不可见的即席命令不适用于Cisco设备

Question

我用Ansible新安装了Ubuntu服务器。我试着在我的网络中使用Ansible，但从一开始就失败了。

10.102.249.3是一个路由器

zab@UbuntuSrv:/etc/ansible$ ansible 10.102.249.3 -a "conf t" --ask-pass -vvv       
SSH password: 
<10.102.249.3> ESTABLISH CONNECTION FOR USER: zab
<10.102.249.3> REMOTE_MODULE command conf t
<10.102.249.3> EXEC ['sshpass', '-d6', 'ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/zab/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'GSSAPIAuthentication=no', '-o', 'PubkeyAuthentication=no', '-o', 'ConnectTimeout=10', '10.102.249.3', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"]
<10.102.249.3> PUT /tmp/tmpZUkRET TO Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"/command
10.102.249.3 | FAILED => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"/command:

Connection to 10.102.249.3 closed by remote host.
Connection closed

zab@UbuntuSrv:/etc/ansible$ ansible 10.102.249.3 -m ping  --ask-pass -vvv         
SSH password: 
<10.102.249.3> ESTABLISH CONNECTION FOR USER: zab
<10.102.249.3> REMOTE_MODULE ping
<10.102.249.3> EXEC ['sshpass', '-d6', 'ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/zab/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'GSSAPIAuthentication=no', '-o', 'PubkeyAuthentication=no', '-o', 'ConnectTimeout=10', '10.102.249.3', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"]
<10.102.249.3> PUT /tmp/tmpOPuOWh TO Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"/ping
10.102.249.3 | FAILED => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"/ping:

Connection to 10.102.249.3 closed by remote host.
Connection closed

更新：，我的剧本怎么了？我得到了ERROR: raw is not a legal parameter at this level in an Ansible Playbook

---
- hosts: testsw
  remote_user: zab
  tasks: 
  - name: copy tftp run
    raw: copy tftp://10.1.78.153/test running-config

Update2:，谢谢，现在开始播放了。但它不能连接到交换机(思科3750，思科2960)。我可以用这台服务器做ssh。不可连接到第二个开关，我们可以看到横幅。我记得Ansible将python脚本推送到远程主机。但是现在我在剧本里使用了原始模块。它是这样工作的吗？

ansible-playbook test.yml --ask-pass
SSH password: 

PLAY [testsw] ***************************************************************** 

GATHERING FACTS *************************************************************** 
fatal: [10.0.100.61] => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308 && echo $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308'"/setup:

Connection to 10.0.100.61 closed by remote host.
Connection closed

fatal: [10.0.100.60] => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106 && echo $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106'"/setup:

C Authorized access only!
 Disconnect IMMEDIATELY if you are not an authorized network administrator!
channel_by_id: 2: bad id: channel free
client_input_channel_req: channel 2: unknown channel
Connection to 10.0.100.60 closed by remote host.
Connection closed


TASK: [copy tftp run] ********************************************************* 
FATAL: no hosts matched or all hosts have already failed -- aborting


PLAY RECAP ******************************************************************** 
           to retry, use: --limit @/home/zab/test.retry

10.0.100.60                : ok=0    changed=0    unreachable=1    failed=0   
10.0.100.61                : ok=0    changed=0    unreachable=1    failed=0   

Answer 1

既然你发送了一个conf t，我想你是在尝试与思科路由器对话。这是行不通的，因为Ansible推动在远程主机上执行的python脚本。

做某事的唯一方法是使用raw模块，如下所示：

ansible cat -m raw -a 'show clock' --ask-pass -c paramiko
SSH password: 
cat | success | rc=0 >>

11:11:51.676 METDST Fri Oct 10 2014

我也得用paramiko来连接。甚至不要考虑以这种方式发送消息:每次对模块的调用都将重新打开ssh连接，因此不能使用连续的ansible命令发送配置。

您能做的最好的方法是首先向tftp服务器发送一个配置文件，以实现copy tftp://.... startup-config。

然而，这是相当容易编排与ansible。

祝好运。

Answer 2

对于Update2:您需要禁用思科设备的收集事实，因为这是不支持的。

---
- hosts: testsw
  remote_user: zab
  gather_facts: false
  tasks: 
  - name: copy tftp run
    raw: copy tftp://10.1.78.153/test running-config

原始模块只是在编写字符串时通过ssh发送字符串，这通常是我在Ansible + Cisco设备上的工作方式。

为了使openssh与Cisco设备一起工作，我通常设置本地的. .ssh/config，如下所示：

Host *
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null
  ServerAliveInterval 120
  ServerAliveCountMax 2
  ControlPath ~/.ssh/master-%r@%h:%p
  ControlMaster auto
  ControlPersist 60s