Ansible ad-hoc命令不支持思科設備

Question

我已經安裝了Ansible的Ubuntu服務器。 我盡我的網絡中使用Ansible，但它只是從一開始

10.102.249.3失敗對我來說是一個路由器

zab@UbuntuSrv:/etc/ansible$ ansible 10.102.249.3 -a "conf t" --ask-pass -vvv  
SSH password: 
<10.102.249.3> ESTABLISH CONNECTION FOR USER: zab 
<10.102.249.3> REMOTE_MODULE command conf t 
<10.102.249.3> EXEC ['sshpass', '-d6', 'ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/zab/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'GSSAPIAuthentication=no', '-o', 'PubkeyAuthentication=no', '-o', 'ConnectTimeout=10', '10.102.249.3', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"] 
<10.102.249.3> PUT /tmp/tmpZUkRET TO Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"/command 
10.102.249.3 | FAILED => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"/command: 

Connection to 10.102.249.3 closed by remote host. 
Connection closed 

zab@UbuntuSrv:/etc/ansible$ ansible 10.102.249.3 -m ping --ask-pass -vvv   
SSH password: 
<10.102.249.3> ESTABLISH CONNECTION FOR USER: zab 
<10.102.249.3> REMOTE_MODULE ping 
<10.102.249.3> EXEC ['sshpass', '-d6', 'ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/zab/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'GSSAPIAuthentication=no', '-o', 'PubkeyAuthentication=no', '-o', 'ConnectTimeout=10', '10.102.249.3', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"] 
<10.102.249.3> PUT /tmp/tmpOPuOWh TO Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"/ping 
10.102.249.3 | FAILED => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"/ping: 

Connection to 10.102.249.3 closed by remote host. 
Connection closed 

更新： 什麼是錯我的劇本？ 我得到ERROR: raw is not a legal parameter at this level in an Ansible Playbook

--- 
- hosts: testsw 
    remote_user: zab 
    tasks: 
    - name: copy tftp run 
    raw: copy tftp://10.1.78.153/test running-config 

UPDATE2：謝謝，現在它起着。但它不能連接到交換機（思科3750，思科2960）。我可以從這臺服務器做出ssh。 Ansible連接到第二個開關，我們可以選擇橫幅。我記得Ansible將python腳本推送到遠程主機。但是現在我在劇本中使用了原始模塊。它以這種方式工作嗎？

ansible-playbook test.yml --ask-pass 
SSH password: 

PLAY [testsw] ***************************************************************** 

GATHERING FACTS *************************************************************** 
fatal: [10.0.100.61] => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308 && echo $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308'"/setup: 

Connection to 10.0.100.61 closed by remote host. 
Connection closed 

fatal: [10.0.100.60] => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106 && echo $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106'"/setup: 

C Authorized access only! 
Disconnect IMMEDIATELY if you are not an authorized network administrator! 
channel_by_id: 2: bad id: channel free 
client_input_channel_req: channel 2: unknown channel 
Connection to 10.0.100.60 closed by remote host. 
Connection closed 


TASK: [copy tftp run] ********************************************************* 
FATAL: no hosts matched or all hosts have already failed -- aborting 


PLAY RECAP ******************************************************************** 
      to retry, use: --limit @/home/zab/test.retry 

10.0.100.60    : ok=0 changed=0 unreachable=1 failed=0 
10.0.100.61    : ok=0 changed=0 unreachable=1 failed=0 

Answer 1

由於您發送的是conf t，我想您正在嘗試與Cisco路由器通話。 這是行不通的，因爲Ansible推送在遠程主機上執行的python腳本。

做的時候，唯一的辦法是使用raw模塊，像這樣：

ansible cat -m raw -a 'show clock' --ask-pass -c paramiko 
SSH password: 
cat | success | rc=0 >> 

11:11:51.676 METDST Fri Oct 10 2014 

我必須得使用的paramiko進行連接。 甚至不要考慮以這種方式發送混淆：每次調用模塊都會重新打開ssh連接，因此無法使用連續的命令發送配置。

你可以做的最好的是copy tftp://.... startup-config，首先發送一個配置文件到tftp服務器。

然而，這是很容易與合理的編排。

祝你好運。

Answer 2

對於Update2：您需要禁用收集Cisco設備的事實，因爲這不受支持。

--- 
- hosts: testsw 
    remote_user: zab 
    gather_facts: false 
    tasks: 
    - name: copy tftp run 
    raw: copy tftp://10.1.78.153/test running-config 

原始模塊只是通過ssh發送字符串，因爲它被寫入，這通常是我如何與Ansible + Cisco設備起作用。

使用OpenSSH與思科設備的工作，我通常安裝在我的本地的.ssh /配置如下所示：

Host * 
    StrictHostKeyChecking no 
    UserKnownHostsFile=/dev/null 
    ServerAliveInterval 120 
    ServerAliveCountMax 2 
    ControlPath ~/.ssh/master-%r@%h:%p 
    ControlMaster auto 
    ControlPersist 60s 

Answer 3

Ansible現在支持的Cisco IOS設備的核心模塊中。你可以看看這裏：https://docs.ansible.com/ansible/ios_config_module.html

這裏是一個簡單的例子。

1. site.yml

 
    - name: play show commands and change running-config on cisco ios device 
    hosts: 
    - cisco 
    gather_facts: no 
    connection: local 
    roles: 
     - cisco 

任務/主。yml

 
    --- 
    - name: define provider 
     set_fact: 
     provider: 
      host: "{{inventory_hostname}}" 
      username: "{{username}}" 
      password: "{{password}}" 

    - name: run show commands with ios_command 
     ios_command: 
     provider: "{{provider}}" 
     commands: 
      - show version 
      - show ip interface brief 
      - show inventory 
      - show ntp association 
     register: show_result 

    - debug: var=show_result.stdout_lines 

    - name: change ntp server with ios_config 
     ios_config: 
     provider: "{{ provider }}" 
     authorize: yes 
     lines: 
      - ntp server {{ntpsrv01}} 
      - ntp server {{ntpsrv02}} 
     replace: block 
     match: line 
     before: 
      - no ntp server {{ntpsrv03}} 
      - no ntp server {{ntpsrv04}} 
     force: true 

    - name: run show ntp association after change with ios_config 
     ios_command: 
     provider: "{{ provider }}" 
     commands: 
      - show ntp association 
     register: after_change_ntp 

    - debug: var=after_change_ntp.stdout_lines 

    - name: change syslog server with ios_template 
     ios_template: 
     host: "{{inventory_hostname}}" 
     username: "{{username}}" 
     password: "{{password}}" 
     src: config.j2 
     force: true 

    - name: run "show running | include logging host" after change made 
     ios_command: 
     provider: "{{ provider }}" 
     commands: 
      - show running | include logging host 
     register: syslogsrv_list 

    - debug: var=syslogsrv_list.stdout_lines 

    - name: write running-config to startup-config 
     ios_command: 
     provider: "{{ provider }}" 
     commands: 
      - write 
     register: write_output 

    - debug: var=write_output.stdout_lines