cisco.asa icon indicating copy to clipboard operation
cisco.asa copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

[cisco.asa.asa_command] returns unexpected error by "show tech-support"

Open nafu-kgh opened this issue 2 years ago • 1 comments

SUMMARY

We are trying to run show tech-support via ansible. We are using the cisco.asa.asa_command module, but receive an error.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

cisco.asa.asa_command module

ANSIBLE VERSION

ansible-playbook 2.9.15 python version = 3.9.1

COLLECTION VERSION

cisco.asa 2.1.0

STEPS TO REPRODUCE

snipped playbook

---
- name: Run commands
  hosts: "{{ target_hosts }}"
  gather_facts: false
  collections:
    - cisco.asa
  become: true
  become_method: enable
  force_handlers: true
  vars:
    command_list:
      - show tech-support
  tasks:
    - name: Run Commands
      cisco.asa.asa_command:
        commands: "{{ command_list }}"
      register: result
    - name: show commands result
      debug:
        msg: "{{ result }}"
EXPECTED RESULTS

retrieve "show tech-support" result without any errors

ACTUAL RESULTS
{
    "msg": ".c:307\r\nerror:0B08D07B:x509 certificate routines:X509_TRUST_set:invalid trust@x509_trs.c:177\r\n\r\n------------------ show ipsec stats ------------------\r\n\r\n\r\nIPsec Global Statistics\r\n-----------------------\r\nActive tunnels: 0\r\nPrevious tunnels: 27\r\nInbound\r\n",
    "exception": "  File \"/tmp/ansible_cisco.asa.asa_command_payload_yxs9x_pu/ansible_cisco.asa.asa_command_payload.zip/ansible_collections/cisco/asa/plugins/module_utils/network/asa/asa.py\", line 147, in run_commands\n    return connection.run_commands(commands=commands, check_rc=check_rc)\n  File \"/tmp/ansible_cisco.asa.asa_command_payload_yxs9x_pu/ansible_cisco.asa.asa_command_payload.zip/ansible/module_utils/connection.py\", line 185, in __rpc__\n    raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)\n",
    "invocation": {
        "module_args": {
            "commands": [
                "show tech-support"
            ],
            "match": "all",
            "retries": 10,
            "interval": 1,
            "wait_for": null,
            "provider": null,
            "authorize": null,
            "context": null,
            "passwords": null
        }
    },
    "_ansible_no_log": false,
    "changed": false
}

Notes: It looks like the error comes from the result of "show ssl errors" made by "show tech-support"

# show ssl errors
error:0B08D07B:x509 certificate routines:X509_TRUST_set:invalid trust@x509_trs.c:177
error:0B08D07B:x509 certificate routines:X509_TRUST_set:invalid trust@x509_trs.c:177
error:0B08D07B:x509 certificate routines:X509_TRUST_set:invalid trust@x509_trs.c:177
error:0B08D07B:x509 certificate routines:X509_TRUST_set:invalid trust@x509_trs.c:177
error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error@rsa_pk1.c:307
error:0B08D07B:x509 certificate routines:X509_TRUST_set:invalid trust@x509_trs.c:177
error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate@snp_mp_ssl_dm.c:843

nafu-kgh avatar Feb 14 '22 01:02 nafu-kgh