尝试在我的 Cisco ios 路由器和交换机上使用 Ad Hoc 命令-m 原始模块。但却出现以下错误。
$ansible -i inventory_file02.ini netgrp -m raw -a “显示版本” -u abdo -K
错误====
BECOME password:
R1 | FAILED | rc=127 >>
/bin/sh: 1: show: not found
non-zero return code
SW1 | FAILED | rc=127 >>
/bin/sh: 1: show: not found
non-zero return code
库存文件=====
R1 ansible_host=192.168.20.1
SW1 ansible_host=192.168.10.2
[netgrp]
R1
SW1
group_vars/netgrp.yml===
---
ansible_connection: network_cli
ansible_network_os: ios
ansible_user: abdo
absible_password: kali/abdo
ansible_become: yes
ansible_become_method: enable
ansible_ssh_pass: kali/abdo
$ ansible -i inventory_file02.ini netgrp -m raw -a “显示版本” -u abdo -kK -vvv
ansible [core 2.12.6]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/kali/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
ansible collection location = /home/kali/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.4 (main, Mar 24 2022, 13:07:27) [GCC 11.2.0]
jinja version = 3.0.3
libyaml = True
Using /etc/ansible/ansible.cfg as config file
SSH password:
BECOME password[defaults to SSH password]:
host_list declined parsing /home/kali/ansible_play01/net_play02/inventory_file02.ini as it did not pass its verify_file() method
script declined parsing /home/kali/ansible_play01/net_play02/inventory_file02.ini as it did not pass its verify_file() method
auto declined parsing /home/kali/ansible_play01/net_play02/inventory_file02.ini as it did not pass its verify_file() method
yaml declined parsing /home/kali/ansible_play01/net_play02/inventory_file02.ini as it did not pass its verify_file() method
Parsed /home/kali/ansible_play01/net_play02/inventory_file02.ini inventory source with ini plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
META: ran handlers
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
redirecting (type: terminal) ansible.builtin.ios to cisco.ios.ios
redirecting (type: cliconf) ansible.builtin.ios to cisco.ios.ios
redirecting (type: terminal) ansible.builtin.ios to cisco.ios.ios
redirecting (type: become) ansible.builtin.enable to ansible.netcommon.enable
redirecting (type: cliconf) ansible.builtin.ios to cisco.ios.ios
redirecting (type: become) ansible.builtin.enable to ansible.netcommon.enable
<192.168.10.2> ESTABLISH LOCAL CONNECTION FOR USER: kali
<192.168.10.2> EXEC show version
<192.168.20.1> ESTABLISH LOCAL CONNECTION FOR USER: kali
<192.168.20.1> EXEC show version
SW1 | FAILED | rc=127 >>
/bin/sh: 1: show: not found
non-zero return code
R1 | FAILED | rc=127 >>
/bin/sh: 1: show: not found
non-zero return code
答案1
ESTABLISH LOCAL CONNECTION不是我期望的 -vvv 消息,本地连接插件只是在本地主机上执行命令。请注意 /bin/sh shell,而不是在 IOS 上找到的东西。对于 network_cli,我期望的LOCAL是PARAMIKO或LIBSSH。(几年前,网络设备使用本地连接插件加上模块参数,但这早已被实际的连接插件淘汰了。)
网络故障排除指南表明它可能只是ESTABLISH CONNECTION。但这可能已经过时了;现代连接插件按照惯例包含它们的名称。
因此,您的连接变量与如何一致配置与 IOS 的连接,但它们可能无法正确应用。您将其放入 group_vars 中,这是一个不错的选择。但是,我认为定义 hostsR1和SW1两次会导致问题。
保留您的 ini 格式清单,删除组外的主机但保留主机变量:
[netgrp]
R1 ansible_host=192.168.20.1
SW1 ansible_host=192.168.10.2
几乎可以在任何地方定义变量。尝试在其他地方定义这些变量,看看哪种方法有效,哪种方法感觉自然。例如,有用于定义的语法库存中的组级变量这可以替代您使用 group_vars 来获取连接详细信息。
[netgrp:vars]
ansible_connection=network_cli
ansible_network_os=ios
ansible_user=abdo
ansible_become_method=enable
答案2
我遇到了类似的问题。问题是,如果在 vars 文件中设置了 ansible_connection=network_cli,则 show 命令将在本地工作站(控制节点)上执行,而不是在路由器上执行。
为了覆盖该问题,我在命令行传递了该变量:ansible -e ansible_connection=paramiko ...。ansible_connection=ssh 也许也可以工作,但我发现 paramiko 对旧版 ios 设备上的 ssh 协议版本更加宽容。