Re: Conecting Ansible (in ubuntu) to Cisco IOS

fabian-cruz · ‎07-08-2024

Hello experts ,

Im trying to run my first playbook in ansible over 2 cisco devices (C3750_IOS, CSR1000V_XE)

If I run a ping test from ansible it Works OK

I test SSH directly from ubuntu server this is working ok,

but, when I try to send my first ansible playbook I get this authentication error

In Cisco router (Ip ssh loggin events)

C3725_IOS#

CSR1000V_XE

Errors:

*Mar 1 05:05:53.238: %SSH-5-SSH2_CLOSE: SSH2 Session from 192.168.80.41 (tty = 1) for user 'cisco' using crypto cipher 'aes128-cbc', hmac 'hmac-sha1' closed

*Jul 8 20:23:33.402: %SSH-5-SSH2_CLOSE: SSH2 Session from 192.168.80.41 (tty = 1) for user 'cisco' using crypto cipher 'aes128-ctr', hmac 'hmac-sha2-256' closed

Any idea what is missing in my config?

# cat ansible.cfg
[defaults]
inventory = ./hosts
host_key_checking = false
retry_files_enabled = false
deprecation_warnings = false

# cat hosts
[routers:vars]
ansbile_user=cisco
ansbile_ssh_pass=cisco
ansible_network_os=ios
ansible_connection=network_cli

[routers]
C3750_IOS ansible_host=192.168.80.40
CSR1000V_XE ansible_host=192.168.80.50

/etc/ssh/ssh_config file is atached

Torbjørn · ‎07-09-2024

The easiest way to fix this is probably to install ansible-pylibssh. You can install this with "python3 -m pip install ansible-pylibssh" or "pip install ansible-pylibssh". I have had similar odd issues like this before by relying on paramiko.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

fabian-cruz · ‎07-09-2024

Hello Torbjorn,

thanks for your response Im trying to install ansible-pylibssh and I'm getting the following error

bigevilbeard · ‎07-09-2024

@fabian-cruz This is a safety measure to prevent conflicts between packages installed by different tools, try using apt instead.

Hope this helps

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

fabian-cruz · ‎07-09-2024

apt-get install ansible-pylibssh
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package ansible-pylibssh

bigevilbeard · ‎07-09-2024

@fabian-cruz hmm interesting, this not available as a system package through apt-get, thinking this must be a specialised package... So i think the only way around this is to create a virtual environment using python3 -m venv path/to/venv. Then, activate the environment and install the package using pip. This will isolate the package and its dependencies from the rest of your system.

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

fabian-cruz · ‎07-09-2024

Hello bigevilbeard,

it worked, I was able to install ansible-pylibssh module in virtual environment, using this:

# Create virtual enviroment
python3 -m venv .venv
#activate virtual enviroment
.venv/bin/activate
# install the module
python3 -m pip install ansible-pylibssh

now, Im not sure how to execute the ansible playbook with pylibssh because Im getting same issue.

bigevilbeard · ‎07-09-2024

@fabian-cruz wow this is being a pain for you! In your Ansible configuration (ansible.cfg) try and add the following line to the [defaults] section of your ansible.cfg file (usually located in /etc/ansible/ or ~/.ansible.cfg) and then

replace /path/to/.venv with the actual path to your virtual environment.

ansible_python_interpreter=/path/to/.venv/bin/python

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

fabian-cruz · ‎07-09-2024

it doesn't work

#this is my venv directory
facs123@facs123-VMware-Virtual-Platform:~/.venv/bin$ ls
activate activate.csh activate.fish Activate.ps1 pip pip3 pip3.12 python python3 python3.12

#Ansible.cfg
[defaults]
inventory = ./hosts
host_key_checking = false
retry_files_enabled = false
deprecation_warnings = false
ansible_python_interpreter=/home/facs123/.venv/bin/python

#I try with python and python3

(.venv) root@facs123-VMware-Virtual-Platform:/etc/ansible/lab01# ansible all -i 192.168.80.50, -c network_cli -u cisco -k -m ios_facts -e ansible_network_os=ios
SSH password:
[WARNING]: ansible-pylibssh not installed, falling back to paramiko

bigevilbeard · ‎07-09-2024

@fabian-cruz gahhhhh... getting slighty out of my knowledge now i admit... so from the error, looks like the .venv environment has the site-packages directory directly under lib, not within a Python version-specific subdirectory... try and update the ansible_python_interpreter setting in your ansible.cfg file to

ansible_python_interpreter=/home/facs123/.venv/lib/python

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

Torbjørn · ‎07-09-2024

At this point I think it might be cleaner to install Ansible in the venv as well. It will be easier to manage, and easier to replicate if you wish to spin it up elsewhere in the future. Can you give this a go?

# If you are to start from scratch
rm -r .venv
python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install ansible ansible-pylibssh

# If you are using the same venv as above
python3 -m pip install ansible

Just remember that you will have to activate the virtual environment before running your playbook in the future.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev