ansible-junos-stdlib icon indicating copy to clipboard operation
ansible-junos-stdlib copied to clipboard

Published 20 hours ago verified publisher icon Juniper

Pyezconnection taking private key before supplied password

Open 33Fraise33 opened this issue 3 years ago • 0 comments

Issue Type

  • Bug Report / Unwanted Behaviour

Module Name

juniper.device juniper.device collection and Python libraries version

ansible [core 2.11.5]
  config file = /home/gianni/git/5g-ansible-networking/ansible.cfg
  configured module search path = ['/home/gianni/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/gianni/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.7 (default, Aug 31 2021, 13:28:12) [GCC 11.1.0]
  jinja version = 2.11.3
  libyaml = True

aiofiles @ file:///build/python-aiofiles/src/aiofiles/dist/aiofiles-0.7.0-py3-none-any.whl
aiohttp==3.7.4.post0
aiohttp-cors==0.7.0
ansible==4.5.0
ansible-core==2.11.5
apparmor==3.0.3
appdirs==1.4.4
application-utility==1.3.2
async-generator==1.10
async-timeout==3.0.1
attrs==21.2.0
Babel==2.9.1
bcrypt==3.2.0
bidict==0.21.3
Brlapi==0.8.2
btrfsutil==5.14
CacheControl==0.12.6
ceph==1.0.0
ceph-volume==1.0.0
cephfs==2.0.0
cephfs-shell==0.0.1
certifi==2020.12.5
cffi==1.14.5
chardet==3.0.4
click==7.1.2
cmd2==1.5.0
colorama==0.4.4
construct==2.10.67
contextlib2==0.6.0.post1
cryptography==3.4.4
cupshelpers==1.0
decorator==5.1.0
distlib==0.3.2
distro==1.6.0
dnspython==2.1.0
docker==4.4.1
docopt==0.6.2
entrypoints==0.3
evdev==1.4.0
filelock==3.0.12
flake8==3.9.2
future==0.18.2
Glances==3.2.2
gns3-gui==2.2.25
gns3-server==2.2.25
gsm0338==1.0.0
html5lib==1.1
idna==3.1
importlib-metadata==4.8.1
isc==2.0
isodate==0.6.0
Jinja2==2.11.3
jsonpath-ng==1.5.2
jsonschema==3.2.0
junos-eznc==2.6.2
jxmlease==1.0.3
keyutils==0.6
lensfun==0.3.95
LibAppArmor==3.0.3
libfdt==1.6.1
libtorrent===1.2.14-build-libtorrent-rasterbar-src-libtorrent-rasterbar-1.2.14-bindings-python
libvirt-python==7.3.0
louis==3.19.0
lxml==4.6.3
Markdown==3.3.4
MarkupSafe==1.1.1
mccabe==0.6.1
meson==0.59.1
more-itertools==8.9.0
msgpack==1.0.2
multidict==4.7.6
ncclient==0.6.9
netaddr==0.8.0
netsnmp-python==1.0a1
npyscreen==4.10.5
ordered-set==4.0.2
packaging==20.8
pacman-mirrors==4.21.5
paramiko==2.7.2
pep517==0.11.0
Pillow==8.3.2
ply==3.11
progress==1.5
prompt-toolkit==3.0.20
protobuf==3.6.0
psutil==5.8.0
py-cpuinfo==8.0.0
pycairo==1.20.1
pycodestyle==2.7.0
pycountry==20.7.3
pycparser==2.20
pycryptodome==3.10.1
pycups==2.0.1
pycurl==7.43.0.6
pyflakes==2.3.1
Pygments==2.10.0
PyGObject==3.40.1
PyNaCl==1.4.0
pynetbox==5.3.0
pyOpenSSL==20.0.1
pyparsing==2.4.7
pyperclip==1.7.0
PyQt5==5.15.4
PyQt5-sip==12.9.0
pyrsistent==0.18.0
pyscard==2.0.1
pyserial==3.5
pySim==1.0
pysmbc==1.0.23
PySocks==1.7.1
python-dotenv==0.15.0
pytlv==0.71
pytz==2021.1
PyYAML==5.4.1
rados==2.0.0
rbd==2.0.0
reportlab==3.6.1
requests==2.26.0
resolvelib==0.5.5
retrying==1.3.3
rgw==2.0.0
scp==0.13.6
sentry-sdk==1.3.1
sip==4.19.25
six==1.11.0
speedtest-cli==2.1.3
streamlink==2.4.0
team==1.0
toml==0.10.2
tomli==1.2.1
transitions==0.8.8
typing-extensions==3.7.4.3
udiskie==2.3.3
ultrasync==0.9.2
urllib3==1.26.2
virtualenv==20.4.2
wcwidth==0.2.5
webencodings==0.5.1
websocket-client==0.59.0
xmltodict==0.12.0
yamlordereddictloader==0.4.0
yarl==1.4.2
youtube-dl==2021.6.6
zipp==3.5.0

OS / Environment

Model: ex3400-24t Junos: 20.4R2-S2.2

Summary

Running juniper.device.config for example does give a PyEZ ConnectAuthError when running the playbook with -u <username> -k. This happens as my private key in ~/.ssh/config is not on the device. The expected result is to use the ssh key first and if this fails use the supplied username and password combination. This last part is not happening so on a new device this is only fixable by adding the variable: ssh_private_key_file: "/dev/null"

Steps to reproduce

- name: Juniper - System settings
  juniper.device.config:
    load: replace
    template: "{{ role_path }}/templates/junos_system.conf.j2"
    format: text
    config_mode: private
    timeout: 60
    vars:
      admin_users: "{{ admin_users }}"
      inventory_hostname: "{{ inventory_hostname }}"
      timezone: "{{ timezone }}"
      ntp: "{{ ntp }}"
      juniper_tacplus_secret: "{{ juniper_tacplus_secret }}"
      license_keys: "{{ license_keys | default([]) }}"
  when: "'juniper' in group_names"
  register: result

- name: Juniper - Changes made
  debug:
    var: result.diff_lines

Expected results

TASK [common : Juniper - System settings] ******************************************************************************************************************************************************
ok: [PR_BAC_SW03]
ok: [PR_BAC_SW04]
changed: [PR_BAC_SW01]
changed: [PR_BAC_SW07]
changed: [PR_BAC_SW08]
changed: [PR_BAC_SW10]
changed: [PR_BAC_SW09]

Actual results

The full traceback is:
  File "/tmp/ansible_juniper.device.config_payload_jzkfs97w/ansible_juniper.device.config_payload.zip/ansible_collections/juniper/device/plugins/module_utils/juniper_junos_common.py", line 1069, in open
    self.dev.open()
  File "/usr/lib/python3.9/site-packages/jnpr/junos/device.py", line 1366, in open
    raise EzErrors.ConnectAuthError(self)
fatal: [PR_BAC_SW01]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "attempts": null,
            "baud": null,
            "check": null,
            "check_commit_wait": null,
            "comment": null,
            "commit": null,
            "commit_empty_changes": false,
            "config_mode": "private",
            "confirmed": null,
            "console": null,
            "cs_passwd": null,
            "cs_user": null,
            "dest": null,
            "dest_dir": null,
            "diff": null,
            "diffs_file": null,
            "filter": null,
            "format": "text",
            "host": "10.210.0.22",
            "ignore_warning": null,
            "level": null,
            "lines": null,
            "load": "replace",
            "logdir": null,
            "logfile": null,
            "mode": null,
            "model": null,
            "namespace": null,
            "options": {},
            "passwd": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 830,
            "remove_ns": null,
            "retrieve": null,
            "return_output": true,
            "rollback": null,
            "src": null,
            "ssh_config": null,
            "ssh_private_key_file": null,
            "template": "/home/gianni/git/5g-ansible-networking/roles/common/templates/junos_system.conf.j2",
            "timeout": 60,
            "url": null,
            "user": "root",
            "vars": {
                "admin_users": [],
                "inventory_hostname": "PR_BAC_SW01",
                "juniper_tacplus_secret": "",
                "license_keys": [],
                "ntp": {
                    "servers": [
                        "193.190.147.153"
                    ]
                },
                "timezone": {
                    "juniper": "UTC",
                    "linux": "Etc/UTC"
                }
            }
        }
    },
    "msg": "Unable to make a PyEZ connection: ConnectAuthError(10.210.0.22)"
}

33Fraise33 avatar Sep 22 '21 06:09 33Fraise33