace
    src: /tmp/systemconf_{{ inventory_hostname }}.conf
    src_format: text
    comment: "System Conf commit"
  vars:
    ansible_connection: ansible.netcommon.netconf
    ansible_network_os: junipernetworks.junos.junos

The first task creates the following netconf config on the device:

netconf {
    ssh {
        port 830;
    }
    rfc-compliant;
    yang-compliant;
}

the rfc-compliant and yang-compliant part causes the following issue when running a task with junipernetworks.junos.junos_config.

fatal: [CMB_SW_UP01]: FAILED! => {
    "changed": false,
    "module_stderr": "b'Opening and ending tag mismatch: rpc-reply line 1 and commit-results, line 6, column 18 (<string>, line 6)'",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"
}

Removing the rfc-compliant and yang-compliant entries makes it work.

[mweinelt]

Experiencing the same behaviour on an EX3400 with 21.4R3-S3.4.

With rfc-compliant we get the "Opening and ending tag mismatch" error. Without it it works.

[vifino]

Thank you for reopening this.

[LarsKollstedt]

I can also confirm this to occur with a EX2300, which is running JUNOS 23.2R1-S1.6. The option rfc-compliant is within the factory default config on EX3400 and EX2300 with JUNOS 21.4 and JUNOS 23.2. Probably in some JUNOS 21.x and above.

I get:

2023-12-21 10:03:53,924 p=12017 u=<myUsername> n=ncclient.operations.rpc | [host <deviceIP> session-id 89774] Requesting 'Validate'
2023-12-21 10:03:54,017 p=12017 u=<myUsername> n=ncclient.transport.ssh | [host <deviceIP> session-id 89774] Sending:
b'<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:47c9e3bf-bf88-4cf6-a4f6-c7014e591c38"><nc:validate><nc:source><nc:candidate/></nc:source></nc:validate></nc:rpc>]]>]]>'
2023-12-21 10:04:11,950 p=12017 u=<myUsername> n=ncclient.transport.ssh | [host <deviceIP> session-id 89774] Received message from host
2023-12-21 10:04:11,951 p=12017 u=<myUsername> n=ansible | Traceback (most recent call last):
  File "/home/<myUsername>/<somePath>/ansible-network/.venv/lib/python3.10/site-packages/ansible/utils/jsonrpc.py", line 46, in handle_request
    result = rpc_method(*args, **kwargs)
  File "/home/<myUsername>/.ansible/collections/ansible_collections/ansible/netcommon/plugins/plugin_utils/netconf_base.py", line 218, in validate
    resp = self.m.validate(source=source)
  File "/home/<myUsername>/<somePath>/ansible-network/.venv/lib/python3.10/site-packages/ncclient/manager.py", line 257, in execute
    return cls(self._session,
  File "/home/<myUsername>/<somePath>/ansible-network/.venv/lib/python3.10/site-packages/ncclient/operations/edit.py", line 137, in request
    return self._request(node)
  File "/home/<myUsername>/<somePath>/ansible-network/.venv/lib/python3.10/site-packages/ncclient/operations/rpc.py", line 365, in _request
    self._reply.parse()
  File "/home/<myUsername>/<somePath>/ansible-network/.venv/lib/python3.10/site-packages/ncclient/operations/rpc.py", line 161, in parse
    root = self._root = to_ele(self._raw, huge_tree=self._huge_tree) # The <rpc-reply> element
  File "/home/<myUsername>/<somePath>/ansible-network/.venv/lib/python3.10/site-packages/ncclient/xml_.py", line 129, in to_ele
    return x if etree.iselement(x) else etree.fromstring(x.encode('UTF-8'), parser=_get_parser(huge_tree))
  File "src/lxml/etree.pyx", line 3257, in lxml.etree.fromstring
  File "src/lxml/parser.pxi", line 1916, in lxml.etree._parseMemoryDocument
  File "src/lxml/parser.pxi", line 1803, in lxml.etree._parseDoc
  File "src/lxml/parser.pxi", line 1144, in lxml.etree._BaseParser._parseDoc
  File "src/lxml/parser.pxi", line 618, in lxml.etree._ParserContext._handleParseResultDoc
  File "src/lxml/parser.pxi", line 728, in lxml.etree._handleParseResult
  File "src/lxml/parser.pxi", line 657, in lxml.etree._raiseParseError
  File "<string>", line 6
lxml.etree.XMLSyntaxError: Opening and ending tag mismatch: rpc-reply line 1 and commit-results, line 6, column 18

But I don't get the orignal RPC reply it fails to parse. I also thought about trying to send

<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:47c9e3bf-bf88-4cf6-a4f6-c7014e591c38"><nc:validate><nc:source><nc:candidate/></nc:source></nc:validate></nc:rpc>]]>]]>

via junipernetworks.junos.junos_rpc to troubleshoot this but I'm not really sure how to get this message in a form it would produce the same reply message with junipernetworks.junos.junos_rpc, yet. ;-)

I think it's possible this issue is within a library used by junipernetworks.junos.junos_config, but I don't think this is limited to a specific library version, due to what I'm seeing above. And it could be as well a issue with modes or parameters a library is used with. ;-)

[LarsKollstedt]

troubleshoot this but I'm not really sure how to get this message in a form it would produce the same reply message with junipernetworks.junos.junos_rpc, yet. ;-)

I got it to send

<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:4f4ed2ee-43c5-4ed1-9248-65b6c4a52d0d"><validate format="xml"><source>candidate</source></validate></nc:rpc>]]>]]>

and

<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:f30eb1a7-437e-415e-91b3-48f33454ef05"><validate format="xml"><source>&lt;nc:candidate/&gt;</source></validate></nc:rpc>]]>]]>

but not the request like it's sent by junipernetworks.junos.junos_config. So this of course didn't show anything useful. ;-)