cisco.asa
cisco.asa copied to clipboard
Not pulling sh running-config using the given cisco.asa module
SUMMARY
Playbook is unable to pull the correct data using the default cisco.asa module. I have tried v5 the latest of ansible.netcommon and v4.1 and v4.0. I do have cisco.asa v4.1.0 installed.
ISSUE TYPE
- Bug Report
COMPONENT NAME
cisci.asa ansible.netcommon.net_get my task is tasks: - name: Show running config cisco.asa.asa_facts: gather_subset: - config register: ansible_net_config
ANSIBLE VERSION
details of troubleshooting can be viewed here https://serverfault.com/questions/1130308/ansible-backups-for-cisco-asa-devices-error-invalid-input-detected-at-ma/1130311#1130311
ansible --version
ansible [core 2.13.3]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.9.13 (main, Nov 16 2022, 15:11:16) [GCC 8.5.0 20210514 (Red Hat 8.5.0-15.0.1)]
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
# /usr/share/ansible/collections/ansible_collections
Collection Version
----------------- -------
ansible.posix 1.4.0
ansible.utils 2.6.1
community.general 3.8.9
# /root/.ansible/collections/ansible_collections
Collection Version
--------------------- -------
ansible.netcommon 5.1.0
ansible.utils 2.9.0
cisco.asa 4.0.0
cisco.ios 4.5.0
cisco.nxos 4.3.0
dellemc.os9 1.0.4
f5networks.f5_modules 1.24.0
CONFIGURATION
ansible-config dump --only-changed
ANSIBLE_NOCOWS(/etc/ansible/ansible.cfg) = True
DEFAULT_ASK_VAULT_PASS(/etc/ansible/ansible.cfg) = False
DEFAULT_DEBUG(/etc/ansible/ansible.cfg) = False
DEFAULT_FORKS(/etc/ansible/ansible.cfg) = 10
DEFAULT_HOST_LIST(/etc/ansible/ansible.cfg) = ['/etc/ansible/hosts']
DEFAULT_LOG_PATH(/etc/ansible/ansible.cfg) = /var/log/ansible.log
DEFAULT_PRIVATE_KEY_FILE(/etc/ansible/ansible.cfg) = /etc/ansible/id_rsa_ansible
DEFAULT_STDOUT_CALLBACK(/etc/ansible/ansible.cfg) = yaml
DEFAULT_VAULT_PASSWORD_FILE(/etc/ansible/ansible.cfg) = /etc/ansible/group_vars/.vltfile.yml
HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False
INTERPRETER_PYTHON(/etc/ansible/ansible.cfg) = auto_silent
INVENTORY_CACHE_ENABLED(/etc/ansible/ansible.cfg) = True
INVENTORY_ENABLED(/etc/ansible/ansible.cfg) = ['auto', 'yaml', 'ini', 'host_list']
PERSISTENT_COMMAND_TIMEOUT(/etc/ansible/ansible.cfg) = 300
PLAYBOOK_DIR(/etc/ansible/ansible.cfg) = /etc/ansible/playbooks
OS / ENVIRONMENT
[root@ho-lx-ansible01 cisco]# cat /etc/os-release NAME="Oracle Linux Server" VERSION="8.7" ID="ol" ID_LIKE="fedora" VARIANT="Server" VARIANT_ID="server" VERSION_ID="8.7" PLATFORM_ID="platform:el8" PRETTY_NAME="Oracle Linux Server 8.7" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:oracle:linux:8:7:server" HOME_URL="https://linux.oracle.com/" BUG_REPORT_URL="https://bugzilla.oracle.com/"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 8" ORACLE_BUGZILLA_PRODUCT_VERSION=8.7 ORACLE_SUPPORT_PRODUCT="Oracle Linux" ORACLE_SUPPORT_PRODUCT_VERSION=8.7
ASA OS version ############ ZZASAP01# show version
Cisco Adaptive Security Appliance Software Version 9.16(3)23 SSP Operating System Version 2.10(1.214) Device Manager Version 7.19(1)90
Compiled on Fri 09-Sep-22 18:14 GMT by builders System image file is "disk0:/asa9-16-3-23-lfbff-k8.SPA" Config file at boot was "startup-config"
ZZASAP01 up 82 days 23 hours
Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) Internal ATA Compact Flash, 8000MB BIOS Flash M25P64 @ 0xfed01000, 16384KB
This platform has a Base license.
Serial Number: JAD2xxxxx Running Permanent Activation Key: xxxxxxxxxxxx Configuration register is 0x1 FPGA UPGRADE Version : 3.0 FPGA GOLDEN Version : 3.0 ROMMON Version : 1.1.18 Image type : Release Key Version : A
STEPS TO REPRODUCE
run my playbook
---
- name: Backup ASA Configuration
hosts: zzasap01
gather_facts: false
#debugger: on_failed
collections:
- cisco.asa
- cisco.asa.asa_facts
- ansible.netcommon.net_get
vars:
# Encrypted variables
ansible_user: "{{ vault_net_user }}"
ansible_password: "{{ vault_net_pass }}"
vars_files:
- '/etc/ansible/group_vars/vault.yml'
tasks:
- name: Show running config
cisco.asa.asa_facts:
gather_subset:
- config
register: ansible_net_config
- name: show output
debug:
var: ansible_net_config
- name: Save running config to a file
copy:
content: "{{ ansible_net_config }}"
dest: "/mnt/{{ inventory_hostname }}.runcfg"
...
EXPECTED RESULTS
I expect to see a bakup file from an ASA device greater than 1k. Also when I view the file its not the output we all know sh running-config shows. I ran the command manually pasted it and that file was 64k.
ACTUAL RESULTS
It looks like the sh ver is being ran then it ends. also i did see the known netcommon bug too. to get around it I copied the network_template.py back one directory to /root/.ansible/collections/ansible_collections/ansible/netcommon/plugins/module_utils/network/common from /root/.ansible/collections/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/rm_base/network_template.py
[root@ho-lx-ansible01 networking]# play -vvvv mynewtest.zz.yml
ansible-playbook [core 2.13.3]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible-playbook
python version = 3.9.13 (main, Nov 16 2022, 15:11:16) [GCC 8.5.0 20210514 (Red Hat 8.5.0-15.0.1)]
jinja version = 3.1.2
libyaml = True
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading collection cisco.asa from /root/.ansible/collections/ansible_collections/cisco/asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading collection community.general from /usr/share/ansible/collections/ansible_collections/community/general
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading callback plugin community.general.yaml of type stdout, v2.0 from /usr/share/ansible/collections/ansible_collections/community/general/plugins/callback/yaml.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: mynewtest.zz.yml *******************************************************************************************************************************************
Positional arguments: mynewtest.zz.yml
verbosity: 4
private_key_file: /etc/ansible/id_rsa_ansible
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/etc/ansible/hosts',)
forks: 10
1 plays in mynewtest.zz.yml
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
PLAY [Backup ASA Configuration] **************************************************************************************************************************************
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
META: ran handlers
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
TASK [Show running config] *******************************************************************************************************************************************
task path: /etc/ansible/playbooks/networking/mynewtest.zz.yml:21
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasap01.ad.microcenter.com> attempting to start connection
<zzasap01.ad.microcenter.com> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<zzasap01.ad.microcenter.com> local domain socket does not exist, starting it
<zzasap01.ad.microcenter.com> control socket path is /root/.ansible/pc/75c72c7a59
<zzasap01.ad.microcenter.com> redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
<zzasap01.ad.microcenter.com> Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon
<zzasap01.ad.microcenter.com> Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasap01.ad.microcenter.com> Loading collection cisco.asa from /root/.ansible/collections/ansible_collections/cisco/asa
<zzasap01.ad.microcenter.com> local domain socket listeners started successfully
<zzasap01.ad.microcenter.com> loaded cliconf plugin ansible_collections.cisco.asa.plugins.cliconf.asa from path /root/.ansible/collections/ansible_collections/cisco/asa/plugins/cliconf/asa.py for network_os cisco.asa.asa
<zzasap01.ad.microcenter.com> ssh type is set to libssh
<zzasap01.ad.microcenter.com>
<zzasap01.ad.microcenter.com> local domain socket path is /root/.ansible/pc/75c72c7a59
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
<zzasap01.ad.microcenter.com> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<zzasap01.ad.microcenter.com> ANSIBLE_NETWORK_IMPORT_MODULES: found cisco.asa.asa_facts at /root/.ansible/collections/ansible_collections/cisco/asa/plugins/modules/asa_facts.py
<zzasap01.ad.microcenter.com> ANSIBLE_NETWORK_IMPORT_MODULES: running cisco.asa.asa_facts
<zzasap01.ad.microcenter.com> ANSIBLE_NETWORK_IMPORT_MODULES: complete
ok: [zzasap01] => changed=false
ansible_facts:
ansible_net_api: cliconf
ansible_net_asatype: null
ansible_net_config: |2-
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Serial Number: JAD203707VN
Running Permanent Activation Key: 0xd221e25c 0x985012a5 0xa44219b4 0xb740ccb0 0x013303a6
Configuration register is 0x1
FPGA UPGRADE Version : 3.0
FPGA GOLDEN Version : 3.0
ROMMON Version : 1.1.18
Image type : Release
Key Version : A
Configuration last modified by mei\alamonda at 11:24:47.301 EDT Wed May 3 2023
ZZASAP01# running-config
^
ERROR: % Invalid input detected at '^' marker.
ZZASAP01#
ansible_net_device_mgr_version: 7.19(1)90
ansible_net_gather_network_resources: []
ansible_net_gather_subset:
- default
- config
ansible_net_hostname: ZZASAP01
ansible_net_image: disk0:/asa9-16-3-23-lfbff-k8.SPA
ansible_net_python_version: 3.9.13
ansible_net_serialnum: null
ansible_net_system: asa
ansible_net_version: 9.16(3)23
ansible_network_resources: {}
invocation:
module_args:
context: null
gather_network_resources: null
gather_subset:
- config
passwords: null
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
TASK [show output] ***************************************************************************************************************************************************
task path: /etc/ansible/playbooks/networking/mynewtest.zz.yml:27
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasap01.ad.microcenter.com> attempting to start connection
<zzasap01.ad.microcenter.com> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<zzasap01.ad.microcenter.com> found existing local domain socket, using it!
<zzasap01.ad.microcenter.com> invoked shell using ssh_type: libssh
<zzasap01.ad.microcenter.com> ssh connection done, setting terminal
<zzasap01.ad.microcenter.com> loaded terminal plugin for network_os cisco.asa.asa
<zzasap01.ad.microcenter.com> firing event: on_open_shell()
[WARNING]: on_open_shell: failed to set terminal parameters
<zzasap01.ad.microcenter.com> ssh connection has completed successfully
<zzasap01.ad.microcenter.com> updating play_context for connection
<zzasap01.ad.microcenter.com>
<zzasap01.ad.microcenter.com> local domain socket path is /root/.ansible/pc/75c72c7a59
ok: [zzasap01] =>
ansible_net_config:
ansible_facts:
ansible_net_api: cliconf
ansible_net_asatype: null
ansible_net_config: |2-
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Serial Number: JAD203707VN
Running Permanent Activation Key: 0xd221e25c 0x985012a5 0xa44219b4 0xb740ccb0 0x013303a6
Configuration register is 0x1
FPGA UPGRADE Version : 3.0
FPGA GOLDEN Version : 3.0
ROMMON Version : 1.1.18
Image type : Release
Key Version : A
Configuration last modified by mei\alamonda at 11:24:47.301 EDT Wed May 3 2023
ZZASAP01# running-config
^
ERROR: % Invalid input detected at '^' marker.
ZZASAP01#
ansible_net_device_mgr_version: 7.19(1)90
ansible_net_gather_network_resources: []
ansible_net_gather_subset:
- default
- config
ansible_net_hostname: ZZASAP01
ansible_net_image: disk0:/asa9-16-3-23-lfbff-k8.SPA
ansible_net_python_version: 3.9.13
ansible_net_serialnum: null
ansible_net_system: asa
ansible_net_version: 9.16(3)23
ansible_network_resources: {}
changed: false
failed: false
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
TASK [Save running config to a file] *********************************************************************************************************************************
task path: /etc/ansible/playbooks/networking/mynewtest.zz.yml:31
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasap01.ad.microcenter.com> attempting to start connection
<zzasap01.ad.microcenter.com> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<zzasap01.ad.microcenter.com> found existing local domain socket, using it!
<zzasap01.ad.microcenter.com> updating play_context for connection
<zzasap01.ad.microcenter.com>
<zzasap01.ad.microcenter.com> local domain socket path is /root/.ansible/pc/75c72c7a59
<zzasap01.ad.microcenter.com> ESTABLISH LOCAL CONNECTION FOR USER: root
<zzasap01.ad.microcenter.com> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-5420t_sw_pmh `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104 `" && echo ansible-tmp-1683234408.0507946-5435-104824741320104="` echo /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104 `" ) && sleep 0'
Using module file /usr/lib/python3.9/site-packages/ansible/modules/stat.py
<zzasap01.ad.microcenter.com> PUT /root/.ansible/tmp/ansible-local-5420t_sw_pmh/tmp4gp__fbr TO /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/AnsiballZ_stat.py
<zzasap01.ad.microcenter.com> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/ /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/AnsiballZ_stat.py && sleep 0'
<zzasap01.ad.microcenter.com> EXEC /bin/sh -c '/usr/bin/python3.9 /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/AnsiballZ_stat.py && sleep 0'
<zzasap01.ad.microcenter.com> PUT /root/.ansible/tmp/ansible-local-5420t_sw_pmh/tmpcl6sqxez TO /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/source
<zzasap01.ad.microcenter.com> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/ /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/source && sleep 0'
Using module file /usr/lib/python3.9/site-packages/ansible/modules/copy.py
<zzasap01.ad.microcenter.com> PUT /root/.ansible/tmp/ansible-local-5420t_sw_pmh/tmpsoh7q00d TO /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/AnsiballZ_copy.py
<zzasap01.ad.microcenter.com> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/ /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/AnsiballZ_copy.py && sleep 0'
<zzasap01.ad.microcenter.com> EXEC /bin/sh -c '/usr/bin/python3.9 /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/AnsiballZ_copy.py && sleep 0'
<zzasap01.ad.microcenter.com> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/ > /dev/null 2>&1 && sleep 0'
changed: [zzasap01] => changed=true
checksum: 5a6e3d377742ec32c0bb911561b81ade44373e96
dest: /mnt/zzasap01.runcfg
diff: []
gid: 0
group: root
invocation:
module_args:
_original_basename: tmpcl6sqxez
attributes: null
backup: false
checksum: 5a6e3d377742ec32c0bb911561b81ade44373e96
content: null
dest: /mnt/zzasap01.runcfg
directory_mode: null
follow: false
force: true
group: null
local_follow: null
mode: null
owner: null
remote_src: null
selevel: null
serole: null
setype: null
seuser: null
src: /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/source
unsafe_writes: false
validate: null
md5sum: 0649a8c97e602ac50547f6b8e4350d2a
mode: '0644'
owner: root
secontext: system_u:object_r:nfs_t:s0
size: 1326
src: /root/.ansible/tmp/ansible-local-5420t_sw_pmh/ansible-tmp-1683234408.0507946-5435-104824741320104/source
state: file
uid: 0
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
META: ran handlers
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
META: ran handlers
PLAY RECAP ***********************************************************************************************************************************************************
zzasap01 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0