Ansible - Configure host group and ping it

[richardbui467]

I'm looking to get Ansible going by being able to configure a host group called sw-a and ping it.

• [x] Configure hosts file
• [x] Configure ansible.cfg
• [ ] Ping sw-a

[richardbui467]

I ran into some errors when trying to run 'ansible sw-a -m ping' so far:

• Permission denied (publickey, keyboard-interactive, password)
• Unhandled error in Python interpreter discovery for host sw-a1
• Sftp transfer mechanism failed & scp transfer mechanism failed

For the 1st error, I was able to add "-vvvv" to get some more debugging information out of the command. I found that it was saying "ESTABLISH SSH CONNECTION FOR USER: None", which signaled to me that Ansible doesn't know which credentials to pass in order to establish a session. This also made sense since with Netmiko, I explicitly configured credentials for it to use; and that works just fine when I make connections. So then I found a good way to pass credentials whenever I made a connection in Ansible from the top answer in this Stack Overflow post .

Although, this first required that I connect my control node to the internet and run an 'apt update' followed by 'apt install sshpass'. Tutorials said I would need to bring in the NAT cloud node and connect a router with NAT configured on it. Although, that wasn't working for some reason; so I found that adding another interface to the control node and connecting it directly was a decent workaround.

For the 2nd error, I ended up finding that I needed to explicitly set which Python interpreter my managed nodes were using. Not too sure how on how that works, but I suppose my nodes just needed to know which version of Python to expect in order to work with Ansible. I referred to the official Ansible docs for a fix.

For the 3rd error, I am still trying to work on that right now. I've tried Googling a few times, but I have yet to find anything viable.

[richardbui467]

Finally found a good post that solved my issue:

https://stackoverflow.com/questions/73649720/ansible-error-line-has-invalid-autocommand

[richardbui467]

I think the way I got there was looking at the module_stderror and module_stdout messages instead of trying to wade through debug information shown from the -vvv and -vvvv options.

root@NetworkAutomation-1:~# ansible switches -m ping
[WARNING]: sftp transfer mechanism failed on [sw-a1]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [sw-a1]. Use ANSIBLE_DEBUG=1 to see detailed information
sw-a1 | FAILED! => {
    "changed": false,
    "module_stderr": "\r\nIOSv - Cisco Systems Confidential -\r\n\r\nSupplemental End User License Restrictions\r\n\r\nThis IOSv software is provided AS-IS without warranty of any kind. Under no circumstances may this software be used separate from the Cisco Modeling Labs Software that this software was provided with, or deployed or used as part of a production environment.\r\n\r\nBy using the software, you agree to abide by the terms and conditions of the Cisco End User License Agreement at http://www.cisco.com/go/eula. Unauthorized use or distribution of this software is expressly prohibited.\r\nShared connection to sw-a1 closed.\r\n",
    "module_stdout": "\r\nLine has invalid autocommand \"/bin/sh -c '/usr/bin/python3 '\"'\"'\"` echo Line has inva\"/AnsiballZ_ping.py'\"'\"' && sleep 0'\"",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 0
}

First, I looked at module_stderr and Googled the shared connection message. I then got to this post that seemed to tackle an issue with Ansible not being able to find the Python interpreter. So I scratched that off the list and made another search leading me to the Stack Overflow post I mentioned earlier. It seems like the module_stderr is more general, while the module_stdout message is more descriptive of what is wrong? I will need to study up on knowing how to read Ansible error messages for next time. I felt like I could have saved a lot of pains by knowing how to do that better.

[richardbui467]

This is what my hosts file looks like now after adding the lines from that post:

[all:vars] ansible_connection=ssh ansible_user=cisco ansible_ssh_pass=cisco ansible_connection=network_cli ansible_network_os=ios ansible_port=22

[switches:vars] ansible_python_interpreter=/usr/bin/python3

[switches] sw-a1 sw-a2 sw-a3

[richardbui467]

Need to look into what those lines exactly do and what my module_stdout error meant tomorrow.

[richardbui467]

So to sum things up, these are the changes I made to get everything working

• Installed sshpass and added the following lines to the hosts file under the [all:vars] group:

ansible_user=cisco ansible_ssh_pass=cisco

• Explicitly set the interpreter for Python3 by adding the following line to the hosts file under the [switches:vars] group:

ansible_python_interpreter=/usr/bin/python3

Ansible by default tries to automatically detect and use which interpreter each managed node uses. Although, network devices do not have Python by default. So Ansible will just error out without explicitly telling it what to use.

• Informed Ansible which network platform it was going to work on and the method it would use to connect by adding the following lines to the hosts file under the [all:vars] group:

ansible_connection=network_cli ansible_network_os=ios

Naturally, Ansible tries to send Python commands over SCP/SFTP to run on the managed node. Although, since network devices do not have Python by default; it will just error out unless you tell Ansible that the managed node has an NOS running with the network_os variable You would also need to tell Ansible the means by which you are connecting to the managed node with the connection variable. Information about that seems to be available in the Network Automation section of the official Ansible documentation.