Solved: ASA config backup , ansible error failed to elevate privilege

schwarz-michael · ‎08-27-2021

Hello, I still try to automate daily backup the ASA startup-config with ansible. If I run the playbook I get the following error message:

fatal: [xxxxxxx]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "msg": "unable to elevate privilege to enable mode, at prompt [\rxxxxxxxx# ] with error: failed to elevate privilege to enable mode still at prompt [\rxxxxxxxxx# ]"}

These error message appears independent of a priv 3 user also as priv 15 admin user!!! I do not know the reason of this problem because of the prompt "#" the execution mode is already reached so only the task must be run???

Please, I hope that someone can help me to solve my problem with ansible!

Best regards,

Michael

hosts

[ASA:vars]

ansible_connection=network_cli

ansible_network_os=ios

ansible_user=xxxxx

ansible_password=xxxxxx

ansible_become=yes

ansible_become_method=enable

ansible_become_pass=xxxxxx

[ASA]

xxxxx ansible_host=192.168.1.1

Playbook

---

- name: Backup Cisco Konfig

hosts: SWITCH,ASA,FP

gather_facts: false

connection: network_cli

vars:

date_time: "{{ lookup('pipe', 'date +%Y%m%d_%H%M') }}"

date: "{{ lookup('pipe', 'date +%Y%m%d') }}"

tasks:

- name: show startup-config on network devices

ios_command:

commands:

- show start

register: config

- name: Create Directory

file:

path: /etc/ansible/backups/{{ date }}

state: directory

- name: save output to ~/network-programmability/backups/

copy:

content: "{{ config.stdout[0] }}"

dest: "/etc/ansible/backups/{{ date }}/{{ inventory_hostname }}_{{ date_time }}.txt"

schwarz-michael · ‎08-27-2021

Hello Seb,

sorry, that is my first playbook and I used a found example for backup cisco configuration. For the switch environment it works well, but for the asa systems there seems to be a problem with the become method to change to the execution mode. I searched a several time but I did not found a suitable solution.

Thank You very much for sending the post, I will try to implement the right syntax for the playbook.

Great, for the first test it works well.

Cheers,

Michael

View solution in original post

Seb Rupik · ‎08-27-2021

Hi there,

Is there any reason you are using 'ansible_network_os=ios' and not 'ansible_network_os=asa' for this playbook?

Take a look at this post I wrote a while back which covers backing up ASA with single and multi-contexts:

https://cs7networks.co.uk/2019/11/01/ansible-dynamic-asa-context-backups/

cheers,

Seb.

schwarz-michael · ‎08-27-2021

Hello Seb,

sorry, that is my first playbook and I used a found example for backup cisco configuration. For the switch environment it works well, but for the asa systems there seems to be a problem with the become method to change to the execution mode. I searched a several time but I did not found a suitable solution.

Thank You very much for sending the post, I will try to implement the right syntax for the playbook.

Great, for the first test it works well.

Cheers,

Michael

Seb Rupik · ‎08-27-2021

It is always tricky to write bulletproof playbooks when mixing platforms, sometimes it is simpler to make them per-platfrom.

Please mark this post answered if you are happy with the solution.

cheers,

Seb.