Ansible ad-hoc命令不支持思科设备

Question

我已经安装了Ansible的Ubuntu服务器。 我尽我的网络中使用Ansible，但它只是从一开始

10.102.249.3失败对我来说是一个路由器

zab@UbuntuSrv:/etc/ansible$ ansible 10.102.249.3 -a "conf t" --ask-pass -vvv  
SSH password: 
<10.102.249.3> ESTABLISH CONNECTION FOR USER: zab 
<10.102.249.3> REMOTE_MODULE command conf t 
<10.102.249.3> EXEC ['sshpass', '-d6', 'ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/zab/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'GSSAPIAuthentication=no', '-o', 'PubkeyAuthentication=no', '-o', 'ConnectTimeout=10', '10.102.249.3', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"] 
<10.102.249.3> PUT /tmp/tmpZUkRET TO Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"/command 
10.102.249.3 | FAILED => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"/command: 

Connection to 10.102.249.3 closed by remote host. 
Connection closed 

zab@UbuntuSrv:/etc/ansible$ ansible 10.102.249.3 -m ping --ask-pass -vvv   
SSH password: 
<10.102.249.3> ESTABLISH CONNECTION FOR USER: zab 
<10.102.249.3> REMOTE_MODULE ping 
<10.102.249.3> EXEC ['sshpass', '-d6', 'ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/zab/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'GSSAPIAuthentication=no', '-o', 'PubkeyAuthentication=no', '-o', 'ConnectTimeout=10', '10.102.249.3', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"] 
<10.102.249.3> PUT /tmp/tmpOPuOWh TO Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"/ping 
10.102.249.3 | FAILED => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"/ping: 

Connection to 10.102.249.3 closed by remote host. 
Connection closed 

更新： 什么是错我的剧本？ 我得到ERROR: raw is not a legal parameter at this level in an Ansible Playbook

--- 
- hosts: testsw 
    remote_user: zab 
    tasks: 
    - name: copy tftp run 
    raw: copy tftp://10.1.78.153/test running-config 

UPDATE2：谢谢，现在它起着。但它不能连接到交换机（思科3750，思科2960）。我可以从这台服务器做出ssh。 Ansible连接到第二个开关，我们可以选择横幅。我记得Ansible将python脚本推送到远程主机。但是现在我在剧本中使用了原始模块。它以这种方式工作吗？

ansible-playbook test.yml --ask-pass 
SSH password: 

PLAY [testsw] ***************************************************************** 

GATHERING FACTS *************************************************************** 
fatal: [10.0.100.61] => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308 && echo $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308'"/setup: 

Connection to 10.0.100.61 closed by remote host. 
Connection closed 

fatal: [10.0.100.60] => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106 && echo $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106'"/setup: 

C Authorized access only! 
Disconnect IMMEDIATELY if you are not an authorized network administrator! 
channel_by_id: 2: bad id: channel free 
client_input_channel_req: channel 2: unknown channel 
Connection to 10.0.100.60 closed by remote host. 
Connection closed 


TASK: [copy tftp run] ********************************************************* 
FATAL: no hosts matched or all hosts have already failed -- aborting 


PLAY RECAP ******************************************************************** 
      to retry, use: --limit @/home/zab/test.retry 

10.0.100.60    : ok=0 changed=0 unreachable=1 failed=0 
10.0.100.61    : ok=0 changed=0 unreachable=1 failed=0 

Answer 1

由于您发送的是conf t，我想您正在尝试与Cisco路由器通话。 这是行不通的，因为Ansible推送在远程主机上执行的python脚本。

做的时候，唯一的办法是使用raw模块，像这样：

ansible cat -m raw -a 'show clock' --ask-pass -c paramiko 
SSH password: 
cat | success | rc=0 >> 

11:11:51.676 METDST Fri Oct 10 2014 

我必须得使用的paramiko进行连接。 甚至不要考虑以这种方式发送混淆：每次调用模块都会重新打开ssh连接，因此无法使用连续的命令发送配置。

你可以做的最好的是copy tftp://.... startup-config，首先发送一个配置文件到tftp服务器。

然而，这是很容易与合理的编排。

祝你好运。

Answer 2

对于Update2：您需要禁用收集Cisco设备的事实，因为这不受支持。

--- 
- hosts: testsw 
    remote_user: zab 
    gather_facts: false 
    tasks: 
    - name: copy tftp run 
    raw: copy tftp://10.1.78.153/test running-config 

原始模块只是通过ssh发送字符串，因为它被写入，这通常是我如何与Ansible + Cisco设备起作用。

使用OpenSSH与思科设备的工作，我通常安装在我的本地的.ssh /配置如下所示：

Host * 
    StrictHostKeyChecking no 
    UserKnownHostsFile=/dev/null 
    ServerAliveInterval 120 
    ServerAliveCountMax 2 
    ControlPath ~/.ssh/master-%r@%h:%p 
    ControlMaster auto 
    ControlPersist 60s 

Answer 3

Ansible现在支持的Cisco IOS设备的核心模块中。你可以看看这里：https://docs.ansible.com/ansible/ios_config_module.html

这里是一个简单的例子。

1. site.yml

 
    - name: play show commands and change running-config on cisco ios device 
    hosts: 
    - cisco 
    gather_facts: no 
    connection: local 
    roles: 
     - cisco 

任务/主。yml

 
    --- 
    - name: define provider 
     set_fact: 
     provider: 
      host: "{{inventory_hostname}}" 
      username: "{{username}}" 
      password: "{{password}}" 

    - name: run show commands with ios_command 
     ios_command: 
     provider: "{{provider}}" 
     commands: 
      - show version 
      - show ip interface brief 
      - show inventory 
      - show ntp association 
     register: show_result 

    - debug: var=show_result.stdout_lines 

    - name: change ntp server with ios_config 
     ios_config: 
     provider: "{{ provider }}" 
     authorize: yes 
     lines: 
      - ntp server {{ntpsrv01}} 
      - ntp server {{ntpsrv02}} 
     replace: block 
     match: line 
     before: 
      - no ntp server {{ntpsrv03}} 
      - no ntp server {{ntpsrv04}} 
     force: true 

    - name: run show ntp association after change with ios_config 
     ios_command: 
     provider: "{{ provider }}" 
     commands: 
      - show ntp association 
     register: after_change_ntp 

    - debug: var=after_change_ntp.stdout_lines 

    - name: change syslog server with ios_template 
     ios_template: 
     host: "{{inventory_hostname}}" 
     username: "{{username}}" 
     password: "{{password}}" 
     src: config.j2 
     force: true 

    - name: run "show running | include logging host" after change made 
     ios_command: 
     provider: "{{ provider }}" 
     commands: 
      - show running | include logging host 
     register: syslogsrv_list 

    - debug: var=syslogsrv_list.stdout_lines 

    - name: write running-config to startup-config 
     ios_command: 
     provider: "{{ provider }}" 
     commands: 
      - write 
     register: write_output 

    - debug: var=write_output.stdout_lines