On Wed, Nov 28, 2018 at 1:43 PM <[email protected]> wrote:
> Of course, thanks for asking; > My company has HP Network Automation (HP NA) host which provides universal > access to all network devices. It behaves like a jump host, but, not SSH > jump host. We ssh to it, authenticate and then get onto local CLI - which > is specialised for managing the database of devices on the HP NA and to > connect to them (allowing for logging of the session, different setups and > so on). > Here is the problem: > HP NA is not SSH bastion so no SSH forwarding (-J, -W, -tt options) works. > I see your problem and feel your pain. It has to be a two stage connection > to my understanding this is not how Ansible works to a device if HP NA was to be used (in our case, it has to be). > First of all, I do not have a way to tell Ansible to connect to a device > by ssh-ing to HP NA server, then to start a new session to a device using > *connect > 'device_name'* command to get the actual device prompt. > What I wanted to achieve: > I wanted to modify network_cli plugin > that's way above my Ansible knowledge. I suppose network_cli (https://docs.ansible.com/ansible/2.7/plugins/connection/network_cli.html) is not a transport for Ansible and it cannot be used as such. Firing a single CLI command on the host and returning output is what it is used for I guess. Regards, Mark to add a fixed server and a couple of additional steps, so it looks like > this - very high level: > ansible -i inventory.ans playbook.yml > (inventory.ans contains real IP addresses and/or device names known to HP > NA, playbook.yml conatins network_cli_HPNA modified connector to be used > and arbitrary task) > I thought that ansible-playbook will call network_cli_HPNA at some point > to establish a session and I would intercept it there, connect first to HP > NA server, then, after verifying sanity, issue connect device, where device > is the information in the playbook and supplied by ansible-playboook when > it calls network_cli. > Now, that does not happen early enough (or I did not understand this well). > What I saw was that after I start ansible-playbook and ingest modules and > parse playbook, I call paramiko_ssh to establish a permanent connection > (which times out, as I can not access devices directly), but, network_cli > is never visited... > I saw that connection is brought up in paramiko_ssh and we could possibly > change it there, but, that would ruin any upgrade down the road - I wanted > to fork this later, when I will not put anyone else in jeopardy (those who > use paramiko_ssh as a regular connector plugin). > I hope that this helps. > Thanks, > Vladan > > On Wednesday, 28 November 2018 09:45:35 UTC, Mark Zhitomirski wrote: >> >> can you kindly present your case? It's not easy to see what you are >> trying and where it fails. >> Regards, >> Mark >> >> >> On Tue, Nov 27, 2018 at 7:58 PM <[email protected]> wrote: >> >>> As far as I have seen, it is not trivial - looks like although plugin >>> for network_cli is selected, the paramiko_ssh plugin is used to handle >>> actual ssh session. Considereing it is easy to send additional command, it >>> is not easy to keep all that without significantly touching classes defined >>> in Ansible. And I wanted something like 5 lines of code ... >>> I almost gave up on this effort... >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/821650d7-1495-49be-9535-b05fa16b4ced%40googlegroups.com >>> <https://groups.google.com/d/msgid/ansible-project/821650d7-1495-49be-9535-b05fa16b4ced%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> -- >> MZ >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/6e90d8cf-b248-46a3-921d-208e7e678f54%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/6e90d8cf-b248-46a3-921d-208e7e678f54%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- MZ -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJLNCaTEF2Oj%2Bpfuep5Wwf4iq8N_eyAhw1fj-DXRW_FuG1jYyQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
