Connection to “VyOS on AWS” not possible

SUMMARY

vyos_config works perfectly for vyOS router which are deployed on VMWare or any other hypervisor. However, if I use “VyOS on AWS” it does not work.

The main difference is that you have to use public key to connect to the cloud instances, maybe this is the issue here, but I can't see any packets leaving the Ansible host via tcpdump

In AWS you have to use a public key to

ISSUE TYPE

Bug Report

COMPONENT NAME

ANSIBLE VERSION

ansible 2.9.12
  config file = /home/admin/silverpeak-cisco-poc-automation/ansible.cfg
  configured module search path = ['/home/admin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]

COLLECTION VERSION

2.4.0:
    changes:
      minor_changes:
      - Add vyos_prefix_lists Resource Module.
    fragments:
    - vyos_prefix_lists.yml
    modules:
    - description: Prefix-Lists resource module for VyOS
      name: vyos_prefix_lists
      namespace: ''
    release_date: '2021-07-06'

OS / ENVIRONMENT

CentOS 7

STEPS TO REPRODUCE

This is the working onPrem Playbook:

---
- name: "render a Jinja2 template onto the VyOS router"
  vyos.vyos.vyos_config:
    src: templates/{{ template }}
    provider:
  register: config

- name: "save config localy for debugging"
  template:
    src: templates/{{ template }}
    dest: files/{{ hostname }}.txt
    mode: 0666
    lstrip_blocks: yes

This is what I put in my inventory file under host_vars:

[cat host_vars/1-Europe-vyOS-AWS-Site1.yml 
---

  ansible_host: 18.159.207.56
  ansible_connection: ansible.netcommon.network_cli
  ansible_network_os: vyos.vyos.vyos
  ansible_user: vyos
  #ansible_become: yes
  hostname: "some-host-name"
  site: 1
  --snip--

and this is the error message:

TASK [configure_vyos_router : render a Jinja2 template onto the VyOS router] ****************************************************************************************************************
task path: /home/admin/silverpeak-cisco-poc-automation/roles/configure_vyos_router/tasks/main.yml:9
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> attempting to start connection
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> using connection plugin ansible.netcommon.network_cli
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> found existing local domain socket, using it!
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> updating play_context for connection
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> 
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> local domain socket path is /home/admin/.ansible/pc/14a1808d10
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> ESTABLISH LOCAL CONNECTION FOR USER: admin
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/admin/.ansible/tmp/ansible-local-2150006pm1rpeg0 `"&& mkdir "` echo /home/admin/.ansible/tmp/ansible-local-2150006pm1rpeg0/ansible-tmp-1625649121.269041-2150520-270375937016727 `" && echo ansible-tmp-1625649121.269041-2150520-270375937016727="` echo /home/admin/.ansible/tmp/ansible-local-2150006pm1rpeg0/ansible-tmp-1625649121.269041-2150520-270375937016727 `" ) && sleep 0'
<1-Europe-vyOS-AWS-Site1> Attempting python interpreter discovery
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> EXEC /bin/sh -c '/usr/bin/python3.6 && sleep 0'
Using module file /home/admin/.ansible/collections/ansible_collections/vyos/vyos/plugins/modules/vyos_config.py
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> PUT /home/admin/.ansible/tmp/ansible-local-2150006pm1rpeg0/tmpqfw1m7jp TO /home/admin/.ansible/tmp/ansible-local-2150006pm1rpeg0/ansible-tmp-1625649121.269041-2150520-270375937016727/AnsiballZ_vyos_config.py
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> EXEC /bin/sh -c 'chmod u+x /home/admin/.ansible/tmp/ansible-local-2150006pm1rpeg0/ansible-tmp-1625649121.269041-2150520-270375937016727/ /home/admin/.ansible/tmp/ansible-local-2150006pm1rpeg0/ansible-tmp-1625649121.269041-2150520-270375937016727/AnsiballZ_vyos_config.py && sleep 0'
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> EXEC /bin/sh -c 'sudo -H -S  -p "[sudo via ansible, key=eyhjrwvinrkzimobfewbghcwnpdmyxte] password:" -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-eyhjrwvinrkzimobfewbghcwnpdmyxte ; /usr/libexec/platform-python /home/admin/.ansible/tmp/ansible-local-2150006pm1rpeg0/ansible-tmp-1625649121.269041-2150520-270375937016727/AnsiballZ_vyos_config.py'"'"' && sleep 0'
<{'sensitive': False, 'type': 'string', 'value': '18.159.207.56'}> EXEC /bin/sh -c 'rm -f -r /home/admin/.ansible/tmp/ansible-local-2150006pm1rpeg0/ansible-tmp-1625649121.269041-2150520-270375937016727/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_vyos.vyos.vyos_config_payload_msjc2ykd/ansible_vyos.vyos.vyos_config_payload.zip/ansible_collections/vyos/vyos/plugins/module_utils/network/vyos/vyos.py", line 84, in get_capabilities
    capabilities = Connection(module._socket_path).get_capabilities()
  File "/tmp/ansible_vyos.vyos.vyos_config_payload_msjc2ykd/ansible_vyos.vyos.vyos_config_payload.zip/ansible/module_utils/connection.py", line 185, in __rpc__
    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
fatal: [1-Europe-vyOS-AWS-Site1]: FAILED! => changed=false 
  ansible_facts:
    discovered_interpreter_python: /usr/libexec/platform-python
  invocation:
    module_args:
      backup: false
      backup_options: null
      comment: configured by vyos_config
      config: null
      lines: null
      match: line
      provider: null
      save: false
      src: |-
        set interfaces ethernet eth1  address '10.0.12.10/24'
        set interfaces ethernet eth1 description 'to SD-WAN'
        set interfaces ethernet eth2  address '10.0.11.5/24'
        set interfaces ethernet eth2 description 'to LAN'
        set interfaces loopback lo address '11.0.1.1/32'
        set protocols bgp 65101 neighbor 10.0.12.5 remote-as '11'
        set protocols bgp 65101 parameters log-neighbor-changes
        set protocols bgp 65101 address-family ipv4-unicast redistribute 'connected'
        set protocols bgp 65101 parameters router-id '11.0.1.1'
        set system host-name '1-Europe-vyOS-AWS-Site1'
  msg: '[Errno -2] Name or service not known'

PLAY RECAP **********************************************************************************************************************************************************************************
1-Europe-vyOS-AWS-Site1    : ok=2    changed=0    unreachable=0    failed=1    skipped=5    rescued=0    ignored=0   
localhost                  : ok=4    changed=0

It seams that it does not try to do a ssh connetion, I could not capture anything with tcpdump.

vyos / vyos.vyos