Hi,
I have a written a script to do IOS upgrade of active-standby ASA firewall.
Script first upgrades standby firewall and does post-upgrade verification
and then switches to active firewall to upgrade it (multiple plays in a
playbook). Using ansible 2.10 with python 3 in WSL linux.
After standby firewall reloads and comes back, script freezes in the
ASA_command module for gathering failover state for no apparent reason. No
success or error is shown, it just stends there. This same failover state
is gathered without any issues before reload though.
I removed ASA_command module but script again freezes in the next module
below ASA_command module.
This happens only for active-stansby firewall. The same module doesn't
freeze for standalone firewall after reboot.
i changed connection type from network_cli to local but didn't help.
I am giving below truncated script and console output for 'gather failover
state' module when script was run with -vvvv. As the entire script is
several pages long.
I am thinking of experimenting with cli_command module instead of
asa_command module. Also thinking of splitting post-upgrade tasks into a
separate play withion same playbook. However i am trying to get to the root
cause of this issue.
*TRUNCATED SCRIPT:*
---
- name: 1ST PLAY FOR STANDBY FIREWALL UPGRADE TASKS
hosts: STANDBYFIREWALL
serial: 1
gather_facts: false
connection: local
tasks:
- name: GATHER FAILOVER STATE
asa_command:
commands: "show failover state | i This"
register: show_failover
- name: WRITE TO MEMORY
asa_config:
save: yes
vars:
ansible_command_timeout: 300
- name: RELOAD
asa_command:
commands: "reload noconfirm"
async: 60
poll: 0
- name: sleep for 3 minutes
wait_for:
timeout: 180
delegate_to: localhost
- name: WAIT FOR FIREWALL TO REBOOT
wait_for:
host: "{{ ansible_host }}"
port: 22
timeout: 3600
delegate_to: localhost
- name: sleep for 4 minutes for services & protocols to load
wait_for:
timeout: 240
delegate_to: localhost
- name: GATHER FAILOVER STATE
asa_command:
commands: "show failover state | i This"
register: show_failover_new
*OUTPUT:*
TASK [GATHER FAILOVER STATE]
**************************************************************************************************************************************************************************************
redirecting (type: action) ansible.builtin.asa to cisco.asa.asa
redirecting (type: action) ansible.builtin.asa to cisco.asa.asa
<10.58.222.4> using connection plugin network_cli (was local)
redirecting (type: connection) ansible.builtin.persistent to
ansible.netcommon.persistent
<10.58.222.4> starting connection from persistent connection plugin
Found ansible-connection at path /usr/bin/ansible-connection
shutdown complete
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/paramiko/channel.py", line
699, in recv
out = self.in_buffer.read(nbytes, self.timeout)
File "/usr/local/lib/python3.9/dist-packages/paramiko/buffered_pipe.py",
line 164, in read
raise PipeTimeout()
paramiko.buffered_pipe.PipeTimeout
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File
"/root/.ansible/collections/ansible_collections/ansible/netcommon/plugins/connection/network_cli.py",
line 962, in send
response = self.receive(
File
"/root/.ansible/collections/ansible_collections/ansible/netcommon/plugins/connection/network_cli.py",
line 913, in receive
response = self.receive_paramiko(
File
"/root/.ansible/collections/ansible_collections/ansible/netcommon/plugins/connection/network_cli.py",
line 727, in receive_paramiko
data = self._ssh_shell.recv(256)
File "/usr/local/lib/python3.9/dist-packages/paramiko/channel.py", line
701, in recv
raise socket.timeout()
socket.timeout
Regards,
Vikram
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c72aafa0-32ff-4c9a-8129-29bdebb882e9n%40googlegroups.com.
