Few things that need to be corrected here.... 1) use connection=network_cli
2) set the ansible_network_os=asa 3) use the asa_facts module, not ios_facts http://docs.ansible.com/ansible/latest/network/index.html On Fri, May 18, 2018 at 4:18 PM, Matt Hickok <[email protected]> wrote: > Also, I just turned on debug and this is what I see: > > 1492 1526674321.92274: stderr chunk (state=3): > >>>debug3: receive packet: type 91 > debug2: callback start > debug2: client_session2_setup: id 2 > debug1: Sending environment. > debug1: Sending env LANG = en_US.UTF-8 > debug2: channel 2: request env confirm 0 > debug3: send packet: type 98 > debug1: Sending command: /bin/sh -c 'echo ~ && sleep 0' > debug2: channel 2: request exec confirm 1 > debug3: send packet: type 98 > debug3: mux_session_confirm: sending success reply > debug2: callback done > debug2: channel 2: open confirm rwindow 1024 rmax 4096 > debug1: mux_client_request_session: master session id: 2 > <<< > > 1492 1526674321.95154: stderr chunk (state=3): > >>>debug3: receive packet: type 99 > debug2: channel_input_status_confirm: type 99 id 2 > debug2: exec request accepted on channel 2 > <<< > > 1492 1526674321.95220: stdout chunk (state=3): > >>>Type help or '?' for a list of available commands. > ciscoasa> /b<<< > > 1492 1526674321.95442: stdout chunk (state=3): > >>>in/sh -c 'echo ~ &&<<< > > 1492 1526674321.97577: stdout chunk (state=3): > >>> sleep 0'<<< > > 1492 1526674366.99164: stderr chunk (state=3): > >>>debug3: send packet: type 1 > <<< > > 1492 1526674366.99776: stderr chunk (state=3): > >>>debug1: channel 0: free: /root/.ansible/cp/a0709b0bd0, nchannels 3 > debug3: channel 0: status: The following connections are open: > #1 mux-control (t16 r2 i0/0 o0/0 fd 5/5 cc -1) > #2 client-session (t4 r3 i0/0 o0/0 fd 6/7 cc 1) > > debug1: channel 1: free: mux-control, nchannels 2 > debug3: channel 1: status: The following connections are open: > #1 mux-control (t16 r2 i0/0 o0/0 fd 5/5 cc -1) > #2 client-session (t4 r3 i0/0 o0/0 fd 6/7 cc 1) > > debug1: channel 2: free: client-session, nchannels 1 > debug3: channel 2: status: The following connections are open: > #2 client-session (t4 r3 i0/0 o0/0 fd 6/7 cc 1) > > debug3: fd 0 is not O_NONBLOCK > debug3: fd 1 is not O_NONBLOCK > debug1: fd 2 clearing O_NONBLOCK > Connection to 10.0.2.5 closed by remote host. > Transferred: sent 2072, received 1984 bytes, in 45.1 seconds > Bytes per second: sent 45.9, received 44.0 > debug1: Exit status -1 > debug3: mux_client_read_packet: read header failed: Broken pipe > debug2: Control master terminated unexpectedly > <<< > > 1492 1526674367.01129: stderr chunk (state=3): > >>><<< > > 1492 1526674367.01299: stdout chunk (state=3): > >>><<< > > > > On Friday, May 18, 2018 at 3:11:07 PM UTC-5, Matt Hickok wrote: >> >> Hey folks, I'm trying to gather some facts from a Cisco ASA. The ASA is >> configured as simply as possible and here are the relevant settings for the >> ASA >> >> ASA Software Version: 9.2(2) >> Hardware: ASA5515 >> Management IP: 10.0.2.5 >> SSH DH Key Exchange: Group 1 (diffie-hellman-group1-sha1) >> >> I made sure that I can SSH into the device directly from the Ansible VM >> before anything, and this was sucessful. >> >> Ansible version is 2.5.2 (being run using the official ansible awx docker >> images) >> >> Here is my inventory: >> >> [cisco] >> 10.0.2.5 >> >> [cisco:vars] >> ansible_user=myuseraccount >> ansible_ssh_pass=mypass >> ansible_ssh_common_args: '-o KexAlgorithms=diffie-hellman-group1-sha1' >> >> Here is my playbook: >> --- >> - hosts: cisco >> tasks: >> - name: "ssh facts" >> ios_facts: >> >> So it is incredibly basic. Now the error I am getting is that the device >> is unreachable, but it looks like some sot of ssh multiplexing error. I >> don't really know how to read these logs. >> >> fatal: [10.0.2.5]: UNREACHABLE! => { >> "changed": false, >> "msg": "Failed to connect to the host via ssh: OpenSSH_7.4p1, OpenSSL >> 1.0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data >> /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying >> options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: >> Control socket \"/root/.ansible/cp/a0709b0bd0\" does not >> exist\r\ndebug2: resolving \"10.0.2.5\" port 22\r\ndebug2: >> ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to 10.0.2.5 [10.0.2.5] >> port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing >> O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9970 ms >> remain after connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: >> key_load_public: No such file or directory\r\ndebug1: identity file >> /root/.ssh/id_rsa type -1\r\ndebug1: key_load_public: No such file or >> directory\r\ndebug1: identity file /root/.ssh/id_rsa-cert type >> -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: >> identity file /root/.ssh/id_dsa type -1\r\ndebug1: key_load_public: No such >> file or directory\r\ndebug1: identity file /root/.ssh/id_dsa-cert type >> -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: >> identity file /root/.ssh/id_ecdsa type -1\r\ndebug1: key_load_public: No >> such file or directory\r\ndebug1: identity file /root/.ssh/id_ecdsa-cert >> type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: >> identity file /root/.ssh/id_ed25519 type -1\r\ndebug1: key_load_public: No >> such file or directory\r\ndebug1: identity file /root/.ssh/id_ed25519-cert >> type -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: >> Local version string SSH-2.0-OpenSSH_7.4\r\ndebug1: Remote protocol version >> 1.99, remote software version Cisco-1.25\r\ndebug1: match: Cisco-1.25 pat >> Cisco-1.* compat 0x60000000\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: >> Authenticating to 10.0.2.5:22 as 'username'\r\ndebug3: hostkeys_foreach: >> reading file \"/root/.ssh/known_hosts\"\r\ndebug3: record_hostkey: found >> key type RSA in file /root/.ssh/known_hosts:2\r\ndebug3: load_hostkeys: >> loaded 1 keys from 10.0.2.5\r\ndebug3: order_hostkeyalgs: prefer >> hostkeyalgs: >> [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\ndebug3: >> send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive >> packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local >> client KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256, >> [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh- >> sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie- >> hellman-group16-sha512,diffie-hellman-group18-sha512,diffie- >> hellman-group-exchange-sha1,diffie-hellman-group14-sha256, >> diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c\r\ndebug2: >> host key algorithms: [email protected],r >> sa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected] >> ,[email protected],ecdsa >> [email protected],[email protected], >> [email protected],ecdsa-sha2-nistp25 >> 6,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss\r\ndebug2: >> ciphers ctos: [email protected], >> aes128-ctr,aes192-ctr,aes256-ctr,[email protected],aes2 >> [email protected],aes128-cbc,aes192-cbc,aes256-cbc\r\ndebug2: ciphers >> stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr, >> [email protected],[email protected],aes128-cbc, >> aes192-cbc,aes256-cbc\r\ndebug2: MACs ctos: [email protected], >> [email protected],[email protected],hmac-sha2-5 >> [email protected],[email protected],[email protected], >> [email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: >> MACs stoc: [email protected],[email protected],hmac-sha2-2 >> [email protected],[email protected],hmac-sha1-e >> [email protected],[email protected],[email protected], >> hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: >> [email protected],zlib,none\r\ndebug2: compression stoc: [email protected] >> ,zlib,none\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: >> \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug2: peer >> server KEXINIT proposal\r\ndebug2: KEX algorithms: >> diffie-hellman-group1-sha1\r\ndebug2: host key algorithms: >> ssh-rsa\r\ndebug2: ciphers ctos: 3des-cbc,aes128-cbc,aes192-cbc >> ,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr\r\ndebug2: ciphers stoc: >> 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr\r\ndebug2: >> MACs ctos: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96\r\ndebug2: MACs >> stoc: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96\r\ndebug2: compression >> ctos: none\r\ndebug2: compression stoc: none\r\ndebug2: languages ctos: >> \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: >> reserved 0 \r\ndebug1: kex: algorithm: diffie-hellman-group1-sha1\r\ndebug1: >> kex: host key algorithm: ssh-rsa\r\ndebug1: kex: server->client cipher: >> aes128-ctr MAC: hmac-sha1 compression: none\r\ndebug1: kex: client->server >> cipher: aes128-ctr MAC: hmac-sha1 compression: none\r\ndebug1: kex: >> diffie-hellman-group1-sha1 need=20 dh_need=20\r\ndebug1: kex: >> diffie-hellman-group1-sha1 need=20 dh_need=20\r\ndebug1: sending >> SSH2_MSG_KEXDH_INIT\r\ndebug2: bits set: 519/1024\r\ndebug3: send packet: >> type 30\r\ndebug1: expecting SSH2_MSG_KEXDH_REPLY\r\ndebug3: receive >> packet: type 31\r\ndebug1: Server host key: ssh-rsa >> SHA256:WtXW5XP28po8AiO/FtGdKkUB1eNblXwfxN99jmMmxys\r\ndebug3: >> hostkeys_foreach: reading file \"/root/.ssh/known_hosts\"\r\ndebug3: >> record_hostkey: found key type RSA in file >> /root/.ssh/known_hosts:2\r\ndebug3: >> load_hostkeys: loaded 1 keys from 10.0.2.5\r\ndebug1: Host '10.0.2.5' is >> known and matches the RSA host key.\r\ndebug1: Found key in >> /root/.ssh/known_hosts:2\r\ndebug2: bits set: 525/1024\r\ndebug3: send >> packet: type 21\r\ndebug2: set_newkeys: mode 1\r\ndebug1: rekey after >> 4294967296 blocks\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting >> SSH2_MSG_NEWKEYS\r\ndebug3: receive packet: type 21\r\ndebug1: >> SSH2_MSG_NEWKEYS received\r\ndebug2: set_newkeys: mode 0\r\ndebug1: rekey >> after 4294967296 blocks\r\ndebug2: key: /root/.ssh/id_rsa >> ((nil))\r\ndebug2: key: /root/.ssh/id_dsa ((nil))\r\ndebug2: key: >> /root/.ssh/id_ecdsa ((nil))\r\ndebug2: key: /root/.ssh/id_ed25519 >> ((nil))\r\ndebug3: send packet: type 5\r\ndebug3: receive packet: type >> 6\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: >> SSH2_MSG_SERVICE_ACCEPT received\r\ndebug3: send packet: type 50\r\ndebug3: >> receive packet: type 51\r\ndebug1: Authentications that can continue: >> publickey,password\r\ndebug3: start over, passed a different list >> publickey,password\r\ndebug3: preferred gssapi-keyex,gssapi-with-mic,p >> ublickey,keyboard-interactive,password\r\ndebug3: authmethod_lookup >> publickey\r\ndebug3: remaining preferred: >> keyboard-interactive,password\r\ndebug3: >> authmethod_is_enabled publickey\r\ndebug1: Next authentication method: >> publickey\r\ndebug1: Trying private key: /root/.ssh/id_rsa\r\ndebug3: no >> such identity: /root/.ssh/id_rsa: No such file or directory\r\ndebug1: >> Trying private key: /root/.ssh/id_dsa\r\ndebug3: no such identity: >> /root/.ssh/id_dsa: No such file or directory\r\ndebug1: Trying private key: >> /root/.ssh/id_ecdsa\r\ndebug3: no such identity: /root/.ssh/id_ecdsa: No >> such file or directory\r\ndebug1: Trying private key: >> /root/.ssh/id_ed25519\r\ndebug3: no such identity: >> /root/.ssh/id_ed25519: No such file or directory\r\ndebug2: we did not send >> a packet, disable method\r\ndebug3: authmethod_lookup password\r\ndebug3: >> remaining preferred: ,password\r\ndebug3: authmethod_is_enabled >> password\r\ndebug1: Next authentication method: password\r\ndebug3: send >> packet: type 50\r\ndebug2: we sent a password packet, wait for >> reply\r\ndebug3: receive packet: type 52\r\ndebug1: Authentication >> succeeded (password).\r\nAuthenticated to 10.0.2.5 >> ([10.0.2.5]:22).\r\ndebug1: setting up multiplex master socket\r\ndebug3: >> muxserver_listen: temporary control path >> /root/.ansible/cp/a0709b0bd0.cAe9DrGmRT8viyNa\r\ndebug2: >> fd 4 setting O_NONBLOCK\r\ndebug3: fd 4 is O_NONBLOCK\r\ndebug3: fd 4 is >> O_NONBLOCK\r\ndebug1: channel 0: new >> [/root/.ansible/cp/a0709b0bd0]\r\ndebug3: >> muxserver_listen: mux listener channel 0 fd 4\r\ndebug2: fd 3 setting >> TCP_NODELAY\r\ndebug3: ssh_packet_set_tos: set IP_TOS 0x08\r\ndebug1: >> control_persist_detach: backgrounding master process\r\ndebug2: >> control_persist_detach: background process is 1418\r\ndebug2: fd 4 setting >> O_NONBLOCK\r\ndebug1: forking to background\r\ndebug1: Entering interactive >> session.\r\ndebug1: pledge: id\r\ndebug2: set_control_persist_exit_time: >> schedule exit in 60 seconds\r\ndebug1: multiplexing control >> connection\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug3: fd 5 is >> O_NONBLOCK\r\ndebug1: channel 1: new [mux-control]\r\ndebug3: >> channel_post_mux_listener: new mux channel 1 fd 5\r\ndebug3: >> mux_master_read_cb: channel 1: hello sent\r\ndebug2: >> set_control_persist_exit_time: cancel scheduled exit\r\ndebug3: >> mux_master_read_cb: channel 1 packet type 0x00000001 len 4\r\ndebug2: >> process_mux_master_hello: channel 1 slave version 4\r\ndebug2: >> mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: >> request forwardings: 0 local, 0 remote\r\ndebug3: >> mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: >> entering\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x10000004 >> len 4\r\ndebug2: process_mux_alive_check: channel 1: alive check\r\ndebug3: >> mux_client_request_alive: done pid = 1420\r\ndebug3: >> mux_client_request_session: session request sent\r\ndebug3: >> mux_master_read_cb: channel 1 packet type 0x10000002 len 91\r\ndebug2: >> process_mux_new_session: channel 1: request tty 0, X 0, agent 0, subsys 0, >> term \"xterm\", cmd \"/bin/sh -c 'echo ~ && sleep 0'\", env 1\r\ndebug3: >> process_mux_new_session: got fds stdin 6, stdout 7, stderr 8\r\ndebug2: fd >> 7 setting O_NONBLOCK\r\ndebug2: fd 8 setting O_NONBLOCK\r\ndebug1: channel >> 2: new [client-session]\r\ndebug2: process_mux_new_session: channel_new: 2 >> linked to control channel 1\r\ndebug2: channel 2: send open\r\ndebug3: send >> packet: type 90\r\ndebug3: receive packet: type 91\r\ndebug2: callback >> start\r\ndebug2: client_session2_setup: id 2\r\ndebug1: Sending >> environment.\r\ndebug1: Sending env LANG = en_US.UTF-8\r\ndebug2: channel >> 2: request env confirm 0\r\ndebug3: send packet: type 98\r\ndebug1: Sending >> command: /bin/sh -c 'echo ~ && sleep 0'\r\ndebug2: channel 2: request exec >> confirm 1\r\ndebug3: send packet: type 98\r\ndebug3: mux_session_confirm: >> sending success reply\r\ndebug2: callback done\r\ndebug2: channel 2: open >> confirm rwindow 1024 rmax 4096\r\ndebug1: mux_client_request_session: >> master session id: 2\r\ndebug3: receive packet: type 99\r\ndebug2: >> channel_input_status_confirm: type 99 id 2\r\ndebug2: exec request accepted >> on channel 2\r\ndebug3: send packet: type 1\r\ndebug1: channel 0: free: >> /root/.ansible/cp/a0709b0bd0, nchannels 3\r\ndebug3: channel 0: status: The >> following connections are open:\r\n #1 mux-control (t16 r2 i0/0 o0/0 fd >> 5/5 cc -1)\r\n #2 client-session (t4 r3 i0/0 o0/0 fd 6/7 cc >> 1)\r\n\r\ndebug1: channel 1: free: mux-control, nchannels 2\r\ndebug3: >> channel 1: status: The following connections are open:\r\n #1 mux-control >> (t16 r2 i0/0 o0/0 fd 5/5 cc -1)\r\n #2 client-session (t4 r3 i0/0 o0/0 fd >> 6/7 cc 1)\r\n\r\ndebug1: channel 2: free: client-session, nchannels >> 1\r\ndebug3: channel 2: status: The following connections are open:\r\n #2 >> client-session (t4 r3 i0/0 o0/0 fd 6/7 cc 1)\r\n\r\ndebug3: fd 0 is not >> O_NONBLOCK\r\ndebug3: fd 1 is not O_NONBLOCK\r\ndebug1: fd 2 clearing >> O_NONBLOCK\r\nConnection to 10.0.2.5 closed by remote host.\r\nTransferred: >> sent 2072, received 2032 bytes, in 37.9 seconds\r\nBytes per second: sent >> 54.6, received 53.6\r\ndebug1: Exit status -1\r\ndebug3: >> mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Control >> master terminated unexpectedly\r\n", >> "unreachable": true >> } >> to retry, use: --limit @/var/lib/awx/projects/usernam >> e/Cisco/cisco_facts.retry >> >> PLAY RECAP ************************************************************ >> ************************************************************ >> ************************************************************ >> ************************************************************ >> ****************************************************************** >> 10.0.2.5 : ok=0 changed=0 unreachable=1 failed=0 >> >> >> >> >> >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/ansible-project/24d98b77-1184-43f2-a435-933475903083%40googlegroups. > com > <https://groups.google.com/d/msgid/ansible-project/24d98b77-1184-43f2-a435-933475903083%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKEs6adujai%3DhAborH9kc6FGcdFUCeaq2qWsq5yj-pkVBZnsXQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
