cisco.asa
cisco.asa copied to clipboard
Published
20 hours ago •
ansible-collections
ansible-collections
TypeError: 'NoneType' object is not subscriptable with asa_facts
SUMMARY
Getting a TypeError while running asa_facts with the following call:
ISSUE TYPE
- Bug Report
COMPONENT NAME
cisco.asa.asa_facts
ANSIBLE VERSION
ansible-playbook 2.10.17
config file = /tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/project/ansible.cfg
configured module search path = ['/var/lib/awx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/python3_venv/venv_gns1/lib/python3.6/site-packages/ansible
executable location = /opt/python3_venv/venv_gns1/bin/ansible-playbook
python version = 3.6.10 (default, Jan 16 2020, 21:38:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
COLLECTION VERSION
# /etc/ansible/gnsa/collections/ansible_collections
Collection Version
---------------------- -------
a10.acos_cli 1.1.1
ansible.netcommon 2.5.1
ansible.posix 1.4.0
ansible.utils 2.5.1
awx.awx 15.0.1
cisco.asa 3.1.0
cisco.ios 1.2.0
cisco.iosxr 3.3.0
community.general 1.2.0
community.kubernetes 2.0.1
google.cloud 1.0.2
junipernetworks.junos 4.0.0
kubernetes.core 2.3.2
paloaltonetworks.panos 3.0.0
CONFIGURATION
ANSIBLE_PIPELINING(/home/eregimba/gns-ansible/ansible.cfg) = True
ANSIBLE_SSH_RETRIES(/home/eregimba/gns-ansible/ansible.cfg) = 3
COLLECTIONS_PATHS(/home/eregimba/gns-ansible/ansible.cfg) = ['/etc/ansible/gnsa/collections']
DEFAULT_CALLBACK_WHITELIST(/home/eregimba/gns-ansible/ansible.cfg) = ['profile_tasks']
DEFAULT_FORKS(/home/eregimba/gns-ansible/ansible.cfg) = 20
DEFAULT_GATHERING(/home/eregimba/gns-ansible/ansible.cfg) = explicit
DEFAULT_HOST_LIST(/home/eregimba/gns-ansible/ansible.cfg) = ['/home/eregimba/gns-ansible-inventory/production/hosts.yml']
DEFAULT_JINJA2_EXTENSIONS(/home/eregimba/gns-ansible/ansible.cfg) = jinja2.ext.do
DEFAULT_STDOUT_CALLBACK(/home/eregimba/gns-ansible/ansible.cfg) = community.general.yaml
DEFAULT_VAULT_PASSWORD_FILE(/home/eregimba/gns-ansible/ansible.cfg) = /etc/ansible/vault_password_file
DISPLAY_SKIPPED_HOSTS(/home/eregimba/gns-ansible/ansible.cfg) = False
HOST_KEY_CHECKING(/home/eregimba/gns-ansible/ansible.cfg) = False
INTERPRETER_PYTHON(/home/eregimba/gns-ansible/ansible.cfg) = /usr/bin/python3
PERSISTENT_COMMAND_TIMEOUT(/home/eregimba/gns-ansible/ansible.cfg) = 90
RETRY_FILES_ENABLED(/home/eregimba/gns-ansible/ansible.cfg) = False
TRANSFORM_INVALID_GROUP_CHARS(/home/eregimba/gns-ansible/ansible.cfg) = ignore
OS / ENVIRONMENT
Cisco Adaptive Security Appliance Software Version 9.12(4)41 SSP Operating System Version 2.6(1.254) Device Manager Version 7.9(2)
STEPS TO REPRODUCE
The playbook goes straight to this role.
- name: Get Config - ASA
cisco.asa.asa_facts:
gather_subset:
- config```
<!--- HINT: You can paste gist.github.com links for larger files -->
##### RESULTS
I've tested this play and role on every ASA I have, from my personal linux VM and it works perfectly fine. However, from my Ansible Tower production system, every ASA fails with the same error: 'NoneType' object is not subscriptable.
I've been comparing debug logs and -vvvv output and there are some differences in how modules are redirected but nothing stands out as an obvious problem.
<!--- Describe what actually happened. If possible run with extra verbosity (-vvvv) -->
<!--- Paste verbatim command output between quotes -->
Example run from Ansible Tower, where it fails.
Note this line. This should be enabled by default, I even tried forcing it to True via ansible.cfg. I don't know if it's related but it is odd.
<testrouter01> ANSIBLE_NETWORK_IMPORT_MODULES: disabled
<testrouter01> ANSIBLE_NETWORK_IMPORT_MODULES: module execution time may be extended>
Also, this line is present in successful runs on my test VM, but not in the production machine
<testrouter01> ssh type is set to paramiko
```paste below
ansible-playbook 2.10.17
config file = /tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/project/ansible.cfg
configured module search path = ['/var/lib/awx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/python3_venv/venv_gns1/lib/python3.6/site-packages/ansible
executable location = /opt/python3_venv/venv_gns1/bin/ansible-playbook
python version = 3.6.10 (default, Jan 16 2020, 21:38:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
Using /tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/project/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/tmphqm2yi1g as it did not pass its verify_file() method
Set default localhost to localhost
Parsed /tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/tmphqm2yi1g inventory source with script plugin
Loading callback plugin awx_display of type stdout, v2.0 from /var/lib/awx/venv/awx/lib/python3.6/site-packages/ansible_runner/callbacks/awx_display.py
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'awx_display', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Loading callback plugin profile_tasks of type aggregate, v2.0 from /opt/python3_venv/venv_gns1/lib/python3.6/site-packages/ansible/plugins/callback/profile_tasks.py
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
PLAYBOOK: get_facts_structoparse.yml *******************************************
Positional arguments: get_facts_structoparse.yml
verbosity: 4
remote_user: root
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/tmphqm2yi1g',)
extra_vars: ('@/tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/env/extravars',)
forks: 20
1 plays in get_facts_structoparse.yml
PLAY [get_facts] ***************************************************************
META: ran handlers
Tuesday 15 November 2022 17:50:15 +0000 (0:00:00.111) 0:00:00.111 ******
Tuesday 15 November 2022 17:50:15 +0000 (0:00:00.039) 0:00:00.150 ******
META: end_host conditional evaluated to false, continuing execution for testrouter01
Tuesday 15 November 2022 17:50:16 +0000 (0:00:00.060) 0:00:00.210 ******
Tuesday 15 November 2022 17:50:16 +0000 (0:00:00.033) 0:00:00.243 ******
Loading collection cisco.asa from /etc/ansible/gnsa/collections/ansible_collections/cisco/asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
Loading collection ansible.netcommon from /etc/ansible/gnsa/collections/ansible_collections/ansible/netcommon
Tuesday 15 November 2022 17:50:16 +0000 (0:00:00.068) 0:00:00.311 ******
<testrouter01> attempting to start connection
<testrouter01> using connection plugin network_cli
Found ansible-connection at path /opt/python3_venv/venv_gns1/bin/ansible-connection
<testrouter01> local domain socket does not exist, starting it
<testrouter01> control socket path is /var/lib/awx/.ansible/pc/b4f3a5d9d3
<testrouter01> local domain socket listeners started successfully
<testrouter01> loaded cliconf plugin asa from path /opt/python3_venv/venv_gns1/lib/python3.6/site-packages/ansible/plugins/cliconf/asa.py for network_os asa
[WARNING]: Persistent connection logging is enabled for
testrouter01. This will log ALL interactions to
/etc/ansible/tmp/ansible.log and WILL NOT redact sensitive configuration like
passwords. USE WITH CAUTION!
<testrouter01>
<testrouter01> local domain socket path is /var/lib/awx/.ansible/pc/b4f3a5d9d3
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
<testrouter01> ANSIBLE_NETWORK_IMPORT_MODULES: disabled
<testrouter01> ANSIBLE_NETWORK_IMPORT_MODULES: module execution time may be extended
Using module file /etc/ansible/gnsa/collections/ansible_collections/cisco/asa/plugins/modules/asa_facts.py
Pipelining is enabled.
<testrouter01> ESTABLISH LOCAL CONNECTION FOR USER: awx
<testrouter01> EXEC /bin/sh -c '/usr/bin/python3 && sleep 0'
TASK [shared/get_config/asa : Get Config - ASA] ********************************
task path: /tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/project/roles/shared/get_config/asa/tasks/main.yml:2
The full traceback is:
Traceback (most recent call last):
File "<stdin>", line 102, in <module>
File "<stdin>", line 94, in _ansiballz_main
File "<stdin>", line 40, in invoke_module
File "/usr/lib64/python3.6/runpy.py", line 205, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib64/python3.6/runpy.py", line 96, in _run_module_code
mod_name, mod_spec, pkg_name, script_name)
File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "/tmp/ansible_cisco.asa.asa_facts_payload_bv3keq8c/ansible_cisco.asa.asa_facts_payload.zip/ansible_collections/cisco/asa/plugins/modules/asa_facts.py", line 210, in <module>
File "/tmp/ansible_cisco.asa.asa_facts_payload_bv3keq8c/ansible_cisco.asa.asa_facts_payload.zip/ansible_collections/cisco/asa/plugins/modules/asa_facts.py", line 201, in main
File "/tmp/ansible_cisco.asa.asa_facts_payload_bv3keq8c/ansible_cisco.asa.asa_facts_payload.zip/ansible_collections/cisco/asa/plugins/module_utils/network/asa/facts/facts.py", line 63, in get_facts
File "/tmp/ansible_cisco.asa.asa_facts_payload_bv3keq8c/ansible_cisco.asa.asa_facts_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/facts/facts.py", line 162, in get_network_legacy_facts
File "/tmp/ansible_cisco.asa.asa_facts_payload_bv3keq8c/ansible_cisco.asa.asa_facts_payload.zip/ansible_collections/cisco/asa/plugins/module_utils/network/asa/facts/legacy/base.py", line 53, in populate
TypeError: 'NoneType' object is not subscriptable
fatal: [testrouter01]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\\n File \\"<stdin>\\", line 102, in <module>\\n File \\"<stdin>\\", line 94, in _ansiballz_main\\n File \\"<stdin>\\", line 40, in invoke_module\\n File \\"/usr/lib64/python3.6/runpy.py\\", line 205, in run_module\\n return _run_module_code(code, init_globals, run_name, mod_spec)\\n File \\"/usr/lib64/python3.6/runpy.py\\", line 96, in _run_module_code\\n mod_name, mod_spec, pkg_name, script_name)\\n File \\"/usr/lib64/python3.6/runpy.py\\", line 85, in _run_code\\n exec(code, run_globals)\\n File \\"/tmp/ansible_cisco.asa.asa_facts_payload_bv3keq8c/ansible_cisco.asa.asa_facts_payload.zip/ansible_collections/cisco/asa/plugins/modules/asa_facts.py\\", line 210, in <module>\\n File \\"/tmp/ansible_cisco.asa.asa_facts_payload_bv3keq8c/ansible_cisco.asa.asa_facts_payload.zip/ansible_collections/cisco/asa/plugins/modules/asa_facts.py\\", line 201, in main\\n File \\"/tmp/ansible_cisco.asa.asa_facts_payload_bv3keq8c/ansible_cisco.asa.asa_facts_payload.zip/ansible_collections/cisco/asa/plugins/module_utils/network/asa/facts/facts.py\\", line 63, in get_facts\\n File \\"/tmp/ansible_cisco.asa.asa_facts_payload_bv3keq8c/ansible_cisco.asa.asa_facts_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/facts/facts.py\\", line 162, in get_network_legacy_facts\\n File \\"/tmp/ansible_cisco.asa.asa_facts_payload_bv3keq8c/ansible_cisco.asa.asa_facts_payload.zip/ansible_collections/cisco/asa/plugins/module_utils/network/asa/facts/legacy/base.py\\", line 53, in populate\\nTypeError: 'NoneType' object is not subscriptable\\n",
"module_stdout": "",
"msg": "MODULE FAILURE\\nSee stdout/stderr for the exact error",
"rc": 1
}
PLAY RECAP *********************************************************************
testrouter01 : ok=0 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
Tuesday 15 November 2022 17:50:20 +0000 (0:00:04.188) 0:00:04.500 ******
===============================================================================
shared/get_config/asa : Get Config - ASA -------------------------------- 4.19s
/tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/project/roles/shared/get_config/asa/tasks/main.yml:2
include_role : shared/get_config/{{ ansible_network_os }} --------------- 0.07s
/tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/project/get_facts_structoparse.yml:40
shared/check_os : ansible.builtin.debug --------------------------------- 0.06s
/tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/project/roles/shared/check_os/tasks/main.yml:19
Checking if OS is supported --------------------------------------------- 0.04s
/tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/project/get_facts_structoparse.yml:28
ansible.builtin.set_fact ------------------------------------------------ 0.03s
/tmp/bwrap_835292_eefu950a/awx_835292_q98d0_w0/project/get_facts_structoparse.yml:32
This is a successful run from my test VM. There are slight differences in versions.
ansible-playbook 2.10.14
config file = /home/eregimba/gns-ansible/ansible.cfg
configured module search path = ['/home/eregimba/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
executable location = /usr/local/bin/ansible-playbook
python version = 3.6.8 (default, Nov 16 2020, 16:55:22) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
Using /home/eregimba/gns-ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/eregimba/gns-ansible-inventory/production/hosts.yml as it did not pass its verify_file() method
script declined parsing /home/eregimba/gns-ansible-inventory/production/hosts.yml as it did not pass its verify_file() method
Set default localhost to localhost
Parsed /home/eregimba/gns-ansible-inventory/production/hosts.yml inventory source with yaml plugin
Loading collection community.general from /etc/ansible/gnsa/collections/ansible_collections/community/general
Loading callback plugin community.general.yaml of type stdout, v2.0 from /etc/ansible/gnsa/collections/ansible_collections/community/general/plugins/callback/yaml.py
redirecting (type: callback) ansible.builtin.profile_tasks to ansible.posix.profile_tasks
Loading collection ansible.posix from /etc/ansible/gnsa/collections/ansible_collections/ansible/posix
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Loading callback plugin ansible.posix.profile_tasks of type aggregate, v2.0 from /etc/ansible/gnsa/collections/ansible_collections/ansible/posix/plugins/callback/profile_tasks.py
PLAYBOOK: get_facts_structoparse.yml ********************************************************************************************************************************
Positional arguments: get_facts_structoparse.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/home/eregimba/gns-ansible-inventory/production/hosts.yml',)
forks: 20
1 plays in get_facts_structoparse.yml
PLAY [get_facts] ****************************************************************************************************************************************************
Trying secret FileVaultSecret(filename='/etc/ansible/vault_password_file') for vault_id=default
META: ran handlers
Tuesday 15 November 2022 11:01:21 -0800 (0:00:00.097) 0:00:00.097 ******
Tuesday 15 November 2022 11:01:21 -0800 (0:00:00.032) 0:00:00.129 ******
META: end_host conditional evaluated to false, continuing execution for testrouter01
Tuesday 15 November 2022 11:01:21 -0800 (0:00:00.042) 0:00:00.172 ******
Tuesday 15 November 2022 11:01:21 -0800 (0:00:00.029) 0:00:00.201 ******
Loading collection cisco.asa from /etc/ansible/gnsa/collections/ansible_collections/cisco/asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
Loading collection ansible.netcommon from /etc/ansible/gnsa/collections/ansible_collections/ansible/netcommon
Tuesday 15 November 2022 11:01:21 -0800 (0:00:00.053) 0:00:00.254 ******
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
redirecting (type: terminal) ansible.builtin.asa to cisco.asa.asa
redirecting (type: cliconf) ansible.builtin.asa to cisco.asa.asa
redirecting (type: become) ansible.builtin.enable to ansible.netcommon.enable
<testrouter01> attempting to start connection
<testrouter01> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/local/bin/ansible-connection
<testrouter01> local domain socket does not exist, starting it
<testrouter01> control socket path is /home/eregimba/.ansible/pc/3f72c75387
<testrouter01> redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
<testrouter01> Loading collection ansible.netcommon from /etc/ansible/gnsa/collections/ansible_collections/ansible/netcommon
<testrouter01> redirecting (type: terminal) ansible.builtin.asa to cisco.asa.asa
<testrouter01> Loading collection cisco.asa from /etc/ansible/gnsa/collections/ansible_collections/cisco/asa
<testrouter01> redirecting (type: cliconf) ansible.builtin.asa to cisco.asa.asa
<testrouter01> local domain socket listeners started successfully
<testrouter01> loaded cliconf plugin ansible_collections.cisco.asa.plugins.cliconf.asa from path /etc/ansible/gnsa/collections/ansible_collections/cisco/asa/plugins/cliconf/asa.py for network_os asa
<testrouter01> ssh type is set to paramiko
<testrouter01>
<testrouter01> local domain socket path is /home/eregimba/.ansible/pc/3f72c75387
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
<testrouter01> ANSIBLE_NETWORK_IMPORT_MODULES: enabled via connection option
<testrouter01> ANSIBLE_NETWORK_IMPORT_MODULES: found cisco.asa.asa_facts at /etc/ansible/gnsa/collections/ansible_collections/cisco/asa/plugins/modules/asa_facts.py
<testrouter01> ANSIBLE_NETWORK_IMPORT_MODULES: running cisco.asa.asa_facts
<testrouter01> ANSIBLE_NETWORK_IMPORT_MODULES: complete
TASK [shared/get_config/asa : Get Config - ASA]
.............. And the ASA config is displayed after this point.
