ansible-junos-stdlib
ansible-junos-stdlib copied to clipboard
Published
20 hours ago •
Juniper
Juniper
1st attempt unformatted password
Issue Type
- Bug Report
Module Name
Password var reference not resolving. Example shows use of juniper_junos_facts but I have run into this with _confg and _command.
Juniper.Junos role and Python libraries version
ansible 2.7.0
config file = /cyclops-ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.15 (default, Aug 16 2018, 14:17:09) [GCC 6.4.0]
ansible==2.7.0
asn1crypto==0.24.0
bcrypt==3.1.4
certifi==2018.10.15
cffi==1.11.5
chardet==3.0.4
cryptography==2.7
enum34==1.1.6
future==0.17.1
idna==2.7
ipaddress==1.0.22
Jinja2==2.10
jmespath==0.9.4
junos-eznc==2.2.1
jxmlease==1.0.2.dev1
lxml==4.2.2
MarkupSafe==1.1.0
ncclient==0.6.6
netaddr==0.7.19
ntlm-auth==1.2.0
omsdk==1.2.370
paramiko==2.4.2
passlib==1.7.1
pexpect==4.7.0
ply==3.11
prettytable==0.7.2
ptyprocess==0.6.0
pyasn1==0.4.4
pycparser==2.19
pycrypto==2.6.1
pycryptodomex==3.8.2
PyNaCl==1.3.0
pyserial==3.4
pysmi==0.3.4
pysnmp==4.4.9
pysnmp-mibs==0.1.6
pysphere==0.1.7
python-version==0.0.2
pyvmomi==6.7.1.2018.12
pywinrm==0.3.0
PyYAML==3.13
requests==2.20.1
requests-ntlm==1.1.0
scp==0.13.2
selectors2==2.0.1
six==1.11.0
urllib3==1.24.1
xmltodict==0.11.0
zabbix-api==0.5.4
- src: https://github.com/Juniper/ansible-junos-stdlib.git
scm: git
version: 2.1.0
name: juniper.junos
OS / Environment
Playbook is running on:
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.8.1
PRETTY_NAME="Alpine Linux v3.8"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"
| Software | Platform |
|---|---|
| 15.1X49-D45 | SRX340 |
| 12.1X46-D35.1 | SRX240H2 |
| 15.1X49-D40.6 | SRX1500 |
Summary
Module is not able to pull user password correctly in Production. In our lab environment this isn't an problem.
Steps to reproduce
- name: Gathering Facts
hosts: juniper
roles:
- juniper.junos
connection: netconf
gather_facts: false
remote_user: "{{ srx_remote_user }}"
vars:
ansible_network_os: junos
ansible_user: "{{ srx_remote_user }}"
ansible_ssh_pass: "{{ srx_remote_user_ssh_pass | default(omit) }}"
tasks:
- name: Collect Junos Device Information
juniper_junos_facts:
register: junos_facts
- name: Print Junos Facts
debug:
msg: "{{ junos_facts }}"
srx_remote_user: ansible
srx_remote_user_ssh_pass: "{{ vault_cyclops_ansible_user_pass }}"
Expected results
/cyclops-ansible # ansible-playbook playbooks/juniper_junos_facts.yml -l hostname
PLAY [Gathering Facts] ***********************************************************************************
TASK [Collect Junos Device Information] ******************************************************************
fatal: [hostname]: FAILED! => {"changed": false, "msg": "Unable to make a PyEZ connection: ConnectAuthError(hostname)"}
[hostname] TASK: Collect Junos Device Information (debug)> redo
ok: [hostname]
TASK [Print Junos Facts] *********************************************************************************
ok: [hostname] => {
"msg": {
"ansible_facts": {
"junos": {
"HOME": "/var/home/SU",
"RE0": {
"last_reboot_reason": "0x200:normal shutdown",
"mastership_state": "master",
"model": "RE-SRX340",
"status": "OK",
"up_time": "756 days, 22 hours, 33 minutes, 42 seconds"
},
}
}
PLAY RECAP ***********************************************************************************************
hostname : ok=2 changed=0 unreachable=0 failed=0
Actual results
# ansible-playbook playbooks/juniper_junos_facts.yml -l hostname -vvvv
ansible-playbook 2.7.0
config file = /cyclops-ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.15 (default, Aug 16 2018, 14:17:09) [GCC 6.4.0]
Using /cyclops-ansible/ansible.cfg as config file
setting up inventory plugins
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc
Loading callback plugin cyclops_slack_failed of type notification, v2.0 from /cyclops-ansible/playbooks/callback_plugins/cyclops_slack_failed.pyc
Loading callback plugin cyclops_slack_freeipa_user_changes of type notification, v2.0 from /cyclops-ansible/playbooks/callback_plugins/cyclops_slack_freeipa_user_changes.pyc
Loading callback plugin jsnapy of type aggregate, v2.0 from /cyclops-ansible/roles/juniper.junos/callback_plugins/jsnapy.pyc
Loading callback plugin slack_backported of type notification, v2.0 from /cyclops-ansible/playbooks/callback_plugins/slack_backported.pyc
Loading callback plugin syslog_json of type aggregate, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/syslog_json.pyc
PLAYBOOK: juniper_junos_facts.yml **************************************************************************************************
1 plays in playbooks/juniper_junos_facts.yml
PLAY [Gathering Facts] *************************************************************************************************************
META: ran handlers
Trying secret FileVaultSecret(filename='/.vault') for vault_id=default
Trying secret FileVaultSecret(filename='/.vault') for vault_id=default
TASK [Collect Junos Device Information] ********************************************************************************************
task path: /cyclops-ansible/playbooks/juniper_junos_facts.yml:14
<10.2.1.1> attempting to start connection
<10.2.1.1> using connection plugin netconf
<10.2.1.1> local domain socket does not exist, starting it
<10.2.1.1> control socket path is /root/.ansible/pc/a4447d854d
<10.2.1.1> connection to remote device started successfully
<10.2.1.1> local domain socket listeners started successfully
<10.2.1.1>
<10.2.1.1> local domain socket path is /root/.ansible/pc/a4447d854d
<10.2.1.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.2.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502 `" && echo ansible-tmp-1563553341.31-235616940099502="` echo /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502 `" ) && sleep 0'
Using module file /cyclops-ansible/roles/juniper.junos/library/juniper_junos_facts.py
<10.2.1.1> PUT /root/.ansible/tmp/ansible-local-92EqahCf/tmp0LA048 TO /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502/AnsiballZ_juniper_junos_facts.py
<10.2.1.1> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502/ /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502/AnsiballZ_juniper_junos_facts.py && sleep 0'
<10.2.1.1> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502/AnsiballZ_juniper_junos_facts.py && sleep 0'
<10.2.1.1> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-92EqahCf/ansible-tmp-1563553341.31-235616940099502/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
File "/tmp/ansible_juniper_junos_facts_payload_QprqN9/ansible_juniper_junos_facts_payload.zip/ansible/module_utils/juniper_junos_common.py", line 1304, in open
self.dev.open()
File "/usr/lib/python2.7/site-packages/jnpr/junos/device.py", line 1268, in open
raise EzErrors.ConnectAuthError(self)
fatal: [hostname]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"attempts": null,
"baud": null,
"config_format": null,
"console": null,
"host": "hostname",
"level": null,
"logdir": null,
"logfile": null,
"mode": null,
"passwd": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 830,
"provider": null,
"savedir": null,
"ssh_config": null,
"ssh_private_key_file": null,
"timeout": 30,
"user": "ansible"
}
},
"msg": "Unable to make a PyEZ connection: ConnectAuthError(hostname)"
}
PLAY RECAP *************************************************************************************************************************
hostname : ok=0 changed=0 unreachable=0 failed=1
This may also be of use:
Demonstrates (1) why you're getting a ConnetAuthError the first attempt (because of the unformatted password) and (2) why it works the second attempt (because it's getting the properly formatted password)
PLAY [Gathering Facts] ***************************************************************************************************************************
TASK [Collect Junos Device Information] **********************************************************************************************************
fatal: [hostname]: FAILED! => {"changed": false, "msg": "Unable to make a PyEZ connection: ConnectAuthError(hostname)"}
[hostname] TASK: Collect Junos Device Information (debug)> p task.args
{'_ansible_check_mode': False,
'_ansible_debug': False,
'_ansible_diff': False,
'_ansible_keep_remote_files': False,
'_ansible_module_name': u'juniper_junos_facts',
'_ansible_no_log': False,
'_ansible_remote_tmp': u'~/.ansible/tmp',
'_ansible_selinux_special_fs': ['fuse', 'nfs', 'vboxsf', 'ramfs', '9p'],
'_ansible_shell_executable': u'/bin/sh',
'_ansible_socket': u'/root/.ansible/pc/7c06e50a92',
'_ansible_syslog_facility': u'LOG_USER',
'_ansible_tmpdir': u'/root/.ansible/tmp/ansible-local-37734EPyQ/ansible-tmp-1563310619.76-182954198747515/',
'_ansible_verbosity': 0,
'_ansible_version': '2.7.0',
'_module_name': u'juniper_junos_facts',
'_module_utils_path': '/cyclops-ansible/roles/juniper.junos/module_utils',
'host': u'hostname',
'passwd': u'{{ srx_remote_user_ssh_pass | default(omit) }}', <--------------------------**
'user': u'ansible'}
[hostname] TASK: Collect Junos Device Information (debug)> r
ok: [hostname]
[hostname] TASK: Collect Junos Device Information (debug)> p task.args
{'_ansible_check_mode': False,
'_ansible_debug': False,
'_ansible_diff': False,
'_ansible_keep_remote_files': False,
'_ansible_module_name': u'juniper_junos_facts',
'_ansible_no_log': False,
'_ansible_remote_tmp': u'~/.ansible/tmp',
'_ansible_selinux_special_fs': ['fuse', 'nfs', 'vboxsf', 'ramfs', '9p'],
'_ansible_shell_executable': u'/bin/sh',
'_ansible_socket': u'/root/.ansible/pc/7c06e50a92',
'_ansible_syslog_facility': u'LOG_USER',
'_ansible_tmpdir': u'/root/.ansible/tmp/ansible-local-37734EPyQ/ansible-tmp-1563310645.75-61079557661853/',
'_ansible_verbosity': 0,
'_ansible_version': '2.7.0',
'_module_name': u'juniper_junos_facts',
'_module_utils_path': '/cyclops-ansible/roles/juniper.junos/module_utils',
'host': u'hostname',
'passwd': u'OMIT', *This was the correct password <-----------------------------------------**
'user': u'ansible'}
@sward1557 I am not quite sure I follow the issue description. Will give it a try and try to respond back by EOW.
