Of course, thanks for asking; My company has HP Network Automation (HP NA) host which provides universal access to all network devices. It behaves like a jump host, but, not SSH jump host. We ssh to it, authenticate and then get onto local CLI - which is specialised for managing the database of devices on the HP NA and to connect to them (allowing for logging of the session, different setups and so on). Here is the problem: HP NA is not SSH bastion so no SSH forwarding (-J, -W, -tt options) works. It has to be a two stage connection to a device if HP NA was to be used (in our case, it has to be). First of all, I do not have a way to tell Ansible to connect to a device by ssh-ing to HP NA server, then to start a new session to a device using *connect 'device_name'* command to get the actual device prompt. What I wanted to achieve: I wanted to modify network_cli plugin to add a fixed server and a couple of additional steps, so it looks like this - very high level: ansible -i inventory.ans playbook.yml (inventory.ans contains real IP addresses and/or device names known to HP NA, playbook.yml conatins network_cli_HPNA modified connector to be used and arbitrary task) I thought that ansible-playbook will call network_cli_HPNA at some point to establish a session and I would intercept it there, connect first to HP NA server, then, after verifying sanity, issue connect device, where device is the information in the playbook and supplied by ansible-playboook when it calls network_cli. Now, that does not happen early enough (or I did not understand this well). What I saw was that after I start ansible-playbook and ingest modules and parse playbook, I call paramiko_ssh to establish a permanent connection (which times out, as I can not access devices directly), but, network_cli is never visited... I saw that connection is brought up in paramiko_ssh and we could possibly change it there, but, that would ruin any upgrade down the road - I wanted to fork this later, when I will not put anyone else in jeopardy (those who use paramiko_ssh as a regular connector plugin). I hope that this helps. Thanks, Vladan
On Wednesday, 28 November 2018 09:45:35 UTC, Mark Zhitomirski wrote: > > can you kindly present your case? It's not easy to see what you are trying > and where it fails. > Regards, > Mark > > > On Tue, Nov 27, 2018 at 7:58 PM <[email protected] <javascript:>> > wrote: > >> As far as I have seen, it is not trivial - looks like although plugin for >> network_cli is selected, the paramiko_ssh plugin is used to handle actual >> ssh session. Considereing it is easy to send additional command, it is not >> easy to keep all that without significantly touching classes defined in >> Ansible. And I wanted something like 5 lines of code ... >> I almost gave up on this effort... >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/821650d7-1495-49be-9535-b05fa16b4ced%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/821650d7-1495-49be-9535-b05fa16b4ced%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > MZ > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6e90d8cf-b248-46a3-921d-208e7e678f54%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
