问题现象
inventory
如下
[test_dev]
172.16.100.254 ansible_ssh_user=cisco ansible_ssh_password='cisco' ansible_ssh_port=22 ansible_connection=ansible.netcommon.network_cli ansible_network_os=ios
ping的时候显示是正常的。
# ansible test_dev -m ping
172.16.100.254 | SUCCESS => {
"changed": false,
"ping": "pong"
}
但是调用cisco_commands
模块时就报错了
# ansible -vvv test_dev -m ios_command -a "commands='show version '"
The full traceback is:
File "/data/apps/opt/ansible6/lib/python3.9/site-packages/ansible_collections/cisco/ios/plugins/module_utils/network/ios/ios.py", line 61, in get_capabilities
capabilities = Connection(module._socket_path).get_capabilities()
File "/data/apps/opt/ansible6/lib/python3.9/site-packages/ansible/module_utils/connection.py", line 200, in __rpc__
raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
172.16.100.254 | FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"commands": [
"show version "
],
"interval": 1,
"match": "all",
"retries": 10,
"wait_for": null
}
},
"msg": "Failed to authenticate: Authentication failed."
}
为什么会是这种情况呢,ping
的时候不是已经成功了吗?
排查
根据官方文档中的说明,设置相关变量,开启DEBUG,并记录日志:
export ANSIBLE_LOG_PATH=~/ansible.log
export ANSIBLE_DEBUG=True
查看日志,可以看到是paramiko
模块在连接设备时,出错了。
2023-02-24 19:48:03,816 p=32048 u=root n=ansible | <172.16.100.254> ANSIBLE_NETWORK_IMPORT_MODULES: running ios_command
2023-02-24 19:48:03,817 p=32058 u=root n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use
ansible.utils.display.Display.verbosity instead. This feature will be removed
in version 2.18. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
2023-02-24 19:48:03,818 p=32058 u=root n=ansible | <172.16.100.254> ESTABLISH PARAMIKO SSH CONNECTION FOR USER: cisco on PORT 22 TO 172.16.100.254
2023-02-24 19:48:03,826 p=32058 u=root n=p=32058 u=root | paramiko [172.16.100.254] | Connected (version 2.0, client Cisco-1.25)
2023-02-24 19:48:06,408 p=32058 u=root n=p=32058 u=root | paramiko [172.16.100.254] | Authentication (publickey) failed.
2023-02-24 19:48:06,411 p=32058 u=root n=p=32058 u=root | paramiko [172.16.100.254] | Disconnect (code 2): Protocol error: expected packet type 50, got 5
2023-02-24 19:48:06,419 p=32058 u=root n=ansible | Traceback (most recent call last):
File "/data/apps/opt/ansible6/lib/python3.9/site-packages/ansible/plugins/connection/paramiko_ssh.py", line 428, in _connect_uncached
ssh.connect(
File "/data/apps/opt/ansible6/lib/python3.9/site-packages/paramiko/client.py", line 450, in connect
self._auth(
File "/data/apps/opt/ansible6/lib/python3.9/site-packages/paramiko/client.py", line 781, in _auth
raise saved_exception
File "/data/apps/opt/ansible6/lib/python3.9/site-packages/paramiko/client.py", line 768, in _auth
self._transport.auth_password(username, password)
File "/data/apps/opt/ansible6/lib/python3.9/site-packages/paramiko/transport.py", line 1564, in auth_password
return self.auth_handler.wait_for_response(my_event)
File "/data/apps/opt/ansible6/lib/python3.9/site-packages/paramiko/auth_handler.py", line 245, in wait_for_response
raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.
为什么没有使用ssh进行连接呢?
再往上看,又看到
2023-02-24 19:48:03,776 p=32048 u=root n=ansible | network_os is set to ios
2023-02-24 19:48:03,776 p=32048 u=root n=ansible | <172.16.100.254> ssh type is set to auto
2023-02-24 19:48:03,777 p=32048 u=root n=ansible | <172.16.100.254> autodetecting ssh_type
2023-02-24 19:48:03,777 p=32048 u=root n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko
2023-02-24 19:48:03,777 p=32048 u=root n=ansible | <172.16.100.254> ssh type is now set to paramiko
2023-02-24 19:48:03,777 p=32048 u=root n=ansible | <172.16.100.254> 32054 1677239283.52887: trying /data/apps/opt/ansible6/lib/python3.9/site-packages/ansible/plugins/connection/__pycache__
32054 1677239283.52905: trying /data/apps/opt/ansible6/lib/python3.9/site-packages/ansible/plugins/connection
- ssh的模式设置的是
auto
- 因为没有找到
ansible-pylibssh
的库,所以改用了paramiko
的库 - 然后
paramiko
使用密钥验证就报错了(这里没有配置相关密钥)
那这样就好办了,直接安装相关的库就可以了。
安装ansible-pylibssh模块
[root@wanghaifeng-test payease-haifeng-dev-ansible]# pip install ansible-pylibssh
Looking in indexes: https://pypi.tuna.tsinghua.edu.cn/simple
Collecting ansible-pylibssh
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a8/27/c1eb3367cf63059a016b45dd987a6a88922a643b94b2ab28f0d0d89ea774/ansible_pylibssh-1.1.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.5 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.5/2.5 MB 989.3 kB/s eta 0:00:00
Installing collected packages: ansible-pylibssh
Successfully installed ansible-pylibssh-1.1.0
WARNING: You are using pip version 22.0.4; however, version 23.0.1 is available.
You should consider upgrading via the '/data/apps/opt/ansible6/bin/python -m pip install --upgrade pip' command.
安装之后,问题就解决了,命令也可以正常运行了。
安装后相关的日志
2023-02-24 19:52:59,458 p=32110 u=root n=ansible | <172.16.100.254> ssh type is set to auto
2023-02-24 19:52:59,458 p=32110 u=root n=ansible | <172.16.100.254> autodetecting ssh_type
2023-02-24 19:52:59,458 p=32110 u=root n=ansible | <172.16.100.254> ssh type is now set to libssh
参考
- https://docs.ansible.com/ansible/latest/network/user_guide/network_debug_troubleshooting.html : Network Debug and Troubleshooting Guide