ansible-junos-stdlib: New version of netconify does not appear to be used

I’ve been trying to get a NOOB functionality with Ansible-junos using junos_install_config. Ideally we open a console connection over SSH then establish a netconf session with, ‘xml-mode netconf need-trailer’ followed by the config sent over netconf. The key here is we are communicating over ssh to a server connected to the qfx switches serial console port.

When using ‘mode: telnet’ this actually works. However we obviously don’t want to connect to console servers over telnet passing sensitive information like root password hashes etc…

Most console servers I have used support SSH. So we look to the 'console: ’ method.

    - name: Push the generated config to the device.
      juniper_junos_config:
        file: "{{ ANSIBLE_PATH }}/files/generated/{{ ansible_hostname }}.set"
        console: --ssh=10.95.15.72,3002,neteng,Backup
        user: "{{ CONSOLE_USER }}"
        passwd: pw
        host: "{{ CONSOLE_HOST }}"
        logfile: /Users/crosson/Desktop/troubleshooting.log

I have the following task in a playbook. Notice the netconify command in the console section. This command fails.

The playbook fails with the following output.

TASK [Push the generated config to the device.] ***************************************************************************************************************************************************************************************
fatal: [tuk8as1.qa.skytap.com]: FAILED! => {"changed": false, "msg": "Unable to parse the console value (--ssh=10.95.15.72,3002,neteng,Backup). Error: unrecognized arguments: --ssh=10.95.15.72,3002,neteng,Backup"}

And yet the --shh arguments work on the command line with netconify.

netconify --ssh=10.95.15.72,3002,neteng,Backup
TTY:connecting to TTY:10.95.15.72:3002:neteng:Backup ...
TTY:logging in ...
TTY: OK ... starting NETCONF
logout:logging out ...

And I see the appropriate communication working over the console to the switch.

I assume that the module is using the older version of netconify, which to my extreme surprise, does not support the --ssh arg but does support telnet.

Is there a way I can get the module to use the latest netconify? Or is there something else that is causing this problem? Perhaps, hopefully, I have a simple syntax issue? Currently I am proceeding with builds over telnet which is a bit of a bummer.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 15 (6 by maintainers)

Most upvoted comments

Before we have proper SSH support, I was able to workaround this using ncat.

See my playbook:

- name: 'Open ssh tunnel'
  shell: 'ncat --sh-exec "ssh {{ node.console_server }} -p  {{node.console_port | int + 3000 }} -tt" -l 4444 --keep-open &'
  register: output
  changed_when: False

- name: 'Push minimal config'
  juniper_junos_config:
    format: 'text'
    provider:
      host: 'localhost'
      mode: 'telnet'
      port: '4444'
    load: 'override'
    diff: 'no'
    check: 'no'
    src: '{{ temp_dir }}{{ item.hostname }}.minimal'
  ignore_errors: 'yes'

- name: 'Get tunnel PID'
  shell: "ps -ef | grep '{{ node.console_server }} -p {{ node.console_port | int + 3000 }}' | grep -v grep | awk '{print $2}'"
  register: ncat_pid
  changed_when: False

- name: 'Close tunnel'
  shell: 'kill {{ pid }}'
  with_items: '{{ ncat_pid.stdout_lines }}'
  loop_control:
    loop_var: 'pid'
  changed_when: False
+2
mmoucka on Apr 12, 2018
Read more comments on GitHub
← ansible-junos-stdlib: Junos_Install_Os Failed to upgrade the JUNOS Host Software
py-junos-eznc: ignore_warnings causing "'str' object has no attribute '_root'" →