Unable to target nxos devices with ansible

mubadah · ‎09-18-2020

Hi ,

I am facing a problem while working with ansible labs.I am running some playbooks and its working fine when i target servers but it is not working when i target NX-OS devices. I can ping(from ubuntu) to nxos devices and can login via ssh without entering passwords(sshkeys are copied to switches).However, ping from ansible to nxos is failing but ping to server is successful.

I am using ansible_connection =local inside my inventory file.

Below is how my inventory file looks like:

[servers]
10.10.20.20 ansible_python_interpreter="/usr/bin/env python"

[switches]
172.16.30.101 ansible_python_interpreter="/usr/bin/env python"
172.16.30.102 ansible_python_interpreter="/usr/bin/env python"
172.16.30.103 ansible_python_interpreter="/usr/bin/env python"
172.16.30.104 ansible_python_interpreter="/usr/bin/env python"
[switches:vars]
ansible_connection = local

Following is the output when i try to ping nxos devices from ansible:

(venv) developer@MUBADAH-FK5YV:~/netprog_basics/netdevops/ansible_part_2$ ansible -i hosts -m ping switches

172.16.30.104 | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.15-246444382117016 `\" && echo ansible-tmp-1600423446.15-246444382117016=\"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.15-246444382117016 `\" ), exited with result 1, stdout output: ansible-tmp-1600423446.15-246444382117016=/home/developer/.ansible/tmp/ansible-tmp-1600423446.15-246444382117016\n",
"unreachable": true
}
172.16.30.101 | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.12-180984555399613 `\" && echo ansible-tmp-1600423446.12-180984555399613=\"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.12-180984555399613 `\" ), exited with result 1, stdout output: ansible-tmp-1600423446.12-180984555399613=/home/developer/.ansible/tmp/ansible-tmp-1600423446.12-180984555399613\n",
"unreachable": true
}
172.16.30.103 | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.15-274861701314607 `\" && echo ansible-tmp-1600423446.15-274861701314607=\"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.15-274861701314607 `\" ), exited with result 1, stdout output: ansible-tmp-1600423446.15-274861701314607=/home/developer/.ansible/tmp/ansible-tmp-1600423446.15-274861701314607\n",
"unreachable": true
}
172.16.30.102 | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.16-246684419005674 `\" && echo ansible-tmp-1600423446.16-246684419005674=\"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.16-246684419005674 `\" ), exited with result 1, stdout output: ansible-tmp-1600423446.16-246684419005674=/home/developer/.ansible/tmp/ansible-tmp-1600423446.16-246684419005674\n",
"unreachable": true

But ping to server is successful, below is output:

(venv) developer@MUBADAH-FK5YV:~/netprog_basics/netdevops/ansible_part_2$ ansible -i hosts -m ping servers
/home/developer/netprog_basics/netdevops/ansible_part_2/venv/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
from cryptography.exceptions import InvalidSignature
[WARNING]: sftp transfer mechanism failed on [10.10.20.20]. Use ANSIBLE_DEBUG=1 to see detailed information

[WARNING]: scp transfer mechanism failed on [10.10.20.20]. Use ANSIBLE_DEBUG=1 to see detailed information

10.10.20.20 | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}

I have tried with using environment variables as mentioned in lab and without using ansible_connection = local,but result was the same.

Any idea? what i might be missing here?

Thanks

shamax_1983 · ‎12-17-2020

Did you get this resolved. I am facing the same issue. Looks like for some reason the play is trying to create a directory on the target device.

omz · ‎12-18-2020

https://devnetsandbox.cisco.com/RM/Diagram/Index/8cb86a15-04e2-4693-a296-780854615efd

[developer@devbox ansible-playbooks]$ansible --version
ansible 2.4.3.0
  config file = /home/developer/code/sbx_nxos/ansible-playbooks/ansible.cfg
  configured module search path = [u'/home/developer/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Nov 20 2015, 02:00:19) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$cat hosts 
[switches:vars]
ansible_connection = local

[switches]
172.16.30.101 ansible_python_interpreter="/usr/bin/env python"
172.16.30.102 ansible_python_interpreter="/usr/bin/env python"
172.16.30.103 ansible_python_interpreter="/usr/bin/env python"
172.16.30.104 ansible_python_interpreter="/usr/bin/env python"

[spine]
172.16.30.101 
172.16.30.102

[leaf]
172.16.30.103
172.16.30.104

[distribution]
172.16.30.101
172.16.30.102

[access]
172.16.30.103
172.16.30.104

[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$cat .ansible_env 
# Setup environment for ansible playbooks
# Credentials for DevNet Open NX-OS Sandbox
#    https://devnetsandbox.cisco.com/

# usage: source .ansible_env

# Required for some mac versions
# http://stackoverflow.com/questions/37690054/python-and-openssl-version-reference-issue-on-osx
export CRYPTOGRAPHY_ALLOW_OPENSSL_098=1

# Authentication for ansible network modules
export ANSIBLE_NET_USERNAME=cisco
export ANSIBLE_NET_PASSWORD=cisco
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$cat ansible.cfg 
# config file for ansible
# override global certain global settings

[defaults]
# disable host checking to automatically add hosts to known_hosts
host_key_checking = False

# default to inventory file of ./hosts
inventory      = ./hosts
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$

[developer@devbox ansible-playbooks]$ansible -m ping switches
172.16.30.102 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
172.16.30.101 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
172.16.30.103 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
172.16.30.104 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
[developer@devbox ansible-playbooks]$