Automation

 View Only
last person joined: 9 days ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.
  • 1.  Ansible-Playbook ConnectError with vQFX via vagrant

    Posted 04-27-2021 06:46
    Hello community,

    i have two VirtualBox VMs deployed with vagrant. One ubuntu VM and another vQFX (20.2R1.10). Both VMs can ping each other and I can connect from ubuntu VM to the vQFX VM with ssh.  I would like to run a playbook that reads the uptime from the vQFX. The playbook and all requirements I wrote/installed from the "Day One Book: Automating Junos with Ansible v2.1".
    My Problem is: When I run the playbook, the following error appears:

    root@ubuntu1804:/home/vagrant/ansible# ansible-playbook -i inventory uptime.yml
    Junos Username: root
    Junos Password:

    PLAY [get device uptime] ***************************************************************************

    TASK [get uptime using galaxy module] **************************************************************
    fatal: [vqfx-re]: FAILED! => {"changed": false, "msg": "Unable to make a PyEZ connection: ConnectError(host: 192.168.100.12, msg: Raw)"}

    PLAY RECAP *****************************************************************************************
    vqfx-re : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

    However, I can successfully run the exact same playbook with physical hardware (Ex4300).
    Netconf is configured for the vQFX. My host machine is Windows10.

    Have you any idea what could be the error?

    My playbook:
    ---
    - name: get device uptime
    hosts:
    - all
    roles:
    - Juniper.junos
    connection: local
    gather_facts: no

    vars_prompt:
    - name: username
    prompt: Junos Username
    private: no

    - name: password
    prompt: Junos Password
    private: yes

    tasks:
    - name: get uptime using galaxy module
    juniper_junos_rpc:
    rpcs:
    - get-system-uptime-information
    provider:
    host: "{{ ansible_host }}"
    port: 22
    user: "{{ username }}"
    passwd: "{{ password }}"
    register: uptime

    - name: display uptime (single-RE)
    debug:
    var: uptime.parsed_output['system-uptime-information']['system-booted-time']
    when: uptime.parsed_output['system-uptime-information'] is defined

    - name: display uptimes (multi-RE)
    debug:
    var: uptime.parsed_output['multi-routing-engine-results']['multi-routing-engine-item']['system-uptime-information']['system-booted-time']
    when: uptime.parsed_output['multi-routing-engine-results'] is defined


    ------------------------------
    Sydney
    ------------------------------


  • 2.  RE: Ansible-Playbook ConnectError with vQFX via vagrant

     
    Posted 04-27-2021 12:45

    Hi, 

    pyEz by default tries netconf connection on port 830.
    Same playbook with vQFX works if port is set to 830 instead of 22:

    ---
    - name: get device uptime
      hosts: all
      connection: local
      gather_facts: no
    
      roles:
        - Juniper.junos
    
    
      vars_prompt:
        - name: username
          prompt: Junos Username
          private: no
    
        - name: password
          prompt: Junos Password
          private: yes
    
      tasks:
      - name: get uptime using galaxy module
        juniper_junos_rpc:
          rpcs:
            - get-system-uptime-information
          provider:
            host: "{{ ansible_host }}"
            port: 830
            user: "{{ username }}"
            passwd: "{{ password }}"
        register: uptime
    
      - name: display uptime (single-RE)
        debug:
          var: uptime.parsed_output['system-uptime-information']['system-booted-time']
        when: uptime.parsed_output['system-uptime-information'] is defined
    
      - name: display uptimes (multi-RE)
        debug:
          var: uptime.parsed_output['multi-routing-engine-results']['multi-routing-engine-item']['system-uptime-information']['system-booted-time']
        when: uptime.parsed_output['multi-routing-engine-results'] is defined


    Result:

    # ansible-playbook -i hosts test.yml
    Junos Username: root
    Junos Password:
    
    PLAY [get device uptime] ***************************************************************************************************************************************************************************************************************************
    
    TASK [get uptime using galaxy module] **************************************************************************************************************************************************************************************************************
    ok: [vqfx01]
    
    TASK [display uptime (single-RE)] ******************************************************************************************************************************************************************************************************************
    skipping: [vqfx01]
    
    TASK [display uptimes (multi-RE)] ******************************************************************************************************************************************************************************************************************
    ok: [vqfx01] => {
        "uptime.parsed_output['multi-routing-engine-results']['multi-routing-engine-item']['system-uptime-information']['system-booted-time']": {
            "date-time": "2021-04-27 15:21:14 UTC",
            "time-length": "01:19:30"
        }
    }
    
    PLAY RECAP *****************************************************************************************************************************************************************************************************************************************
    vqfx01                     : ok=2    changed=0    unreachable=0    failed=0


    The port parameter can also be omitted in the playbook, as default is 830.

    Cheers, 

    Ashvin



    ------------------------------
    Ashvin
    ------------------------------



  • 3.  RE: Ansible-Playbook ConnectError with vQFX via vagrant

    Posted 04-28-2021 03:26

    Hey Ashvin,

    unfortunately, this does not work with port 830 either. I get the same error. I have attached the output from the playbook in debug mode. Maybe there is still something to find.

    [...]
    Junos Username: root
    Junos Password:

    PLAY [get device uptime] ********************************************************************************************
    META: ran handlers

    TASK [get uptime using galaxy module] *******************************************************************************
    task path: /home/vagrant/ansible/uptime.yml:20
    <192.168.100.12> ESTABLISH LOCAL CONNECTION FOR USER: root
    <192.168.100.12> EXEC /bin/sh -c 'echo ~root && sleep 0'
    <192.168.100.12> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1619594458.9497862-3319-150626490810193 `" && echo ansible-tmp-1619594458.9497862-3319-150626490810193="` echo /root/.ansible/tmp/ansible-tmp-1619594458.9497862-3319-150626490810193 `" ) && sleep 0'
    Using module file /root/.ansible/roles/Juniper.junos/library/juniper_junos_rpc.py
    <192.168.100.12> PUT /root/.ansible/tmp/ansible-local-3312tx_9t66p/tmpir9mzuvk TO /root/.ansible/tmp/ansible-tmp-1619594458.9497862-3319-150626490810193/AnsiballZ_juniper_junos_rpc.py
    <192.168.100.12> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1619594458.9497862-3319-150626490810193/ /root/.ansible/tmp/ansible-tmp-1619594458.9497862-3319-150626490810193/AnsiballZ_juniper_junos_rpc.py && sleep 0'
    <192.168.100.12> EXEC /bin/sh -c '/usr/bin/python3 /root/.ansible/tmp/ansible-tmp-1619594458.9497862-3319-150626490810193/AnsiballZ_juniper_junos_rpc.py && sleep 0'
    <192.168.100.12> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1619594458.9497862-3319-150626490810193/ > /dev/null 2>&1 && sleep 0'

    The full traceback is:
    File "/tmp/ansible_juniper_junos_rpc_payload_cv6epmph/ansible_juniper_junos_rpc_payload.zip/ansible/module_utils/juniper_junos_common.py", line 1300, in open
    self.dev.open()
    File "/usr/local/lib/python3.6/dist-packages/jnpr/junos/device.py", line 1403, in open
    raise cnx_err

    [WARNING]: The value "830" (type int) was converted to "'830'" (type string). If this does not look like what you
    expect, quote the entire value to ensure it does not change.
    fatal: [vqfx-re]: FAILED! => {
    "changed": false,
    "invocation": {
    "module_args": {
    "attempts": null,
    "attrs": null,
    "baud": null,
    "console": null,
    "cs_passwd": null,
    "cs_user": null,
    "dest": null,
    "dest_dir": null,
    "filter": null,
    "formats": null,
    "host": "192.168.100.12",
    "ignore_warning": null,
    "kwargs": null,
    "level": null,
    "logdir": null,
    "logfile": null,
    "mode": null,
    "passwd": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
    "port": 830,
    "return_output": true,
    "rpcs": [
    "get-system-uptime-information"
    ],
    "ssh_config": null,
    "ssh_private_key_file": null,
    "timeout": 30,
    "user": "root"
    }
    },
    "msg": "Unable to make a PyEZ connection: ConnectError(host: 192.168.100.12, msg: Raw)"
    }

    PLAY RECAP **********************************************************************************************************
    vqfx-re : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0


    If you have any other idea please let me know.

    Thank you!



    ------------------------------
    SYDNEY LANGNICKEL
    ------------------------------



  • 4.  RE: Ansible-Playbook ConnectError with vQFX via vagrant
    Best Answer

     
    Posted 04-28-2021 04:17

    Hi, 

    Could you probably try and confirm netconf and pyEZ connection from Ansible host to device works fine:

    ssh <user>@<device-ip> -t netconf

    Example to check if pyEz connection works:

    $ python3
    # python3
    Python 3.5.2 (default, Jan 26 2021, 13:30:48)
    [GCC 5.4.0 20160609] on linux
    Type "help", "copyright", "credits" or "license" for more information.
    >>> from jnpr.junos import Device
    >>> dev = Device(host='192.168.1.243', user='<username>', passwd='<password>')
    >>> dev.open()
    Device(192.168.1.243)
    >>> dev.rpc.get_system_information()
    <Element system-information at 0x7f1c9e1ad548>
    >>> dev.facts


    This should return some data from device if connection is successful.

    Perhaps, this may also help: https://community.juniper.net/communities/community-home/digestviewer/viewthread?MID=67815

    Cheers,



    ------------------------------
    Ashvin
    ------------------------------



  • 5.  RE: Ansible-Playbook ConnectError with vQFX via vagrant

    Posted 04-28-2021 05:41

    Hey Ashvin,

    yes the ssh root@192.168.100.12 -t netconf works well. With  "dev.open()" in python3 I get the following error, but can solved it:

    [...]
    >>> dev.open()
    Unknown exception: Raw
    Traceback (most recent call last):
    File "/usr/local/lib/python3.6/dist-packages/paramiko/transport.py", line 2083, in run
    self._handler_table[ptype](self, m)
    File "/usr/local/lib/python3.6/dist-packages/paramiko/transport.py", line 2199, in _negotiate_keys
    self.kex_engine.start_kex()
    File "/usr/local/lib/python3.6/dist-packages/paramiko/kex_curve25519.py", line 54, in start_kex
    serialization.Encoding.Raw, serialization.PublicFormat.Raw
    File "/usr/lib/python3.6/enum.py", line 326, in __getattr__
    raise AttributeError(name) from None
    AttributeError: Raw

    [...]

    With this error of "paramiko" I got the information I need a higher version of cryptography (source: https://github.com/paramiko/paramiko/issues/1472).  Unfortunately for Ubuntu18.04 is only 2.1.4 available.

    root@ubuntu1804:/home/vagrant/ansible# dpkg -l | grep "python3-cryptography"
    ii python3-cryptography 2.1.4-1ubuntu1.4


    I deployed an Ubuntu20.04 and the Playbook works well. There is a higher cryptography available.

    root@ubuntu2004:/home/vagrant/ansible# dpkg -l | grep "python3-cryptography"
    ii python3-cryptography 2.8-3ubuntu0.1


    I am writing this in case someone else runs into the same problem.
    Thank you for the hint.

    Cheers,



    ------------------------------
    SYDNEY LANGNICKEL
    ------------------------------