[ansible-project] Ansible 2.3.0 Connecting to Cisco IOS router

[Patrick Matheny]

I'm very new to Ansible.  I have a small lab running and I'm trying to 
evaluate the use of Ansible for making network changes.  I have a 
workstations running CentOS Linux release 7.3.1611 and Ansible 2.3.0 as a 
fresh install.  I'm using a cisco 819 router running Cisco IOS Software, 
C800 Software (C800-UNIVERSALK9-M), Version 15.3(3)M.3. I can SSH from the 
workstation to the router from the work station and via putty on a windows 
10 machine  but when I try a connection test I get the following: 

[pat@new-host-8 ~]$ansible all -m ping
192.168.1.142 | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Connection closed\r\n", 
    "unreachable": true
}


I've run multiple debugs.  Can anyone make a suggestion on what the issue 
might be?  I've done some research and have run a number of  raw commands 
as well as a small playbook  it appears to not be an SSH error but an issue 
within an Ansible module with sleep 0 command..   

Regards 

Pat

Testing SSH terminal session from Ansible host system to the router 

[pat@new-host-8 ~]$ ssh 192.168.1.142 -l pat

819#

####################

Info from Ansible ping test to router 
Ansible Debug info for session  -  I see some errors around a mask and 
trying to make a directory  Am i lacking permission to 

[pat@new-host-8 ~]$ ansible 192.168.1.142 -m ping -u pat -vvv
Using /etc/ansible/ansible.cfg as config file
META: ran handlers
Using module file 
/usr/lib/python2.7/site-packages/ansible/modules/system/ping.py
<192.168.1.142> ESTABLISH SSH CONNECTION FOR USER: pat
<192.168.1.142> SSH: EXEC ssh -C -o ControlMaster=auto -o 
ControlPersist=60s -o KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o 
ControlPath=/home/pat/.ansible/cp/aebc33cbf9 192.168.1.142 '/bin/sh -c 
'"'"'echo ~ && sleep 0'"'"''
<192.168.1.142> (0, '\r\nLine has invalid autocommand "/bin/sh -c \'echo ~ 
&& sleep 0\'"', '')
<192.168.1.142> ESTABLISH SSH CONNECTION FOR USER: pat
<192.168.1.142> SSH: EXEC ssh -C -o ControlMaster=auto -o 
ControlPersist=60s -o KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o 
ControlPath=/home/pat/.ansible/cp/aebc33cbf9 192.168.1.142 '/bin/sh -c '"'"'( 
umask 77 && mkdir -p "` echo Line has invalid autocommand "/bin/sh -c 
'"'"'"'"'"'"'"'"'echo ~ && sleep 
0'"'"'"'"'"'"'"'"'"/.ansible/tmp/ansible-tmp-1497270543.59-269982208566076 
`" && echo ansible-tmp-1497270543.59-269982208566076="` echo Line has 
invalid autocommand "/bin/sh -c '"'"'"'"'"'"'"'"'echo ~ && sleep 
0'"'"'"'"'"'"'"'"'"/.ansible/tmp/ansible-tmp-1497270543.59-269982208566076 
`" ) && sleep 0'"'"''
<192.168.1.142> (0, '\r\nLine has invalid autocommand "/bin/sh -c \'( umask 
77 && mkdir -p "` echo Line has invalid autocommand "/bin/sh -c 
\'"\'"\'echo ~ && sleep 
0\'"\'"\'"/.ansible/tmp/ansible-tmp-1497270543.59-269982208566076 `" && 
echo ansible-tmp-1497270543.59-269982208566076="` echo Line has invalid 
autocomma"', '')
<192.168.1.142> PUT /tmp/tmp5htyf9 TO "` echo Line has invalid 
autocomma"/ping.py
<192.168.1.142> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o 
ControlPersist=60s -o KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o 
ControlPath=/home/pat/.ansible/cp/aebc33cbf9 '[192.168.1.142]'
<192.168.1.142> (255, '', 'Connection closed\r\n')
192.168.1.142 | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Connection closed\r\n", 
    "unreachable": true
}
[pat@new-host-8 ~]$
 
################

Router Debug info from Ansible ping test

819#
*Jun 12 12:10:12.685: SSH1: starting SSH control process
*Jun 12 12:10:12.685: SSH1: sent protocol version id SSH-1.99-Cisco-1.25
*Jun 12 12:10:12.685: SSH1: protocol version id is - SSH-2.0-OpenSSH_6.6.1
*Jun 12 12:10:12.685: SSH2 1: SSH2_MSG_KEXINIT sent
*Jun 12 12:10:12.685: SSH2 1: SSH2_MSG_KEXINIT received
*Jun 12 12:10:12.685: SSH2 1: kex: client->server enc:aes128-cbc 
mac:hmac-sha1 
*Jun 12 12:10:12.685: SSH2 1: kex: server->client enc:aes128-cbc 
mac:hmac-sha1 
*Jun 12 12:10:12.685: SSH2 1: Using kex_algo = diffie-hellman-group14-sha1
*Jun 12 12:10:12.809: SSH2 1: expecting SSH2_MSG_KEXDH_INIT
*Jun 12 12:10:12.813: SSH2 1: SSH2_MSG_KEXDH_INIT received
*Jun 12 12:10:12.997: SSH2: kex_derive_keys complete
*Jun 12 12:10:12.997: SSH2 1: SSH2_MSG_NEWKEYS sent
*Jun 12 12:10:12.997: SSH2 1: waiting for SSH2_MSG_NEWKEYS
*Jun 12 12:10:12.997: SSH2 1: SSH2_MSG_NEWKEYS received
*Jun 12 12:10:13.197: SSH2 1: Using method = none
*Jun 12 12:10:13.197: SSH2 1: Authentications that can continue = 
publickey,keyboard-interactive,password
*Jun 12 12:10:13.201: SSH2 1: Using method = publickey
*Jun 12 12:10:13.201: SSH2 1: Verifying pubkey blob is acceptable for 'pat' 
in SSH2_MSG_USERAUTH_REQUEST
*Jun 12 12:10:13.201: SSH2 1: Authenticating 'pat' with method: publickey
*Jun 12 12:10:13.205: SSH2 1: Client Signature verification PASSED
*Jun 12 12:10:13.205: SSH2 1: authentication successful for pat
*Jun 12 12:10:13.209: SSH2 1: channel open request
*Jun 12 12:10:13.213: SSH2 1: env request
*Jun 12 12:10:13.213: SSH2 1: env request
*Jun 12 12:10:13.213: SSH2 1: exec request
*Jun 12 12:10:13.213: SSH2 1: exec message received
*Jun 12 12:10:13.213: SSH2 1: starting shell for vty
*Jun 12 12:10:13.317: SSH1: Session terminated normally
*Jun 12 12:10:13.333: SSH1: starting SSH control process
*Jun 12 12:10:13.333: SSH1: sent protocol version id SSH-1.99-Cisco-1.25
*Jun 12 12:10:13.333: SSH1: protocol version id is - SSH-2.0-OpenSSH_6.6.1
*Jun 12 12:10:13.333: SSH2 1: SSH2_MSG_KEXINIT sent
*Jun 12 12:10:13.333: SSH2 1: SSH2_MSG_KEXINIT received
*Jun 12 12:10:13.333: SSH2 1: kex: client->server enc:aes128-cbc 
mac:hmac-sha1 
*Jun 12 12:10:13.333: SSH2 1: kex: server->client enc:aes128-cbc 
mac:hmac-sha1 
*Jun 12 12:10:13.337: SSH2 1: Using kex_algo = diffie-hellman-group14-sha1
*Jun 12 12:10:13.457: SSH2 1: expecting SSH2_MSG_KEXDH_INIT
*Jun 12 12:10:13.461: SSH2 1: SSH2_MSG_KEXDH_INIT received
*Jun 12 12:10:13.645: SSH2: kex_derive_keys complete
*Jun 12 12:10:13.645: SSH2 1: SSH2_MSG_NEWKEYS sent
*Jun 12 12:10:13.645: SSH2 1: waiting for SSH2_MSG_NEWKEYS
*Jun 12 12:10:13.649: SSH2 1: SSH2_MSG_NEWKEYS received
*Jun 12 12:10:13.849: SSH2 1: Using method = none
*Jun 12 12:10:13.849: SSH2 1: Authentications that can continue = 
publickey,keyboard-interactive,password
*Jun 12 12:10:13.853: SSH2 1: Using method = publickey
*Jun 12 12:10:13.853: SSH2 1: Verifying pubkey blob is acceptable for 'pat' 
in SSH2_MSG_USERAUTH_REQUEST
*Jun 12 12:10:13.853: SSH2 1: Authenticating 'pat' with method: publickey
*Jun 12 12:10:13.857: SSH2 1: Client Signature verification PASSED
*Jun 12 12:10:13.857: SSH2 1: authentication successful for pat
*Jun 12 12:10:13.861: SSH2 1: channel open request
*Jun 12 12:10:13.865: SSH2 1: env request
*Jun 12 12:10:13.865: SSH2 1: env request
*Jun 12 12:10:13.865: SSH2 1: exec request
*Jun 12 12:10:13.865: SSH2 1: exec message received
*Jun 12 12:10:13.865: SSH2 1: starting shell for vty
*Jun 12 12:10:13.973: SSH1: Session terminated normally
*Jun 12 12:10:13.993: SSH1: starting SSH control process
*Jun 12 12:10:13.993: SSH1: sent protocol version id SSH-1.99-Cisco-1.25
*Jun 12 12:10:13.993: SSH1: protocol version id is - SSH-2.0-OpenSSH_6.6.1
*Jun 12 12:10:13.993: SSH2 1: SSH2_MSG_KEXINIT sent
*Jun 12 12:10:13.993: SSH2 1: SSH2_MSG_KEXINIT received
*Jun 12 12:10:13.993: SSH2 1: kex: client->server enc:aes128-cbc 
mac:hmac-sha1 
*Jun 12 12:10:13.993: SSH2 1: kex: server->client enc:aes128-cbc 
mac:hmac-sha1 
*Jun 12 12:10:13.993: SSH2 1: Using kex_algo = diffie-hellman-group14-sha1
*Jun 12 12:10:14.117: SSH2 1: expecting SSH2_MSG_KEXDH_INIT
*Jun 12 12:10:14.117: SSH2 1: SSH2_MSG_KEXDH_INIT received
*Jun 12 12:10:14.301: SSH2: kex_derive_keys complete
*Jun 12 12:10:14.305: SSH2 1: SSH2_MSG_NEWKEYS sent
*Jun 12 12:10:14.305: SSH2 1: waiting for SSH2_MSG_NEWKEYS
*Jun 12 12:10:14.305: SSH2 1: SSH2_MSG_NEWKEYS received
*Jun 12 12:10:14.505: SSH2 1: Using method = none
*Jun 12 12:10:14.505: SSH2 1: Authentications that can continue = 
publickey,keyboard-interactive,password
*Jun 12 12:10:14.509: SSH2 1: Using method = publickey
*Jun 12 12:10:14.509: SSH2 1: Verifying pubkey blob is acceptable for 'pat' 
in SSH2_MSG_USERAUTH_REQUEST
*Jun 12 12:10:14.509: SSH2 1: Authenticating 'pat' with method: publickey
*Jun 12 12:10:14.513: SSH2 1: Client Signature verification PASSED
*Jun 12 12:10:14.513: SSH2 1: authentication successful for pat
*Jun 12 12:10:14.517: SSH2 1: channel open request
*Jun 12 12:10:14.521: SSH2 1: env request
*Jun 12 12:10:14.521: SSH2 1: env request
*Jun 12 12:10:14.521: SSH2 1: subsystem request
*Jun 12 12:10:14.521: SSH2 1: subsystem message received
*Jun 12 12:10:14.521: SSH2 1: searching for subsystem sftp for vty
*Jun 12 12:10:14.621: SSH1: Session terminated normally

######################################################################
This is a small playbook used for testing

---
- hosts: lab
  remote_user: pat
  tasks: 
  - name: run show version on remote devices
    ios_command: 
     commands: show version
...

#####################################################################

and the output produced 

[pat@new-host-12 playbooks]$ ansible-playbook book3.yml -vvv

PLAY [lab] 
*********************************************************************

TASK [Gathering Facts] 
*********************************************************
fatal: [192.168.1.142]: UNREACHABLE! => {"changed": false, "msg": "Failed 
to connect to the host via ssh: Connection closed\r\n", "unreachable": true}
    to retry, use: --limit @/home/pat/playbooks/book3.retry

PLAY RECAP 
*********************************************************************
192.168.1.142              : ok=0    changed=0    unreachable=1    
failed=0   

[pat@new-host-12 playbooks]$ ansible-playbook book3.yml -vvv
Using /etc/ansible/ansible.cfg as config file

PLAYBOOK: book3.yml 
************************************************************
1 plays in book3.yml

PLAY [lab] 
*********************************************************************

TASK [Gathering Facts] 
*********************************************************
Using module file 
/usr/lib/python2.7/site-packages/ansible/modules/system/setup.py
<192.168.1.142> ESTABLISH SSH CONNECTION FOR USER: pat
<192.168.1.142> SSH: EXEC ssh -C -o ControlMaster=auto -o 
ControlPersist=60s -o KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o 
ControlPath=/home/pat/.ansible/cp/aebc33cbf9 192.168.1.142 '/bin/sh -c 
'"'"'echo ~ && sleep 0'"'"''
<192.168.1.142> (0, '\r\nLine has invalid autocommand "/bin/sh -c \'echo ~ 
&& sleep 0\'"', '')
<192.168.1.142> ESTABLISH SSH CONNECTION FOR USER: pat
<192.168.1.142> SSH: EXEC ssh -C -o ControlMaster=auto -o 
ControlPersist=60s -o KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o 
ControlPath=/home/pat/.ansible/cp/aebc33cbf9 192.168.1.142 '/bin/sh -c 
'"'"'( umask 77 && mkdir -p "` echo Line has invalid autocommand "/bin/sh 
-c '"'"'"'"'"'"'"'"'echo ~ && sleep 
0'"'"'"'"'"'"'"'"'"/.ansible/tmp/ansible-tmp-1497889235.89-214582953785460 
`" && echo ansible-tmp-1497889235.89-214582953785460="` echo Line has 
invalid autocommand "/bin/sh -c '"'"'"'"'"'"'"'"'echo ~ && sleep 
0'"'"'"'"'"'"'"'"'"/.ansible/tmp/ansible-tmp-1497889235.89-214582953785460 
`" ) && sleep 0'"'"''
<192.168.1.142> (0, '\r\nLine has invalid autocommand "/bin/sh -c \'( umask 
77 && mkdir -p "` echo Line has invalid autocommand "/bin/sh -c 
\'"\'"\'echo ~ && sleep 
0\'"\'"\'"/.ansible/tmp/ansible-tmp-1497889235.89-214582953785460 `" && 
echo ansible-tmp-1497889235.89-214582953785460="` echo Line has invalid 
autocomma"', '')
<192.168.1.142> PUT /tmp/tmpssSP_X TO "` echo Line has invalid 
autocomma"/setup.py
<192.168.1.142> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o 
ControlPersist=60s -o KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=pat -o ConnectTimeout=10 -o 
ControlPath=/home/pat/.ansible/cp/aebc33cbf9 '[192.168.1.142]'
<192.168.1.142> (255, '', 'Connection closed\r\n')
fatal: [192.168.1.142]: UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Connection closed\r\n", 
    "unreachable": true
}
    to retry, use: --limit @/home/pat/playbooks/book3.retry

PLAY RECAP 
*********************************************************************
192.168.1.142              : ok=0    changed=0    unreachable=1    
failed=0   

[pat@new-host-12 playbooks]$

#######################################

this is output from a small successful run of a raw command.

[pat@new-host-12 playbooks]$ ansible 192.168.1.142 -m raw -a "sho ip route"
192.168.1.142 | SUCCESS | rc=0 >>

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static 
route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet0
L        192.168.1.142/32 is directly connected, GigabitEthernet0
      192.168.2.0/32 is subnetted, 1 subnets
C        192.168.2.1 is directly connected, Loopback0Shared connection to 
192.168.1.142 closed.


[pat@new-host-12 playbooks]$

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/749ee365-74e4-4461-b67e-2a6242ecc181%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.