vyos modules failes with 'paramiko is required but does not appear to be installed'

[neilhwatson]

ISSUE TYPE

• Bug Report

COMPONENT NAME

vyos_command and vyos_config

ANSIBLE VERSION

ansible 2.2.0.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides

Other info

python -c "import sys; print sys.path"
['', '/usr/lib/python2.7', '/usr/lib/python2.7/plat-x86_64-linux-gnu',
'/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old',
'/usr/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/dist-packages',
'/usr/lib/python2.7/dist-packages',
'/usr/lib/python2.7/dist-packages/PILcompat',
'/usr/lib/python2.7/dist-packages/gst-0.10',
'/usr/lib/python2.7/dist-packages/gtk-2.0', '/usr/lib/pymodules/python2.7']

$ find /usr/lib -name paramiko
/usr/lib/python2.7/dist-packages/paramiko

CONFIGURATION

No changes

OS / ENVIRONMENT

Debian testing (stretch/sid)

SUMMARY

Attempts to run modules result a false error about the paramiko module not being installed.

STEPS TO REPRODUCE

---
- hosts: ubt
  remote_user: neil

  vars:
    cli:
      host: "{{ inventory_hostname }}"
      transport: cli

  tasks:

  - name: Run test command and exit
    vyos_command:
      commands:
        - show version
      provider: "{{ cli }}"

$ ansible-playbook -vi hosts -C test.yml

EXPECTED RESULTS

The remote command show version should have been run and the output displayed.

ACTUAL RESULTS

The remote command did not run and ansible reported an error

Using /etc/ansible/ansible.cfg as config file
 ____________
< PLAY [ubt] >
 ------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

 ______________
< TASK [setup] >
 --------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

Enter passphrase for key '/home/neil/.ssh/id_rsa':
ok: [192.168.1.1]
 __________________________________
< TASK [Run test command and exit] >
 ----------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

fatal: [192.168.1.1]: FAILED! => {"changed": false, "failed": true, "msg":
"paramiko is required but does not appear to be installed.  It can be installed
using  `pip install paramiko`"}
        to retry, use: --limit @/home/neil/src/home-network/test.retry
 ____________
< PLAY RECAP >
 ------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

192.168.1.1                : ok=1    changed=0    unreachable=0    failed=1   

[sivel]

Can you attempt running the following?

python -c 'import paramiko; from paramiko.ssh_exception import AuthenticationException;'

Also, as something I notice, it appears as though you are running the vyos_command module against 192.168.1.1 without specifying local_action or delegate_to: localhost. As such, you would need to have paramiko installed on 192.168.1.1

[neilhwatson]

$ python -c 'import paramiko; from paramiko.ssh_exception import AuthenticationException;'
$ echo $?
0

You've lost me on the delegate_to attribute. The remote host is a vyos powered device and I do not wish to install custom software on it.

[sivel]

The way that ansible typically works, is that it builds out a python file that is then ships to the remote device where it is executed.

Currently with your provided playbook, you are targeting hosts: ubt. ubt seems to correlate to 192.168.1.1 which I am assuming is the vyos device. So currently it is trying to run python code on 192.168.1.1 which does not have paramiko installed.

Instead, your playbook should try 1 of a few things:

1. Supply connection: local at the play level, where remote_user is specified, so that the vyos_command module would be executed on the machine running ansible, instead of being copied to 192.168.1.1.
2. Supply delegate_to: localhost on each task, to say that the module should be executed locally, rather than on 192.168.1.1

[neilhwatson]

I tried both but I get this error:

fatal: [192.168.1.1]: FAILED! => 
   {"changed": false, "failed": true, "msg": "failed to connect to 192.168.1.1:22"}

Yet, ssh works:

 $ !ssh
ssh 192.168.1.1
Welcome to EdgeOS

By logging in, accessing, or using the Ubiquiti product, you
acknowledge that you have read and understood the Ubiquiti
License Agreement (available in the Web UI at, by default,
http://192.168.1.1) and agree to be bound by its terms.

Enter passphrase for key '/home/neil/.ssh/id_rsa':
X11 forwarding request failed on channel 0
Linux ubnt 3.10.14-UBNT #1 SMP Fri Jan 29 20:03:40 PST 2016 mips
Welcome to EdgeOS
Last login: Wed Dec  7 14:42:25 2016 from 192.168.1.2
neil@ubnt:~$

playbook:

---
- hosts: ubt

  vars:
    cli:
      host: 192.168.1.1
      username: neil
      transport: cli

  tasks:

  - name: Run test command and exit
    connection: local
    vyos_command:
      commands:
        - show version
      provider: "{{ cli }}"

[sivel]

I believe that is a symptom of not providing the path to the SSH key that you need to use. The network modules do not utilize your ssh_config, so all credentials need to be supplied. Additionally, since the network modules are utilizing paramiko for SSH, you will need to supply a password for your key file, since it appears to require a passphrase.

It may be useful to read over the Intro Networking document at https://docs.ansible.com/ansible/intro_networking.html

[neilhwatson]

Too bad the network modules are so different. It reduced adoption of them, by making commands tasks the path of least resistance. Thanks for your insights.