Re: Ansible - ASA Playbook, SSH Timeouts closing sockets.

Sloanstar · ‎09-23-2019

I've created a basic Ansible play that simply copies new binaries out to the ASAs we manage. However, as you can imagine many of the lower bandwidth WAN connected sites take a bit longer for the copy operations to complete. These are hitting regulatory required SSH timeout values configured on the ASA (validated with debug ssh enabled) on the Ansible control connection despite setting a ServerAliveInterval and OpenSSH reaching out to verify the server is still there. Ansible machine is sending SSH packet type 80 and ASA is responding with SSH packet type 82, however this is not preventing an idle timeout. Once the connection is deleted via timeout, the socket is removed and the play fails.

This behavior is not experienced in a normal client connection, presumably because the stdout ! feedback is collected and displayed to the user? - just a guess here.

How can I execute long running plays without compromising my regulatory required timeout values?

Thanks.

Seb Rupik · ‎09-23-2019

Hi there,

Have you confirmed it isn't the task timing out?

I'm guessing you have bumped up the ansible_command_timeout?

- task: foo
  var:
    ansible_command_timeout: 600

cheers,

Seb.

Sloanstar · ‎09-23-2019

Yes, the ansible command timeout is currently 1800 seconds for the copy job. The error when failing is "Socket Closed" not the typical command timeout you would see from hitting the long running command error, and it is clear from debugging SSH on the ASA that the ASA is closing the connection at the precise timeout value of the SSH timeout setting (plus 0.1 to 0.2 seconds)