Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

Hi!
I have found out that some IOS devices have problems with gather_facts and 
ansible does that by default. So I disabled it with gather_facts=no and now 
ansible continues to the next step now without gathering facts and skips 
the ios_facts error.

Also I have changed some paramiko config on the ansible.cfg  like this:
[paramiko_connection]

# uncomment this line to cause the paramiko connection plugin to not record new 
host
# keys encountered.  Increases performance on new host additions.  Setting 
works independently of the
# host key checking setting above.
#record_host_keys=False

# by default, Ansible requests a pseudo-terminal for commands executed under 
sudo. Uncomment this
# line to disable this behaviour.
#pty=False

# paramiko will default to looking for SSH keys initially when trying to
# authenticate to remote devices.  This is a problem for some network devices
# that close the connection after a key failure.  Uncomment this line to
# disable the Paramiko look for keys function
look_for_keys = False

# When using persistent connections with Paramiko, the connection runs in a
# background process.  If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key.  This will cause connections
# running in background processes to fail.  Uncomment this line to have
# Paramiko automatically add host keys.
host_key_auto_add = True
Note that these changes didn't made any difference.. So if its commented or 
not i get the same error - No Existing Session

This is my code now:
---
  - name: 
---   1. Applying Layer 2 Configuration   ---
hosts: Snif_TEST
gather_facts: no
vars:
  ansible_become: yes
  ansible_become_method: enable
  ansible_user: ansible
  ansible_password: ansible
  ansible_network_os: ios
  ansible_connection: network_cli
tasks:
- include_vars:
dir: /etc/ansible/roles/new_vlan/vars/
- include_role:
name: new_vlan
tasks_from: show_vlan.yml
I have found out that it doesn't matter if I put the vars under all:vars or 
just vars on the playbook it produces the same results.

So after bypassing the gathering_facts error my current error is:
2020-01-21 10:26:27,529 p=ansible u=26571 | ansible-playbook 2.9.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/ansible/.ansible/plugins/modules', 
u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.5 (default, Aug  7 2019, 00:51:29) [GCC 4.8.5 
20150623 (Red Hat 4.8.5-39)]
2020-01-21 10:26:27,530 p=ansible u=26571
 | Using /etc/ansible/ansible.cfg as config file
2020-01-21 10:26:27,531 p=ansible u=26571 | setting up inventory plugins
2020-01-21 10:26:27,543 p=ansible u=26571
 | host_list declined parsing /etc/ansible/inventory/POC_ENV.yml as it did not 
pass its verify_file() method
2020-01-21 10:26:27,543 p=ansible u=26571
 | script declined parsing /etc/ansible/inventory/POC_ENV.yml as it did not 
pass its verify_file() method
2020-01-21 10:26:27,548 p=ansible u=26571
 | Parsed /etc/ansible/inventory/POC_ENV.yml inventory source with yaml plugin
2020-01-21 10:26:27,548 p=ansible u=26571 | setting up inventory plugins
2020-01-21 10:26:28,353 p=ansible u=26571
 | Loading callback plugin default of type stdout, v2.0
 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc
2020-01-21 10:26:28,452 p=ansible u=26571 | PLAYBOOK: new_vlan_playbook.yml
 
***
2020-01-21 10:26:28,453 p=ansible u=26571 | 1 plays in new_vlan_playbook.yml
2020-01-21 10:26:28,468 p=ansible u=26571 | PLAY [---   1
. Applying Layer 2
 Configuration   ---] 
**
2020-01-21 10:26:28,476 p=ansible u=26571 | META: ran handlers
2020-01-21 10:26:28,484 p=ansible u=26571
 | TASK [include_vars] 
***
2020-01-21 10:26:28,518 p=ansible u=26580
 |  attempting to start connection
2020-01-21 10:26:28,518 p=ansible u=26580
 |  using connection plugin network_cli
2020-01-21 10:26:29,116 p=ansible u=26580
 |  local domain socket does not exist, starting it
2020-01-21 10:26:29,116 p=ansible u=26580
 |  control socket path is /home/ansible/.ansible/pc/b2fb8201f6
2020-01-21 10:26:29,117 p=ansible u=26580
 |  local domain socket listeners started successfully
2020-01-21 10:26:29,117 p=ansible u=26580
 |  loaded cliconf plugin ios from path /usr/lib/python2.7
/site-packages/ansible/plugins/cliconf/ios.py for network_os ios
2020-01-21 10:26:29,117 p=ansible u=26580 | network_os is set to ios
2020-01-21 10:26:29,117 p=ansible u=26580 |  
2020-01-21 10:26:29,118 p=ansible u=26580
 |  

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

*Hi Phil,*
*Thank you for your help.*

*Playbook:*
  - name: 
---   1. Applying Layer 2 Configuration   ---
hosts: Snif_TEST
connection: network_cli
tasks:
- include_vars:
dir: /etc/ansible/roles/new_vlan/vars/
- include_role:
name: new_vlan
tasks_from: show_vlan.yml

*It's seems that after I set these variables under the inventory file like 
this:*
all:
  children:
POC_ENV:
  hosts:
TEST-NXOS2:
TEST-NXOS3:
Snif_TEST:
  hosts:
R-TEST-SNIF:
  vars:
ansible_network_os: ios
ansible_password: ansible
ansible_become: yes
ansible_become_method: enable
ansible_user: ansible

*All other variables are equal to null except 
ansible_connection/ansible_network_os for some reason. Here is the output:*
[ansible@Netauto-Dev new_vlan]$ ansible-playbook new_vlan_playbook.yml -
2020-01-21 09:25:53,934 p=ansible u=23836 | ansible-playbook 2.9.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/ansible/.ansible/plugins/modules', 
u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.5 (default, Aug  7 2019, 00:51:29) [GCC 4.8.5 
20150623 (Red Hat 4.8.5-39)]
2020-01-21 09:25:53,935 p=ansible u=23836
 | Using /etc/ansible/ansible.cfg as config file
2020-01-21 09:25:53,936 p=ansible u=23836 | setting up inventory plugins
2020-01-21 09:25:53,947 p=ansible u=23836
 | host_list declined parsing /etc/ansible/inventory/POC_ENV.yml as it did not 
pass its verify_file() method
2020-01-21 09:25:53,947 p=ansible u=23836
 | script declined parsing /etc/ansible/inventory/POC_ENV.yml as it did not 
pass its verify_file() method
2020-01-21 09:25:53,953 p=ansible u=23836
 | Parsed /etc/ansible/inventory/POC_ENV.yml inventory source with yaml plugin
2020-01-21 09:25:53,954 p=ansible u=23836 | setting up inventory plugins
2020-01-21 09:25:55,045 p=ansible u=23836
 | Loading callback plugin default of type stdout, v2.0
 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc
2020-01-21 09:25:55,138 p=ansible u=23836 | PLAYBOOK: new_vlan_playbook.yml
 
***
2020-01-21 09:25:55,139 p=ansible u=23836 | 1 plays in new_vlan_playbook.yml
2020-01-21 09:25:55,145 p=ansible u=23836 | PLAY [---   1
. Applying Layer 2
 Configuration   ---] 
**
2020-01-21 09:25:55,159 p=ansible u=23836
 | TASK [Gathering Facts] 

2020-01-21 09:25:55,202 p=ansible u=23847
 |  attempting to start connection
2020-01-21 09:25:55,203 p=ansible u=23847
 |  using connection plugin network_cli
2020-01-21 09:25:55,843 p=ansible u=23847
 |  local domain socket does not exist, starting it
2020-01-21 09:25:55,843 p=ansible u=23847
 |  control socket path is /home/ansible/.ansible/pc/e8627bbe23
2020-01-21 09:25:55,844 p=ansible u=23847
 |  local domain socket listeners started successfully
2020-01-21 09:25:55,844 p=ansible u=23847
 |  loaded cliconf plugin ios from path /usr/lib/python2.7
/site-packages/ansible/plugins/cliconf/ios.py for network_os ios
2020-01-21 09:25:55,844 p=ansible u=23847 | network_os is set to ios
2020-01-21 09:25:55,845 p=ansible u=23847 |  
2020-01-21 09:25:55,845 p=ansible u=23847
 |  local domain socket path is /home/ansible/.ansible/pc/
e8627bbe23
2020-01-21 09:25:55,853 p=ansible u=23847 | [WARNING]: Ignoring timeout(10
) for ios_facts

2020-01-21 09:25:55,854 p=ansible u=23847
 |  ESTABLISH LOCAL CONNECTION FOR USER: ansible
2020-01-21 09:25:55,855 p=ansible u=23847 |  EXEC /bin/sh -c 
'( umask 77 && mkdir -p "` echo 
/home/ansible/.ansible/tmp/ansible-local-23836IRvmI3/ansible-tmp-1579591555.85-45205629859053
 `" && echo ansible-tmp-1579591555.85-45205629859053="` echo 
/home/ansible/.ansible/tmp/ansible-local-23836IRvmI3/ansible-tmp-1579591555.85-45205629859053
 `" ) && sleep 0'
2020-01-21 09:25:56,725 p=ansible u=23847
 |  Attempting python interpreter discovery
2020-01-21 09:25:56,726 p=ansible u=23847 |  EXEC /bin/sh -c 
'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; 
command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v 
'"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v 
'"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command 
-v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && 
sleep 0'
2020-01-21 09:25:56,748 p=ansible u=23847 |  EXEC /bin/sh -c 
'/usr/bin/python && sleep 0'
2020-01-21 09:25:56,822 p=ansible u=23847
 | Using module file /usr/lib/python2.7
/site-packages/ansible/modules/network/ios/ios_facts.py
2020-01-21 

Re: [ansible-project] Ansible passwordless login not working

[Phil Griffiths]

What happens when you setup your inventory to something like this:

[all:vars]# these defaults can be overridden for any group in the [group:vars] 
sectionansible_connection=network_cliansible_user=ansible
[ios]...
[ios:vars]ansible_become=yesansible_become_method=enableansible_network_os=iosansible_user=ansibleansible_password=
 ansible

Try setting those values in the inventory file and see what happens

Phil.


On Monday, 20 January 2020 06:59:35 UTC, Yehuda Pinhas wrote:
>
> Hi again.
> Anyone have any idea?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/26f9e384-e29c-452d-a71d-aa0a615fd6e1%40googlegroups.com.

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

I think it has something to do with the publickey and that ansible tries to 
authenticate using the public key as primary method of authentication. 
For some reason it doesn't takes the username and password and just attempt 
SSH with it.

I think that because of the log file.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/db3d5b87-468a-450c-bf37-1a7dc26ec309%40googlegroups.com.

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

Hi again.
Anyone have any idea?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e669ab37-a0b7-4508-a129-e771ca18926c%40googlegroups.com.

Re: [ansible-project] Ansible passwordless login not working

[Vladimir Botka]

On Thu, 16 Jan 2020 01:36:28 -0800 (PST)
Yehuda Pinhas  wrote:

> How is it SSH problem if I can add a public key or just regulary SSH and 
> its working?

SSH tried (publickey,keyboard-interactive,password) and failed

> fatal: [R-TEST-SNIF]: UNREACHABLE! => {"changed": false, "msg": "Failed to 
> connect to the host via ssh: Warning: Permanently added 
> 'r-test-snif,10.70.54.102' (RSA) to the list of known hosts.\r\nPermission 
> denied (publickey,keyboard-interactive,password).", "unreachable": true}

I can only repeat: Find out why 'password' permission was denied.

See "Network Debug and Troubleshooting Guide"
https://docs.ansible.com/ansible/latest/network/user_guide/network_debug_troubleshooting.html#network-debug-and-troubleshooting-guide

and "Enabling Networking device interaction logging" in particular
https://docs.ansible.com/ansible/latest/network/user_guide/network_debug_troubleshooting.html#enabling-networking-device-interaction-logging
Quoting:  "Ansible 2.8 features added logging of device interaction in log
file to help diagnose and troubleshoot issues regarding Ansible Networking
modules."

If you want to proceed in a systemic way get the log.

-vlado

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20200116121050.0ee1d74e%40gmail.com.


pgpaKGSZ4tp5y.pgp
Description: OpenPGP digital signature

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

Hi Douglas,
This is the result of --ask-pass:

[image: Capture.PNG]


I have no idea what that means haha. What do you think?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1b6b38ae-78ab-498f-b087-38df4eef2a17%40googlegroups.com.

Re: [ansible-project] Ansible passwordless login not working

[Douglas Evert]

When adding a public key are you adding it to an amiable user or to another 
user and does your ping work if you pass —ask-pass?

Sent from my iPhone

> On Jan 16, 2020, at 04:36, Yehuda Pinhas  wrote:
> 
> 
> I'm not sure that  "connection: network_cli" because not matter what i do I 
> get the same error... Its just not working.
> 
> 
> How is it SSH problem if I can add a public key or just regulary SSH and its 
> working? that proves that its not an SSH problem on my remote machine and 
> leaves the fault in the ansible code side..
> 
> Any other ideas?
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/b9eb97d9-87d6-48fe-8077-4f0b3c78f3dd%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2CCAF59F-3E77-4BEE-A54F-F9F6EE7C4E9A%40gmail.com.

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

*I have no idea what to do next.. also ping check fails..*

[image: Capture.PNG]

*Again, if im adding the publickey for passwordless authentication Ansible 
works.. but without it its not..*

*This is the configuration on the router side:*

R-TEST-SNIF#sh run
Building configuration...

Current configuration : 1474 bytes
!
! Last configuration change at 07:42:41 EST Wed Jan 15 2020
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R-TEST-SNIF
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone EST -5 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip domain name EVE
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
username ansible privilege 15 password 0 ansible
!
redundancy
!
!
ip ssh version 2
! 
!
!
!
!
! 
!
!
!
!
!

!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login local
 transport input telnet ssh
 transport output telnet ssh
!
!
end


*crypto key rsa generate proof:*

R-TEST-SNIF#  show crypto key mypubkey rsa
% Key pair was generated at: 05:35:04 EST Jan 15 2020
Key name: R-TEST-SNIF.EVE
Key type: RSA KEYS
 Storage Device: private-config
 Usage: General Purpose Key
 Key is not exportable.
 Key Data:
  307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00A5F2FB C8D19FA7 
  E19B9A1E 92976C47 174482FA 788CEA72 85AEF6E9 F0336651 CFE2DA99 316C94A2 
  45A9C27F A2E37D40 C2EE2A39 81B2C4C9 E3BB751C 20CD8C2A 1A632617 AE46F329 
  05CC6D09 483607CB 20DBC972 C2A92124 63FD1EFB E9A66E8C 07020301 0001
% Key pair was generated at: 05:35:04 EST Jan 15 2020
Key name: R-TEST-SNIF.EVE.server
Key type: RSA KEYS
Temporary key
 Usage: Encryption Key
 Key is not exportable.
 Key Data:
  306C300D 06092A86 4886F70D 01010105 00035B00 30580251 00AC4D25 1A615FB6 
  1FFEFF70 1A0C72A8 C9C26E3A C4F9AA7D 8C47CE5B 0FCC59A7 CADA0BC8 C173D620 
  26E5445E 65BBAAF2 915B844C 71B0D855 ADB5BBBC 68314F14 3F891C0D 8162B869 
  C227A0B0 C4592A93 5F020301 0001


*Its probably some command missing on the router side.. *
*anyone have any idea what is missing?*

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8a9ba6ec-a380-4c6f-94e3-0d40f93c8aa6%40googlegroups.com.

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

I'm not sure that  "connection: network_cli" because not matter what i do I 
get the same error... Its just not working.


How is it SSH problem if I can add a public key or just regulary SSH and 
its working? that proves that its not an SSH problem on my remote machine 
and leaves the fault in the ansible code side..

Any other ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b9eb97d9-87d6-48fe-8077-4f0b3c78f3dd%40googlegroups.com.

Re: [ansible-project] Ansible passwordless login not working

[Vladimir Botka]

On Wed, 15 Jan 2020 05:36:23 -0800 (PST)
Yehuda Pinhas  wrote:

> fatal: [R-TEST-SNIF]: UNREACHABLE! => {"changed": false, "msg": "Failed to 
> connect to the host via ssh: Warning: Permanently added 
> 'r-test-snif,10.70.54.102' (RSA) to the list of known hosts.\r\nPermission 
> denied (publickey,keyboard-interactive,password).", "unreachable": true}

It's SSH problem now. Find out why 'password' permission was denied.

See "Network Debug and Troubleshooting Guide"
https://docs.ansible.com/ansible/latest/network/user_guide/network_debug_troubleshooting.html#network-debug-and-troubleshooting-guide

and "Enabling Networking device interaction logging" in particular
https://docs.ansible.com/ansible/latest/network/user_guide/network_debug_troubleshooting.html#enabling-networking-device-interaction-logging

HTH,

-vlado

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20200115172311.59d7feb8%40gmail.com.


pgprAhq9AWVVL.pgp
Description: OpenPGP digital signature

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

*Hi Vladimir,*

*with this code on the playbook:*
---
  - name: 
---   1. Applying Layer 2 Configuration   ---
hosts: Snif_TEST
connection: network_cli
tasks:
- include_vars:
dir: /etc/ansible/roles/new_vlan/vars/
- include_role:
name: new_vlan
tasks_from: show_vlan.yml

*And on the vars file:*
  ansible_ssh_common_args: 
-o StrictHostKeyChecking=no -o UserKnownHostsFile=~/.ssh/known_hosts  
ansible_user: ansible
  ansible_password: ansible

*This is the result:*
[ansible@Netauto-Dev new_vlan]$ ansible-playbook new_vlan_playbook.yml

PLAY [---   1. Applying Layer 2 Configuration  
 ---] 
**

TASK [Gathering Facts] 

fatal: [R-TEST-SNIF]: FAILED! => {"msg": "Unable to automatically determine 
host network os. Please manually configure ansible_network_os value for 
this host"}




*With this code on the playbook:*
---
  - name: 
---   1. Applying Layer 2 Configuration   ---
hosts: Snif_TEST
tasks:
- include_vars:
dir: /etc/ansible/roles/new_vlan/vars/
- include_role:
name: new_vlan
tasks_from: show_vlan.yml

*And on the vars file:*
  ansible_ssh_common_args: 
-o StrictHostKeyChecking=no -o UserKnownHostsFile=~/.ssh/known_hosts  
  ansible_connection: network_cli
  ansible_network_os: ios
  ansible_user: ansible
  ansible_password: ansible

*This is the result:*
[ansible@Netauto-Dev new_vlan]$ ansible-playbook new_vlan_playbook.yml

PLAY [---   1. Applying Layer 2 Configuration  
 ---] 
**

TASK [Gathering Facts] 

fatal: [R-TEST-SNIF]: UNREACHABLE! => {"changed": false, "msg": "Failed to 
connect to the host via ssh: Warning: Permanently added 
'r-test-snif,10.70.54.102' (RSA) to the list of known hosts.\r\nPermission 
denied (publickey,keyboard-interactive,password).", "unreachable": true}

PLAY RECAP 

R-TEST-SNIF: ok=0changed=0unreachable=1
failed=0skipped=0rescued=0ignored=0   


*Keep in mind that in anytime I have no problem with sshing to the machine. 
example:*

[image: Capture.PNG]
*Also remember that I always can add the pubkey configuration to the router 
and run ansible successfuly.*

*Have any idea what to do next?*

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bb69793a-cf26-4db4-8e0d-20f58d00f087%40googlegroups.com.

Re: [ansible-project] Ansible passwordless login not working

[Vladimir Botka]

On Wed, 15 Jan 2020 03:56:14 -0800 (PST)
Yehuda Pinhas  wrote:

> *Cisco IOS Software Version 15.4(1)T (I86BI_LINUX-ADVENTERPRISEK9-M)*

Cisco IOS is supported platform
https://access.redhat.com/articles/3168091

>   - name: 
> hosts: Snif_TEST
> connection: local

The connection should be 'network_cli'. See "Ansible Network Examples"
https://docs.ansible.com/ansible/latest/network/user_guide/network_best_practices_2.5.html#ansible-network-examples
and "Privilege escalation" in particular
https://docs.ansible.com/ansible/latest/network/user_guide/network_best_practices_2.5.html#privilege-escalation

- name: 
  hosts: Snif_TEST
  connection: network_cli

HTH,

-vlado

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20200115140653.4f45aed5%40gmail.com.


pgpjWpHsdePP6.pgp
Description: OpenPGP digital signature

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

*Oh. of course.*
*The router is virtual image - IOL.*
*Cisco IOS Software Version 15.4(1)T (I86BI_LINUX-ADVENTERPRISEK9-M)*

*Full code is:*

*/etc/ansible/roles/new_vlan/new_vlan_playbook.yml:*
---
  - name: 
---   1. Applying Layer 2 Configuration   ---
hosts: Snif_TEST
connection: local
tasks:
- include_vars:
dir: /etc/ansible/roles/new_vlan/vars/
- include_role:
name: new_vlan
tasks_from: show_vlan.yml


*/etc/ansible/roles/new_vlan/tasks/show_vlan.yml*
---
  - name: ---   1. Show VLAN   --
ios_command:
  commands: 
- show ip int br
register: show_vlan

  - debug: msg="{{ show_vlan.stdout_lines }}"


* /etc/ansible/roles/new_vlan/vars/new_vlan_vars.yml*
  ansible_ssh_common_args: 
-o StrictHostKeyChecking=no -o UserKnownHostsFile=~/.ssh/known_hosts 
  ansible_user: ansible
  ansible_password: ansible

*/etc/ansible/inventory/POC_ENV.yml*
all:
  children:
POC_ENV:
  hosts:
TEST-NXOS2:
TEST-NXOS3:
Snif_TEST:
  hosts:
R-TEST-SNIF:

*Ill mention again that when i add this configuration on the router ansible 
works perfectly:*

  ip ssh pubkey-chain

  username ansible

  key-string

  ssh-rsa 
B3NzaC1yc2EDAQABAAABAQDuKpCznL9Gb7L/jVypzsHxFcceKBL2Xg0Enjr5XnGtaAsycD+ToiXYANzn2J21z3IqxyVG7NELLkW03CCclBVMCkdbzD8sRaVuIZCjYdzD4KX7O8goBXnz0+sPO4FhccSBhMfAO/IphliQ0oFBM26OG8UsxZISI5/04GdObk6AwM7jDk6Fga1Wcmqpo0P2XfarXckbL0LxAYEaGr5JR6X4p

n+0x4C/DuOIIKQuvDyiaWTlD+ewRW6kMUUgo8AnVcHekZG+7GDzS4yVuAKZ73pl+Pe8EBa2eUP4FSE1ZXqnQvunKyGo7ifrZCcbikAnkB2is48Y67E3c21ZxhSkI36P
 
ansible@Netauto-Dev


*What do you think?*





-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a7f6c8a5-e945-4fa0-a3e6-ce11934427ac%40googlegroups.com.

Re: [ansible-project] Ansible passwordless login not working

[Vladimir Botka]

On Wed, 15 Jan 2020 01:26:07 -0800 (PST)
Yehuda Pinhas  wrote:

> The device is a router

Sure it is. Could you disclose the brand and type?

> 1. If im sshing normaly with ansible:ansible credentials it works
> 2. If im installing ssh keypair (publickey on the router) the ansible is 
> working.

It's seems that the problem might be isolated.

'Gathering_Facts' and 'include_vars' was 'OK'. Then the play failed. Find out
which variable, from the included variables, changed and made the play fail

/etc/ansible/roles/new_vlan/vars/new_vlan_vars.yml

-vlado

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20200115120505.6919831f%40gmail.com.


pgpkrMfrkLQzM.pgp
Description: OpenPGP digital signature

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

Hi Vladimir,
The device is a router, and I have made few more checks:
1. If im sshing normaly with ansible:ansible credentials it works
2. If im installing ssh keypair (publickey on the router) the ansible is 
working.
 
Problem occurs once I take off the public key from the router and try to 
ssh with username + password instead of username + pubkey.


I have even tryed to add the ansible_connection feature like this:
  ansible_connection: network_cli
  ansible_network_os: ios
  ansible_ssh_common_args: 
-o StrictHostKeyChecking=no -o UserKnownHostsFile=~/.ssh/known_hosts 
  ansible_user: ansible
  ansible_password: ansible

And this is the error:

[image: Capture.PNG]


I have no idea what to do

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7c3b0d67-6a7b-4bb2-bc68-a7ecce4a4023%40googlegroups.com.

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

>
> Hi Vladimir,

The device is a router, and I have made few more checks:
1. If im sshing normaly with ansible:ansible credentials it works
2. If im installing ssh keypair (publickey on the router) the ansible is 
working.
 
Problem occurs once I take off the public key from the router and try to 
ssh with username + password instead of username + pubkey.


I have even tryed to add the ansible_connection feature and this is the 
error:

[image: Capture.PNG]


I have no idea what to do
 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a2232f9d-f8de-4b63-a1d6-ad60507dcd4e%40googlegroups.com.

Re: [ansible-project] Ansible passwordless login not working

[Vladimir Botka]

On Tue, 14 Jan 2020 23:30:43 -0800 (PST)
Yehuda Pinhas  wrote:

>  using connection plugin network_cli (was local)
> [...]
> fatal: [R-TEST-SNIF]: FAILED! => {
> "changed": false, 
> "msg": "command timeout triggered, timeout value is 10 secs.\nSee the 
> timeout setting options in the Network Debug and Troubleshooting Guide."
> }

What is the device that's making troubles?

Make sure the device is working with the connection plugin 'network_cli'.
See "How Network Automation is Different"
https://docs.ansible.com/ansible/latest/network/getting_started/network_differences.html#how-network-automation-is-different
and in particular "Multiple Communication Protocols"
https://docs.ansible.com/ansible/latest/network/getting_started/network_differences.html#multiple-communication-protocols

-vlado

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20200115101512.574c97fd%40gmail.com.


pgpomBdoWXOPu.pgp
Description: OpenPGP digital signature

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

*Hi,*
*Thank you for your answer. but its still not working*

*This is how my code looks like now:*
  ansible_ssh_common_args: 
-o StrictHostKeyChecking=no -o UserKnownHostsFile=~/.ssh/known_hosts 
  ansible_user: ansible
  ansible_password: ansible

*And here is my error now:*

[ansible@Netauto-Dev new_vlan]$ ansible-playbook new_vlan_playbook.yml 
-v
ansible-playbook 2.9.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = 
[u'/home/ansible/.ansible/plugins/modules', 
u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.5 (default, Aug  7 2019, 00:51:29) [GCC 4.8.5 
20150623 (Red Hat 4.8.5-39)]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/POC_ENV.yml as it did not 
pass its verify_file() method
script declined parsing /etc/ansible/inventory/POC_ENV.yml as it did not 
pass its verify_file() method
Parsed /etc/ansible/inventory/POC_ENV.yml inventory source with yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/SNIF_AGGREGATOR.yml as it 
did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/SNIF_AGGREGATOR.yml as it 
did not pass its verify_file() method
Parsed /etc/ansible/inventory/SNIF_AGGREGATOR.yml inventory source with 
yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/avaya.yml as it did not 
pass its verify_file() method
script declined parsing /etc/ansible/inventory/avaya.yml as it did not pass 
its verify_file() method
Skipping empty key (hosts) in group (avaya)
Parsed /etc/ansible/inventory/avaya.yml inventory source with yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/branch_switch.yml as it 
did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/branch_switch.yml as it did 
not pass its verify_file() method
Parsed /etc/ansible/inventory/branch_switch.yml inventory source with yaml 
plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/nexus.yml as it did not 
pass its verify_file() method
script declined parsing /etc/ansible/inventory/nexus.yml as it did not pass 
its verify_file() method
Parsed /etc/ansible/inventory/nexus.yml inventory source with yaml plugin
setting up inventory plugins
host_list declined parsing 
/etc/ansible/inventory/snif_router_IPVPN_20M_50M.yml as it did not pass its 
verify_file() method
script declined parsing 
/etc/ansible/inventory/snif_router_IPVPN_20M_50M.yml as it did not pass its 
verify_file() method
Parsed /etc/ansible/inventory/snif_router_IPVPN_20M_50M.yml inventory 
source with yaml plugin
setting up inventory plugins
host_list declined parsing 
/etc/ansible/inventory/snif_router_IPVPN_8M_10M_200M.yml as it did not pass 
its verify_file() method
script declined parsing 
/etc/ansible/inventory/snif_router_IPVPN_8M_10M_200M.yml as it did not pass 
its verify_file() method
Parsed /etc/ansible/inventory/snif_router_IPVPN_8M_10M_200M.yml inventory 
source with yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/snif_router_SoM_10M.yml 
as it did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/snif_router_SoM_10M.yml as 
it did not pass its verify_file() method
Skipping empty key (hosts) in group (snif_router_SoM_10M)
Parsed /etc/ansible/inventory/snif_router_SoM_10M.yml inventory source with 
yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/snif_router_SoM_20M.yml 
as it did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/snif_router_SoM_20M.yml as 
it did not pass its verify_file() method
Skipping empty key (hosts) in group (snif_router_SoM_20M)
Parsed /etc/ansible/inventory/snif_router_SoM_20M.yml inventory source with 
yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/snif_router_SoM_40M.yml 
as it did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/snif_router_SoM_40M.yml as 
it did not pass its verify_file() method
Skipping empty key (hosts) in group (snif_router_SoM_40M)
Parsed /etc/ansible/inventory/snif_router_SoM_40M.yml inventory source with 
yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/snif_router_all.yml as it 
did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/snif_router_all.yml as it 
did not pass its verify_file() method
Parsed /etc/ansible/inventory/snif_router_all.yml inventory source with 
yaml plugin
Loading callback plugin default of type stdout, v2.0 from 
/usr/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc

PLAYBOOK: new_vlan_playbook.yml 

Re: [ansible-project] Ansible passwordless login not working

[Yehuda Pinhas]

*Hi,*
*Thank you for your answer. but its still not working*
*any idea why? *

*here is my error now:*

[ansible@Netauto-Dev new_vlan]$ ansible-playbook new_vlan_playbook.yml 
-v
ansible-playbook 2.9.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = 
[u'/home/ansible/.ansible/plugins/modules', 
u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.5 (default, Aug  7 2019, 00:51:29) [GCC 4.8.5 
20150623 (Red Hat 4.8.5-39)]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/POC_ENV.yml as it did not 
pass its verify_file() method
script declined parsing /etc/ansible/inventory/POC_ENV.yml as it did not 
pass its verify_file() method
Parsed /etc/ansible/inventory/POC_ENV.yml inventory source with yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/SNIF_AGGREGATOR.yml as it 
did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/SNIF_AGGREGATOR.yml as it 
did not pass its verify_file() method
Parsed /etc/ansible/inventory/SNIF_AGGREGATOR.yml inventory source with 
yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/avaya.yml as it did not 
pass its verify_file() method
script declined parsing /etc/ansible/inventory/avaya.yml as it did not pass 
its verify_file() method
Skipping empty key (hosts) in group (avaya)
Parsed /etc/ansible/inventory/avaya.yml inventory source with yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/branch_switch.yml as it 
did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/branch_switch.yml as it did 
not pass its verify_file() method
Parsed /etc/ansible/inventory/branch_switch.yml inventory source with yaml 
plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/nexus.yml as it did not 
pass its verify_file() method
script declined parsing /etc/ansible/inventory/nexus.yml as it did not pass 
its verify_file() method
Parsed /etc/ansible/inventory/nexus.yml inventory source with yaml plugin
setting up inventory plugins
host_list declined parsing 
/etc/ansible/inventory/snif_router_IPVPN_20M_50M.yml as it did not pass its 
verify_file() method
script declined parsing 
/etc/ansible/inventory/snif_router_IPVPN_20M_50M.yml as it did not pass its 
verify_file() method
Parsed /etc/ansible/inventory/snif_router_IPVPN_20M_50M.yml inventory 
source with yaml plugin
setting up inventory plugins
host_list declined parsing 
/etc/ansible/inventory/snif_router_IPVPN_8M_10M_200M.yml as it did not pass 
its verify_file() method
script declined parsing 
/etc/ansible/inventory/snif_router_IPVPN_8M_10M_200M.yml as it did not pass 
its verify_file() method
Parsed /etc/ansible/inventory/snif_router_IPVPN_8M_10M_200M.yml inventory 
source with yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/snif_router_SoM_10M.yml 
as it did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/snif_router_SoM_10M.yml as 
it did not pass its verify_file() method
Skipping empty key (hosts) in group (snif_router_SoM_10M)
Parsed /etc/ansible/inventory/snif_router_SoM_10M.yml inventory source with 
yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/snif_router_SoM_20M.yml 
as it did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/snif_router_SoM_20M.yml as 
it did not pass its verify_file() method
Skipping empty key (hosts) in group (snif_router_SoM_20M)
Parsed /etc/ansible/inventory/snif_router_SoM_20M.yml inventory source with 
yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/snif_router_SoM_40M.yml 
as it did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/snif_router_SoM_40M.yml as 
it did not pass its verify_file() method
Skipping empty key (hosts) in group (snif_router_SoM_40M)
Parsed /etc/ansible/inventory/snif_router_SoM_40M.yml inventory source with 
yaml plugin
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory/snif_router_all.yml as it 
did not pass its verify_file() method
script declined parsing /etc/ansible/inventory/snif_router_all.yml as it 
did not pass its verify_file() method
Parsed /etc/ansible/inventory/snif_router_all.yml inventory source with 
yaml plugin
Loading callback plugin default of type stdout, v2.0 from 
/usr/lib/python2.7/site-packages/ansible/plugins/callback/default.pyc

PLAYBOOK: new_vlan_playbook.yml 
***
Positional arguments: new_vlan_playbook.yml
become_method: sudo
inventory: 

Re: [ansible-project] Ansible passwordless login not working

[Vladimir Botka]

On Tue, 14 Jan 2020 06:38:34 -0800 (PST)
Yehuda Pinhas  wrote:

> *Here is my code on my /etc/ansible/roles/new_vlan/vars/new_vlan_vars.yml 
> file:*
>   ansible_ssh_common_args: 
> -o StrictHostKeyChecking=no -o UserKnownHostsFile=~/.ssh/known_hosts 
>   ansible_user: ansible
>   ansible_pass: ansible

`ansible_password` is the correct name of the variable. See "Common inventory
variables"
https://docs.ansible.com/ansible/latest/network/user_guide/network_best_practices_2.5.html?highlight=password#common-inventory-variables

HTH,

-vlado

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20200114173346.784e61e1%40gmail.com.


pgp4qMCL8wjid.pgp
Description: OpenPGP digital signature