cisco.nxos icon indicating copy to clipboard operation
cisco.nxos copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Nxos User Module Issue

Open feisa opened this issue 3 years ago • 12 comments

SUMMARY

The following module fails nxos_snmp_user

- name: Configure Admin User
  nxos_snmp_user:
    user: admin
    group: "{{ item.context }}"
    authentication: "{{ item.authentication }}"
    encrypt: "{{ item.encrypt }}" 
    privacy: "{{ localpassword }}"
    pwd: "{{ localpassword }}"
    state: present
  changed_when: false
  with_items: 
    - "{{ snmp_user }}"
  no_log: false
  tags:
    - nxos-snmp
ISSUE TYPE
  • Bug Report
COMPONENT NAME

nxos_snmp_user

ANSIBLE VERSION

ansible 2.10.4 config file = /home/feisa/ansible-network/ansible.cfg configured module search path = ['/home/feisa/ansible-network/library'] ansible python module location = /home/feisa/.local/lib/python3.6/site-packages/ansible executable location = /usr/local/bin/ansible python version = 3.6.8 (default, Aug 18 2020, 08:33:21) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]

CONFIGURATION

COLLECTIONS_PATHS(/home/feisa/ansible-network/ansible.cfg) = ['/home/feisa/ansible-network/collections'] DEFAULT_ACTION_PLUGIN_PATH(/home/feisa/ansible-network/ansible.cfg) = ['/usr/local/lib/python3.6/site-packages/ara/plugins/action'] DEFAULT_CALLBACK_PLUGIN_PATH(/home/feisa/ansible-network/ansible.cfg) = ['/usr/local/lib/python3.6/site-packages/ara/plugins/callback'] DEFAULT_FORKS(/home/feisa/ansible-network/ansible.cfg) = 100 DEFAULT_HOST_LIST(/home/feisa/ansible-network/ansible.cfg) = ['/home/feisa/ansible-network/inventories'] DEFAULT_MODULE_PATH(/home/feisa/ansible-network/ansible.cfg) = ['/home/feisa/ansible-network/library'] DEFAULT_ROLES_PATH(/home/feisa/ansible-network/ansible.cfg) = ['/home/feisa/ansible-network/roles'] DEFAULT_SCP_IF_SSH(/home/feisa/ansible-network/ansible.cfg) = True GALAXY_SERVER_LIST(/home/feisa/ansible-network/ansible.cfg) = ['automation_hub', 'release_galaxy'] HOST_KEY_CHECKING(/home/feisa/ansible-network/ansible.cfg) = False INTERPRETER_PYTHON(/home/feisa/ansible-network/ansible.cfg) = auto PERSISTENT_COMMAND_TIMEOUT(/home/feisa/ansible-network/ansible.cfg) = 60000000 PERSISTENT_CONNECT_RETRY_TIMEOUT(/home/feisa/ansible-network/ansible.cfg) = 100 PERSISTENT_CONNECT_TIMEOUT(/home/feisa/ansible-network/ansible.cfg) = 6000

OS / ENVIRONMENT

bootflash:///m9100-s5ek9-mz.8.4.1.bin

STEPS TO REPRODUCE
  • name: Configure Admin User nxos_snmp_user: user: admin group: "{{ item.context }}" authentication: "{{ item.authentication }}" encrypt: "{{ item.encrypt }}" privacy: "{{ localpassword }}" pwd: "{{ localpassword }}" state: present changed_when: false with_items:
    • "{{ snmp_user }}" no_log: false tags:
    • nxos-snmp
EXPECTED RESULTS

n/a

ACTUAL RESULTS

EXEC /bin/sh -c 'rm -f -r /home/feisa/.ansible/tmp/ansible-local-572722u50rgiuu/ansible-tmp-1615824076.4030516-572763-39996377363990/ > /dev/null 2>&1 && sleep 0' The full traceback is: Traceback (most recent call last): File "/home/feisa/.ansible/tmp/ansible-local-572722u50rgiuu/ansible-tmp-1615824076.4030516-572763-39996377363990/AnsiballZ_nxos_snmp_user.py", line 102, in _ansiballz_main() File "/home/feisa/.ansible/tmp/ansible-local-572722u50rgiuu/ansible-tmp-1615824076.4030516-572763-39996377363990/AnsiballZ_nxos_snmp_user.py", line 94, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "/home/feisa/.ansible/tmp/ansible-local-572722u50rgiuu/ansible-tmp-1615824076.4030516-572763-39996377363990/AnsiballZ_nxos_snmp_user.py", line 40, in invoke_module runpy.run_module(mod_name='ansible_collections.cisco.nxos.plugins.modules.nxos_snmp_user', init_globals=None, run_name='main', alter_sys=True) File "/usr/lib64/python3.6/runpy.py", line 205, in run_module return _run_module_code(code, init_globals, run_name, mod_spec) File "/usr/lib64/python3.6/runpy.py", line 96, in _run_module_code mod_name, mod_spec, pkg_name, script_name) File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code exec(code, run_globals) File "/tmp/ansible_nxos_snmp_user_payload_zlge2vqj/ansible_nxos_snmp_user_payload.zip/ansible_collections/cisco/nxos/plugins/modules/nxos_snmp_user.py", line 413, in File "/tmp/ansible_nxos_snmp_user_payload_zlge2vqj/ansible_nxos_snmp_user_payload.zip/ansible_collections/cisco/nxos/plugins/modules/nxos_snmp_user.py", line 338, in main File "/tmp/ansible_nxos_snmp_user_payload_zlge2vqj/ansible_nxos_snmp_user_payload.zip/ansible_collections/cisco/nxos/plugins/modules/nxos_snmp_user.py", line 131, in get_snmp_groups TypeError: string indices must be integers failed: [ch1-sanmc002] (item={'user': 'snmp', 'context': 'network-admin', 'authentication': 'sha', 'encrypt': True, 'hash': 894478857393806579493053137166121689798617008144}) => { "ansible_loop_var": "item", "changed": false, "item": { "authentication": "sha", "context": "network-admin", "encrypt": true, "hash": 894478857393806579493053137166121689798617008144, "user": "snmp" }, "module_stderr": "Traceback (most recent call last):\n File "/home/feisa/.ansible/tmp/ansible-local-572722u50rgiuu/ansible-tmp-1615824076.4030516-572763-39996377363990/AnsiballZ_nxos_snmp_user.py", line 102, in \n _ansiballz_main()\n File "/home/feisa/.ansible/tmp/ansible-local-572722u50rgiuu/ansible-tmp-1615824076.4030516-572763-39996377363990/AnsiballZ_nxos_snmp_user.py", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File "/home/feisa/.ansible/tmp/ansible-local-572722u50rgiuu/ansible-tmp-1615824076.4030516-572763-39996377363990/AnsiballZ_nxos_snmp_user.py", line 40, in invoke_module\n runpy.run_module(mod_name='ansible_collections.cisco.nxos.plugins.modules.nxos_snmp_user', init_globals=None, run_name='main', alter_sys=True)\n File "/usr/lib64/python3.6/runpy.py", line 205, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File "/usr/lib64/python3.6/runpy.py", line 96, in _run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code\n exec(code, run_globals)\n File "/tmp/ansible_nxos_snmp_user_payload_zlge2vqj/ansible_nxos_snmp_user_payload.zip/ansible_collections/cisco/nxos/plugins/modules/nxos_snmp_user.py", line 413, in \n File "/tmp/ansible_nxos_snmp_user_payload_zlge2vqj/ansible_nxos_snmp_user_payload.zip/ansible_collections/cisco/nxos/plugins/modules/nxos_snmp_user.py", line 338, in main\n File "/tmp/ansible_nxos_snmp_user_payload_zlge2vqj/ansible_nxos_snmp_user_payload.zip/ansible_collections/cisco/nxos/plugins/modules/nxos_snmp_user.py", line 131, in get_snmp_groups\nTypeError: string indices must be integers\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 }

feisa avatar Mar 15 '21 16:03 feisa

@feisa You have not shared the value of the variables you've used in the task. However, the following playbook worked fine for me.

- hosts: nxos
  gather_facts: false
  vars:
    localpassword: testpassword_1
    snmp_user:
    - context: network-operator
      authentication: md5
      encrypt: True     
  tasks:
    - name: Configure Admin User
      cisco.nxos.nxos_snmp_user:
        user: admin
        group: "{{ item.context }}"
        authentication: "{{ item.authentication }}"
        encrypt: "{{ item.encrypt }}" 
        privacy: "{{ localpassword }}"
        pwd: "{{ localpassword }}"
        state: present
      changed_when: false
      with_items: 
        - "{{ snmp_user }}"
      no_log: false
      tags:
        - nxos-snmp

We would need the snmp_user list that the given task iterates through and the value of the localpassword variable to debug this further.

NilashishC avatar May 03 '21 08:05 NilashishC

We used the following

snmp_user:

  • { user: snmp, context: network-admin, authentication: sha, encrypt: yes, hash: 0x9cadd1b57db137ade7b342348ff2274aed30810 }
  • { user: admin, context: network-admin, authentication: sha, encrypt: yes, hash: 0x9cadd1b57db137ade7b23424242244aed30810 }

locapassword is a vaulted password of random 15 character alpha numeric

feisa avatar May 05 '21 17:05 feisa

I have a slight work around on this so if we could prioritize my other issues that would be better

feisa avatar May 05 '21 17:05 feisa

Even with the information you shared, I am unable to reproduce the traceback you're hitting with the following playbook:

---
- hosts: nxos
  gather_facts: false
  vars:
    localpassword: M0L5pU#rhp8I9^2
    snmp_user:
      - { user: snmp, context: network-admin, authentication: sha, encrypt: yes, hash: 0x9cadd1b57db137ade7b342348ff2274aed30810 }
      - { user: admin, context: network-admin, authentication: sha, encrypt: yes, hash: 0x9cadd1b57db137ade7b23424242244aed30810 }    
  tasks:
    - name: Configure Admin User
      cisco.nxos.nxos_snmp_user:
        user: "{{ item.user }}"
        group: "{{ item.context }}"
        authentication: "{{ item.authentication }}"
        encrypt: "{{ item.encrypt }}" 
        privacy: "{{ localpassword }}"
        pwd: "{{ localpassword }}"
        state: present
      changed_when: false
      with_items: 
        - "{{ snmp_user }}"
      no_log: false
      tags:
        - nxos-snmp

I am using ansible-base==2.10.4 and the latest cisco.nxos collection with Python 3.6 against a target running NX-OS 9.3.6.

NilashishC avatar May 10 '21 05:05 NilashishC

cc @praveenramoorthy

NilashishC avatar May 10 '21 05:05 NilashishC

@feisa seems you are using user module on MDS switch. One of the show commands used by this module was not giving a valid json output and hence the issue. This is specific to MDS switches only. I had raised a bug for this against MDS and the issue is already fixed. The fix will be part of the future MDS software releases.

praveenramoorthy avatar Jul 01 '21 06:07 praveenramoorthy

@feisa Hello. The nxos_snmp_user module has been identified to have "Limited support for Cisco MDS" and hence, it might not function fully as expected with MDS right now.

cc @srbharadwaj for further info and timeline on this. Thanks!

NilashishC avatar Sep 24 '21 16:09 NilashishC

@feisa seems you are using user module on MDS switch. One of the show commands used by this module was not giving a valid json output and hence the issue. This is specific to MDS switches only. I had raised a bug for this against MDS and the issue is already fixed. The fix will be part of the future MDS software releases.

Praveen, can you email me the bug id which is raised against MDS nxos, does the playbook work with the fixed image?

srbharadwaj avatar Sep 25 '21 02:09 srbharadwaj

According to the above update, this is fixed. Can you please point me to the collection with fixed module?

rozmusjs avatar Oct 26 '21 13:10 rozmusjs

@rozmusjs according to Praveen, the fix is in NXOS not in the module per se, so please try the same module on an MDS switch running 9.2(1)

srbharadwaj avatar Oct 26 '21 16:10 srbharadwaj

thanks for the note. We're upgrading a pair of MDS switches this weekend. We'll report back after the upgrade is completed.

rozmusjs avatar Oct 28 '21 15:10 rozmusjs

@rozmusjs Please share an update on the same, also note that nxos_snmp_user is now replaced with a new module

srbharadwaj avatar Mar 02 '22 16:03 srbharadwaj

@feisa @rozmusjs Since we haven't heard from you yet, we're closing this issue for now. Please feel free to re-open this or create a new one when you have more updates for us. Thank you.

NilashishC avatar Apr 03 '23 07:04 NilashishC