cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1659
Views
0
Helpful
2
Replies

Unable to target nxos devices with ansible

mubadah
Cisco Employee
Cisco Employee

Hi ,

I am facing a problem while working with ansible labs.I am running some playbooks and its working fine when i target servers but it is not working when i target NX-OS devices. I can ping(from ubuntu) to nxos devices and can login via ssh without entering passwords(sshkeys are copied to switches).However, ping from ansible to nxos is failing but ping to server is successful.

 

I am using ansible_connection =local inside my inventory file.

 

Below is how my inventory file looks like:

[servers]
10.10.20.20 ansible_python_interpreter="/usr/bin/env python"

[switches]
172.16.30.101 ansible_python_interpreter="/usr/bin/env python"
172.16.30.102 ansible_python_interpreter="/usr/bin/env python"
172.16.30.103 ansible_python_interpreter="/usr/bin/env python"
172.16.30.104 ansible_python_interpreter="/usr/bin/env python"
[switches:vars]
ansible_connection = local

 

Following is the output when i try to ping nxos devices from ansible:

 

(venv) developer@MUBADAH-FK5YV:~/netprog_basics/netdevops/ansible_part_2$ ansible -i hosts -m ping switches

 

172.16.30.104 | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.15-246444382117016 `\" && echo ansible-tmp-1600423446.15-246444382117016=\"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.15-246444382117016 `\" ), exited with result 1, stdout output: ansible-tmp-1600423446.15-246444382117016=/home/developer/.ansible/tmp/ansible-tmp-1600423446.15-246444382117016\n",
"unreachable": true
}
172.16.30.101 | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.12-180984555399613 `\" && echo ansible-tmp-1600423446.12-180984555399613=\"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.12-180984555399613 `\" ), exited with result 1, stdout output: ansible-tmp-1600423446.12-180984555399613=/home/developer/.ansible/tmp/ansible-tmp-1600423446.12-180984555399613\n",
"unreachable": true
}
172.16.30.103 | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.15-274861701314607 `\" && echo ansible-tmp-1600423446.15-274861701314607=\"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.15-274861701314607 `\" ), exited with result 1, stdout output: ansible-tmp-1600423446.15-274861701314607=/home/developer/.ansible/tmp/ansible-tmp-1600423446.15-274861701314607\n",
"unreachable": true
}
172.16.30.102 | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.16-246684419005674 `\" && echo ansible-tmp-1600423446.16-246684419005674=\"` echo /home/developer/.ansible/tmp/ansible-tmp-1600423446.16-246684419005674 `\" ), exited with result 1, stdout output: ansible-tmp-1600423446.16-246684419005674=/home/developer/.ansible/tmp/ansible-tmp-1600423446.16-246684419005674\n",
"unreachable": true

 

But ping to server is successful, below is output:

(venv) developer@MUBADAH-FK5YV:~/netprog_basics/netdevops/ansible_part_2$ ansible -i hosts -m ping servers
/home/developer/netprog_basics/netdevops/ansible_part_2/venv/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
from cryptography.exceptions import InvalidSignature
[WARNING]: sftp transfer mechanism failed on [10.10.20.20]. Use ANSIBLE_DEBUG=1 to see detailed information

[WARNING]: scp transfer mechanism failed on [10.10.20.20]. Use ANSIBLE_DEBUG=1 to see detailed information

10.10.20.20 | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}

 

I have tried with using environment variables as mentioned in lab and without using ansible_connection = local,but result was the same.

Any idea? what i might be missing here?

Thanks

 

2 Replies 2

shamax_1983
Participant
Participant

Did you get this resolved. I am facing the same issue. Looks like for some reason the play is trying to create a directory on the target device.

omz
VIP Alumni
VIP Alumni

 

https://devnetsandbox.cisco.com/RM/Diagram/Index/8cb86a15-04e2-4693-a296-780854615efd

 

 

[developer@devbox ansible-playbooks]$ansible --version
ansible 2.4.3.0
  config file = /home/developer/code/sbx_nxos/ansible-playbooks/ansible.cfg
  configured module search path = [u'/home/developer/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Nov 20 2015, 02:00:19) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$cat hosts 
[switches:vars]
ansible_connection = local
[switches] 172.16.30.101 ansible_python_interpreter="/usr/bin/env python" 172.16.30.102 ansible_python_interpreter="/usr/bin/env python" 172.16.30.103 ansible_python_interpreter="/usr/bin/env python" 172.16.30.104 ansible_python_interpreter="/usr/bin/env python" [spine] 172.16.30.101 172.16.30.102 [leaf] 172.16.30.103 172.16.30.104 [distribution] 172.16.30.101 172.16.30.102 [access] 172.16.30.103 172.16.30.104 [developer@devbox ansible-playbooks]$ [developer@devbox ansible-playbooks]$ [developer@devbox ansible-playbooks]$cat .ansible_env # Setup environment for ansible playbooks # Credentials for DevNet Open NX-OS Sandbox # https://devnetsandbox.cisco.com/ # usage: source .ansible_env # Required for some mac versions # http://stackoverflow.com/questions/37690054/python-and-openssl-version-reference-issue-on-osx export CRYPTOGRAPHY_ALLOW_OPENSSL_098=1 # Authentication for ansible network modules export ANSIBLE_NET_USERNAME=cisco export ANSIBLE_NET_PASSWORD=cisco [developer@devbox ansible-playbooks]$ [developer@devbox ansible-playbooks]$ [developer@devbox ansible-playbooks]$ [developer@devbox ansible-playbooks]$cat ansible.cfg # config file for ansible # override global certain global settings [defaults] # disable host checking to automatically add hosts to known_hosts host_key_checking = False # default to inventory file of ./hosts inventory = ./hosts [developer@devbox ansible-playbooks]$ [developer@devbox ansible-playbooks]$ [developer@devbox ansible-playbooks]$ [developer@devbox ansible-playbooks]$ [developer@devbox ansible-playbooks]$
[developer@devbox ansible-playbooks]$ansible -m ping switches
172.16.30.102 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
172.16.30.101 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
172.16.30.103 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
172.16.30.104 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
[developer@devbox ansible-playbooks]$

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: